From patchwork Thu Sep 20 00:21:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10607593 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C0B414DA for ; Thu, 20 Sep 2018 12:34:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 39DC22C808 for ; Thu, 20 Sep 2018 12:34:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2D2A22C9EB; Thu, 20 Sep 2018 12:34:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa13.eemsg.mail.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3276B2C808 for ; Thu, 20 Sep 2018 12:34:44 +0000 (UTC) X-EEMSG-check-008: 625807491|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="625807491" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa13.eemsg.mail.mil with ESMTP; 20 Sep 2018 12:34:39 +0000 X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="16048502" IronPort-PHdr: 9a23:tij8yxVMvrJXUs11XNrhlJ7W0InV8LGtZVwlr6E/grcLSJyIuqrYYROEv6dThVPEFb/W9+hDw7KP9fy4BipYud6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLhi6txndutULioZ+N6g9zQfErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmUwHjhjsZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXSmRbXsZVSidPHIWyYYUSBOYFJOpUspXxq14IoBS5BwajHuPvyjhPhnPvxKE3z+osHADb0AA5A94CrWnfoNHrOKsOVOy4yrTDwzfeYPNMwTrz9obIfBAir/+CU71/fsjex1Q3Fw7Hk1mdp5DqMTyL2eQWqGWb8+htWPizh2I7pQx9vD6izdoshInTgYIVz0jJ+Dtjz4YuO9K5SFNwb8O4H5tQrS6aKoV2Qsc8TGFypS03zaEJtoSgfCcUyJUq3AXfZOCHc4eS/xLjWuKRLilihH58ZL2wnQy+/lSnyu35T8S51ktBoCldktTUq3wA2BPe5tKHR/dg5EutxzmC2x7J5u1ZOUw5lKjWJ4Q8zrMxkpcfq0XOEy/slEnokqObeUMp8fWy5ev9eLXpvJqcOpdxigH5L6shhNSyAf89MggSR2ib/vm81KH78U35XrpKivo2n7HFsJ/AP8Qbp7O5AxRP3oY/6xewEzem0NMCkXkBMF1FYw6Ig5LsO1HPJPD0Ffa/g1Kynzd33/3KI7LsD5rXInXDjbvtZ6hx5kFCxAYp0NxT/5dUBasAIPL3VE/xrtvYDhohPgyv3ennDNR91oUDWWOAG6OWK6TSsUKO5u0zPeaMf5QYuCr9Kvc55/7uimU1mVkGfaazx5cXZ3e4Hup+L0WDfXXsmssBEXsNvgcmTuzqj1uCXiRPZ3ayRa084Co2CIChDYfFQ4CimqeB3DulEZ1MfWBKEFeMEW3nd4+cQfcDdDqSItN9kjwDTbWhSY0h2guyuw/50LpnKezU+iwGtZ/42th14/DTlB4p+jxpCcSdz3yNQ3tznmMSSD88xLp/rlBlylefzah4hORVFcRN6PxSTAg6M5/cz/B9C93pWwLOYMmGR0i8TtWhGzExQco7w8USbEZlB9WikhfD0jK3DL8SkbyLAoE7/bzY33jwPMty0WjJ1LMmj1U8RctPL2KmjLZl9wfPH47Jj1mZl6GyeKsCxC7C7n2DzWuVvExDSA5/S7/FXXEEZkvOqdT2/F/NQKG0BbQgKAtBxtaIKrFWZd3xkVVGWPDjNczQYmKwn2ewAAiHxqmXYYrkZWoSwSLdCFIenAAL53aGMgo+CTm9rGLCFjBuEkjvY0z0++lktHy7VlM0zx2Nb0B52bq14AQahfqARPMSxbIJoyIhqy11HFqkxNLXBcGAqxBmfKVGbtM3+E1H2n7BtwxhIpygKLhvhl0EfAR0uEPuyg56CoZansgpq3Mq0RB+KaWC0FNObzmYx4z/OqXLKmnu+xCic7TZ1UzE0NaX5KgP8u81pE//swGsDEYi9G9n09ZN2XuG+prKFBYSUY72Uksv6xd1vbXabTcm54PI1XxsNrK5siTe1NIoGuQlzAqgf9ZFP6+eEg/9DdEaDdC0KOM2g1ipcg4EPOdK+a4uIsypauCL2KGuPOdvhj6mi3pI4Jxl2EKW6yV8UvLI34oCw/yAxQuHWS38jFC6ssDrgo1EfjcSHm2xyCjhHoFRYLd+fYAVBmeyO8e33Mlxh4bxW35E816uH10H19WteRqOcVP9xxZQ2F8JoXO5gyu31CF0kzQzoqqYxizOzPzodAAbNW5TWGlikVDsLJCyj9AbWEioaxYmlAC+6Eng2adbvqN/I3PUQUdScCj8N3tiXbeotrqef85P74slvjhLUOume1CXUaLyoxwf0yz/BWRe3yw7eyusuprngxxwkHidI2prrHrFZcFwwg/S5MLdRfFNwjoGQzN4hSPLCVi8ONmp+9qUmozHsuC/UWKuTIdTcS7xwYOHriu76nVgAQejkPCrht3nDQ863Df/19lrTiXIsA/wYpL12KS+MOJneFRoBVDn5sphAoF+k40whJAM1ngBnJmV+2QIkXvrO9VBxa3+dGYNRSIMw9PN+gjl30ljLnaXyILjSnqdxcVgasKhYmMLxi099NpGCKCO7LxLhSF1uEa3rRrNYfhhmTcQ0fgu52Acg+ESowctzTuSArYJHUleIyPsiw6E79ekrKVYfGyva6S/1FJindC9C7GPuhlcV2zkepcmAyBw9t9wMFTQ0HLt8IHpY8TQbckNuR2OiBfMlfNVKJUslvoQmSVoJ2z9vXo/y+40kxNix5e6s5abK2915qK2HgZYNiHpZ8MU4jztk6BekduN0oCxGJVuBzULUIHuTf22DDIYre7nOBqWED0gtnebHqLSHReF50d7q3LCCIykN3CLJHgZ1NliSgOSJEpFjAATRjU6kYYzFhq2y8z5bEd5+jcR60b7qhpMzuJnKQLyUmLYpAemZDc7VoSfLAZW7gFF4kfaL9aS7uRtECFE5pehthCCKnSHZwRUCmEEQkKECErlPrmy4tnA9vOVBuSgIPTTZrWOs/ZRV++SxZKo0Itp4SqDNtmVMnllFf071VJJXWplFMTBhzUPVysXmjrDb86Buhiz5zZ3odq58PT3XwLv/pCCBKFOPtVq4Ry2hr2DN+GIjiZjNTlYzo8MxWPPyLUHx1EdkCZidz2sEbQbqS7NV7jcmrRJABEHcS9zL9VH76Y93glLJM7ahcj42aJ4j/4vFldFTkbtm8+zaswWOGG9M1XHCFyMNLScKj3B29v3br+kSb1MkOVUsAW9ti2aE0/sOTSDkSLkWA2xPu5XjSGUJhpetJu6chZ3BmjpVMjmZQGjMN9rkT02xqU5hnHKNW8cKTh8dEdNrryM7SxGmfh/Hm1B7mZ/LeaagSqZ6PPYKpkOu/txHit0j/5a4Gg9y7ZN6iFLWuZ6mC/Jo95tpFGmifWPxSBhUBpVqTZLhZiHvUN8NqXF7pNAQ2rL/AoR7WWMDBQHv8FlBcP0u69O0NfPjr78KDdZ/t3P/MscHdXbKMWJMHo5KxrmBj7VABEDTTG1KWHVn1Zdn+2K9n2Jspg6rYDhl4cURb9FVVw6C+gaB19/E9wYOpd3WT0lkaWFg8EU+Hq+thjRRNlav5zdUPKdH+nvIi6DjbZYfxsI3a/4LYMLO43/3ExicEd1nILLGkrXRt1NrSthbhIurEVK6nh+QXU521j5ZQO1/H8TCfm0kwYtigRgZeQt9THs40o4J1fRuCQwl0wxlsn/jjCKbD79NqGwUp9KCyDsrUg+Lov7QxppbQ21hUFrKSvLR7dWj7tmaWBnlRTRuYVRFv5GTK1FYRgQxfeNa/Uuz1tctj2txVVb6uvdFZtiiAwqfIawr3JB3gJja8I1JazQJadS01dQh6KPsTWz2ewrxg8ROVoN+nuIeCEUoEwIKqUmJy2w8+N27QyCmidMd3YUWPovovNq8EQ9O+KawC/7yLFDK1q+N+qGI6OXpmjMj8iITU0s1kkQjUlK4aB20ds/c0qTT00g16WeFxISOMXYNA5VcdRd9GLIfSmUq+XMwYh5P4KnFuDnVeWOrrobglq4HAY1GIQB9t4BHp+t0E7ELcfnK7oFyQ416gryOVuLFuhEdhWQnTgbpMG/yYN40pNGJjEBG2l9Nzu45qrPrA8wnPWDRMs2YmsdXoYcKn02Wte1lDJCsntcCzm31uYZyAmc4D/muiTfEiXzb9p5aPeTfxNsB8m8+S8j/KiulV7X7pLeKnngNdt4oN/P7vgVqo2bC/NOV7Z9rVnTm41ZR3ysXG7PFd+1J5fwa4kwY9z7EGy6UlmlhzIzUcjxIM6nLrKUjgHwWYZUrI6b0SgtNMOnCj4eGxZwp+QC5K1mZg0OeJs7bgD2uAsgLaC/Jx2Y0tq2SWa3NTRWV+Vfzfm9Z7FPyiojdPW6yHg+QZEmzum390ENSYoEjx7Ew/ase41eUS/uGnNAYAXDvyw5mHZ9Nuwq2Ocw3AvIsUUAMzCMbOFpcGtEv9UmClOIL3R2DW44R1GHgIrG5Q6s2KsS8DVBkNZO1u1Fq2P+vp7ZYDKjQqCrro/VsyU4Z9g8v6JxKZDjIteBtJ7GhDPfVoTQsgufXC65DPdam9lQICNEQPZTg20lP9IJuZZZ40orSsg+P6BPCLUrpr2ydTpkCisSwDQFV4+c2TwNmf2w273EmReMaJ4iKgALsI1egtsBVC57eiEepKi9WIjNimCLVHMLLxkJ7QRQ+g0Pi5V8fub774rUVJVM0SJZo+poUivXEZll70f7RXyLjlj5Uvqhl/ek0h5VzPLpztYUQgV/CVRHy+ZQiEQoNKl9K7MMsY7Srj+IaUT6sXr1yOu9OFle09Dbd0HjAYresmr8Tzcc9mEKSo9J1HHfD44dkw5jZKYsvlVML5iselzi6Dw824RpA764WNiwyFYrsXkKWyWnH8dPBux9rF3XXzhlbIyxp5X+J5VeWGlQ94OBq11BikViLza5yYZAK8FK+jMMRiZAriidvNSoVM1Owst2D5gSIthhpXvyBKREN4WPrHEsvLzg1GPZ8SgmsFim3DWzB7O4T+VB8m0CAAUmOXqRpVQ0Ausx9mfS7krNvUpq/+daAbiPiVt+oCpnEpBJHDZJ2mivL05vQ3ler+VaNKPVftRZQ/YoYR+vPwIxFeI630OT5055hnH5bDJutgtB5y/SRRE0WjcPjrfrhzIettmtOSUGRJJQcTUhcyDFJhqZmS9NphZfbFpqW5QDDdZb4Lwb2JZU/s7eSUatNS4FXQZtNgQj0fZFkk5DqkqYczjHDQW0bfbPrgF3fcCJoc6rNvv5+glHipngsO8l6aoOXGGmlherQdDFqI/wrNuKuVWSdK3gKe2zfWfBTCTQjRC3nbokAITK/ynXMApfNZZ6zGEpboX/BmHQPBRJPaQbK1BcVaBgZtVMuvpaaNN8eKYV5a9tAQqKRhHuGIyqt/RGK0jcRDTAICWb8+y/p43T4abbSef+esyG32zHTL5vPpdm9Tn7HK/n0Yla+kft2/dt8EZ6RULHMyCHotThPBkE5NK+dkv4o50mAS/WAIpqkHXz3E1AcNAXQyKy+pQC1JxZ8GrwSf5/0kXrte1S8L9k6ZU447930sq0IKbSJu5csUB5HhiVCAJq9o8uAGhkXWxRZPEeKOvJd6QDkc/us/z3F7AQ6BCN/+xZct7HKkHal8mxFD6TVBtEnB0bpj4CNAuc0PyFlLFoRsa5v+T53Vgt41emJB4c0L9t/ZuE+raPpOLPbhvQzKILVbL2Sc7otbQjpV+S6uM4m7IUfWx1eQKnGvAHVsEB3mfg0bwqzSU0HszYHrLg4/BCWGg7njLhh5B9B08ZGu4QHbeQ4YtemXo3lPLDOd0LaKBCnXyPGgS+Hr8F036r5DOdIHN5jRHWzxHwXWSz4UfurSBiXSvD09fjk0RSVrmtBkdeRjGpNlF8sDOOOgroqdX2tL8t7E4sLmzrqNKNlWWmOLNNHM3zPt+cLjcupFIRkpIxQsaj2YcBGdqyON0R6m1xbuPC62O3lC9Mu6hHiJTY4sGJ/fXXGn6sj7aEpLWJxTBYzGU4vF4k59CkKP7O/d2LTO6y22YXUSh/pxPLXwSppbzDs1AUJUuL3V/NmIwLIt5Z2n042Vv95OQ5QdIz8wJeFp3bZ/4ZoDD+NzT1zUyYY9ItWSmUyyFXEU7tEVlkBKg833r9vM3VmnfL4F0kX5R+eUPhixx2CYU4NE0s5UMYwioGCwcNbw6UAKuvBUT/IosOTVIDZgif3LimZqc32lV+wrGo5O/Ta+xwHbYCNvZZjg6TgVdaG5MWsasFQLJ/el9Q77DXpgn8C4f9W/jpiHswOeezQs9E7cATr2Ei7RqnRxq89ZdD6K4WiJGWdqFeZ5jBp8R871p66j4OcSxNmwJzjxSjUeATvOrj+MTUsIK06uayU6YgX+cX+AY6B2Rwi5v9m14irsvR1+hCVo3Zk4L//x5RI3SSoobVzwF8KfYSK4KsZLtg+HEHJy8QJn0QOdqWb+Ix4zRqMDXV5lxNHtkAZdUGM8rRgQpUkFHmWKlP9srHHV+VE4Jzd8Er72r0zzA46pk8Xfzj6D+xI5DQ8