From patchwork Fri Dec 22 13:05:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcelo Ricardo Leitner X-Patchwork-Id: 10140531 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D5937601A1 for ; Tue, 2 Jan 2018 13:27:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CCAA42899B for ; Tue, 2 Jan 2018 13:27:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C1797285B6; Tue, 2 Jan 2018 13:27:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CAD3B285D9 for ; Tue, 2 Jan 2018 13:27:52 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.45,497,1508803200"; d="scan'208";a="412067690" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA11.eemsg.mail.mil with ESMTP; 02 Jan 2018 13:26:23 +0000 X-IronPort-AV: E=Sophos;i="5.45,497,1508803200"; d="scan'208";a="7610803" IronPort-PHdr: =?us-ascii?q?9a23=3AJW/hzheQTUW39nsM+AI60ZPClGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxcmyZhaN2/xhgRfzUJnB7Loc0qyK6/mmATRIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfa5+IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf?= =?us-ascii?q?5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbD?= =?us-ascii?q?VwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4KlxSB/slS?= =?us-ascii?q?wJKTg3/m/KgcB0la5XvQ6tqxl5zoXJYo+aKeB+c7vdc90ES2RPXcFfWC5PAo2h?= =?us-ascii?q?d4sCDfcNMOhGoInmvFYCsQeyCBOwCO711jNEmnn71rA63eQ7FgHG2RQtEdUUv3?= =?us-ascii?q?TOsNr6KqMSUeeox6fUzDXMc+lZ2S3g54jPbxsvp++DXbNsccrX10YvDR7Og1KV?= =?us-ascii?q?qYP/JTOayvoCs2yc7+Z6UeKglW8nqx13ojex3MchkYbJhocPxVDF8SV12po6Jd?= =?us-ascii?q?q9SENiZ9OvDZhetzmCOodrTc4vTHtktSYnxrEcp5K2czYGxI46yxLHdfCLb5SE?= =?us-ascii?q?7g/mWeqMPzt1h31odbexhxqu7EStxOjxWdO73VZEqidIl9nBuW4T2BDP78WIVv?= =?us-ascii?q?tw/kmv2TuK2QDc9O9JLE8xmKXAJZ4szLE9m5wOukrZBCD2gl/5jKqOe0Uh/ein?= =?us-ascii?q?9vrob639pp+ZK490kgb+MrkymsCnAeQ3LAwOX2+D9OSgzrLj50z5QKhRjvEsjq?= =?us-ascii?q?nYsIzVJcQcpqKjBQ9azp0j5AqlAzej0dQYmWELLFNDeB2Zk4jkI0zCLf/3APul?= =?us-ascii?q?g1mgjS1ny+7JM7H/GJnBM2DPkLL7crZ8705cxhAzzdda559MEbEOPvbzWk73tN?= =?us-ascii?q?zFAR41Khe7w+H6CNV7yowRR3mPD7SFMKLSrVCI5uUvL/OKZI8OojnxMfcl5/nw?= =?us-ascii?q?jXMhg18SYbGp3YcLaHC/BvlmIUKZYXz2jdcdEWcFpAw+QffoiF2FVz5TYmy9X7?= =?us-ascii?q?kg5j4lEoKmFp3PRoe3gLyOxC27BIFZZnhaClCQFnflb4eEW/UWZy2OIc9hiTsE?= =?us-ascii?q?Vb6gS48/zhyuugv6y6doL+XP5y0Ys47j1MVv6+3UjxEy+iR+D96B3GGVU2F0gm?= =?us-ascii?q?QISic43aB+pUx9z0mM0bJjjvxWC9Nc+vRJUh0gOp7E1ex6DNLyVRzdcdeVUlqm?= =?us-ascii?q?Rc+mAT4pRNIr39AOe1p9G8mljh3bwiWlH7oVl7uNBJwo767RxGbxKNhny3bH1a?= =?us-ascii?q?ghiF8mTtFJNWK4mq517xLTCJLRk0WFi6aqcrwR0zPR9GiZ12qDp11XUAl1UarZ?= =?us-ascii?q?R38ffVfWoc7/5kzcU7+kEa4nPRdZyc6eNqtKbcXkjFVHRffkPtTTeGexm2OpCR?= =?us-ascii?q?aJwLOAdozqdH8H3CXeCUgEjR4c8WyANQcgGieru3jeAyB2FVLzf0Ps9vFzqH2h?= =?us-ascii?q?TkAuyQGFc0xh16Gu9x4QnfycSuof3qkKuSc6sTl0G0y9393OAdqauwVhZLlcYc?= =?us-ascii?q?864Fpf1mLWrQ99Ppu9L615hV4RaQd3v0Tz1xltDYVAi8cqpmswzAVuMaKYzE9B?= =?us-ascii?q?dzSA0J/qJ7LXMGjy8w61a6PNwF7RzNOW9r0I6PQipFXppBupGVY683V7z9lV1G?= =?us-ascii?q?OR5o/XAwUPSp/xXUM39hdgq7HcfCY9+5ve1WdwPqmsrj/Cx9UpCfM+yhauZddf?= =?us-ascii?q?N7iEFBPpHs0BAciuL+Irm12zYRICJuxS8rA7P9++ffucxKGrJPpgnC6hjWlf7o?= =?us-ascii?q?FyyEaM9zZiRe7SxJYI2O+Y0RWdVzjnkVeht9r7mYdeZTEdBmC/0zTrBJZNZq1u?= =?us-ascii?q?eoYGEWGuI8yzxtV6mZHtQGVV+0S9CFMc38+lYx2Sb0by3QdIz0QYvWSnmTekzz?= =?us-ascii?q?xzizwpsKuf0zDSw+TlbhoLIHJERGlljVfqLoi5lNQaXEmubwczjhul4lz2x69B?= =?us-ascii?q?pKRwN2PTW1tHfzDqL2F+Vau9rr6CY89U6JM0qClXS/qzYVSbSr77vhsb3DjuH3?