From patchwork Tue Nov 13 13:52:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 10680693 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C34614E2 for ; Tue, 13 Nov 2018 13:55:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 061DB29BDA for ; Tue, 13 Nov 2018 13:55:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE7D229BE6; Tue, 13 Nov 2018 13:55:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7FB0429BDA for ; Tue, 13 Nov 2018 13:55:30 +0000 (UTC) X-EEMSG-check-008: 655738090|UCOL19PA12_EEMSG_MP10.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="655738090" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP; 13 Nov 2018 13:55:26 +0000 X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="20545413" IronPort-PHdr: 9a23:hpiXQRFkR/diFLh9p0SAOZ1GYnF86YWxBRYc798ds5kLTJ7+p86ybnLW6fgltlLVR4KTs6sC17KJ9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa/bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7Sc8kaRW5cVchPUSJPDJ63Y48WA+YcIepUqo/wrEYMoxSjHwmhHOPhxCFGiHH12qM10eohHxze3AEiAt4Dvnvbo8n6OqgMSuC417XIwDfZYv9Kwzrx9JbEfxY8qv+MR7Jwds/RxFE2GQPDk1qQs5LqPzGI3eoKtGib9OxgWvizhGE5qAF6vz+ixsApionOnYIVzErL+jlnz4suP923VlN0Yd6+H5tMrS2VK4x2QsY7TmxupS00yaUGtIamcCUFx5kr3R7SZ+Gdf4SW7R/vSvydLSpgiH57Zb6yiQy+/VWix+D8TMW53lRHojBYntXQsH0Gygbd5dKdSvRn+0eswTOP1wfO5e5aOU00jq/bK4I5wr43i5oTrVzPHi/ol0Xyi6+bblkk9fKy6+Tmf7XmvYWQN5N0iw7iMqQundazAeIkPQgVQ2eX4+G81Lzn/UHhQbVKiOM5krXBvZzHKskWqbS1Dg9I3oo59RqyACmq3M4FkXUfKVJKYhOHj4znO1HUJ/D4CO+yg0+ynzdvxvDGOKDhA5rUInfYl7fhYLB95FJCxwoo1t1f+5JVBa0BIPL0QEPxssfYAQUjPwy7xObnFs1x1pkCVmKXHq+ZLKTSvEeK5uIoJemDfpMVuDbnJPgj/PPuj3g5mVkYfaazxpsXdG63Hu59I0mDZnrsmNgBG38QvgUiVOzqlEGCUTlLanawXaIz/C00CIG9DYfEQICtgaKB0Ty1Hp1Se2BHBUuDEWrud4WYRvcAciWSItVukjYcT7iuV5ch1Q2ytA/907dmIOvU+ikdtZ39zth4/OPTmg8v+jxzFcSSyXmNT3tznmMKWTA5wLx/rVZ6yleZ3qhym+ZYGsBL5/NVTgc6MobRwPFmBND3XQLBeMuJREu9T9W4Hz4xVNMxwt4JY0Z7AdmiiA7M3zayCb8Pi7OLHIA08r7b33XpJMZy0XXG1K48j1Q9QctAL26mhqli9wTJAI7JiUqZnb6wdasAxC7N6HuDzW2WsU5CTQFwS6TFUm4FZkbNt9v2+kbCQ6WpCbQ9PQtL0dSCJbdSat31kVVGQ+/uN8jEbGK1hWiwHgqIx7OLbIfxYGUSwCTdB1YCkwAP/HaJLxIyBiG/rGLCFDZuD07gY1vw8elir3O2VlU0wByXYEB62Lq1/xEUieaaS/wNwrIOoD0hpClsHFahw9LWDMKNpxFvfKVGZtM9+0tH2HnCtwx7OZyhIaViiUQYcwhtuUPhyQl3AJ1akcc2tHMq0BZyKaWA3VNHdjOY2ZTwNaPMKmTp5h+gdbTW2lbE3NaR4KcP5+wyq0//swGxCkoi73Jn3sFI3HuA/JrKFhEfXo72UkYy6xd1varaYjUn64PSy3JsLbG+siXe1NIxGOsl1hGgcs9BMKOFCADyD8oaB9K0JOM2m1ipaRQEPO9J+a4wPsOmceGJ2LSsPOp6mzKml2tH6phn0k2Q7yp8VvLI35EdzvGc3wuHTCv8gE66ss/pnYBEZDcSHnewyCX/H45RfqxyfYAKCWiyOM273NN+iIDxW3RA7l6sG0sG2NO1eRqVd1H9xwpQ1UAToXO5gyu30zt0kj8yo6qEwSzB3//ieAAAOm5RS2lolU3sLpSsj9AGQEioaBAklBi76kb83KhWv6d/IHfVQUdTeSj5MX1iXrG3trqYbM5F8IkovjlPUOSgfVCaTabwowMA3CP+G2tR2ig7eCusupXlgRN6knmQLGtorHXHY8Fw3g3T5MfbRf5MxDoJWDd3iTfQBlimMNmm48+Yl5HdveCiT2ihTIFccTH3zYOcsyu2/XNqARuikP2ohN3nFxU10S/h29lsSyrIsA72YpP32KSiLeJnYk5oCUfk68VgB4F+lpA9i40R2XgGhpSZ5HQHnn31MdlB3qL+dnUNTyYRw9HJ+AjlxFFjLnWRyoL3THqdxNdhZ96/Ym4N1CIy8d1FCKCO7LNehSt1uF24rQDPbvdhgjcR0/wu6GQVg+sRogoi0j2dAqwOHUlfJSHskg6H79S6rKpJeGavbaK/21BlkNCnEr6CvhpcV2rjdZc6AyB89MN/P0zQ0Hfr8IHrZMHQbc4Pth2TixrAgfJVJ4wsmfoRnyVnP379vXo+y+MglxNhwZS6sJKAK2V386KzGgRYOSHtZ8MP5jHtir5Tnt6I0I+0AJphHDQLXIfvTf+zETIdq+roOBiUHD07sHebFqLVHRWD50d+s3LPD5erOmmMK3YCytliQBidJFdDgAAPRjk6hYA2GRywyMz6bkh54jER5ljlqhpD0e9nKxn+Un3CpAezcDs1RoKQLAZN7gFF4UfZK8ue7vh8HytA5J2usBSNKnCHZwRPFWwGQU2EB1/kPrmo/tTP7vaXCfG/L/TUZ7WCs+teV+2HxZi3yItp4y6MNtmTPnllF/A72EpDXHBhG8TenzUPSjAXmDzWYs6epRe85jd3od6l/PTsQgLv6pOFC6FOPtV35xC2naCDOvaThCd5LTZXyIgBxXrPyLgR0l4dlT1udyWtEbQHsC7CUrjcmqlJAB4HcylzLtdH77og3glRPs7Wks361qZigf4vCldFTkfsmtmzaswQImG9L0vHBEKRO7uaOzLH2cb3YbmzSbdIluVbqwWwuSqHE0/kJjmDkSfmWAqrMexXjyGbOwdeuJ2nfRZrEmjjT9PmZge9MNBpkT082ac0iW/SNW4ALTh8dFtAoaCX7SNehPVwBnJO7n5kLeSfgSmW8fPYKpEMvftsGCR0mPpQ4G4mxLtN8CFEWPt1lTPPodF0vVGmk/SAyiF8XRVUsDZLnoWLvEt5OarH6pZARGzE/BMR7WSQERgKocVqCsH3saBK1tfPjL7zKCtF89/M+cscANLUJ9yBMHsgNhrkAzHUDA0YTTKxMmHfnUNdmumI9nKJtpg6toTsmJ0WR79ASlM1EvIaCkJ4HN0NO5p4QjQkkbuHg8ES/nq+sAPdRMNEsZDbTviSG+ngKC6FjblYYBsF2a/4LYUWNo38x0xiall7kZ/XFErRXdFCuDZuYhUyoEpT7Hh0Vncz1F79agOx/H8TEua5kQQyigt/fesi6i/j41I3J1rMoyswllM+lM7+jjCQajHxKr68XY9LCybusUg+LI/7SR5vbQKuhUxkKCvER7VJgrR7a29rjhTRtoFSFv5CU6JEegQQyuuNZ/Qoy1hcrT+nxUBf7+vfFZRijBcqcYKrr39Y1AJjcd81JajUJKVXy1hdnb+BsTGz2eAw2gAeIVwB8GSIeC4HoEYILKUpJzK0/uxw7gyPgyFDeG4NV/U2ovJq8Uc9O/+YwSz5zrBNMFy8OeuEIqyFvGjAkNKHTUkr1kMUjUVF+6Z50ds7eUqOS08v1KeRFwgONcfaMwFaddBS9H/IciuVreXN24h6P5ujGeDsTO+OsqkUgkalHAYmH4QM8soBEYO20EHdN8vnKqAKyQk17gTxOFqFFOhJeA6MkDofrcCz1oN43YlcJjEYAGVyKya3663WpgA0nvWMQs06YnAAXosLLng2QtG1mzZFv3RcCzm6yucZxxKY7z//uCvQEDj8b9xsZPqPaxJjEte29ik786ixlF7Y747eK3v8Ndt8pt/F8fkaqIqfC/NIUbl9tF/RlJNCR3y3VW7DC921KoPxa4ktbNz0Fm21Xka5iz0rU8f7JMytIbSQgQH0WYZUt5GW3CwkNc+4DTweBwt8p+QY665mYw0MfYY7awbytwsiL6y/PBuY0tK2TmavLjtZUeJSwvikaLxM0SUsdPO6x2U9QZ0gyem471INTokQjh7C3faje5VeUS/rF3xTYQXAvyw5mHRgNuYp2eo/xQvIsVgFPzCQeu1pc3ZIv9YmBVOdOX92EHY3R0eAjYrf5Q6hx6wS8DZAkNZVy+JFtGPzsYPYYDKpRKOks47VszY6YdggvaJxLZTpItGau5PGgjzfUJ7QvxWdUC6hC/pVgMVfID5DTflTnmElJNYGtpZf5ko3Ssc+PaZACK02qrCtczpkAjYYzTUFWIOYwDwCnuC81qPBmReebJsuLB4JvIhMj9YGTyF2ZSYeq7O5WIXNi2+IUG4LLxkP7Q5U/gIPipdwfvz54IrPVJJM1yRWrOxqXSTWDZRo6l/7Sn2MgVfiVvWhkuup3QZMw/LwyNUbXwR/CUdFzeZMikQoMK13K7UXvoPSsD+Hb1n6vGX2yOuiPlZR19bZd1jlDIrBqWr8UzET+XwOSo9J03HTD5MSkxB2aKwzvlVDPJimelri5zwj34loEaO3VcS3x1k7t3YGXDynE8RfBOF8q13XRThlb4qsqJX/NJVYWnVQ94GFq1dFjEVtNDa0yZhGJMFL7D4MRj9PriiDs9apVM1Mw8l2D4QLIttlvXfyBr9EMoCLo3Iqorzv1mPZ+zckvVe8wDW+AK64T+Rc/2EEGwUpIWqeqlM1AOs37mfS6E3NvUxo/+dGHLiAk199oDFnHpBBHjxJz2yqL0xvTHlatOVXMKLVc81ATPk1YR+gIQc+GeQn30yO+kF0hmz5bjd3tgZV9CHRRQ40VTMagr31gz0RttmnOSMGS5JPdTghazzFKweblC1MshZQdVxlW5cDAtlf47Ebx4xU/sjcRkmwNSEJRhtiNhg30fBHj05MrF2YeTzBDQqvbfvPsBx3fcKKoc6sMvv4/BlIipnmsOA++KUPXXumlhOxQdrGtY/zqsWKtleSdKf/K+C8YH7AQyLWgh+snrokFIfF/zTNPwVHMZV6zmAkYZf5A27RIRtGP74bJ1ZcVa1ictpGo/taZsF+d6YL+K9tGgqHSQnyGIyrt/RJMlHTSinAICqb7+y/u4XT7abHRuT6YcyM3XnHSbptPphm8Tn7B6vq0YhG90ruwPht6l91SVjIMiCGttThJRoH5NK8eUvmv50pGy7WAZhrnXr13E5Aa9YYQy2k8ZQf0pNZ62z8SeFm3Ujptu1d6b1k5ZMw47Bzxse+Pb3SJuhCsU97HhiUAR1n+YkvAGdlW29cefMeKPDVfaQdjMDhtfr3F7AJ5xKJ++xVc9zHJ1vOmsOnEDGTVQREnBsdqT4dNgac0vmFm6loScaqu+f0wUct41mkIR4A0r9t+YmF+q2SpO/UdBvd174EVbb2RsnrtLQjp1uS5eE4lL4JYmF1bBGoEPMGVsIE22nuwqYkzSMqE8PeELPt4/FDV3cjkTLmhZ9xBVIWGukbHbCT54RRgn84m/DFNt0Raq1CmGGPFR6iErMY1XGr6y+XIHR4jRDP0hHwR3iz7Fz3rSJjXyvMzsnjnVBRVraqBEdeRSypNlFksDmXJgrnqML3ubgp7EExKmHktcyNm3GnOL5MG83/OcGTISgzpFIMlpExQcav2Y8DE9qnPNgR6G1+bufZ626znC9Bp6BHhoTA7cGR/vXaBmKgj6qcq7WM2D9U0H44sk8j6tq4LPHB+8WKQ+i012YWVyp/vgrBXx22qrzctF0UO1aE0ETMmIwMIN5Z22M01kf46+g/WNgz7hlRFp7cZ/MeojD+ICD7zkiZY9IrTSSeyD9XHlXpEVlkBqgzxn//sNjOlXfK9F0iXpNweFD/hRxrE4U4Llog6EAQwioHCwcNcx6aDLasBUTrNoYEUE8DaROc3LekZqg3x0pzwqi05O/Sa+x8CLABNvFHjg6BhFJbAI4ZsbUCQLJgfF9Q7KDXqRbmC4jmR/jpi2E9NPy0QsBf9MAWqWEi4gKhSBa67pdD9bkbgoiSdqFYeZjMoNx870B/6D8BbixNmhl/gA+nXu0HoeDj48TbsIC25eq0U6YtXeoX/QAuB2til5vwnEwjodbP2udbTo3al5/y8BhJI3GQo4bazxh8JvYSK4KxYrlv6W8LJy4AKHISJdCWceUz4zdxMDXP4FxPGscMZdIePMrQlgFYk0npWLBI9srHAV+VEIZzeNou72rw0jw19oE8Uun44j+sOZ/f901NP+9EjCh0kdLNvvQawfrTCCgR5nmUcAZ1wiKEy5aTD/bw/OOMyMzbVl8cGS42SYhdLiKY+QO7Xuq1iInpUgSM58/xmp0+d0WQSWeqkaQYtKZMDe5AiiLm3jhRFoD1m+iZs9yy52tLrldHCpp87QXZGKVDOZV2IRb4lsysRkhmHCv/edrUewEouOWMw+cD/eR+O1H5ZY8BLRIO06j65mZNTgtyVL72uU6UXfkfZNtjVPzJr3NY5Jl+K6ARJlidpZ3rrjBOqFwsBg8mdqMw/XRmcRzVkQlUXbvkkKAPhxFaUtNjv0JIX2WqNyZ23zPaUexwi66LBbRB6jyOSoQWWlhsdyZ5RAm4np5pfu36s+pAtzZhmC9nrfpi9jt9QhK3tC6k86UI3ikm8bq1nC8MtXxMUqOVlCKeWgYL9+gDkapJUyWq0le7enRWKdKruOM9d8396Yks5Wg+ahw/fioAGP6tEDz0k7jSXNbdjfl7oEWmgOyWMfm+IC0JOfI4wBPnAX181lu7/l5k82oOFzOn6tJsZICwIt0sySfgH2/HPE0N7aVEvIq5tVMCQOYsL1I0xmJl35viJGUWXMKaPWEzg0A/bHlcNopZ4EodEq4zhD+Ds4Fc8w0UaSuSGYOgqeyy1dzQ1ywFRMxxjnnTurXDg5or1HN/nNYh6SuJo3IbfOHwScJgAnHvkIxYzL+bBb22qu5Sboxgxfy6VeMadMmu/WzjwJJxRkqs3agTBXK8Oe4Hg6jeCmKrFzPeVuOMfGyB2T0+Nx2Xh1GkK1QtY5JSplQmeqva05hbkQCpXbJvEyOXo1KahGB2K+4Wdwsq/oygfgE= X-IPAS-Result: A2BqAABk1upb/wHyM5BjGwEBAQEDAQEBBwMBAQGBVAMBAQELAYIAA4FoJ4xvix6LIo40gVsWAQEYEwGHeyI3Cg0BAwEBAQEBAQIBbCiCNiQBgmADAwECJBMUIAsDAwkBAUAICAMBLQMBBQELEQYBBwsFFQMEgwCBdQ0DAZwHPIwJM4VAhGwSh0WEKheBQD+BEYddARIBhXoCiRSFcUOQDgmGOYpeCxiJSIcrl1YGAgkHDyGBOCJkcU0jFTuCbIInF44dcYEFAQGKaoI+AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 13 Nov 2018 13:55:25 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wADDtMgk020080; Tue, 13 Nov 2018 08:55:24 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id wADDrUP9038734 for ; Tue, 13 Nov 2018 08:53:30 -0500 Received: from goalie.tycho.ncsc.mil (goalie.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wADDrUHD020056 for ; Tue, 13 Nov 2018 08:53:30 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BmAACk1upblywYGNZjHAEBAQQBAQcEAQGBVAQBAQsBggCBayeMb4seiyKQGgsBAYRsAoM5IjcKDQEDAQEBAQEBAhQBAQEBAQYYBoYTAwMnUhBRNAEFARwGARIagweBdQ0DAZwGPIwJM4osEodFhCoXgUA/gRGNawKJFIVxkFEJhjmKXgsYiUiHK5dWBgIJBw8hgTiBd00jFYMngicOCRKOC0Axji8BAQ X-IPAS-Result: A1BmAACk1upblywYGNZjHAEBAQQBAQcEAQGBVAQBAQsBggCBayeMb4seiyKQGgsBAYRsAoM5IjcKDQEDAQEBAQEBAhQBAQEBAQYYBoYTAwMnUhBRNAEFARwGARIagweBdQ0DAZwGPIwJM4osEodFhCoXgUA/gRGNawKJFIVxkFEJhjmKXgsYiUiHK5dWBgIJBw8hgTiBd00jFYMngicOCRKOC0Axji8BAQ X-IronPort-AV: E=Sophos;i="5.54,499,1534824000"; d="scan'208";a="412400" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 13 Nov 2018 08:53:29 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BQAAA51upblywYGNZjHAEBAQQBAQcEAQGBVAQBAQsBggCBayeMb4seiyKQGgsBAYRsAoM5IjcKDQEDAQEBAQEBAgETAQEBAQEGGAZYgjYkAYJgAwMnUhBRNAEFARwGARIagweBdQ0DAZwFPIwJM4osEodFhCoXgUA/gRGNawKJFIVxkFEJhjmKXgsYiUiHK5dWBgIJBw8hgTiBd00jFYMngicOCRKOCz8yji8BAQ X-IPAS-Result: A0BQAAA51upblywYGNZjHAEBAQQBAQcEAQGBVAQBAQsBggCBayeMb4seiyKQGgsBAYRsAoM5IjcKDQEDAQEBAQEBAgETAQEBAQEGGAZYgjYkAYJgAwMnUhBRNAEFARwGARIagweBdQ0DAZwFPIwJM4osEodFhCoXgUA/gRGNawKJFIVxkFEJhjmKXgsYiUiHK5dWBgIJBw8hgTiBd00jFYMngicOCRKOCz8yji8BAQ X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="17777582" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa06.eemsg.mail.mil ([214.24.24.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 13 Nov 2018 13:53:28 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;2667b629-53dd-4be4-81ed-e743ea8a0ab9 Authentication-Results: UCOL3CPA04.eemsg.mail.mil; dkim=none (message not signed) header.i=none; spf=None smtp.pra=omosnace@redhat.com; spf=Pass smtp.mailfrom=omosnace@redhat.com; spf=None smtp.helo=postmaster@mail-wm1-f66.google.com; dmarc=pass (p=none dis=none) d=redhat.com X-EEMSG-check-008: 327232147|UCOL3CPA04_EEMSG_MP19.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 209.85.128.66 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BCAACk1upbhkKAVdFjHAEBAQQBAQcEAQGBUwUBAQsBhBKMb4seiyKOIIF6CwEBhGwCgzkaBwEEMgsNAQMBAQEBAQEBAQETAQEBCAsLCBsOL4I2JAGCYAMDJ1IQUTQBBQEcBgESGoMHgXUNBJwGPIwJM4osCQEIh0WEKheBQD+BEY1rAokUhXGQUQmGOYpeCxiJSIcrl1YGAgkHDyGBKQmBfU0jFYMngicOCY4dPjOOLwEB X-IPAS-Result: A0BCAACk1upbhkKAVdFjHAEBAQQBAQcEAQGBUwUBAQsBhBKMb4seiyKOIIF6CwEBhGwCgzkaBwEEMgsNAQMBAQEBAQEBAQETAQEBCAsLCBsOL4I2JAGCYAMDJ1IQUTQBBQEcBgESGoMHgXUNBJwGPIwJM4osCQEIh0WEKheBQD+BEY1rAokUhXGQUQmGOYpeCxiJSIcrl1YGAgkHDyGBKQmBfU0jFYMngicOCY4dPjOOLwEB Received: from mail-wm1-f66.google.com ([209.85.128.66]) by UCOL3CPA04.eemsg.mail.mil with ESMTP/TLS/AES128-SHA; 13 Nov 2018 13:53:12 +0000 Received: by mail-wm1-f66.google.com with SMTP id t15-v6so11547085wmt.0 for ; Tue, 13 Nov 2018 05:53:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=x01dq0VkL3KniJU+Pmj7zC63YdLeDaDmWlFsEuZ30NI=; b=py1cs9wVlUud6eZUuOI/awXugh1lvvLcvt1FTEV/ECMLfoQO+muCoCNvysOf2POpWZ KzPCpaPzJjyNURRcWpDO1VS6Sa83DDuOtQwL+NRS8noMCguNci82+mgWgEbqVIBJK9cC