From patchwork Mon Jul 16 18:22:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10527563 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EAA11600D0 for ; Mon, 16 Jul 2018 18:42:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 576F328F29 for ; Mon, 16 Jul 2018 18:42:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 48E6428F52; Mon, 16 Jul 2018 18:42:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, NO_RDNS_DOTCOM_HELO, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 048FB28F29 for ; Mon, 16 Jul 2018 18:42:19 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="736172337" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa09.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:42:06 +0000 X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="13851992" IronPort-PHdr: =?us-ascii?q?9a23=3At/e/WRGiAkSBCHMnES30yJ1GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ7+r8q8bnLW6fgltlLVR4KTs6sC17KI9fi4EUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa8bL9oMBm6sRjau9ULj4dlNqs/0A?= =?us-ascii?q?bCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG?= =?us-ascii?q?81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUj?= =?us-ascii?q?m58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7Sc8kaRW?= =?us-ascii?q?5cVchPUSJPDJ63Y48WA+YcIepUqo/wqFwMohSkBQmsA+TvxiZRinLq06A30v?= =?us-ascii?q?ktHRja0AA9AtkCtGrYoMnwOKoUTOu7zrTHzS/bYv1I1zfz6IvGfB4vrv6DX7?= =?us-ascii?q?1+bNLRxEsyGw7LklqeppLqPyiO2+QRsWWW9fZsWf6hhmI5rQx6vzihxt0rio?= =?us-ascii?q?nMno8Y1ErL9T5nz4c1ONa2VVJ0Yd6+H5tNuSGaM5V5Qtk/SGxvpCk10KYGto?= =?us-ascii?q?C7fSUR05Qo2x7fZOaac4iG5hLsSvyRLS5ki31/Yr6wmxGy8U25x+D6S8K600?= =?us-ascii?q?5KozJYntTDuX0BzRze5tWdRvdj8UqtxyyD2x3L5uxFI004j7fXJp8lz7Iql5?= =?us-ascii?q?cesV7PEjHolEj5iqKda18q9fKy6+v9Z7XrvpqcN4hphQ7gKqkugcm/AfggMg?= =?us-ascii?q?gJQmib5fyw1L398k39R7VHluE2nbPDsJDbOMQbvbS1Aw5T0oYt7Ba/FCmp38?