= =?us-ascii?q?BGxDA6cTGqu4n2nwdghGKbMnlzsGLTedtsyhfH+NzcWflR0yIcRCl/jTnXAkaz?= =?us-ascii?q?P8O18tWTmZbOqfu+V3+9WZ1IayXrypmAtCSj721wHRK/h+yzmsHgEQUi0i/0yd?= =?us-ascii?q?9qVT7ToRb/fIbr0b+6MeR5cUl0HlP87NB6Go5mmIsqmJ4QwWQahomS/XcfiWf8?= =?us-ascii?q?K8hb2abgY3oVXzELxcLV7xb/2EB4M3KJ3Jz2Vm+Gwsd7fNm6ZX4W2jgh4M9UBq?= =?us-ascii?q?eU66ZEnSRrrVaiqwLef+R9lC8HyfQy8H4an/0JuA01wyWDBLAdAFJVPTLqlxuV?= =?us-ascii?q?79CytqNXa3izcbKozkpxgcihDK2eogFbQHv5Yo0tHTJ07shkLF3M0WHz64H9dN?= =?us-ascii?q?ned90TsAeYkxDaj+haMJgxjOYFhTJ7OWLhun0o0+A7ggZo3ZGmu4iHLn5g/Kyn?= =?us-ascii?q?DRFFMT31fdkc+in3jaZZnMaZwZygHol7FjUMRpvoQuqiECgOuvT/KwaODDo8p2?= =?us-ascii?q?+eGbXFGQ+f7Flpr27TE5+xLX6aP38Zwst+RBmGOENQmhgUUysgkp4/CA+q2NTr?= =?us-ascii?q?cF1l6TAJ+l74thxMx/pyNxXlXGbTvgKoZS0wSJiYLBtb9RtN6FvQMcCE6eJzBS?= =?us-ascii?q?5Y9IW7rAORMmybexhIDWYRV0yKHVDsIKSh5cLa/OieGuq+KODObK6UpuNCUveE?= =?us-ascii?q?35Wv0pFp/zyULMWAImFiD+En2kpERX15Hd7ZlC8XSywPjC/NYc+bpA2n+i1roM?= =?us-ascii?q?C/8fLrVxjp5YSTCrtdK9Fv9wqxgaeZOO6anDx5JipA1pMQ2X/Iz6AS3EYMhC51?= =?us-ascii?q?aTatF7UAtTLKTK/Lm69YEQAUZD1pOMtP9aI80RFHOdTHhdPtyr54kvk1Bk9eWl?= =?us-ascii?q?P6nc2pYc0KI3qhNFPcHkqLL6qJKiHRz8Hsf6y8TbxQjONJtxy/ojuUD0/iPi6e?= =?us-ascii?q?lznyTRyuP/tDjD2APBxZvoGxaBFtCXLsTNj+cB20LMd3jSEqwb0znn7FLm8cMT?= =?us-ascii?q?d7c0NLtbCf8D1Xje5+G2Nb6HppN+6EmzyW7+PAMJYZreNrAjhol+Jd+Hk10bRV?= =?us-ascii?q?4ztaRPNrgybSqcZurE+gkumK0DVnUR5OpS1MhIOEp0liPr/Z9pZYU3be4B0N9X?= =?us-ascii?q?mQCwgNp9Z9Ft3vvKVQxsLVlKL0KTZN7dTU8tAGB8jTNs2HM2EsPgbuGD7REAQK?= =?us-ascii?q?VyWrNX3Fi0xbjv6S6mWfroImpZj0hJoOVrhbWUQ2FvIaDkRqAscPIJJwXjMqn7?= =?us-ascii?q?6UktII5Wa+rBnWQcVVoIrLVvSMDvXzMDyZl6VLZwMUwbPkKoQeLov71FJ4ZVl+?= =?us-ascii?q?h4nKGE3QXctRoiJ7aA80u0ZN8HlkQm01xU3ldhun4GUPGv6sgh42lgx+bPw39D?= =?us-ascii?q?jy+Fc4OEDFpDEsn0kxgtjqmjGRcCTsI6e3U4FWEzD0uFYxM5/hRQZ6cxGyl1R+?= =?us-ascii?q?NDjYX7JRk6dgdWdzhQDBvptPH/hcQrBabx8UxPGafO8n3kpGqiWg30NH4vHFCZ?= =?us-ascii?q?R6ngswbZGst25A2x5kbNMtOKPfPrRJzllNiaKVpSKnzPoxwBUZJ0cD62OdZjIH?= =?us-ascii?q?uFESNrknOyqp/vZg6QqclDtfYGIMTeYloup29kMhPOSN1ybg07lZKk+vMeyeLq?= =?us-ascii?q?SZtnPPlc6OX1M8zEQIl1NK/bJuy8csb1KUV1wzzLuWDxkJLtTNKQVUb8pU6XjS?= =?us-ascii?q?cj2DvvnKwZJwI4qyDPvoTfOUuKYSnE2kAB4jH54Q4cQZApmszEbYIN/7LL4EzB?= =?us-ascii?q?Ut4xjrJFWFDflSZR2LkTcGrNukw5Nt24lSOC0dC31nMSqr/rbXuhMqgP2bUdgs?= =?us-ascii?q?ZncaX5cLOWwuV82/my9ZuXNADD+t3e8C0weC7iXzpiLJADnyctpvfvGUag1wCN?= =?us-ascii?q?uu4zUw77C2iULL8pXZP2z1LsptutnU5OwAupmHFe1bTaNms0jGgYlZR2amU2nV?= =?us-ascii?q?Ed66P5LwcZUjbcToCnamVVyykz01T9rwPNapKqiHnwToSJ1Jv4aFxz8jNNWyFj?= =?us-ascii?q?cEFxd3veED67p2ZRcfbJojfR7oqwM+OrSlIAee09WhX2atKTxST/lE1eu0fqFZ?= =?us-ascii?q?wTAwY+G903YvUpY6z+yr/kEXX5EKkgvSxfC9aIlCSSLzAGBSex3TpSolkGhsLv?= =?us-ascii?q?wyzf0lwBPPqlYRKCyLdPZzZ2xaod48AVKSIXN5Cmo8Rl+cgorD4hKi378I5Std?= =?us-ascii?q?msxY0etbv3jippXfei6jWLS3qZXJtCotddYnr7dtPozjI8uGsZLekSbcTJTLsw?= =?us-ascii?q?2KTjC1GORAlthXOiJYT+FCmXs5NswepYpB9U0xW987J7NVEqkspa6laSZlDS4U?= =?us-ascii?q?wi8UTI2B0yYEguig37vakQqQf4k5MBAetpVNnMcdWTZsYiwCvK+jS5nWl2icR2?= =?us-ascii?q?cROgcT8AJM6BgDloJrf+Dl4YvITINXxDJMpfJ7TDfLHIFy91TnUmGWnUT4SPK5?= =?us-ascii?q?nuyo2wJS0Ozj0t0FVx56F0dd2/xWl0szJbFwM6kfoIjKsjqSekP7uGLi0+ymJV?= =?us-ascii?q?ZLxc3TbV34A5LPtXDgXS0E5X0UWYhPxWnDFZQVlgp0c7orqElJII+9YEr+4SIr?= =?us-ascii?q?x5hxFbmiSc+r30olrWoBRyqyE9pOEftmv0jTWDJ4eJ2ktYvqO41KQmBO/J2StU?= =?us-ascii?q?1ZnF9qMy6jxppWM9tN7SIUXDhTvTWdu8O/SM9E2cBoFJIDP8lwu2zjF6NeJJie?