From patchwork Mon Jul 16 18:24:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10527583 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AADA6600D0 for ; Mon, 16 Jul 2018 18:43:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C8AC28DDD for ; Mon, 16 Jul 2018 18:43:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F2FE28F42; Mon, 16 Jul 2018 18:43:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, NO_RDNS_DOTCOM_HELO, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85CF128DDD for ; Mon, 16 Jul 2018 18:43:38 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="599758154" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:43:02 +0000 X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="15798873" IronPort-PHdr: =?us-ascii?q?9a23=3ADSrQeR9YcBomQf9uRHKM819IXTAuvvDOBiVQ1K?= =?us-ascii?q?B62+wQIJqq85mqBkHD//Il1AaPAd2Fraocw8Pt8InYEVQa5piAtH1QOLdtbD?= =?us-ascii?q?Qizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBB?= =?us-ascii?q?r/KRB1JuPoEYLOksi7ze+/94HSbglSmDaxfa55IQmrownWqsQYm5ZpJLwryh?= =?us-ascii?q?vOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3?= =?us-ascii?q?o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RS?= =?us-ascii?q?qt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaOuB+fqfAdt0EQ2?= =?us-ascii?q?RPUNtaWyhYDo+hc4cDCuwMMuFaoIbnp1sOqhy+CRC1CO7zxDJFh2L60bQm3+?= =?us-ascii?q?g8DArK2BIsE84LvHnSsd77NrodUfqtwafWwzXNb/BY1znz54fHcB8vvOmMUL?= =?us-ascii?q?Btfcff1UYhGB3Kjk6LpIz5PT6YzPgBv3SV4uZ+U++klm4pqxt2ojiq3sohlJ?= =?us-ascii?q?PGhpkLxVHE6C533Zo6Jd2iR05mb96kFIVftzuHPIZxXswtWXpotzg6y7Adop?= =?us-ascii?q?60YCgKx446xx7Rb/yIbZKI7gv/W+mLOzt3mHVleLemihu07EOuyfX8W9Gp3F?= =?us-ascii?q?tFoSdJiNnBum0X2xDN5cWLVOFx8lq51TuO1Q3f8PxILEEwmKbBKpMswqQ8mo?= =?us-ascii?q?QNvUnMGCL9hV/4g7WMdko+/+il8+HnYrL7qZCCL4J0kQT+Mrg2msy4HOQ4Lh?= =?us-ascii?q?ACX2iF9uS4073u5VH5T69Qjv03j6nZq4rWJcUdpq63BA9VyZgs5AqlAze60N?= =?us-ascii?q?UXgXkHLFVfdBKBk4fpIE3BLOr9Dfe+h1SgiDZrx/bYMb39GpjBM3fOnbj7cb?= =?us-ascii?q?t99kJQ0hQ/wN9B655OF70NOPfzVVXwtNzcAB85KQu0w+P/BdVmyIweXWOPAq?= =?us-ascii?q?mEMKLdqFOH/eUvI/SKZIAJpjn9MOMo5+LujHAlmV8derOl3Z0MaH+iBPhmLE?= =?us-ascii?q?KZYWT0jtcbDWgKphY+TPDtiFCaUz5TYHCyULgg5jE7Eo2mC5zORoKqgLyH2S?= =?us-ascii?q?e0BIZWZnxYBVCWCnfkbYKEW+0DaCiKOM9ujiQEVaS9S48mzRyutg36xKB7Ie?= =?us-ascii?q?rX4S0YspTj1Nlr5+DImxEy8SF0DsuG3GGQSWF0gn4ISyUx3KBlrkx30k2D3r?= =?us-ascii?q?Rgg/xECdxT4OtEUwk7NZ7Yyux1FcryVxnPftiXVVmmRc+mDispTtIrxN8OYV?= =?us-ascii?q?hyFMm+jhzZ2CqqGbAVnaSRBJMo6qLcw2TxJ8FlxnfGyakhlUUpQstINW28na?= =?us-ascii?q?N/6gvTB5TTn0WfiamqabwW3DTR+2eb0WqOoEZYXRZtXqrZWHAfYU3Wrcjk6k?= =?us-ascii?q?7ZUb+hF64nMgpAyM6FLKtGcNvpgktaRP37ItTRf3qxm3usBRaP3r6DcZbqdH?= =?us-ascii?q?8H3CjGFEcElAUT8mqcOgglGietuWTeAyJyFVj3eUPj7fF+qG+nTk8z1wyKbF?= =?us-ascii?q?du17my+h4InvGcSOkc3rEDuCc8sTl0G0y9393OAdqauwVhZLlcYc864Fpfz2?= =?us-ascii?q?3WqhZ9Pp2+IKB4nVMRaRh4v0b02xVwEIVAntAgrGk2wwpqNaKYzFRBeiuC3Z?= =?us-ascii?q?/tJ7LaMWby/BWgaqLM3FHRzsqW8L8V6Psks1XjoB2pFk06/nV83dlVyXyc5o?= =?us-ascii?q?7WDAcJSpLxVEE39hZ/p77AZCkx/YXU2mNwMaOsqD/Nx8opBPc5yhanZ9pePr?= =?us-ascii?q?mLFAvuE8IEHciuM/cnm0a3YRIeJ+9S6as0M9mhd/uc166hJPxgky6+jWRb/I?= =?us-ascii?q?B91VqB9yx9Su7M25YK3eqY0xCdWDjillehtdr7mYdeZTEdBmC/0zTrBJZNZq?= =?us-ascii?q?1ueoYGEXmuI8yrydVigJ7tQWRU+0KjB1MB3s+pdgGfb1j83Q1Wz0sXu3unlT?= =?us-ascii?q?G/zzxunDEjtrCf0zDWw+T+aBoHPXZGRG1jjVf3PYi4lssaU1asbwgokhul+E?= =?us-ascii?q?n7yrNApKRnLmnTR0ZIcDTtL214VKu/qKaCadZV6Jw0qSVXTPi8YVeCR77npB?= =?us-ascii?q?sa1yfjEHVExD8ncDGrtI70nwdniG2BN3Z/tn3Zedt/xR3H/tzTWeZR3iYaRC?= =?us-ascii?q?l/kTTXBUazP9+y/diPlJfMrOa+V3mnVpJNbSnn14SAtDG05WdyGx2wg+izms?