= =?us-ascii?q?gCkXkbLFNKZBKHj4/zN1HIPP/4Fuuwj06pkDdqw/DKJrzhApPTIXjfiLrtYL?= =?us-ascii?q?lw5kFGxAcz0NxT/YxYB74fLP7pR0P9rNnYAQU4MwywzebnEtJ91oYGVGKUHK?= =?us-ascii?q?CZNKLSsVmV5uMgOuWDf4gVuCv7K/c5+fHulmQ0mUMdfKa13ZsXb2q0HvJ9I0?= =?us-ascii?q?qDe3bsjdABEXkSsgokUOPqkEGCUSJUZ3uqXaI84Tc7B5i6DYfDXI+thqeM3C?= =?us-ascii?q?W8Hp1QY2BJEEuMEWv2eIWeQPcAciWSItVukjYcT7iuV5ch1Q2ytA/907dnLO?= =?us-ascii?q?jU9TcEupLgz9h14OvTlRAs9TFvAcSd13yNTm5vkWMVQT82wL1/rVZ6yleZ3q?= =?us-ascii?q?hym+ZYGsBL5/NVTgc6MobRzuJ7C9D2XwLOYM2JRU2oQtq4HD4xScgxzMUWY0?= =?us-ascii?q?ZnHNWijA7M0Da2A7MPkLyLHpM0+LrG33ftP8Z912rG1K45glgmX8tPL3Gphq?= =?us-ascii?q?549wjJHIPJjkaZl7yweaQawiHN6H+JzXCSs0FATA5wTaLFUGgCaUTKqNT54U?= =?us-ascii?q?XCT6OzBbk8LAtO19SCKqpLa93ui1VKXvHjN8rCY2ipgWe/GQ6Ixq+QbIrtY2?= =?us-ascii?q?gSwTndB1Iekw0I4XmGMg0+CTu7rGLFEDxiD1TvbF3w8eNmsnO0Ulc0zx2Wb0?= =?us-ascii?q?1mz7e65AYViuaGS/MSxbIJoz8hpC9uHFa8xNLWE96AqBB9c6pCe989501H1W?= =?us-ascii?q?3BvQxnIpOgN7xihkIZcwlvvEPhzRZ3CoJdkcUxr3Ml1glyKaWF0F9bcDOYx5?= =?us-ascii?q?/wMKXNKmbu5BCvd7LW2lbG3dmM56gP8vU4pEv5vAyyDEUt73Bn38NS03uG6Z?= =?us-ascii?q?XAFBASXo7pUkYr6xh6oKnXYjMg6IzJznBsPqy0szDY19IvGuQl1g6qf81DP6?= =?us-ascii?q?OcCA/yD8oaCtC1KOwkgVipaQkEPPxJ+a4vOcOmcPWH2KuxM+Zmhj6mi3pI4J?= =?us-ascii?q?xl2EKW6yV8UvLI34oCw/yA0AqITTP8jEu/vcDtgoBJfi8SEXSlySf/GY5RY7?= =?us-ascii?q?d+fYERCWehO8e33Mlxh4bxW35E816uH1UG2M6teRqWcVP9xhZd2l4Jrny9ni?= =?us-ascii?q?u01Tt0kysmrqCHxizB3/zidAYbOm5MXGRik1bsLpSoj9AdRkikdRQmlBui5U?= =?us-ascii?q?b8yKhWv6B/L2jVQUhSZSj2KHtuUqyqtrqNe8RP8o8nsT1LUOSgZlCXUrr9ox?= =?us-ascii?q?oB0yP/Bmde3y40dzWrupX/ghx7h3mQLG1rrHrYf8FwxAvQ5MfGSf5XwDUGWD?= =?us-ascii?q?FyiSPLCVikI9mp4dKUmo/ZsuC5U2KhUoNccTP3woOHuiq2/nZqAQCjkPCogN?= =?us-ascii?q?HnFhI60SDj3dlwSSrItAr8YpXs16miMuJoYE9oBETn5sp5BI5+lJAwhJcO1n?= =?us-ascii?q?gGnJmV+mAHkWjrO9VBxa3+dGYNRSIMw9PN+AjqwlBjLnaXyILhTHqdxNdhaM?