= =?us-ascii?q?vWA5tqbpynDH5zA2qE26yymrG6+kU+JZ+HUTGhk0KGuDq0kgFe8s/3zO/VDKt1?= =?us-ascii?q?B74/1UBqOTjUlrpjZyAIxODC5T1X+5N1RzUGVGs+JCJavOfcxTX+U+aB2yNxEw?= =?us-ascii?q?DvMpw0uJ/URoknjjeCxyqhFW+ybDUAkoTSMVmKvimSUCqsG7Pj8XU4hIYis8YC?= =?us-ascii?q?fFMQ2bhTtavBJYa0F0RZ8VHMpK+7YG0oRK5MbCT1ijKT0dVhx4Kg04yeZflVJE?= =?us-ascii?q?sEiAYSDdFhaoeuzSvR1rZsqRt8mpLOnj/AhblIzntvw4978ZSH2igwGtRsrer4?= =?us-ascii?q?DkvN2QqkSObLv4M/G7YXLZUDjMlw6/iqk5AJTR4ijTNBZbK4Ngxno6YJjhDmrL?= =?us-ascii?q?MgpaJ64BIEpbT696Y81cou9Gf89kZLoJ+ah1CxKFXBzvAouvrOJCLlnJWzTTNC?= =?us-ascii?q?CB8vG7oYLP7LzSVengadaKx3bcWa53OY166TbjEbfwzYBe4lb22utq9k5iS1jJ?= =?us-ascii?q?KSaBrNr7JgMM+cataFDvvoEzEjPQG5dwl2DhxkdeeMoLWyeq6ogXyItF6HbsTu?= =?us-ascii?q?J1yk7zsOlJ+rll74k35qplycayJafcM/RVq1RnAgSOBgV36potHHV/R3pPbeML?= =?us-ascii?q?L/fRZ6sZh9j0q+/rD6wX9AGV++tBZNvBJkHOhs6/CjWGRhxfhgsBqDkaLgyH1/?= =?us-ascii?q?6egKJ0TMmopOfj1kIq+Vi+IQYMzKpx6oec5qqIuOjXYgPNwrceXqjlWNjzrqgs?= =?us-ascii?q?ukOV/vAkj6IBem1rbA2hDOgdV9QSyn3mza800SImC9nDEK74+P5fS3I5mSrtm5?= =?us-ascii?q?RmH1UTGv4ZBrSL8ppDkWc/gezWLMUWcrpFmmaNCxGrDqMCxWSs6yuNL2lvmgvO?= =?us-ascii?q?3A3oQWOv8F/2qjd1QSnNz9fmiUdVU6e4BEdMUCqzOE94tjyPMBDutNXppaQ/9F?= =?us-ascii?q?s2PXD8tNKRiGuhP6taH8z+JdOGOyY7uEkajIYvSdyzx48UBcCxINAL8HFxdvHe?= =?us-ascii?q?8X+kkzddo6dbgIrT+tqa+vTMHXiulaKaqbSNxCxAyncioFE/7sutOe3J59KXXf?= =?us-ascii?q?unzXsRTz14uwvbRRG5sLvbr0obOUaTykfEhJQKPs1F3Xk/zkzm/PIsQM4v+wVe?= =?us-ascii?q?GIfAYOkCpTPqNDvv31mfZ9M3Vi+D0zpYBV/1CUN3GLQg12LwssPJkm3Q+14ySo?= =?us-ascii?q?lzaUPnnxp3AJs8KU4371gX2CUDGxAXaR+HFLGoGVjlLYwcWEgMcxuHxqa1ers3?= =?us-ascii?q?3UBoxrOv5fPTYvJ8B6UXK/ZdlRSCnF5FFZIKqaceWq5ze0dB9K7LoQjvE4fnUO?= =?us-ascii?q?bglXosMv21RcdW8dsHuHsm4wa/QQeg6JhY4rYflp+IbK5FboLWsMB68Uhn+SYF?= =?us-ascii?q?djZRjxhnkxO5Teccqfj/7djZqpWn9v2jW7oqR+UT8xg0Bnpxj4HsgF89vd7X1/?= =?us-ascii?q?1QSorPiYTw6ApNOWKFuJ7G0xlgLuoDM4erfLFm93UbKCgROWkDPd+Xa/Ym5S9i?= =?us-ascii?q?LinT5lJFAsMWZtMYJ9DBmQZKhU31QLtT7NbUGkeEC4dvcMAl92X3xywu8ZsnS+?= =?us-ascii?q?ru9TC4K5be71FLIvNCgz5hlN3HpOcPx/rdFjIb4X6Daxh62imC0YWCC+7s/eWQ?= =?us-ascii?q?z9HZT1EGHik2U4dbPjaN5QynRu6olJr0UwKU68nzgIk9dEKRXXGxgqUFsrhWHu?= =?us-ascii?q?5Elyr73yJSFobriPKJq9Cs8ndYtkVbEIZv6h3IAKRfPothNhT+jcSrQlV8CTb+?= =?us-ascii?q?eMHTbRoiou2Wxv0D4+9mLUvxeZcbIg4Yy7L98XdVTBVhSLD4vladRu8QasFpSP?= =?us-ascii?q?XaoXBJ845gLbEAPESFrpzwsjhIsEw2ABMuaLIooTxack7OnQNLVKbwvL4NkRAc?= =?us-ascii?q?Udl/uU9NBW28ImQ+6CTbVa5NlqmeFOQV8imPTqwJS0hoMCN+QhOt2JVpf7upnO?= =?us-ascii?q?xHvX1dkyN4ofgqzyZmSwWmtS3rvaIN1ioq+KukuzUZpXxFUuKenj/UCVVCyfQH?= =?us-ascii?q?lrscC3f+5ly/fnYDaJH+4L95KsT87YMh+WgwYQ0/fy0aWuStEyTwj6KLAoyMt9?= =?us-ascii?q?JRnxyNt9/Nbb+0KygdKLI9xQjlR3djzgjUhAxo/3cTQjW88N8kI52wNt07ySqu?= =?us-ascii?q?BWjWb00M4qdOsMvtqV4LUvU5Zk57zGVkyMiHSTUHRNbTFGYtkggkdWJEfYpb6R?= =?us-ascii?q?8dE6knmCyIv6dB/gEQbjfZCYGl+o7XncfTx3YyUc1qxmXNpq2eh5Mq1nJll8lz?= =?us-ascii?q?7i6Ut3QYb/bYXNN0AnjvyodfzvTzZ/uzveADSYtm0KquXeQDM8mi/Gu23YtlWl?= =?us-ascii?q?WhxrsABVa5N/UDxrjDWSe/VWKYQfiLc3SLnzshPE/y/QOoLlwrZ8hUtEI9N+rC?= =?us-ascii?q?hoJGlwL/S790QT+QpVDDxmw5Lewabx42uJugewESS+4RY/aTKPM2wP06ElQMdG?= =?us-ascii?q?PJHSpqBO+qq16igpZ0N29m4UrkfeTn6hrmP8eKGhkYDY7aqYZ8+fi7RmKHJH9h?= =?us-ascii?q?wwR+PE119+fEC1QxrfRRc5eLktjWgNR3y+kFd+1iMScloN4chppj6ZWI0MeNaR?= =?us-ascii?q?zRy4z9Ks3VoviZBf3fyF8nen9bUroffwz144Q6PtgkW7zcB7dZug4cBaciSpw7?= =?us-ascii?q?K2jx7L10LB90cgPJZrS7mMrqpuWQaZZPun/W6E4wLCfbux0exfy0TRB7Y4qsh3?