zqINeglcfVyOX9wA9Sl+S/HpuZgIYr5e6fG7IR1Cjecap1jCNunuWOPA6TWIR6Gd+zI1 EOOVHi7BLFHk7DF1jCDh0bXiyBStktTKWZhhKXqFFhhz55d49C4lY/4T2abwRbUoJRaf Dp3n1zvla3REfO4BvekkkwCbtQDq967rqVtBH5XuHMbxYKMdRzA60e/iOL1v4nVqP2aU suMQ== X-Gm-Message-State: AGRZ1gIwpdjCDz2vU12ZAiAMzu0vxrySbKArzeCbURTRmOdY4OqZN3J/ XZKpT4Ei5VkmPUZuKkWbHXKZ+A== X-Google-Smtp-Source: AJdET5dfG8NScSE8GL99LvhfeaiVigTCi/YnlZJ69svNO/Px/prEq+GQr9bHmQy4/Phegrq9bUEPQQ== X-Received: by 2002:a1c:b8d:: with SMTP id 135-v6mr3247118wml.128.1542117191185; Tue, 13 Nov 2018 05:53:11 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id t187-v6sm10342609wmt.45.2018.11.13.05.53.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 13 Nov 2018 05:53:09 -0800 (PST) X-EEMSG-check-009: 444-444 From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Date: Tue, 13 Nov 2018 14:52:54 +0100 Message-Id: <20181113135255.26045-3-omosnace@redhat.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20181113135255.26045-1-omosnace@redhat.com> References: <20181113135255.26045-1-omosnace@redhat.com> Subject: [RFC PATCH 2/3] selinux: use separate table for initial SID lookup X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley , selinux@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP This patch is non-functional and moves handling of initial SIDs into a separate table. Note that the SIDs stored in the main table are now shifted by SECINITSID_NUM and converted to/from the actual SIDs transparently by helper functions. This change doesn't make much sense on its own, but it simplifies further sidtab overhaul in a succeeding patch. Signed-off-by: Ondrej Mosnacek --- security/selinux/ss/policydb.c | 10 ++- security/selinux/ss/services.c | 88 ++++++++++-------- security/selinux/ss/services.h | 2 +- security/selinux/ss/sidtab.c | 158 +++++++++++++++++++-------------- security/selinux/ss/sidtab.h | 14 +-- 5 files changed, 162 insertions(+), 110 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..21e4bdbcf994 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -909,13 +909,21 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) if (!c->context[0].user) { pr_err("SELinux: SID %s was never defined.\n", c->u.name); + sidtab_destroy(s); + goto out; + } + if (c->sid[0] > SECINITSID_NUM) { + pr_err("SELinux: Initial SID %s out of range.\n", + c->u.name); + sidtab_destroy(s); goto out; } - rc = sidtab_insert(s, c->sid[0], &c->context[0]); + rc = sidtab_set_initial(s, c->sid[0], &c->context[0]); if (rc) { pr_err("SELinux: unable to load initial SID %s.\n", c->u.name); + sidtab_destroy(s); goto out; } } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 7337db24a6a8..30170d4c567a 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -776,7 +776,7 @@ static int security_compute_validatetrans(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; if (!user) tclass = unmap_class(&state->ss->map, orig_tclass); @@ -876,7 +876,7 @@ int security_bounded_transition(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; rc = -EINVAL; old_context = sidtab_search(sidtab, old_sid); @@ -1034,7 +1034,7 @@ void security_compute_xperms_decision(struct selinux_state *state, goto allow; policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; scontext = sidtab_search(sidtab, ssid); if (!scontext) { @@ -1123,7 +1123,7 @@ void security_compute_av(struct selinux_state *state, goto allow; policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; scontext = sidtab_search(sidtab, ssid); if (!scontext) { @@ -1177,7 +1177,7 @@ void security_compute_av_user(struct selinux_state *state, goto allow; policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; scontext = sidtab_search(sidtab, ssid); if (!scontext) { @@ -1315,7 +1315,7 @@ static int security_sid_to_context_core(struct selinux_state *state, } read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; if (force) context = sidtab_search_force(sidtab, sid); else @@ -1483,7 +1483,7 @@ static int security_context_to_sid_core(struct selinux_state *state, } read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; rc = string_to_context_struct(policydb, sidtab, scontext2, &context, def_sid); if (rc == -EINVAL && force) { @@ -1668,7 +1668,7 @@ static int security_compute_sid(struct selinux_state *state, } policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; scontext = sidtab_search(sidtab, ssid); if (!scontext) { @@ -1925,10 +1925,7 @@ static int convert_context(u32 key, struct user_datum *usrdatum; char *s; u32 len; - int rc = 0; - - if (key <= SECINITSID_NUM) - goto out; + int rc; args = p; @@ -2090,9 +2087,8 @@ static int security_preserve_bools(struct selinux_state *state, int security_load_policy(struct selinux_state *state, void *data, size_t len) { struct policydb *policydb; - struct sidtab *sidtab; + struct sidtab *oldsidtab, *newsidtab; struct policydb *oldpolicydb, *newpolicydb; - struct sidtab oldsidtab, newsidtab; struct selinux_mapping *oldmapping; struct selinux_map newmap; struct convert_context_args args; @@ -2108,27 +2104,37 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) newpolicydb = oldpolicydb + 1; policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + + newsidtab = kmalloc(sizeof(*newsidtab), GFP_KERNEL); + if (!newsidtab) { + rc = -ENOMEM; + goto out; + } if (!state->initialized) { rc = policydb_read(policydb, fp); - if (rc) + if (rc) { + kfree(newsidtab); goto out; + } policydb->len = len; rc = selinux_set_mapping(policydb, secclass_map, &state->ss->map); if (rc) { + kfree(newsidtab); policydb_destroy(policydb); goto out; } - rc = policydb_load_isids(policydb, sidtab); + rc = policydb_load_isids(policydb, newsidtab); if (rc) { + kfree(newsidtab); policydb_destroy(policydb); goto out; } + state->ss->sidtab = newsidtab; security_load_policycaps(state); state->initialized = 1; seqno = ++state->ss->latest_granting; @@ -2141,13 +2147,17 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) goto out; } + oldsidtab = state->ss->sidtab; + #if 0 - sidtab_hash_eval(sidtab, "sids"); + sidtab_hash_eval(oldsidtab, "sids"); #endif rc = policydb_read(newpolicydb, fp); - if (rc) + if (rc) { + kfree(newsidtab); goto out; + } newpolicydb->len = len; /* If switching between different policy types, log MLS status */ @@ -2156,10 +2166,11 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) else if (!policydb->mls_enabled && newpolicydb->mls_enabled) pr_info("SELinux: Enabling MLS support...\n"); - rc = policydb_load_isids(newpolicydb, &newsidtab); + rc = policydb_load_isids(newpolicydb, newsidtab); if (rc) { pr_err("SELinux: unable to load the initial SIDs\n"); policydb_destroy(newpolicydb); + kfree(newsidtab); goto out; } @@ -2180,7 +2191,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) args.state = state; args.oldp = policydb; args.newp = newpolicydb; - rc = sidtab_convert(sidtab, &newsidtab, convert_context, &args); + rc = sidtab_convert(oldsidtab, newsidtab, convert_context, &args); if (rc) { pr_err("SELinux: unable to convert the internal" " representation of contexts in the new SID" @@ -2190,12 +2201,11 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) /* Save the old policydb and SID table to free later. */ memcpy(oldpolicydb, policydb, sizeof(*policydb)); - sidtab_set(&oldsidtab, sidtab); /* Install the new policydb and SID table. */ write_lock_irq(&state->ss->policy_rwlock); memcpy(policydb, newpolicydb, sizeof(*policydb)); - sidtab_set(sidtab, &newsidtab); + state->ss->sidtab = newsidtab; security_load_policycaps(state); oldmapping = state->ss->map.mapping; state->ss->map.mapping = newmap.mapping; @@ -2205,7 +2215,8 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) /* Free the old policydb and SID table. */ policydb_destroy(oldpolicydb); - sidtab_destroy(&oldsidtab); + sidtab_destroy(oldsidtab); + kfree(oldsidtab); kfree(oldmapping); avc_ss_reset(state->avc, seqno); @@ -2219,7 +2230,8 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) err: kfree(newmap.mapping); - sidtab_destroy(&newsidtab); + sidtab_destroy(newsidtab); + kfree(newsidtab); policydb_destroy(newpolicydb); out: @@ -2256,7 +2268,7 @@ int security_port_sid(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; c = policydb->ocontexts[OCON_PORT]; while (c) { @@ -2302,7 +2314,7 @@ int security_ib_pkey_sid(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; c = policydb->ocontexts[OCON_IBPKEY]; while (c) { @@ -2348,7 +2360,7 @@ int security_ib_endport_sid(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; c = policydb->ocontexts[OCON_IBENDPORT]; while (c) { @@ -2394,7 +2406,7 @@ int security_netif_sid(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; c = policydb->ocontexts[OCON_NETIF]; while (c) { @@ -2459,7 +2471,7 @@ int security_node_sid(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; switch (domain) { case AF_INET: { @@ -2559,7 +2571,7 @@ int security_get_user_sids(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; context_init(&usercon); @@ -2661,7 +2673,7 @@ static inline int __security_genfs_sid(struct selinux_state *state, u32 *sid) { struct policydb *policydb = &state->ss->policydb; - struct sidtab *sidtab = &state->ss->sidtab; + struct sidtab *sidtab = state->ss->sidtab; int len; u16 sclass; struct genfs *genfs; @@ -2747,7 +2759,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb) read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; - sidtab = &state->ss->sidtab; + sidtab = state->ss->sidtab; c = policydb->ocontexts[OCON_FSUSE]; while (c) { @@ -2953,7 +2965,7 @@ int security_sid_mls_copy(struct selinux_state *state, u32 sid, u32 mls_sid, u32 *new_sid) { struct policydb *policydb = &state->ss->policydb; - struct sidtab *sidtab = &state->ss->sidtab; + struct sidtab *sidtab = state->ss->sidtab; struct context *context1; struct context *context2; struct context newcon; @@ -3044,7 +3056,7 @@ int security_net_peersid_resolve(struct selinux_state *state, u32 *peer_sid) { struct policydb *policydb = &state->ss->policydb; - struct sidtab *sidtab = &state->ss->sidtab; + struct sidtab *sidtab = state->ss->sidtab; int rc; struct context *nlbl_ctx; struct context *xfrm_ctx; @@ -3405,7 +3417,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, goto out; } - ctxt = sidtab_search(&state->ss->sidtab, sid); + ctxt = sidtab_search(state->ss->sidtab, sid); if (unlikely(!ctxt)) { WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n", sid); @@ -3568,7 +3580,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, u32 *sid) { struct policydb *policydb = &state->ss->policydb; - struct sidtab *sidtab = &state->ss->sidtab; + struct sidtab *sidtab = state->ss->sidtab; int rc; struct context *ctx; struct context ctx_new; @@ -3646,7 +3658,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, read_lock(&state->ss->policy_rwlock); rc = -ENOENT; - ctx = sidtab_search(&state->ss->sidtab, sid); + ctx = sidtab_search(state->ss->sidtab, sid); if (ctx == NULL) goto out; diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 24c7bdcc8075..9a36de860368 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -24,7 +24,7 @@ struct selinux_map { }; struct selinux_ss { - struct sidtab sidtab; + struct sidtab *sidtab; struct policydb policydb; rwlock_t policy_rwlock; u32 latest_granting; diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index e66a2ab3d1c2..049ac1e6fd06 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -22,16 +22,24 @@ int sidtab_init(struct sidtab *s) s->htable = kmalloc_array(SIDTAB_SIZE, sizeof(*s->htable), GFP_ATOMIC); if (!s->htable) return -ENOMEM; + + for (i = 0; i <= SECINITSID_NUM; i++) + s->isids[i].set = 0; + for (i = 0; i < SIDTAB_SIZE; i++) s->htable[i] = NULL; + + for (i = 0; i < SIDTAB_CACHE_LEN; i++) + s->cache[i] = NULL; + s->nel = 0; - s->next_sid = 1; + s->next_sid = 0; s->shutdown = 0; spin_lock_init(&s->lock); return 0; } -int sidtab_insert(struct sidtab *s, u32 sid, struct context *context) +static int sidtab_insert(struct sidtab *s, u32 sid, struct context *context) { int hvalue; struct sidtab_node *prev, *cur, *newnode; @@ -76,34 +84,53 @@ int sidtab_insert(struct sidtab *s, u32 sid, struct context *context) return 0; } -static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force) +int sidtab_set_initial(struct sidtab *s, u32 sid, struct context *context) +{ + struct sidtab_isid_entry *entry = &s->isids[sid]; + int rc = context_cpy(&entry->context, context); + if (rc) + return rc; + + entry->set = 1; + return 0; +} + +static struct context *sidtab_lookup(struct sidtab *s, u32 sid) { int hvalue; struct sidtab_node *cur; - if (!s) - return NULL; - hvalue = SIDTAB_HASH(sid); cur = s->htable[hvalue]; while (cur && sid > cur->sid) cur = cur->next; - if (force && cur && sid == cur->sid && cur->context.len) - return &cur->context; + if (!cur || sid != cur->sid) + return NULL; - if (!cur || sid != cur->sid || cur->context.len) { - /* Remap invalid SIDs to the unlabeled SID. */ - sid = SECINITSID_UNLABELED; - hvalue = SIDTAB_HASH(sid); - cur = s->htable[hvalue]; - while (cur && sid > cur->sid) - cur = cur->next; - if (!cur || sid != cur->sid) - return NULL; + return &cur->context; +} + +static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force) +{ + struct context *context; + struct sidtab_isid_entry *entry; + + if (!s) + return NULL; + + if (sid > SECINITSID_NUM) { + u32 index = sid - (SECINITSID_NUM + 1); + context = sidtab_lookup(s, index); + } else { + entry = &s->isids[sid]; + context = entry->set ? &entry->context : NULL; } + if (context && (!context->len || force)) + return context; - return &cur->context; + entry = &s->isids[SECINITSID_UNLABELED]; + return entry->set ? &entry->context : NULL; } struct context *sidtab_search(struct sidtab *s, u32 sid) @@ -145,11 +172,7 @@ out: static int clone_sid(u32 sid, struct context *context, void *arg) { struct sidtab *s = arg; - - if (sid > SECINITSID_NUM) - return sidtab_insert(s, sid, context); - else - return 0; + return sidtab_insert(s, sid, context); } int sidtab_convert(struct sidtab *s, struct sidtab *news, @@ -183,8 +206,8 @@ static void sidtab_update_cache(struct sidtab *s, struct sidtab_node *n, int loc s->cache[0] = n; } -static inline u32 sidtab_search_context(struct sidtab *s, - struct context *context) +static inline int sidtab_search_context(struct sidtab *s, + struct context *context, u32 *sid) { int i; struct sidtab_node *cur; @@ -194,15 +217,17 @@ static inline u32 sidtab_search_context(struct sidtab *s, while (cur) { if (context_cmp(&cur->context, context)) { sidtab_update_cache(s, cur, SIDTAB_CACHE_LEN - 1); - return cur->sid; + *sid = cur->sid; + return 0; } cur = cur->next; } } - return 0; + return -ENOENT; } -static inline u32 sidtab_search_cache(struct sidtab *s, struct context *context) +static inline int sidtab_search_cache(struct sidtab *s, struct context *context, + u32 *sid) { int i; struct sidtab_node *node; @@ -210,54 +235,67 @@ static inline u32 sidtab_search_cache(struct sidtab *s, struct context *context) for (i = 0; i < SIDTAB_CACHE_LEN; i++) { node = s->cache[i]; if (unlikely(!node)) - return 0; + return -ENOENT; if (context_cmp(&node->context, context)) { sidtab_update_cache(s, node, i); - return node->sid; + *sid = node->sid; + return 0; } } - return 0; + return -ENOENT; } -int sidtab_context_to_sid(struct sidtab *s, - struct context *context, - u32 *out_sid) +static int sidtab_reverse_lookup(struct sidtab *s, struct context *context, + u32 *sid) { - u32 sid; - int ret = 0; + int ret; unsigned long flags; - *out_sid = SECSID_NULL; - - sid = sidtab_search_cache(s, context); - if (!sid) - sid = sidtab_search_context(s, context); - if (!sid) { + ret = sidtab_search_cache(s, context, sid); + if (ret) + ret = sidtab_search_context(s, context, sid); + if (ret) { spin_lock_irqsave(&s->lock, flags); /* Rescan now that we hold the lock. */ - sid = sidtab_search_context(s, context); - if (sid) + ret = sidtab_search_context(s, context, sid); + if (!ret) goto unlock_out; /* No SID exists for the context. Allocate a new one. */ - if (s->next_sid == UINT_MAX || s->shutdown) { + if (s->next_sid == (UINT_MAX - SECINITSID_NUM - 1) || s->shutdown) { ret = -ENOMEM; goto unlock_out; } - sid = s->next_sid++; + *sid = s->next_sid++; if (context->len) pr_info("SELinux: Context %s is not valid (left unmapped).\n", context->str); - ret = sidtab_insert(s, sid, context); + ret = sidtab_insert(s, *sid, context); if (ret) s->next_sid--; unlock_out: spin_unlock_irqrestore(&s->lock, flags); } - if (ret) - return ret; + return ret; +} + +int sidtab_context_to_sid(struct sidtab *s, struct context *context, u32 *sid) +{ + int rc; + u32 i; + + for (i = 0; i <= SECINITSID_NUM; i++) { + struct sidtab_isid_entry *entry = &s->isids[i]; + if (entry->set && context_cmp(context, &entry->context)) { + *sid = i; + return 0; + } + } - *out_sid = sid; + rc = sidtab_reverse_lookup(s, context, sid); + if (rc) + return rc; + *sid += SECINITSID_NUM + 1; return 0; } @@ -296,6 +334,11 @@ void sidtab_destroy(struct sidtab *s) if (!s) return; + for (i = 0; i <= SECINITSID_NUM; i++) + if (s->isids[i].set) + context_destroy(&s->isids[i].context); + + for (i = 0; i < SIDTAB_SIZE; i++) { cur = s->htable[i]; while (cur) { @@ -311,18 +354,3 @@ void sidtab_destroy(struct sidtab *s) s->nel = 0; s->next_sid = 1; } - -void sidtab_set(struct sidtab *dst, struct sidtab *src) -{ - unsigned long flags; - int i; - - spin_lock_irqsave(&src->lock, flags); - dst->htable = src->htable; - dst->nel = src->nel; - dst->next_sid = src->next_sid; - dst->shutdown = 0; - for (i = 0; i < SIDTAB_CACHE_LEN; i++) - dst->cache[i] = NULL; - spin_unlock_irqrestore(&src->lock, flags); -} diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h index 26c74fe7afc0..e181db3589bc 100644 --- a/security/selinux/ss/sidtab.h +++ b/security/selinux/ss/sidtab.h @@ -22,6 +22,11 @@ struct sidtab_node { #define SIDTAB_SIZE SIDTAB_HASH_BUCKETS +struct sidtab_isid_entry { + int set; + struct context context; +}; + struct sidtab { struct sidtab_node **htable; unsigned int nel; /* number of elements */ @@ -30,10 +35,12 @@ struct sidtab { #define SIDTAB_CACHE_LEN 3 struct sidtab_node *cache[SIDTAB_CACHE_LEN]; spinlock_t lock; + + struct sidtab_isid_entry isids[SECINITSID_NUM + 1]; }; int sidtab_init(struct sidtab *s); -int sidtab_insert(struct sidtab *s, u32 sid, struct context *context); +int sidtab_set_initial(struct sidtab *s, u32 sid, struct context *context); struct context *sidtab_search(struct sidtab *s, u32 sid); struct context *sidtab_search_force(struct sidtab *s, u32 sid); @@ -43,13 +50,10 @@ int sidtab_convert(struct sidtab *s, struct sidtab *news, void *args), void *args); -int sidtab_context_to_sid(struct sidtab *s, - struct context *context, - u32 *sid); +int sidtab_context_to_sid(struct sidtab *s, struct context *context, u32 *sid); void sidtab_hash_eval(struct sidtab *h, char *tag); void sidtab_destroy(struct sidtab *s); -void sidtab_set(struct sidtab *dst, struct sidtab *src); #endif /* _SS_SIDTAB_H_ */