= =?us-ascii?q?egYm4NxyI99N5FCL2P7LBehit1pUe4rRjNbvdjkDcdzuEu6HEEjO0Tvgoi0D?= =?us-ascii?q?mdCKgIHUZEJSzsiwiI79emoaVJYmagbKO91FR4nd+8DLGOuAdcV2jlep06By?= =?us-ascii?q?9/8t1/ME7Q0H308ozkYMPfbc8XthCPjxjAjvRVKZIomvoEnyVnP3jxvXo/y+?= =?us-ascii?q?40lRZux421vJCbK2Vx+6K0GhBYOSfzZ8MP/THtiL1TnsiI0I+yGZVhAC8EXI?= =?us-ascii?q?PyTfKvEjIdq+joNxqUHD07sHebFqLVHRWD50d+s3LPD5erOmmSJHYDydViQA?= =?us-ascii?q?eSJFBDgA8ORjo3hZg5GR62xMz6bEh2/CgR6UDiphtK1O1oKwH1Un3Dqwewdj?= =?us-ascii?q?c0VJ+fIQJY7gFY+UjaLNee4fh1HyFE+Z2htxeAJXaHaARNF20JXVaEB1/7NL?= =?us-ascii?q?m0+dbA6/SYBva5L/bWebWBt/dRWOmOxZKuzotm+C2BNsSRMXZ8EfI3wE1DXW?= =?us-ascii?q?p2G87BgTUAVzQXlz7Rb86cvBqz4TZ4ose78PTqQwLv+ZCPB6FJMdpx5x+6m7?= =?us-ascii?q?yDOPCUhCZ4LzZYy5wNyGTUx7kfxl4SljpueyOjELsaqS7NV6XQmqlNAx4ccS?= =?us-ascii?q?NzO9NC77gg0QlVJc7bltT126Zjgf40BFdFUlrhl9q0asMUOG69NUnIBECROL?= =?us-ascii?q?SBPz3LzNn9YbmgRr1IkOVUqxqwtC6BHE/sJDuDiSfmWguoMeFUki6bOhlet5?= =?us-ascii?q?u8chZpEmfjS93nZge8MN9tgj082ac0iW/SNW4ALTh8dFtArqGX7SNdmPl/AW?= =?us-ascii?q?tB73t7IumCgCmZ9e7YJYgVsfZwHit0kOda72ggxLtO8CFIXvp1lzXOrtR2uV?= =?us-ascii?q?GpjvGPyiZ7UBpJsjtLhoKLvEV6OaXe8plAWGrE8wwW4GWVChQKu8FlBcP1t6?= =?us-ascii?q?BX0NjPm7r5KC1e/NLM4cscG8/UJdqEMHshNRrmBiXZDA4CTT6lO2HQmVBdkO?= =?us-ascii?q?2S9n2Sq5g1tILgmJwQRb9HTFY1DO8VClx5HNweJ5d6RjUknqCBg84M/ne+rx?= =?us-ascii?q?7RRN5Gvp/dUPKSGvbvKDeDgblCeRQI3avyLZ4POY3jx0xidl56kZzQG0XORt?= =?us-ascii?q?BCvDdubhUor0VN63VxVWwz21j4ZQOq7n8TDeS0kQA2iwdkZ+Qi6ivs6U8tJl?= =?us-ascii?q?XWvCswjFUxmdL9jD+Mdz7xKqGwUpxIBCrwtkg8KYn0TBhvbQ21h0BkMy3ER7?= =?us-ascii?q?1Jhbt6aW9rkBPcuYdIGfNEUKJLegEQxfCKaPUzyllTsD+nxVVA5erLEpttih?= =?us-ascii?q?clcYO2r3JBxwJibMQ5JarOK6pV1lJQnL6Bvje01uAtxw8TP0IN8GSIeCEWvk?= =?us-ascii?q?wJN74mKjGn/uxq9AyOgTxDeHIDV/AyuPJl6ls9O/iczyLny7NDMV6+N+ieL6?= =?us-ascii?q?OfpmjBmtWFTU831kMNi0ZK56N20ds5f0qSSU8v0KObFw4VOsraNQFVc81S+W?= =?us-ascii?q?DPfSaPtOXNxo51P4W9F+3zUOCOtaYVjVi/EwozGYQD8NgBFIG20E7ENcfnMK?