= =?us-ascii?q?H7EQg9ySL7z8NlVTjMrBnieonkzaK6Mf55cUlyH1L89tF6FZ9kkosrnp0Qwn?= =?us-ascii?q?8ahoiP/XUbj2jzP9Jb2bjxbHUTXzILxcDa4BT90k15Mn2J3575VmmawsZ5ed?= =?us-ascii?q?m6ZH4Z1zkj78BMFaiU7KZInS1rrVqktQjRe+Ryni8Byfsy734Xm/kJtxAwzi?= =?us-ascii?q?WZGb0dAUhYPTDslhiR4dCxtqNXaHyocbiq20p0hcqhA62aogFARHb5fY8vHS?= =?us-ascii?q?Fq4cV5LFLM13jz55rqeNbOcN0TsQeUnA3Yj+hPL5IxlOQFijZ7OW7nun0l0e?= =?us-ascii?q?E7hwR03Z6mpIiHN3lt/KWhDx5dLDL1Y8cT9S/xjaZChMmZxZuiHpN/FTUXR5?= =?us-ascii?q?vnUeinECoMuvj9MQaBDiE8oG+BGbXDBQ+f9Ftmr3XXHpClLXGYOmQWzc54Sx?= =?us-ascii?q?mbOExfhxsUUS4gkZElEwCm3svhcF125joJ/F73tgNMyv50Nxn4SmrfvBmnZS?= =?us-ascii?q?wqR5iZLRpW8gZC6lzUMcOA8O18ATtU/pq7rAyCMmabfRhHDXkVWkyYAFDuJq?= =?us-ascii?q?Kh6sLH/+icB+q+NOfOYa6UpexFSfiH2Yij0pB48DaIN8WPOGRiDvIg10VfXX?= =?us-ascii?q?F5AdnZmy4VRy0ZjS3Nc9WbpBC6+iFtqcC/6vvrUhr15YSTE7tSLclv+xeujK?= =?us-ascii?q?iYNu6QiyF5KTBD25wR23DH07kf00QUiy10cDmtC7sAvzbXTK3Mgq9XEwIbay?= =?us-ascii?q?RrOcRS4KIzxBdNNtDAh9Pyzr53kPg1C1JfWlzgnsGmfssKIm6nOFPAHkaLO6?= =?us-ascii?q?yMJSfXzMHvfaO8VbpQgf1Itx23vDaXCVXjPjOCljb3URCgKvtMjCaFMxxdo4?= =?us-ascii?q?yybhFtCW3/Q938cR27LMV7jTsozr0onnnKL3ITMSBgc0NRqb2d9SFYgvV/Gm?= =?us-ascii?q?xZ6XplKeiEmzqH4OTDL5YWsOdrAj5qmO5A53Q60bRV5jleRPNpgCvSssJuo1?= =?us-ascii?q?a+n+mMyjtnVARBpy1OhIKMs0ViN7vW9oVcWXbE+xIN6HufBw4Mp9R7Ft3lo7?= =?us-ascii?q?pQxcTXlKLvNDdC9MrZ8tUEB8fOMsKHMWEhPAHxGDHOFgsFTCWrNXnbh0NHjP?= =?us-ascii?q?6d6GeZrp8gqpjjgJAOUKNUVEQpFvMGDURoBNoCL4ltUTMgirObj8kI5WGirB?= =?us-ascii?q?bLQsVapZPHVvOIDfXpNjmZkaFOZwEUzrPgMYQTKor71lR4alZkh4TFBVDfXc?= =?us-ascii?q?pRrS1hdQI7u0RN8GJjQW001ULlchmt72ETFPKumB45lBd+a/w39Djw+1c3Ok?= =?us-ascii?q?bKpCwonUYsntXlhzaRfyPvI6e0XIFbEDD7uFYrMpP8WQp1aheynUN8PjfeW7?= =?us-ascii?q?1Rl6dgdXxsiALEpJRAA+BcTaxZbx8L3vyYfe8o0U5bqiSp3k9I+/fKCYZ4lA?= =?us-ascii?q?srbZ6tr2hM2wR9Y94pPabQPrZGzkBMhqKSuS+lzuQxwAgEJ0kT9mOTeSkItV?= =?us-ascii?q?cHNrkgOiqk5Ots6RaNmzFbYmgDS+Iqou529kM6I+mA1Dzv07pCKkC3KuyeIL?= =?us-ascii?q?iUtHTHlc6NXlw/zFgIl1Vf8bhwz8gjb1KeV1ozw7uJCxQJKc3CJBlJb8pT8X?= =?us-ascii?q?jTejqOseXNwJ9uIoq9F+DpQvWVu6oOhEKrAhopFZwW7ssdBpmszF3YLcD/Ib?= =?us-ascii?q?EfzRUt5RjkK0udA/RMeBOLljAHo8elw5JsxoZdJysSAWNkPSW5+7bbvAkqj+?= =?us-ascii?q?SfXN0ueHcVQpMENm4qWM29gyNWpGpPDD+s3+0D1QeC8SHzpj7LDDbmddpiZO?= =?us-ascii?q?2YZRR2CNG54T8/6bS5iUbL8pXCIGH3LdtiusLO6eMeo5aIFfZUQKJgvEjCgI?= =?us-ascii?q?ZYRmalU2jVHd6yPZjwZJEmbcboBXaiTly/lzU1Qt/rPNarL6iHnQHoRYFQsI?= =?us-ascii?q?mAxD4tLNKzGCsCFhl3vOwM+KV8ZQgfbJUheh7oqx4yN6qhLweEyt+uWXqiKS?= =?us-ascii?q?NKT/lDyuW3f6ZXwDA2bu+903QtVY06z/Ot/k4TWp4KihDexfCsZ4laUCjzFX?= =?us-ascii?q?xdexnBpSUjjWhhM/w+wuEhzxPUqVMcKSyEdPR1aGxYuNExHV2TLW9qBWo4Rl?= =?us-ascii?q?+ciIvD7RSv370J/itSgchb3vNfvHj5pJ/fbyqmWLa3ppXNryogcd8mrrV0MY?= =?us-ascii?q?P5OMuGt43RniDeTJnWvQ2ISyC7GOBcmtdMJCJYR+RIlnw+OcAcv4pO91YxXN?= =?us-ascii?q?8kJ7NTEKksuqyqaT18ACEI1y8ZSoWA0CYBguqn2rvalxaQcIg5PxAetpVNnM?= =?us-ascii?q?cdWTZsYiwCvK+jS5nWl2icR2gKJgcT8RpD5AYemY91YO/l/JDITZ9Xxj5Ru/?= =?us-ascii?q?J7TC3LFpxy+Fv6TmGZml/4Sfq7n+yuxwJSw+rm0sMHVx5nFUhd2+FWm1M0KL?= =?us-ascii?q?FwLqkdpZLKviONdUzhpm7tzvWpJEVJw83Oa1L4FJbFtXb7UiAE+30UQpFAxW?= =?us-ascii?q?rCGpsMiAp2drwrpElSL4+7YEr+4SIrx5hxFbmiSc+r30olrWoBRyqyHdpBEf?= =?us-ascii?q?tpsFTLVz1keJCms5DlO41TQmNJ452cpUxZnF9qMy6jxppWM9tN7SIUXDhTvT?= =?us-ascii?q?Wdu8O/SNFe1sBrDp8DONN/tmzhF6NDPZiev2c5uqfzynPD/TAzrku6zi2pG6?= =?us-ascii?q?CkV+JZ43EeGgIxKmSGsUkvE/Ej/XrO8l3WqVB0+PpbBqKTgkpvpjZ9AopOCS?= =?us-ascii?q?xN1Xy/KFRzVnZGuf1AKKvJa8xcX+UyZRi3NhMlG/4pw1CF8ENpkXr3eCF9qg?= =?us-ascii?q?xa+yXBUAYuTikVnq3hmTsApcG7ITUaUY5HbS09byfZLAKWgTpXswhCZEFqQZ?