VdNM+lFjCpyiNLIvPIVzubKCCgL/XmZbAB4zTicxJmLF/b95v6MyNXTV1MaAi42TZlSKyeY9QygXOq1m43jUhmI5c/rnJI+aEWQS2S/nKsbtqZMEPZAhTvg0zlfF4D1gveVvMS26GtTqFJLCoFz7QfKGK9HJJV0JQz4ltW3Rkh7Hib+dtnUdgAvuOWK2OgB+OB+N0riZY8BPB0I0bX66WBaTgF2Ur75ok6ZXf4NZNthUP7EqXRV5px7Jq8XOFiSvofqritJqF8qHA8pcqE/oSJAeknIggJVR77+uKQchQsETd55pUhMFHq0OGI/4TrHSKtUgLCVCPwU6TWTUrcOXl5pMixkRRO1349ie7yznfBIqmlGhD9yoOA20zx6QxuxoSjsqLgR1jIg+bG4sjIBtGdbTuWflSfHF1FDzPUMjacBBHfu81u8YGMMbIHq+rloOdzg9ZU943Q4eRgjfTcJXeenCy7rlK6IH4qPsM5chB6KpcXOYr+zLTQIOrQ71x3jW2B30hLCkxZw7GsLXjKg4cc/JIWzPMYq2iulFGvAeVYS/KxJqsrxtF8MTOswc19hxnts0tTUDhEKEej0Pi5higkidHUBa59I9AUbC7hthzGEo61L1h8bbS2SEYm//ITU28DS1i95BfVjw2/N7oiCnIkryzUxmdZz9DSPo1wUfunVUolrGHelks9k5KTaZvOwoqhTU4ZiybK8QNceI8Kj/i2ww5wsVUi7kPBWO3mdFadXwrbdTjfgSmCCX+mPW3aDkix/MUPo4xSsaFotZ5EO5206Mu2KpJlcngv6XLU8EieXpVmdzmsjOOUBegQes46hfAoLR+cVIeObIL5qiN4zBUBERHjOHmMiCOK7qlWqm4tTMHV65kD7fOGr9RrpZp/aJhQYCpPd5r54//CzDjaZNHlv0Rx0eUp57eHSE3ww8+tbbZvXhtHTms5yl+gIMfV1Z2l1gtcOnspG7o6O3Y/eaRjMyr7qLMzR5/2fBOfSiU8tfzceGoEFbBv16oNyBdswX7neDPMNphgHLbQrS5wmcWHq/ed7Kx0lNkabYLWyn9mvqPmHa4VZo1fI4V8qaiTRoRsOzrqzVwMxJ8SuhnPvMNU+XT5MsdBpIgVpEZEJGM4aqQejRZmOl/f/w/a19lN3qqcmtqDqC+HD0pzt1ol2VYJb9EWNFDnUDahvxE9ii7L2ytLB2Zr4isfVQtoAXXx9CjrAa7TuEoSwKzGJNoT6dlIQt/an2bZnWwmWfi2xeqedszetP/wstV59z4Fje/DaxzV0sZnU3dLzYydQoSL1/lCTM54Kx1XRCP2WZBlUQOeL9Gt/VfkcZJD55c8VOtwr3daY7hM25z0E28yAdfvy5nTQ0152IMqIZHDi3Dw0DMxbeE7lY0IxnW/UrGjcCn1AL8+ibNNgm8uREge3uxIjhHknajcQAmOwG5GcNG0A1IS7bQyOsgdKC4Vm/aasYUBtkKq0RKFzP4ld3/2wveAMmM1kOgnUT8hTIi/UIaUzNTMXBeLK9z1KKgUcve0TXYE4LYOLPFtBNU6BzS3oyg6X2kTves2Ez62JKTsY9nhdirnMlzNLolrc276CmsO2drffYdntWeLKdiooUjbPXTMpDUOg4kupodIfu/yZKjxH/xVNOmSZDwgIo7opqNHRCinZl7clbZQKg/fcUCf1G0ga3KYxByMerUmXWLJDDgjZaXb9nXBR8BKvPP5C/H/pLvWYy6NZVvZQA95kY/SZRNyecvdbKg== X-IPAS-Result: A2AKAgCWkqNb/wHyM5BbHAEBAQQBAQoBAYFTggIDgQhcKIxni1GBaIJ+lAmBXyoTAYUEgn4hNxUBAwEBAQEBAQIBbBwMgjUkgmADAwECJBMGAQEMIAwCAwkBAUAICAMBLRQBEQYBBwUGAgEBARgEgwCBagMVA5hcihyBajOCdQEBBYEEAQF1gkQDglEIF4pYF4IAgRInDIIxhHkBEgGFd4hIhS9BMY4HCYIMjhIdWIg5hhGObIdhImRxTSMVO4JsghkMF4NGihwBVU97AQGKOoI9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 20 Sep 2018 12:34:38 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8KCYb5E025584; Thu, 20 Sep 2018 08:34:38 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8K0Liou024259 for ; Wed, 19 Sep 2018 20:21:44 