= =?us-ascii?q?rsPJA6XihBoMF1Cht6AItPHNsNrwiiA56TgqG7kd6x+1hhtu8Mq6XwD+7F1NWj?= =?us-ascii?q?04V2RZha6lSBPCzNC6lznkRlkuOyj+/b0pn/DMPtZdIJWetgT27bdLDGBIS/Kz?= =?us-ascii?q?OJOsL6YUJG9aCT0K4qGimWMTv0W6uAqT2MKORv4UJ9zJdxOuXU0nhl6bzH1Nbs?= =?us-ascii?q?T39Uqz3lrnOTMpZbqlvQCqiWWxNSVOrA6215BYUJYobusuQDK9ovxJ6b+QY3pD?= =?us-ascii?q?BD1taVZrOspVLW215qMJfcIFbt1g4nVoQQZheyK00hhSnesHuOL25bK52BINNm?= =?us-ascii?q?jdKSRibs7EBrlWZlQmNABmzlX5/FPGEB0M+6Y0uO+QNXCdsZt+GycE888Ka1TL?= =?us-ascii?q?87ad1+hey2ueBfwp5SICbVSZ0fZnnd?= X-IPAS-Result: =?us-ascii?q?A2BcAgAliEta/wHyM5BdGwEBAQEDAQEBCQEBAYJsJikDgVo?= =?us-ascii?q?njit0jiSBWieXKhSBfQ4YiVU/GAEBAQEBAQEBAQFqKII4JIJIAwMBAiQZARsdA?= =?us-ascii?q?QIBAgkBAQUQChgRCAMBHQIRAQUBHAcSBYhXgTkBAxUBAqU6QI19GAUBHIMLBYN?= =?us-ascii?q?bChknDVmCFwELHgIGEoN6gTZcgVaBaTWFZEWBKQ52hT0BBKMPPZA3hH6CF4lxh?= =?us-ascii?q?3WKVIMOiHQGAgkIFCWBFx85gU8yGiOBBIF3gkUPHIF/YIY1AiUHghwBAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 02 Jan 2018 13:26:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w02DQ8jH013016; Tue, 2 Jan 2018 08:26:09 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vBMD63Yl136486 for ; Fri, 22 Dec 2017 08:06:03 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vBMD5wkH023608; Fri, 22 Dec 2017 08:06:02 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1D/BQBZAj1afysbGNZdHQEBBQELAYJsJ?= =?us-ascii?q?imBXSedPIFaJ5coFIIBCoU7AoROQRYBAQEBAQEBAQETAQELFoYBAwMnGQEbHQE?= =?us-ascii?q?DDAYQChgZIQIRAQUBHAcSiFyBOQEDFQECmGtAjX0YBQEcgwsFg18KGScNWYI1A?= =?us-ascii?q?QEBAQEBBAEBAQEcAgYSg3mBNlyBVoFpNYVkRYEpDnaFPQEEoww9kDGEfoIXiXC?= =?us-ascii?q?Hc4pSgw2IcwYCCQgUJIEXJg2BdDIaI4EDgXeCRQ8cgX9ghzYCJQeCHAEBAQ?= X-IPAS-Result: =?us-ascii?q?A1D/BQBZAj1afysbGNZdHQEBBQELAYJsJimBXSedPIFaJ5c?= =?us-ascii?q?oFIIBCoU7AoROQRYBAQEBAQEBAQETAQELFoYBAwMnGQEbHQEDDAYQChgZIQIRA?= =?us-ascii?q?QUBHAcSiFyBOQEDFQECmGtAjX0YBQEcgwsFg18KGScNWYI1AQEBAQEBBAEBAQE?= =?us-ascii?q?cAgYSg3mBNlyBVoFpNYVkRYEpDnaFPQEEoww9kDGEfoIXiXCHc4pSgw2IcwYCC?= =?us-ascii?q?QgUJIEXJg2BdDIaI4EDgXeCRQ8cgX9ghzYCJQeCHAEBAQ?= X-IronPort-AV: E=Sophos;i="5.45,441,1508817600"; d="scan'208";a="158119" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 22 Dec 2017 08:06:02 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AhazJDBV5XIEf54BVfEzqFPHaYVzV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYbROHt8tkgFKBZ4jH8fUM07OQ7/i5HzRYqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjWwba9vIBmssQndqtQdjJd/JKo21hbHuGZDdf?= =?us-ascii?q?5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXM?= =?us-ascii?q?TRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmij?= =?us-ascii?q?oINyQh/W/KisJ+kqxVrhGmqRN9zY7Ze52ZOOZkc6/BZ94WWXZNU8BMXCJBGIO8?= =?us-ascii?q?aI4PAvIGM+lCtYnyu0UBrR+5BQKxGO3vyyNHiWXs3aIn1OQqDAfI0xIhH9IStn?= =?us-ascii?q?Tbss/1P7oVXOCw1qbI1ynMYO1S2Tf68oTIdg4uofCQXbJ2b8XR01IiFwzAjlqK?= =?us-ascii?q?qIzlOymZ2fgKs2ie9udtU/+khW0/qwxpvDSj28ghhpPXio8a0FzI6yd0zJw6KN?= =?us-ascii?q?C2UEJ3f8KoHIdNuyyfKod6XMAvTm5ttSY01rEKpJC2cS0Qx5koyR7Sb/mKfoiW?= =?us-ascii?q?7R39SOqcJCt3iXJreLKxghuy/1avx+PzW8Sxy1lKoCRIn9bKu3sQzRLc8NKHRe?= =?us-ascii?q?F4/kq52TaAyQTT6uZcLE86j6TVJYAsz7Aum5QJrUnPAiD7lF/og6CIc0Uk4eeo?= =?us-ascii?q?5/7iYrr8p5+cM5V4igT/MqQqgsC/AOI4PRYSX2WD5+iwybLu8VfnTLhFlPE6jK?= =?us-ascii?q?vUvIrVKMkVvqK5BhVa0ocn6xaxFTem19EYkGECLF1fYhKIk5bmO1XJIPziCfew?= =?us-ascii?q?nVWskCttx//YJL3sGZrNLn3Zn7fgebZx8VJTyA02zdxH/ZJbFqkBIO7vWk/2rN?