= =?us-ascii?q?8ZHs1I+7Uc3YtK4MXOV1qjKSYYUxN8LA441+RQlVJbukWCZS/dFRaoderIsh?= =?us-ascii?q?BvYceRttCmI+rk8wpcl4PntPw4978ZSH24mA2tRtTeoJHgttGQsUuObqj4Of?= =?us-ascii?q?WmYXDdVDjMkQywhbA8ApnI5SfTKg1bK4J+yXU+f5jsEmvLPQlCJ6IHJkpUSa?= =?us-ascii?q?F6Zs9AouBBfcNkf7wJ+aB1DBKdWhzvAJCvrOVBLlvLRzTRNSOB8uKloYLU8L?= =?us-ascii?q?PSV/PtZtCWyHbBWKJ3OY126T/lFLf2yYVe4Fb52u9x9kNmTljLKyaBrND6Kw?= =?us-ascii?q?MK4smic1HuvpwvHTPYGpd/imHtxl1ad8oKXyKq7IkYyIlH53rqTuJ4yEfzuv?= =?us-ascii?q?VI97Z48Yk3/6xpycCsKKfUKPRVrUhnAhyOCQVx7JktAW9/R2dKYu8KM/rReK?= =?us-ascii?q?sUjM/0p+DwDawX5wWf+/ZFZtvfO0HBhs6/BymARhNemAcOtyUaLhec1v6CgK?= =?us-ascii?q?J0Utqqpenn1UIr/1i+LwQJwKpr5Yia5qqCvPXXYAfJzbgYRqjqQdv+rrA3u0?= =?us-ascii?q?OX5fApj7AOdXJobA2gCugSTNYdxn3nzaAo0y0jD9/DE6jn+P5ZWHIzhijglI?= =?us-ascii?q?xlH1UKBvMUGqKG/YZfnmc9gOHZM8MZc6BclWaVFB6kFLACxWSt6ySJPGlvmg?= =?us-ascii?q?vO3A3oQWOv8F/2qjd1QSrNztj5iEVaSqK6BVxMUCq1J0B3rCmDPA3ytNr4oa?= =?us-ascii?q?419l05MnT4tNKRk2usIKhYH8zkJN2SOyY0plMXjIEpRtO1xIAbHcGwL8sW8H?= =?us-ascii?q?5jcPTR8X6rkzVGo6ddnYXS+MaV+u/YHXO4la2Vt62NxCxEyng/pVw/8sqvNu?= =?us-ascii?q?3S6N2KTfWo0HwRTyRmtwvaQRG1rr3br1YJOU2Ey0rLgJYFPs1F0nk42EDm4/?= =?us-ascii?q?IjQNEp+AVdCInAffUCqi73ODfuxlafed03XDGE0zRLBlL1DUV4GK8k1WL/os?= =?us-ascii?q?3Jk2vQ+1ovRoV3bEzomxh3D4Q+KUIw51ka2S4DHhYXaRGbFr6kH0LlIpUYVU?= =?us-ascii?q?IbcxSIwKC6ersr3U102r6g+O3TYvZgCKcWKvldiQqOnFxaGp0Iq60eXKxzdE?= =?us-ascii?q?Nd9KLNoQjiEYfnVeD8lXUsLf21Xtxa8ccBunsn5Qa/QQag6Zhd4LsAjZCId7?= =?us-ascii?q?RLYZ7Ss8Bg4UZn4iQPdi9WgBRliRO2T/wcrvj54tfHqJqo9vquVKE1SuUY6x?= =?us-ascii?q?c0HH9+g4Ltjl4sp9/X1uFcSpDaiInk/wBNJmSFuIDE3BVmLuoOMY2rdq5693?= =?us-ascii?q?obPygeO24OPd2OZvk+5C9tMDPT60ZeDcMMYdMYIdfCmAFVik3vQ7FT9cvbF0?= =?us-ascii?q?SGC4dyacAn9W73xy008ZcmVObv9iO2L4jF715RJ/NDkDlslNXaqegU3/rdEi?= =?us-ascii?q?4X7GKdaxho3yyCyp6NC+3q8eWL0tHUWEsMHjQqXIdFODqC5QunS/K3lJr3XA?= =?us-ascii?q?OU5MvzjYkwdU2KQHy+grgFvrxKEeFeliXxxiJeGZzth/KJr9qs73NatlJDEI?= =?us-ascii?q?Z04xzKBqFfPpFgNBTjkcmrQEl8CTfldMHSaBUupPKcxv0Q7OVmK0v+eYgbLw?= =?us-ascii?q?oBy7L76npVTQxuRaX0vlmDXuIRY91mR+3CrnxP74JvNbMPNkCHpJP2tjdItE?= =?us-ascii?q?w2AAgxZbArsDNacFXOkRZOW6bwv74AlhccUcBntkBRA26wP3g+5zXfX6RPkK?= =?us-ascii?q?aREOAV8imUTqEWS0VoNSd+TAmv2JRgfLupmf5Hv3hDniN6p/gqyCJpSwemuS?= =?us-ascii?q?3rvKINwjMg+Le3tDkbvnxFVOqemT/SCVpf1PQKkbscC3H65FyyfnYDaIry4K?= =?us-ascii?q?F5Ksn79Igh4nE/YRA9cC0cWeSvFTv8j6SSAoyAqNhcngKCuN3Sbb+vKigfLr?= =?us-ascii?q?o8yQr5R3h8zgfRgg1l8G4KQjW89t8rOp+xOcE/xiqnAWLbbkoD4rtVsMvtsl?= =?us-ascii?q?4GVOw2aVd/z2h4ysiHQjcCRNfTG2Y0kgckdX9Ef4xd5hMAEaknnCqItLFc/g?= =?us-ascii?q?4IeDfUDpil+o7IkMfM2Hk9S8pqx23Pqq2Bh5Mqy2Flm8hv4y6PonsScevYX9?= =?us-ascii?q?VrAnjp2YdV0fb+aOm1suAbVItmz6ysUPoYPca/+Wu22ZNqWki+y7QAHlq5Nv?= =?us-ascii?q?EMxrPaUyejVG2ZVv6Hc2+WnzY2KkTy/wWnLkUraMdWqE8wKunCiYRflw3mSr?= =?us-ascii?q?x5XTiQpVnHzGwjNuMaag02uIe7ewAQSu4eefScL/A0wPIiEFsMc2PJHSxuBu?= =?us-ascii?q?+tv16tmZR0NnRj7Ejhf+Ti7BrmMNqTGxkDF47WtJhx9uKmRjHJBXg16CZXdB?= =?us-ascii?q?1w9uHCBxEqu+RBaZeNjJ3VgNhm1eMtafhgK2s+t8QVl4Yl7pObhoPCVTL169?= =?us-ascii?q?6mIdDTv+jdAPDFyUkuUn9VX6BfYg7v4Yg+eNkjVOuXVYNQoBBUIK89WpFpY3?= =?us-ascii?q?/46aVcNApudkvUY7Ouj4/hoefdItNvu3LO7l82ZBzZshkHx+38GRd3dLi2ln?= =?us-ascii?q?7yJ9Y2XTsHoNpzXF8uJ6YHP8IGshrvV4WZnKC9ls+Z51Jxu+hMt7H5TP/Nyo?= =?us-ascii?q?L9l89KerFxxgmHPS3aGbJwqkBklfipxK+ZlJ7rBomqLeghfcNYB2LEcbTbBZ?= =?us-ascii?q?6XLjOVJtm6IxcA9KSThvYxcBKRYmjbWKqPsjapMr0w40I7zMp6e+rayicg6Z?= =?us-ascii?q?nQ0d31YWBQryPlpnmMYt8Xz1HHHqT1WBVXAa6G/Wt+FqoQbqP/9P0JNN0/xZ?= =?us-ascii?q?6b+QYlqHx+3deePq/pjkbK1kszIYrWKkT02iB8WoQQJhm7GUpphWjHpzLGCH?