= =?us-ascii?q?IFyRI16QvxIFWFDehGdwyTnzcCo8C/yph33Y9HKTwGGmp9MD+45rDOqg8knf?= =?us-ascii?q?qPRtE2bWkGXoEcLHI5RNW6mzJFv3RHFDS4yfwWyA6Z4jDmuyvQEifzb8B4ZP?= =?us-ascii?q?iOfxNtCMu6+TIl86i5kVTX6InRJ3nmNdR+vd/C8ewap4uGC/NQSblyrULclp?= =?us-ascii?q?JFSHO0SGHPEMS6J57qZ4krd9z0BW6wUkajhDItU8fxINGtI7CSgQHuRIZbrI?= =?us-ascii?q?mb3DcnNc+mDj8QAgp+qfsf6ax7fgAMf507YRv0uAskLKy/PB2U0tOwTGaxMT?= =?us-ascii?q?FWVeVQzf2mZ7xLyCohdvW6x2E6TpE91Oa66lINRIsQgRHA2/mjY4heUS78Gn?= =?us-ascii?q?xZegXPqio5l3RvNuko2Oc/xQnEsV8CPDCXbOZpcnBLv8kgBVOOJnV7EmQ5S0?= =?us-ascii?q?WAgorD4w6s2rES8DFen9tP0O1KrmbxsYHFbDKrQqyrpo3fszA8Ytg+v61xLY?= =?us-ascii?q?vjL9ODtJzEhDzfT4ffshGEUC68GPpXgdZRLzheQPZUnWElPtEGtpda6UYrUM?= =?us-ascii?q?cxOaBPArE2pr+2cTpkETISzSgBWoyaxjwCn+G816HZlhqLcZQiMR0EsIlZjd?= =?us-ascii?q?cHVS55fD8erre5V4rKj2+EVnQLIAAL4ARN4gIAipF/fuT774rNUpBM1yRWov?= =?us-ascii?q?JvXyvMDpln6V37SmSMjlj5TPWuiOup3A1IwPLryNkbVwZ1CVJByOZOiksoNL?= =?us-ascii?q?Z3JrEMvo7Ntz+Fbl/6sH7oyOS9PlVRz9Pbd0HgBorfqWX8SjEc+WETRYJXyn?= =?us-ascii?q?HfEoodnhFkZ6k1v1VDPpqmelrg6DM53YhpGae3VdyzzVY/sXkGXzuqE8ZGC+?= =?us-ascii?q?x+rFLYRSBqY5Gxp5XhIJhdXmhQ+JiBpFhDi0VtLzS1yZxCJMFR+jQMRiRAoS?= =?us-ascii?q?2BvNuuT81Owdd2D4QQIthlpnj9BLhJOIOWo30roLzg1mHW+zYgsFeg3jqzH7?= =?us-ascii?q?W0T+VD/20RAg8pPXiRqlEzD+sw9Wff6kvCsl5o8OtHBLWDkEt8rS1hEZBJAz?= =?us-ascii?q?ZGyWqqL09vTHVcteVVNrjVedRGQ/YufR+vJwA+Ffk+0kyT4057gHf5bDZutg?= =?us-ascii?q?ZB/yDdWBc0WjcLjrjxnj0Rt9+oNSUcS51WcTUrdz3FJB6DmSBLoBZfbFlnW4?= =?us-ascii?q?wDAtlb5b4UwJBZ/tfGSUawMyEKRgJiNgM/0fpbi0FDrF+UeSfHDQqnbfzPqA?= =?us-ascii?q?F4fd+NrM61K/T05AVHhZn9sOA/7KUDQ2epmRO2TNDbso/8ssGKtkqSe6f5Ke?= =?us-ascii?q?K8Z2TBQCLLjRCqircuF4PK8DTLMApHN5l6zmIpYZr7Bm7NMxRGPaUbKFdFWq?= =?us-ascii?q?1hddVJuOZaZ9RjeKoT/69iGA6HTAv1GIOztPlGMkrTRTPGIiWH9uyyuoPT7b?= =?us-ascii?q?rYSeT6Z8yMwXjHQ7htMZdh9Tn7Aarq3pNC+krrwPdi6Fl2SV/cMyCOtN7hPB?