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8K0LarT020796 for ; Wed, 19 Sep 2018 20:21:44 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AzAADe56Jbly0bGNZcHAEBAQQBAQoBAYFTggKBZyiDc4h0i1KBYAiCfpVuhHcCQoJ5ITcVAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBDAYCAQGDHYFqAxUDmW6KHG97M4J1AQEFgQQBAXWCTAOCUQgXdIliF4IAgRInDIIxiC2CV4hDhS1BMY18CYIMjhEdWIg2hgyOaodfgXdNIxWDJ4IZDA4Jg0WKHAFVT41sAQE X-IPAS-Result: A1AzAADe56Jbly0bGNZcHAEBAQQBAQoBAYFTggKBZyiDc4h0i1KBYAiCfpVuhHcCQoJ5ITcVAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBDAYCAQGDHYFqAxUDmW6KHG97M4J1AQEFgQQBAXWCTAOCUQgXdIliF4IAgRInDIIxiC2CV4hDhS1BMY18CYIMjhEdWIg2hgyOaodfgXdNIxWDJ4IZDA4Jg0WKHAFVT41sAQE X-IronPort-AV: E=Sophos;i="5.53,396,1531800000"; d="scan'208";a="373946" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 20:21:44 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AvAADe56Jbly0bGNZcHAEBAQQBAQoBAYFTggKBZyiDc4h0i1KBYAiCfpVuhHcCQoJ5ITcVAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOZboocb3szgnUBAQWBBAEBdYJMA4JRCBd0iWIXggCBEicMgjGILYJXiEOFLUExjXwJggyOER1YiDaGDI5qh1+Bd00jFYMnghkMDgmDRYocAVVPjWwBAQ X-IPAS-Result: A0AvAADe56Jbly0bGNZcHAEBAQQBAQoBAYFTggKBZyiDc4h0i1KBYAiCfpVuhHcCQoJ5ITcVAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOZboocb3szgnUBAQWBBAEBdYJMA4JRCBd0iWIXggCBEicMgjGILYJXiEOFLUExjXwJggyOER1YiDaGDI5qh1+Bd00jFYMnghkMDgmDRYocAVVPjWwBAQ X-IronPort-AV: E=Sophos;i="5.53,396,1531785600"; d="scan'208";a="18452147" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Sep 2018 00:21:29 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;f3085f44-abf6-4ef1-a1ef-05828f4fdea3 Authentication-Results: upbd19pa06.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic305-10.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 337042450|UPBD19PA06_EEMSG_MP6.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 74.6.133.49 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0C/AABr56JbhzGFBkpcHQEBBQELAYFSg2oog3OIdI0yCIJ+k3SBeoR3AkKCeRkGBjIWAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmXaKHG97M4J1AQEFgQQBAXWCSwOCUQgXdIl5ggCBEicMgjGILYJXiEOFLUExjXwJggyOER1YiDaGDI5qh1AFggFNIxWDJ4IZDA4Jg0WKHAFVHzCNbAEB X-IPAS-Result: A0C/AABr56JbhzGFBkpcHQEBBQELAYFSg2oog3OIdI0yCIJ+k3SBeoR3AkKCeRkGBjIWAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmXaKHG97M4J1AQEFgQQBAXWCSwOCUQgXdIl5ggCBEicMgjGILYJXiEOFLUExjXwJggyOER1YiDaGDI5qh1AFggFNIxWDJ4IZDA4Jg0WKHAFVHzCNbAEB