= =?us-ascii?q?dBNMHiL8Qrgs7DSlTP7kx8gikIYXRbG3GgEdWUPnIB2tmWYgSP+QMNCMwMyb?= =?us-ascii?q?2ZY0k944a7UuR5cq5Omey3urEKi549ICjUSdlyJCrQJaJ4OjdLS+7G4lMvZ0?= =?us-ascii?q?hX4PAORo4paM3Wcws8O0CaxHa3nFOYix/9asCs2aCVIS0f7nRAyfff3CNRox?= =?us-ascii?q?Wi46rC0NDjUbSAPYn/BKKUPScgTT7cQD0zFQCs+FP33phMp+KWdEEYpF1ceS?= =?us-ascii?q?eOEEgLvKk6ptHLA377guZjdYAEgP2AHiv5DiZ/kflXZG5QrU7ZZf0FGEHNam?= =?us-ascii?q?P5xm9VuQisPPhJqHnsdLCJ7rFeW+ULDI9BaLiSSp3TfvUNQlVgjS0XbcC7ed?= =?us-ascii?q?CUtLMlyhTIQG8eRrHP70GbRVWKT+a03DXtXI5O59Zx4HRu8dXWhSptVaHBPr?= =?us-ascii?q?LZqCf3tJ+xjCGf/+bZUzpIAQQ5g+MHVXGI2wIIaHoFBNccpFz3T+aealxN2n?= =?us-ascii?q?MkhaMm2xIFdAlpFHw7+mxfnPG6XMZeTFM=3D?= X-IPAS-Result: =?us-ascii?q?A2C6BwBw5kxb/wHyM5BcGwEBAQEDAQEBCQEBAYNGgQlKE?= =?us-ascii?q?iiMX409gSGBX44thEyBXyoUhQSCQDcVAQIBAQEBAQECAWwcDII1JIJeAwMBA?= =?us-ascii?q?iQTBgEBDCALAQIDCQEBQAgIAwEtFAERBgEHBQYCAQEBGASCf4FoAxUDnj+KG?= =?us-ascii?q?4FpM4JxAQEFgQIBAV+CNQODJwgXh1SDLYERJ4I1hH0BEgGFdYdnhHI9LowaC?= =?us-ascii?q?Y8haodVhSwrjBSHLCJhcU0jFTuCaYIZg2iKHAFVT3yKYII5AQE?= Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 16 Jul 2018 18:42:59 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIgwCx023918; Mon, 16 Jul 2018 14:42:58 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w6GIb8h0024462 for ; Mon, 16 Jul 2018 14:37:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIbHQK023517 for ; Mon, 16 Jul 2018 14:37:17 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CnBgAE5UxblywVGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNGgWUog3yIY4tdgWCBIYFfji2GMoR3AkKCHyE3FQECAQEBAQEBAhQBAQEBAQY?= =?us-ascii?q?YBkyFQwMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFQOeRIobbnszgnEBA?= =?us-ascii?q?QWBAgEBX4I1A4MnCBd0hmCBF4IWgREngjWIMYJVh2eEcj0ujBoJjyFqh1WFLCu?= =?us-ascii?q?MFIcsgXRNIxWDJIIZGhqDNIocAVVPjhUBAQ?= X-IPAS-Result: =?us-ascii?q?A1CnBgAE5UxblywVGNZcHAEBAQQBAQoBAYNGgWUog3yIY4t?= =?us-ascii?q?dgWCBIYFfji2GMoR3AkKCHyE3FQECAQEBAQEBAhQBAQEBAQYYBkyFQwMDIwQZA?= =?us-ascii?q?QE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFQOeRIobbnszgnEBAQWBAgEBX4I1A4M?= =?us-ascii?q?nCBd0hmCBF4IWgREngjWIMYJVh2eEcj0ujBoJjyFqh1WFLCuMFIcsgXRNIxWDJ?= =?us-ascii?q?IIZGhqDNIocAVVPjhUBAQ?= X-IronPort-AV: E=Sophos;i="5.51,362,1526356800"; d="scan'208";a="324772" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 16 Jul 2018 14:37:14 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AR+8SMxN8/G+UJfisaO0l6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0K/76o8bcNUDSrc9gkEXOFd2Cra4c1ayO6+jJYi8p2d65qncMcZhBBV?= =?us-ascii?q?cuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx?= =?us-ascii?q?7xKRR6JvjvGo7Vks+7y/2+94fcbglUhTexe69+IAmrpgjNq8cahpdvJLwswR?= =?us-ascii?q?XTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3?= =?us-ascii?q?sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qi?= =?us-ascii?q?qp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzcaTfctwARW?= =?us-ascii?q?pBWcFRWzVYDo6gYYYCDvcNMf9Eo4XgulACqQWyCRWpCO7p1zRGhGL53bci3u?= =?us-ascii?q?o8Dw/G0gwuEdEAvnvao9r6NrsdX++uwanUzzjOde9a1Svz5YXKdB0qvPGCXa?= =?us-ascii?q?h3ccrU0UQiCRnKjk6Opo3lIjiby/gCs2iB4Op9W+Kvj3AoqxtsqTWo2sgjkJ?= =?us-ascii?q?LJiZwVy13f7iV23IY1KselSE51Zd6rDoFQuziGOIRsWM8tX2ZouCMjx7AApJ?= =?us-ascii?q?W1fzAKxYw5yxLCZPGLaZaE7x35WOqPPDt0nn1odb2nixuz80Ws0PDwW8iw3V?= =?us-ascii?q?pQrydIksPAum4T2xHc7MWMV+Fz8V272TmV0gDe8uFELl4wlarcM5MuzLw+mJ?= =?us-ascii?q?kVv0nNACL4gln7gLOWe0k+5Oen9eHnYq7pppOGMo97kAD+MqA0lsy6AOQ4Nh?= =?us-ascii?q?ACX2md+euiyL3u5VP1TKhFg/EsjKXUv4rWKdoGqqKjDAJY3Z4v6xOlADen1N?= =?us-ascii?q?QYk2MHLFVAeB+fk4fmIUrOL+74DPqkmFSjjDdryOrbPr3vBpXCMGLDnK79cr?