= =?us-ascii?q?8E5NG+dkv+uZ0kBTXWAJZsn3rqwkFPbdEXTzer8JQfz5NZ823wRPl90kX8v+?= =?us-ascii?q?xe7b5k6ZM447px08e7Ob/SKehGsU9gGhWbGh9l9pEzD2hkW2BQYugRJezKfa?= =?us-ascii?q?sFjMDhteb3F7AW6BKP4eBZb8XIJ13ZkMmlFj6cUQBEnBsGqTMCKguczPuFlq?= =?us-ascii?q?9vRMaru+f2x0Ut40KkIR4e1rBt4oWE9bSUq+/LdRfRyqIEWqfyTMPpsrsso1?= =?us-ascii?q?+S5eEjlLMWeGx1YginHfMYVsEDxmbv07oqzSMqE8PMBb7g/uBMV24hlDL6h5?= =?us-ascii?q?99B0kWGu8THbeT/IRfn303lPbFOdANaaBNhHqPGgC4HbMYzn6r8SSXKnF/gh?= =?us-ascii?q?7SyxHwXX+z7FjuoCBjQCvM1NninVBXVrm2GUdSRzCmOVJ8sD6UIAXos8f4tr?= =?us-ascii?q?ov40ErKGzks8iNm3G7NLNQBc3/K8SWITMoq1IPkJ0xWtuv1JgDGdWnPNce7H?= =?us-ascii?q?F+b/XZ62OxkC9NurxHiJTa4sGU/PXXAHahgraCq7qX2DBX1ng4vF846tC6Nf?= =?us-ascii?q?HC/d6KTOqy12YXUSh/vxHNXxmvqrzUt1oUI1CE0F/XmIwWOdFUxXY42V/g5O?= =?us-ascii?q?g/R9Iz8wJSFp3eaPMGpDDzPib0wFmEbtIzSCaeyTtWEUjvHVl+Bqc8xHr6vN?= =?us-ascii?q?jVmnfI510oWo5welT7ihx1FYo3NVkg50QQwioHFQgNaA6UDKu0BUv7MYQEVV?= =?us-ascii?q?IPaROd3Li1Yq03x1F8wquz5O/PauxxH68NNvFbjg6Sk1hUBIkbsagfQL1mfV?= =?us-ascii?q?9S6rLXpwblC4j9XPjmjmA8NfurTcBG6coZrWct4h6jRxq87pdO97kbh4yTdq?= =?us-ascii?q?5feJTCoc9y4UFm5T4JayxMjwNyjxy8Ue8GouDs/MLXsJ2y6uahTKwtXfkY9w?= =?us-ascii?q?AoB2RiiJv9mFIjodbX1+daUIHalYT/8ARQI3GXuYfa0h98KfENK4KqZ7tg6X?= =?us-ascii?q?QHJzYEKHIKINWWauMw4ylzPzXP/1ZCGN8DZcsEPMrRngBZkkzpWK9J+crdAV?= =?us-ascii?q?KYD5pzeN0p72rw0zA565w8Uvzv6DWuP5DQ80lNP+9fjCVrjN/CpvYawfTcCC?= =?us-ascii?q?gT+nSYZQJ6wiWcxJmREfrw+/uDyM3MXVMcAiE2S5tdJCaF+QG/Seq1kJLpUw?= =?us-ascii?q?2K5c/3hJIzb1mQRnu3nKQErqlAC+hAhTvn3jJGDID6m+qVs8aw6GtQrlBHHp?= =?us-ascii?q?xz4gfDGKpDP5V7Ig/1lsyzRkh9Hyf/Y8/VdgE0tOqR3OcM7P10N1Hiao8DPh?= =?us-ascii?q?IE17X65GJQTgtvS772vVGZUPkTZNR8S/PEqXZV5pxmK6MVOliSuoDqpC9SqF?= =?us-ascii?q?8qGA8pdKMwrjtCe0bVggJVXbr0taUbigsYVt55pVNMGXyuN20j/TbHUr5VjK?= =?us-ascii?q?aJAvwP7jqTVrAOU1lvMi5mWxO135FudKGznfFJtWNGmi19reMv0zxhQxu8oj?= =?us-ascii?q?PjqL4X2TIn47G4rzQBuXpKTumElCfIE1pDxuwQjagAE3bi9UC8YH4bYYv8/r?