Received: from sonic305-10.consmr.mail.bf2.yahoo.com ([74.6.133.49]) by upbd19pa06.eemsg.mail.mil with ESMTP; 20 Sep 2018 00:21:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537402886; bh=Ck38vMEsKQbgFW3LjrrzhaGL3ruphoMZE25JWeXjeQs=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=W6K5MzF7sQ65skK8Rs4BNcdxWVjzFwjr0CwtDtFMkrkyPw+haMH2JdnzE4tTWBqFos1AJz6+L3gkgO+kKpjpo1/99YsW8ID82DFmIjK/oAGGMQb2FduOWLAVlehMlojTfkw8yaV8pWgof936eEdM7GTM09X73TtfzVLCuGYFptpOGtLrPcXbLfXmv6j5GaFxNjzSZF2ZREQdlg3cfohls4SvA3x5RaHoMgnNyDlAXZckHOuKHJEdbf3rBsi3X0DMcT4I1V+iTJNWsvPRn25aFaeyeT6GSFRpZfcp8xHnkqFoDzCZG6t0RkndooSNFAPa6fyJyGQ/GI5uWl2/ao1+1Q== X-YMail-OSG: D3f6kPUVM1ktFo.yAvDxlFWf0T1PcBlkNeFRZn5scqJmQjaZplhnwLT9zE8pUPS 3vlGQDKKIdg.NJdOxiboeHoTVNti.9.nJmN7i2a7C9Ue853g_sFhQKznJ0iruvAPXjPrrIVra1gX lhQL96WA397I7gJP38SXaKgjPiYp5E3EYehjA.vGGQIKPtENorvWd07Hl5NMpuj3GN0V3rE50J_G _QGcqRFHpj3U30D61AVmaD_AD9a2mPy1_ZKlAINfjjj.m7j_DbGxYcFBKRkoTbOXKpCicjJAMawn ZGwEEZHDkcIxz4iNlr5XhMgvv6Ue1GJvZRFYTN68qDxUbkZGglyJ9EIZnHom3sg0LDkJIK8zCWHO pUQrGjUsMhT0LJWSJe.HLIQL4G9LKiZMNEhleg8KOb.SmzLq4EYfbFXbLELI5LQaYQBSpi0OLt4x fNpOJgTK6J4xasm9fBtkLFmVVJVK45jnGKe8TwEZcwnoRQZvV1hWu_Y05CV0tL9n8AJMtk5UpTfJ PRrIJl_CeOEt0gzj4bjWNd3.6C14t724JRddffkSs2uPuy1j71gh_tv_J6FrVkXCM2Om54g.6v.u 81y3tkpDZpOP3h9nTZu7Bvh6rnCteuOqL2bkGot0VZwfOwEgChnf94W5yq71SuOUFj77a2XYFwTe NYWF29yGiyA_gXFNFT8QxrQskUnVlx3XXsq16EF7B3xLTxmXIEkzyx6Ecg5wJY4r3Uv8sV_.xTSS _MjKdXiQncKTPQPb02w_0GsJPodvvt1vQwxl9w_TzzjzuqxCpN7IfUfGamzrHG4h0XqS3zNQiMVX xgx1KdC1b9AFhaX4SKGbT_t5KPTtxuV_.GD_jzv98GFGVMoiee0F6420D.NuUCB8UKI_2BgKoG3T _XooL_TiQB3VdH7j9Sg_9SgMciZ.T3Ur7isr_EUf8umKP9B51CC7W5Qf8KIWZ5YpC8MeaO9m1ER9 KyZk5vdLt4mqmoHGHUpoOet47QAdJR7CWYLLR.RKyOrWaGap3LMg6mJPHRjnZPCrp2mZ85_U2IGC brtqy7GrTpwH4NwIWY0bKDzqPLVoc48GpMX0.jytURA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Thu, 20 Sep 2018 00:21:26 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp429.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0265537e66f5c549077ee74d67914b96; Thu, 20 Sep 2018 00:21:22 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Wed, 19 Sep 2018 17:21:18 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Thu, 20 Sep 2018 08:30:05 -0400 Subject: [PATCH v3 12/16] Smack: Abstract use of inode security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Smack: Abstract use of