= =?us-ascii?q?ln8UJT1A0zzdVH65JOFr4BOO7zWlP2tNHAFR82LQi0w+fhCNVg2YITQn6PA6?= =?us-ascii?q?+FP6PStl+E/OQvI/KWa4MPtzb9LOYltLbSiiodonpVKa2o24YHLWu1Fel8Il?= =?us-ascii?q?mIJH/rjsoFHE8UsQckCu/nkluPVXhUfXnkG+oYxRUeQNaiDIHeVsWujaaH0S?= =?us-ascii?q?OTAJJbfCZFB0qKHHOucJ+LDbNEUCuPJodElTseWPD1U4Y80Tm2vRL+jr9gKf?= =?us-ascii?q?DZvCYfsMSnnONp6vXTmBd6zjl9C8CQwinZVG1vtn8ZTD8xmqZkqApyzUnVle?= =?us-ascii?q?BDrrR8FNpO97sdSQo+NJjB38RmGtvyXUTHZd7PR1G4FJHuSwoUZ/kShtMPeE?= =?us-ascii?q?1gAM6KihHYwzHsW+ZTkKaETtRgyYf19Fu0K8dmwGvdz4EljkI6WY0XbCuhnK?= =?us-ascii?q?Eps0DxAI7P22eel6+sbqkalHrP82eFi2iJvEheSwN2ea7MW3cZZ0DfqZLy4U?= =?us-ascii?q?aUC/eNBLk8eiBGzs3KfqhHZ8biilJFbPzjItPbYn+03WCqCkDMjo+BcJH3fC?= =?us-ascii?q?091SPRAQBQiw0V8muHM009Cz2nrmb2DXlqEkziJVjl8vRkoTW9Qwk211fOJ2?= =?us-ascii?q?9o0reusjsSn+adULtH3LcDoj0gsB1yFVOw3pTREdXW9CR7e6AJStom7UYP7m?= =?us-ascii?q?nZvhFzOpG6Z/Rpj0UTYixstEPnyhtzB58FmsFsp3QvmlkhYZmE2U9MImvLla?= =?us-ascii?q?v7PafafyyipEr1OafLxlHT1sqX8a4T6fM+7k/upxytClF4qCg1ztlU1yLN/p?= =?us-ascii?q?ySUEwfXJfqXQAy/hl+4bTbZnp1/JvagFtrN6T8qTrew5QxHuJwwR+7csZ3K6?= =?us-ascii?q?iEHRL8F8AAQsOnbuctngvhdQoKacZV8qN8JMa6b72D0a+vMvxnmWethH9K8a?= =?us-ascii?q?hm2UKF6iR4R/SN1J9DyPadjUOcTzmpqlCnv4jsnJxcIzEfGm3q0S//GItYfb?= =?us-ascii?q?F/Z64QDmGvKJbvmJAk2djmXHhD8UTlAloH3ImmYEPUflX92goW3kMS8jSrmi?= =?us-ascii?q?q9miR9iCph7rGe0yrH3/n4eVIZN3RKSmhvgRakIYW9g90AGkn9RxkglByio0?= =?us-ascii?q?39wqU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AoBgB25UxblywVGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNGgWUog3yIY4tdgWCBIYFfji2GMoR3AkKCHyE3FQECAQEBAQEBAgETAQE?= =?us-ascii?q?BAQEGGAZMDII1JIJeAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgxyBaAMVA55?= =?us-ascii?q?EihtuezOCcQEBBYECAQFfgjUDgycIF3SGYIEXghaBESeCNYgxglWHZ4RyPS6?= =?us-ascii?q?MGgmPIWqHVYUsK4wUhyyBdE0jFYMkghkaGoM0ihwBVU+OFQEB?= X-IPAS-Result: =?us-ascii?q?A0AoBgB25UxblywVGNZcHAEBAQQBAQoBAYNGgWUog3yIY?= =?us-ascii?q?4tdgWCBIYFfji2GMoR3AkKCHyE3FQECAQEBAQEBAgETAQEBAQEGGAZMDII1J?= =?us-ascii?q?IJeAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgxyBaAMVA55EihtuezOCcQEBB?= =?us-ascii?q?YECAQFfgjUDgycIF3SGYIEXghaBESeCNYgxglWHZ4RyPS6MGgmPIWqHVYUsK?= =?us-ascii?q?4wUhyyBdE0jFYMkghkaGoM0ihwBVU+OFQEB?= X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="15798283" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa05.eemsg.mail.mil ([214.24.21.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 16 Jul 2018 18:37:14 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;524a4da6-e36d-442e-af72-65fca46935f3 Authentication-Results: uhil19pa04.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic306-26.consmr.mail.gq1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 296324015|UHIL19PA04_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 98.137.68.89 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3A6EAQIRReQgpg/aqaH4rI9UIrV9psv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa67ZhePt8tkgFKBZ4jH8fUM07OQ7/i+HzRYqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjWwba9zIRmssQndqtQdjJd/JKo21hbHuGZDdf?= =?us-ascii?q?5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXM?= =?us-ascii?q?TRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlD?= =?us-ascii?q?kIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94VQmhOUdxRVyxGBYOw?= =?us-ascii?q?dpIDAvYPMOtZsoXxvkcCoQajDgWoGu/j1jpEi3nr1qM4zushCxnL0hE+EdIAsH?= =?us-ascii?q?rar9v7O6kdXu+30KbGwi7Ob+9U1Drn9ITEbh4srPOKULltccTR004vFwbdg1iO?= =?us-ascii?q?s4PlJC2a1+QQuGaG8+VgVfigi3MpqwF1vDev3Nonh47ViY0P0VDL6yV4zZ0uJd?