= =?us-ascii?q?HYFQI2Mxevzub7CNRyyoMeWWWVDq+fK6Pdq0WE5u0oI+mSfIUVoiryK+A55/7y?= =?us-ascii?q?in80gUQdcret3ZsWbnC4A/tnLl6FYXvsntgBEWAKshA4TOzxklKOSzFTZ3GsX/?= =?us-ascii?q?F02jZuE4+iDIHeVqixkbeB22G9BZQQaWdYThiKHGvkepusRfgBcmSRL9VnnzhC?= =?us-ascii?q?UqKuD8cl1BezpErhwKZ/BvTb9zdetp/50tVxoerJmlV68T1yEtTYyGyGUnt1gn?= =?us-ascii?q?JNQjg6waRyiVJyx03F0qVihfFcU9tJ6KBnSAA/YLvV1ed3D9e6YAPKd82FTx6C?= =?us-ascii?q?T9S6BzwrBoY0ysUFbkJ6XdGvjwzF0jCCDLoclrjND5sxpPGPl0PtLtpwni6VnJ?= =?us-ascii?q?IqiEMrF5NC?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B+BgBZAj1afysbGNZdHgEGDIJsJimBX?= =?us-ascii?q?SedPIFaJ5coFIIBCoU7AoROQRYBAQEBAQEBAQEBEgEBCxZdgjgigkoDAycZARs?= =?us-ascii?q?dAQMMBhAKGBkhAhEBBQEcBxKIXIE5AQMVAQKYa0CNfRgFARyDCwWDXwoZJw1Zg?= =?us-ascii?q?jUBAQEBAQEEAQEBARwCBhKDeYE2XIFWgWk1hWRFgSkOdoU9BaMMPZAxhH6CF4l?= =?us-ascii?q?wh3OKUoMNiHMGAgkIFCSBFyYNgXQyGiOBA4F3gkUPHIF/YIc2AiUHghwBAQE?= X-IPAS-Result: =?us-ascii?q?A0B+BgBZAj1afysbGNZdHgEGDIJsJimBXSedPIFaJ5coFII?= =?us-ascii?q?BCoU7AoROQRYBAQEBAQEBAQEBEgEBCxZdgjgigkoDAycZARsdAQMMBhAKGBkhA?= =?us-ascii?q?hEBBQEcBxKIXIE5AQMVAQKYa0CNfRgFARyDCwWDXwoZJw1ZgjUBAQEBAQEEAQE?= =?us-ascii?q?BARwCBhKDeYE2XIFWgWk1hWRFgSkOdoU9BaMMPZAxhH6CF4lwh3OKUoMNiHMGA?= =?us-ascii?q?gkIFCSBFyYNgXQyGiOBA4F3gkUPHIF/YIc2AiUHghwBAQE?= X-IronPort-AV: E=Sophos;i="5.45,441,1508803200"; d="scan'208";a="7430847" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa04.eemsg.mail.mil ([214.24.27.43]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 22 Dec 2017 13:06:00 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;d3755648-0f12-4c9d-9d1f-087a4e0ac017 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC05.oob.disa.mil (Postfix) with SMTP id 3z37zp4c4TzrKxs; Fri, 22 Dec 2017 13:05:58 +0000 (UTC) Received: from UPBD19PA02.eemsg.mil (unknown [192.168.18.3]) by UPDCF3IC05.oob.disa.mil (Postfix) with ESMTP id 3z37zp3WyhzrKxq; Fri, 22 Dec 2017 13:05:58 +0000 (UTC) Authentication-Results: upbd19pa02.eemsg.mail.mil; dkim=pass (signature verified) header.i=@gmail.com X-EEMSG-check-008: 271784063|UPBD19PA02_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 209.85.220.170 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DoAQCnAj1ahqrcVdFdHQEBBQELAYJsJoItnTyBWieXPIIBCoU7AoROQhUBAQEBAQEBAQETAQEBCAsLCCgvhSQDAycZARsdAQMMBhAKGBkhAhEBBQEcBxKIXIE5AQMVAZhuQI19GAUBHIMLBYNfChknDVmCNQEBAQEBAQQBAQEBHAIGCQEIg3mBNlyBVoFpNYVkRYEpDnaFPQWjDD2QMYR+gheJcIdzilKDDYhzBgIJCBQkgRc1gXIyGiOBA4F3gkUPEAyBf2CHNgIlB4IcAQEB X-IPAS-Result: A0DoAQCnAj1ahqrcVdFdHQEBBQELAYJsJoItnTyBWieXPIIBCoU7AoROQhUBAQEBAQEBAQETAQEBCAsLCCgvhSQDAycZARsdAQMMBhAKGBkhAhEBBQEcBxKIXIE5AQMVAZhuQI19GAUBHIMLBYNfChknDVmCNQEBAQEBAQQBAQEBHAIGCQEIg3mBNlyBVoFpNYVkRYEpDnaFPQWjDD2QMYR+gheJcIdzilKDDYhzBgIJCBQkgRc1gXIyGiOBA4F3gkUPEAyBf2CHNgIlB4IcAQEB Received: from mail-qk0-f170.google.com ([209.85.220.170]) by upbd19pa02.eemsg.mail.mil with ESMTP; 22 Dec 2017 13:05:45 +0000 Received: by mail-qk0-f170.google.com with SMTP id p13so18634448qke.4; Fri, 22 Dec 2017 05:05:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PDHV7JMrJzZal9SODBl/NQlpb71rUXIiq+23+XuSNyU=; b=OHgKjjcaKK+RKtqDamH2jamhvNC4AaMuJ4+t9u9aQ+m2cRbkeQhgrf33Zm3mGr+qrX EO+NNY3GooV59v0+BYxUvHjB2kewR3W5qK6bN6bCPW+q96Pqryx3hf1dUHuN6k3sgZCi 3vCQagnSbxA+3LjD3dFrCSFrVGutJfN5kvU0YtM8nysKqN+Pg4pWm2gtfNABrZW/w/GC SLEtH4dFDdFIkMtoO+xJAcntrbA9uVuopEH5EMew1nEXKIDZ749/SxcqC/qh7C6Wy9NU