inode security blob Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 9 +++++++-- security/smack/smack_lsm.c | 32 ++++++++++++++++---------------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index 62a22ad8ce92..add19b7efc96 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -366,12 +366,17 @@ static inline struct smack_known **smack_file(const struct file *file) return file->f_security; } +static inline struct inode_smack *smack_inode(const struct inode *inode) +{ + return inode->i_security; +} + /* * Is the directory transmuting? */ static inline int smk_inode_transmutable(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; } @@ -380,7 +385,7 @@ static inline int smk_inode_transmutable(const struct inode *isp) */ static inline struct smack_known *smk_of_inode(const struct inode *isp) { - struct inode_smack *sip = isp->i_security; + struct inode_smack *sip = smack_inode(isp); return sip->smk_inode; } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d1430341798f..364699ad55b9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -166,7 +166,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) static int smk_bu_inode(struct inode *inode, int mode, int rc) { struct task_smack *tsp = smack_cred(current_cred()); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -198,7 +198,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -228,7 +228,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file, struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) @@ -824,7 +824,7 @@ static int smack_set_mnt_opts(struct super_block *sb, /* * Initialize the root inode. */ - isp = inode->i_security; + isp = smack_inode(inode); if (isp == NULL) { isp = new_inode_smack(sp->smk_root); if (isp == NULL) @@ -912,7 +912,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - isp = inode->i_security; + isp = smack_inode(inode); if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) return 0; @@ -992,7 +992,7 @@ static void smack_inode_free_rcu(struct rcu_head *head) */ static void smack_inode_free_security(struct inode *inode) { - struct inode_smack *issp = inode->i_security; + struct inode_smack *issp = smack_inode(inode); /* * The inode may still be referenced in a path walk and @@ -1020,7 +1020,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const char **name, void **value, size_t *len) { - struct