= =?us-ascii?q?KkSE50e8OkEJVUty6ELYt6W98tTHtytCkmzb0GvIe2cS4Xw5ok3x7Sc/iKfouS?= =?us-ascii?q?7h7+WuucIy10iXNmdb6lhBu/9VCsx+z+W8WuzVpHry5InsPNu30NzRDf9NaLR/?= =?us-ascii?q?R780y8wziAzRrT5ftBIU0slarUNZohwrkom5oItkTDGC72l1n4gaOKd0go4/ak?= =?us-ascii?q?5uX9brr6oZ+cMZR0igTkMqg0n8ywG+U4MgwUU2iU4OSwyafv/E3jT7VKif02lb?= =?us-ascii?q?PVv4zdJcQevqK5AglV3Zg/6xunCzqr084UkWQJIV9HYh6KjovkN0vNLf38Ffu/?= =?us-ascii?q?hk6jkDZvx/DIJL3hBZDNI2Dfn7j7ZrZy9U5dxREozd9D55JbEKwBIPz3WkDvrt?= =?us-ascii?q?zUFwM2PBauz+n7D9V905sSWXiTDa+BLKPSrViI6/o0I+aSYI8VuTD9K+Uq5vP1?= =?us-ascii?q?kX84mUMSfamu3ZcNbnC4Be5pL1+WYXrrnNdSWVsN6y4FaaS+jFyETC4WfHu5Qr?= =?us-ascii?q?g9+iB+DYWqEIPObp6ijabH3yqhGJBSIGdcBQbIWVPLU6DMD/MNbj+CZ8xsiDoJ?= =?us-ascii?q?UZC/RII7kxKjrgn3z/xgNOWCvmUgvI/nnP1y4Pfe3UUq/CFwJ9yUzmXISmZzhG?= =?us-ascii?q?5OTDgziuQ3mlBw0leO1+BDhvVcEdFCr6dSXhwSKY/Xz+s8Dcv7HA3GYIHNAG2L?= =?us-ascii?q?CvGnBywhBoYqztsPZVttM8mzhRDEmSyxCvkakKLdQNR+yYf19Fu0K8dmwGvdz4?= =?us-ascii?q?EljkI6WY0XbCuhnKE1v1zoIqfisACVlr2haL8H9CrM73uYizLX+kZCX1g0GYfC?= =?us-ascii?q?XXZXREzWpNLi60WKG72pCbJhMAxBwMiZJ61iYdTvilNHT/7nft/ZZjT100S9CA?= =?us-ascii?q?3A7bSLb8K+eGgQxy7aD0ssmAAJ+nOHKA14AT2u9SaWMDFyDk/oK2Pl9+V34Cej?= =?us-ascii?q?Q0k70gCMKk5szby4/jYUwPibVf5VxbsHpT0o7TN5WlSliZaeKdOFqhEpWaJGe9?= =?us-ascii?q?ImqANF0GXDrQ1mFpqpKq1jwFkEfFIkkVnp0kBcA55NgIARp3Mj0QR2JLjQhFhI?= =?us-ascii?q?bD6J9Yv7OrTKJG3/5lWkYujd3VSIg4XewbsG9Plt8warhwquDEd3tiU/iogH4z?= =?us-ascii?q?6n/pzPSTEqf9f0W0cz+QJ9ouiKMDI254rJ23lhK+y/u3nJ3Nd7XLJ5mCblRM9W?= =?us-ascii?q?Nea/LCG3C9cTXpj8M+cqkkWnah8eeetbsqUzOpH+LqbU6OuQJO9l2QmeoyFH7Y?= =?us-ascii?q?R6iRPe7C16S+WTh8hAma/e1QyBTDLmylKos8SxlpkdIyAbHm24jyPjAdwJaw?= =?us-ascii?q?=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C9BACK5Exbh1lEiWJcHAEBAQQBAQoBA?= =?us-ascii?q?YUrKIN8iGONPYEhgV+OLYQ4gXqEdwJCgh8ZBgYyFgECAQEBAQEBAQEBEwEBAQg?= =?us-ascii?q?NCQgpIwyCNSSCXgMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFZ5Gihtue?= =?us-ascii?q?zOCcQEBBYECAQFfgjUDgycIF3SGYIMtgREngjWIMYJVh2eEcj0ujBoJjyFqh1W?= =?us-ascii?q?FLCuMFIcdDYF2TSMVgySCGRqDToocAVUfMI4VAQE?= X-IPAS-Result: =?us-ascii?q?A0C9BACK5Exbh1lEiWJcHAEBAQQBAQoBAYUrKIN8iGONPYE?= =?us-ascii?q?hgV+OLYQ4gXqEdwJCgh8ZBgYyFgECAQEBAQEBAQEBEwEBAQgNCQgpIwyCNSSCX?= =?us-ascii?q?gMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFZ5GihtuezOCcQEBBYECAQF?= =?us-ascii?q?fgjUDgycIF3SGYIMtgREngjWIMYJVh2eEcj0ujBoJjyFqh1WFLCuMFIcdDYF2T?= =?us-ascii?q?SMVgySCGRqDToocAVUfMI4VAQE?= Received: from sonic306-26.consmr.mail.gq1.yahoo.com ([98.137.68.89]) by uhil19pa04.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:35:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1531766156; bh=Dd4m7Xq0qH0NeT2lJZsd5AZOWVtJDyfeo3g6Gq2Cuc0=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=dckqUWLmIkh9ErBLC0zTC28RHjUomD8iEMPOgA70ycVWTcgSU+bPwJHr0mEZRl/bfT4aYzasITodzuPKoN0KOd3LFcUIE6auGbDzNXTukaL6gacNoY97mkQWXhNaoyFBwVDwMozUarck5Ukci6Kk2szrq6/vUm8BLcZE5Skucy6Fgp8kT46/g0J2DhhXuab2WCFOZrMA1iaN/rEl604Lvb5TdUJvoIxASOXsJnNlxQG/SZ0CKfrX0wKlUsDkDrK/+6hhW7oTFiS4YVoJCatw0O9y13o86XueZBlQRQD8xq1l1f308AGkLwknqKBSTPulxsVW8dY1f7qrIuIw358lhg== X-YMail-OSG: 3YshZicVM1mvhk2AHtAblXx56pYzM8YQqCdjIKIXyIze.3169KQYTvtykSRqLNd S28EKqAalTTFgy0CzZoM4EL0TQrZ8hXIWjwl5HG8x87Efw0awDAtQM_a6PwVEqD56J04JoxVP5Vl rGDe_CbzYeWpJzRtF2wRrOLbw6spMj3nkW314aaTD3bmSD1zGxjwIEu.nt.AoMFkhTHv12UrO5Z6 ncTpWAW0NQK82YLJxp69WN_S2C3I.7Bvxxm.uiwyhAx5bOeTSrAsL1XAA4r.KANkkLYVqkJ7TquB vOKJ8oBwejTQoCE9DHRLdOHCDCOJ_BUvI0XcYNT41oETJnAcbqE_oz7.YuEIO8B6NQCb1lzbcFY6 4Sc7ycxxnjAT95xtKvZ1SZVo3nIwFpp22YqEj_7QZ1uDVY.PGkvYM7hWmol9IadDEGN8YZxXHLpu 