wuxKxNyckraW+vK3SfdVZkCOGtiDyv+qExGLRib0BEqOj+1coEgsFkku2vvy2ed13eoA 9SBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PDHV7JMrJzZal9SODBl/NQlpb71rUXIiq+23+XuSNyU=; b=LhlN7r8Y+aZtiBsbF7nNjDo2rzOzCvt9KQqKnARmn7Q87cwa4/0IzjpPNQY3qlEdvL zzZJnVqrgDxpsT+AG8HXRsOOMWqqn9VRQNFy7en10mL/de1/SCZW2PoBIPee4VrheN5b tEWgmg9y3m5V9Yxf3LpQa6PQln6rZhDkHqJMTciPr9HU9yPcxwkv9Vd+rUl7xi4t3tqr LdbKmbTO0dAVWPBwpzCM9l2CGhHlM5j7fDpLrJIb1ro9X4eouTbUOGrHz8C3XG7uFn1N qEB7OwU0NhH/vcZi1Svli5Bbdzd//1T4MsYWjYfEKtK9jft/+PTLsAseFZROe6YmCgvq O4HA== X-Gm-Message-State: AKGB3mIoLiMXLtIE1jW+HfZurHcBX2k3WyxnNJ2ety8U2MfvQN5zfrjv VsWGevyCdILsu3GVjiEMCQT+5TvI X-Google-Smtp-Source: ACJfBotNGnbHa0gzdcifAsX2NzZj1jGqFzL8uX1oDs16ceIb6bdyjDIaUxRJaTvie0vkop7kH0UFTw== X-Received: by 10.55.31.86 with SMTP id f83mr19505251qkf.79.1513947943041; Fri, 22 Dec 2017 05:05:43 -0800 (PST) Received: from localhost.localdomain.com ([2001:1284:f013:a4f9:5ee0:c5ff:fe34:bf34]) by smtp.gmail.com with ESMTPSA id v73sm3852525qkg.34.2017.12.22.05.05.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 22 Dec 2017 05:05:42 -0800 (PST) X-EEMSG-check-009: 444-444 From: Marcelo Ricardo Leitner To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Fri, 22 Dec 2017 11:05:18 -0200 Message-Id: X-Mailer: git-send-email 2.14.3 In-Reply-To: References: X-Mailman-Approved-At: Tue, 02 Jan 2018 08:24:19 -0500 Subject: [PATCH v3 3/4] sctp: Add LSM hooks X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Richard Haines Add security hooks to allow security modules to exercise access control over SCTP. Signed-off-by: Richard Haines Acked-by: Marcelo Ricardo Leitner --- include/net/sctp/structs.h | 10 ++++++++ include/uapi/linux/sctp.h | 1 + net/sctp/sm_make_chunk.c | 12 +++++++++ net/sctp/sm_statefuns.c | 18 ++++++++++++++ net/sctp/socket.c | 61 +++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 101 insertions(+), 1 deletion(-) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 9942ed5159448c924f0f018abeea9bab93fc3437..2ca0a3f7f043316d15d9d0998f035a0820bac1a3 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -1271,6 +1271,16 @@ struct sctp_endpoint { reconf_enable:1; __u8 strreset_enable; + + /* Security identifiers from incoming (INIT). These are set by + * security_sctp_assoc_request(). These will only be used by + * SCTP TCP type sockets and peeled off connections as they + * cause a new socket to be generated. security_sctp_sk_clone() + * will then plug these into the new socket. + */ + + u32 secid; + u32 peer_secid; }; /* Recover the outter endpoint structure. */ diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h index 6217ff8500a1d818fd1002fbd6f81c0c11974665..c04812f41068fd50978ebb6cf2578c7750c86efe 100644 --- a/include/uapi/linux/sctp.h +++ b/include/uapi/linux/sctp.h @@ -122,6 +122,7 @@ typedef __s32 sctp_assoc_t; #define SCTP_RESET_ASSOC 120 #define SCTP_ADD_STREAMS 121 #define SCTP_SOCKOPT_PEELOFF_FLAGS 122 +#define SCTP_SENDMSG_CONNECT 123 /* PR-SCTP policies */ #define SCTP_PR_SCTP_NONE 0x0000 diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index ca8f196b6c6c106386a65c75dccd7bc3451798ff..140e45b931ee83c835eddce693ec51a94d19b26a 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -3054,6 +3054,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, if (af->is_any(&addr)) memcpy(&addr, &asconf->source, sizeof(addr)); + if (security_sctp_bind_connect(asoc->ep->base.sk, + SCTP_PARAM_ADD_IP, + (struct sockaddr *)&addr, + af->sockaddr_len)) + return SCTP_ERROR_REQ_REFUSED; + /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address * request and does not have the local resources to add this * new address to the association, it MUST return an Error @@ -3120,6 +3126,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, if (af->is_any(&addr)) memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); + if (security_sctp_bind_connect(asoc->ep->base.sk, + SCTP_PARAM_SET_PRIMARY, + (struct sockaddr *)&addr, + af->sockaddr_len)) + return SCTP_ERROR_REQ_REFUSED; + peer = sctp_assoc_lookup_paddr(asoc, &addr); if (!peer) return SCTP_ERROR_DNS_FAILED; diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 8f8ccded13e47c4b5403b5a27416b0d5707d1f33..a2dfc5ad17921987ddd35190a5d36460b3f7e558 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -318,6 +318,11 @@ enum sctp_disposition sctp_sf_do_5_1B_init(struct net *net, struct sctp_packet *packet; int len; + /* Update socket peer label if first association. */ + if (security_sctp_assoc_request((struct sctp_endpoint *)ep, + chunk->skb)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* 6.10 Bundling * An endpoint MUST NOT bundle INIT, INIT ACK or * SHUTDOWN COMPLETE with any other chunks. @@ -905,6 +910,9 @@ enum sctp_disposition sctp_sf_do_5_1E_ca(struct net *net, */ sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL()); + /* Set peer label for connection. */ + security_inet_conn_established(ep->base.sk, chunk->skb); + /* RFC 2960 5.1 Normal Establishment of an Association * * E) Upon reception of the COOKIE ACK, endpoint "A" will move @@ -1433,6 +1441,11 @@ static enum sctp_disposition sctp_sf_do_unexpected_init( struct sctp_packet *packet; int len; + /* Update socket peer label if first association. */ + if (security_sctp_assoc_request((struct sctp_endpoint *)ep, + chunk->skb)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* 6.10 Bundling * An endpoint MUST NOT bundle INIT, INIT ACK or * SHUTDOWN COMPLETE with any other chunks. @@ -2103,6 +2116,11 @@ enum sctp_disposition sctp_sf_do_5_2_4_dupcook( } } + /* Update socket peer label if first association. */ + if (security_sctp_assoc_request((struct sctp_endpoint *)ep, + chunk->skb)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* Set temp so that it won't be added into hashtable */ new_asoc->temp = 1; diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 274082cf49a8380fda06866c631cdc22dc4f157b..d7822da004e90f12e523b132491d177d37468753 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1015,6 +1015,12 @@ static int sctp_setsockopt_bindx(struct sock *sk, /* Do the work. */ switch (op) { case SCTP_BINDX_ADD_ADDR: + /* Allow security module to validate bindx addresses. */ + err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_BINDX_ADD, + (struct sockaddr *)kaddrs, + addrs_size); + if (err) + goto out; err = sctp_bindx_add(sk, kaddrs, addrcnt); if (err) goto out; @@ -1224,6 +1230,7 @@ static int __sctp_connect(struct sock *sk, if (assoc_id) *assoc_id = asoc->assoc_id; + err = sctp_wait_for_connect(asoc, &timeo); /* Note: the asoc may be freed after the return of * sctp_wait_for_connect. @@ -1337,9 +1344,17 @@ static int __sctp_setsockopt_connectx(struct sock *sk, if (__copy_from_user(kaddrs, addrs, addrs_size)) { err = -EFAULT; } else { + /* Allow security module to validate connectx addresses. */ + err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_CONNECTX, + (struct sockaddr *)kaddrs, + addrs_size); + if (err) + goto out_free; + err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id); } +out_free: kfree(kaddrs); return err; @@ -1606,6 +1621,7 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len) struct sctp_transport *transport, *chunk_tp; struct sctp_chunk *chunk; union sctp_addr to; + struct sctp_af *af; struct sockaddr *msg_name = NULL; struct sctp_sndrcvinfo default_sinfo; struct sctp_sndrcvinfo *sinfo; @@ -1835,6 +1851,24 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len) } scope = sctp_scope(&to); + + /* Label connection socket for first association 1-to-many + * style for client sequence socket()->sendmsg(). This + * needs to be done before sctp_assoc_add_peer() as that will + * set up the initial packet that needs to account for any + * security ip options (CIPSO/CALIPSO) added to the packet. + */ + af = sctp_get_af_specific(to.sa.sa_family); + if (!af) { + err = -EINVAL; + goto out_unlock; + } + err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT, + (struct sockaddr *)&to, + af->sockaddr_len); + if (err < 0) + goto out_unlock; + new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL); if (!new_asoc) { err = -ENOMEM; @@ -2867,6 +2901,8 @@ static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval, { struct sctp_prim prim; struct sctp_transport *trans; + struct sctp_af *af; + int err; if (optlen != sizeof(struct sctp_prim)) return -EINVAL; @@ -2874,6 +2910,17 @@ static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval, if (copy_from_user(&prim, optval, sizeof(struct sctp_prim))) return -EFAULT; + /* Allow security module to validate address but need address len. */ + af = sctp_get_af_specific(prim.ssp_addr.ss_family); + if (!af) + return -EINVAL; + + err = security_sctp_bind_connect(sk, SCTP_PRIMARY_ADDR, + (struct sockaddr *)&prim.ssp_addr, + af->sockaddr_len); + if (err) + return err; + trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id); if (!trans) return -EINVAL; @@ -3196,6 +3243,13 @@ static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optva if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr)) return -EADDRNOTAVAIL; + /* Allow security module to validate address. */ + err = security_sctp_bind_connect(sk, SCTP_SET_PEER_PRIMARY_ADDR, + (struct sockaddr *)&prim.sspp_addr, + af->sockaddr_len); + if (err) + return err; + /* Create an ASCONF chunk with SET_PRIMARY parameter */ chunk = sctp_make_asconf_set_prim(asoc, (union sctp_addr *)&prim.sspp_addr); @@ -8038,6 +8092,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, { struct inet_sock *inet = inet_sk(sk); struct inet_sock *newinet; + struct sctp_sock *sp = sctp_sk(sk); + struct sctp_endpoint *ep = sp->ep; newsk->sk_type = sk->sk_type; newsk->sk_bound_dev_if = sk->sk_bound_dev_if; @@ -8080,7 +8136,10 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, if (newsk->sk_flags & SK_FLAGS_TIMESTAMP) net_enable_timestamp(); - security_sk_clone(sk, newsk); + /* Set newsk security attributes from orginal sk and connection + * security attribute from ep. + */ + security_sctp_sk_clone(ep, sk, newsk); } static inline void sctp_copy_descendant(struct sock *sk_to,