inode_smack *issp = inode->i_security; + struct inode_smack *issp = smack_inode(inode); struct smack_known *skp = smk_of_current(); struct smack_known *isp = smk_of_inode(inode); struct smack_known *dsp = smk_of_inode(dir); @@ -1358,7 +1358,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *isp = d_backing_inode(dentry)->i_security; + struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { isp->smk_flags |= SMK_INODE_TRANSMUTE; @@ -1439,7 +1439,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) if (rc != 0) return rc; - isp = d_backing_inode(dentry)->i_security; + isp = smack_inode(d_backing_inode(dentry)); /* * Don't do anything special for these. * XATTR_NAME_SMACKIPIN @@ -1714,7 +1714,7 @@ static int smack_mmap_file(struct file *file, if (unlikely(IS_PRIVATE(file_inode(file)))) return 0; - isp = file_inode(file)->i_security; + isp = smack_inode(file_inode(file)); if (isp->smk_mmap == NULL) return 0; sbsp = file_inode(file)->i_sb->s_security; @@ -2056,7 +2056,7 @@ static int smack_kernel_act_as(struct cred *new, u32 secid) static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; @@ -2256,7 +2256,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, */ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_smack *isp = inode->i_security; + struct inode_smack *isp = smack_inode(inode); struct smack_known *skp = smk_of_task_struct(p); isp->smk_inode = skp; @@ -2719,7 +2719,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *nsp = inode->i_security; + struct inode_smack *nsp = smack_inode(inode); struct socket_smack *ssp; struct socket *sock; int rc = 0; @@ -3327,7 +3327,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) if (inode == NULL) return; - isp = inode->i_security; + isp = smack_inode(inode); mutex_lock(&isp->smk_lock); /* @@ -4559,7 +4559,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) /* * Get label from overlay inode and set it in create_sid */ - isp = d_inode(dentry->d_parent)->i_security; + isp = smack_inode(d_inode(dentry->d_parent)); skp = isp->smk_inode; tsp->smk_task = skp; *new = new_creds; @@ -4596,7 +4596,7 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, /* * the attribute of the containing directory */ - isp = d_inode(dentry->d_parent)->i_security; + isp = smack_inode(d_inode(dentry->d_parent)); if (isp->smk_flags & SMK_INODE_TRANSMUTE) { rcu_read_lock();