0fU2EqJJv1tIjhZpAyBkcXxGwjsBGWsWNPWKaSqxPgdR72ZatXUTJQ3kgKzIV7AIRdBwU7Tcmkws oFj.KXpv3R._2UIBQ0V0JPAm0W6mJMn1RJMVulEBdkBHacqKUMfAbtCcFR8trmW8RE8bDLD7tZPg CDwklTBxfOUdkl_c2sXz78R6ob4CwkbUdM97A4NWd9wah5ZjGaFNXJrELb2uZNPTs.c6peN8Hhnw ccMTWhYCK0dqI8X1tSJeE1SZVQ17n7t92KvM2V0RPDbKOMZz1X95K9qWeArcoFWQ1d8GBNMRtbvy 4Z7X5qu1OLZBJRpXiR0QyFFyxEBlpxuvtYCW5GLKvtleuq99zYln.UDGMhJNfP1Ts4_7JO5w_u7M Nvjb.HdEYz5U84KWYW4tErNWYByYw.fBmqECJGRmG8yjqITY.tdDEK7AvESKornXuSirvNO0Q8N4 euZ4Qy3kV.s1SO5mYvRmmtspfIugULTefGB_UTKK8Sy.P83qMrN4LaWTpxwfqGCVBbUtxNOsKIVG QX2vMfSN5.xHHlw9rhof_zKnTAvUDQ2e.T9h0K2qQlsLBIe34iPQmU2mvc7dmjgqC5z3m3Bx0px1 G_AszodxWpdV62LAejr0pWI8cn2JVJBI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Mon, 16 Jul 2018 18:35:56 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.100]) ([67.169.65.224]) by smtp410.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID f8ec6a604de8f167c8cb3f4cf8695d7d; Mon, 16 Jul 2018 18:24:45 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Mon, 16 Jul 2018 11:24:42 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Mon, 16 Jul 2018 14:38:37 -0400 Subject: [PATCH v1 20/22] Move common usercopy into security_getpeersec_stream X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP [PATCH 20/22] Move common usercopy into security_getpeersec_stream The modules implementing hook for getpeersec_stream don't need to be duplicating the copy-to-user checks. Moving the user copy part into the infrastructure makes the security module code simpler and reduces the places where user copy code may go awry. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 10 ++++------ include/linux/security.h | 6 ++++-- security/apparmor/lsm.c | 28 ++++++++++------------------ security/security.c | 17 +++++++++++++++-- security/selinux/hooks.c | 22 +++++++--------------- security/smack/smack_lsm.c | 19 ++++++++----------- 6 files changed, 48 insertions(+), 54 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 7c321d11d994..8d247e7ce2fb 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -846,9 +846,8 @@ * SO_GETPEERSEC. For tcp sockets this can be meaningful if the * socket is associated with an ipsec SA. * @sock is the local socket. - * @optval userspace memory where the security state is to be copied. - * @optlen userspace int where the module should copy the actual length - * of the security state. + * @optval the security state. + * @optlen the actual length of the security state. * @len as input is the maximum length to copy to userspace provided * by the caller. * Return 0 if all is well, otherwise, typical getsockopt return @@ -1680,9 +1679,8 @@ union security_list_options { int (*socket_setsockopt)(struct socket *sock, int level, int optname); int (*socket_shutdown)(struct socket *sock, int how); int (*socket_sock_rcv_skb)(struct sock *sk, struct sk_buff *skb); - int (*socket_getpeersec_stream)(struct socket *sock, - char __user *optval, - int __user *optlen, unsigned int len); + int (*socket_getpeersec_stream)(struct socket *sock, char **optval, + int *optlen, unsigned int len); int (*socket_getpeersec_dgram)(struct socket *sock, struct sk_buff *skb, struct secids *secid); diff --git a/include/linux/security.h b/include/linux/security.h index 9095f63c65a9..7d3300d34f25 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1377,8 +1377,10 @@ static inline int security_sock_rcv_skb(struct sock *sk, return 0; } -static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static inline int security_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { return -ENOPROTOOPT; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b0200481c811..7a2a8d0efa09 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1026,10 +1026,8 @@ static struct aa_label *sk_peer_label(struct sock *sk) * * Note: for tcp only valid if using ipsec or cipso on lan */ -static int apparmor_socket_getpeersec_stream(struct socket *sock, - char __user *optval, - int __user *optlen, - unsigned int len) +static int apparmor_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned int len) { char *name; int slen, error = 0; @@ -1046,22 +1044,16 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED, GFP_KERNEL); /* don't include terminating \0 in slen, it breaks some apps */ - if (slen < 0) { + if (slen < 0) error = -ENOMEM; - } else { - if (slen > len) { - error = -ERANGE; - } else if (copy_to_user(optval, name, slen)) { - error = -EFAULT; - goto out; - } - if (put_user(slen, optlen)) - error = -EFAULT; -out: - kfree(name); - + else if (slen > len) + error = -ERANGE; + else { + *optlen = slen; + *optval = name; } - + if (error) + kfree(name); done: end_current_label_crit_section(label); diff --git a/security/security.c b/security/security.c index 90e741db0a42..521afa12293e 100644 --- a/security/security.c +++ b/security/security.c @@ -1930,8 +1930,21 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + char *tval = NULL; + u32 tlen; + int rc; + + rc = call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, + &tval, &tlen, len); + if (rc == 0) { + tlen = strlen(tval) + 1; + if (put_user(tlen, optlen)) + rc = -EFAULT; + else if (copy_to_user(optval, tval, tlen)) + rc = -EFAULT; + kfree(tval); + } + return rc; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c12c36f72258..6614d46feac4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4986,10 +4986,8 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, - __user char *optval, - __user int *optlen, - unsigned int len) +static int selinux_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned int len) { int err = 0; char *scontext; @@ -5010,18 +5008,12 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, return err; if (scontext_len > len) { - err = -ERANGE; - goto out_len; + kfree(scontext); + return -ERANGE; } - - if (copy_to_user(optval, scontext, scontext_len)) - err = -EFAULT; - -out_len: - if (put_user(scontext_len, optlen)) - err = -EFAULT; - kfree(scontext); - return err; + *optval = scontext; + *optlen = scontext_len; + return 0; } static int selinux_socket_getpeersec_dgram(struct socket *sock, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 157c6a731305..d4552b2286bc 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3895,14 +3895,12 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) * * returns zero on success, an error code otherwise */ -static int smack_socket_getpeersec_stream(struct socket *sock, - char __user *optval, - int __user *optlen, unsigned len) +static int smack_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned int len) { struct socket_smack *ssp; char *rcp = ""; int slen = 1; - int rc = 0; ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { @@ -3911,14 +3909,13 @@ static int smack_socket_getpeersec_stream(struct socket *sock, } if (slen > len) - rc = -ERANGE; - else if (copy_to_user(optval, rcp, slen) != 0) - rc = -EFAULT; - - if (put_user(slen, optlen) != 0) - rc = -EFAULT; + return -ERANGE; - return rc; + *optval = kstrdup(rcp, GFP_ATOMIC); + if (*optval == NULL) + return -ENOMEM; + *optlen = slen; + return 0; }