= =?us-ascii?q?ZnIcXg9ZE/7HkkYBQjfigGXeG+BCHqi6OHHJaDsNVGhB6CoM/Od6O8LTAONr?= =?us-ascii?q?QhzhLuX3Z80hDEnBZp7GQEXC6t7NolJIWhI8Yq2DCkGW/BdFYD+qlJqtf+tU?= =?us-ascii?q?YXTOsqblNs2GJj0syZSSAWXMzPH3w6jhM4aWVFbJ1D9QUaGLc2jTqSuKlJ4B?= =?us-ascii?q?0Uai/OEou54onQgdvI2X4lQNdux2LWoLCFh5wz3H1hmtN09TKOuG8JeuzZSc?= =?us-ascii?q?BsBH/z2p1YyezkaPWnqvoHR5d+yLS9TP8CNdGu+W6s15p2Wk+lx7IeH12iPe?= =?us-ascii?q?8dx7fbVTmqSWmZWeSNbmiNkCw1Mkno5RmnNlc3cttFr1chMuvegZ5Rjw/hXq?= =?us-ascii?q?l3RiWXvlDW13EjMeUGdwI2v4enZgMKTO4NZ+SGI+gh3uE+AkMWb3DVBSt2F/?= =?us-ascii?q?O2sVm1kYhgNXVg5Fn1bOXu/w39LtudBAMEEY/br552//y2XGSBNmF8zE46AE?= =?us-ascii?q?4h09z6XwA1t+lBY9OKkNPNndVnwKsAcPtwNSAVpNEegMRg5JOS3cPMdgvemN?= =?us-ascii?q?K6AfLxh7DMB/zZ0lRveWxAVLcdSR366p98PdMjXbDXW7xDskJYTZAzXZhpEm?= =?us-ascii?q?D27qw8eBt6bwr5fL2phozvoeWRa91foHqAqhoLMCrEuxAFgsexRAh/YoHi02?= =?us-ascii?q?7+O7gsVzlBqJtrERIgE4xRTYdIlCfvJ5+ShbHz38S8/0J8pv8irbv7CveM0s?= =?us-ascii?q?+wmYp2Qc4erQawGR/6J+xng19uk/+pqvPByYXqT5u7P9QeW6IzFlXgQ5TlW4?= =?us-ascii?q?m+MTmTIdnUf09d76XaiOs/VQ+eMmSxfa2GsmWGM/Vt5142zMQsfu3Tynov6L?= =?us-ascii?q?HS3sD/YUlQryGkq3+CPZ8Z51vPU6iWfB9ZUrKu92FmVfkUYIbv/+AJMvQpwM?= =?us-ascii?q?Kb5ghu6XJFysTTZ+Cdo1PXx0UzVZvdIEKhjz40X4YXIRL6MkY2h2LdgnWYBX?= =?us-ascii?q?NCI46/IMpwmt/TCBGr5VEn3SkPb2tMASLNQs2LOHNTj8C7YxeQ9RljCd8Gku?= =?us-ascii?q?/xflQ34P6cU+5tb75Mgui7/I4Mkd90JSXCXoAONCjLIa5eJTFRB/jBoFUyJx?= =?us-ascii?q?UN9bMyX9FmNtC1PEobPRLYmmvJxgzY3BixJoT2jvSAPToW/3NbzrnMzTlLoU?= =?us-ascii?q?yjtO2EhtH4CuyCPoz1UfqLYTIsDm3cSDk3Cknv/F6lv7wBvf7LRAVXuUgaNw?= =?us-ascii?q?SVDgNbvaVztZ7IFGaGkuR4cYwin/uaUj3+TCBi0aE7QC1MsBPpIbIYDQeDSX?= =?us-ascii?q?jnjSJHvRC6YPpF/Hbrdbqdk6FcQOEHKpBHcvSETd/VY7VVLnEjkTBKXYT0ZM?= =?us-ascii?q?XS+pA+1F+AVm4FC+/I+VmZGVaRWeCZzin3UJ89pI8yuyFzooKVx3IxGKPOJL?= =?us-ascii?q?OF4Tun84r+gz/B//zXVm4qJUcyhbFnYiGNwxhFfXkNEMpd+FrsTaiJe1tW2T?= =?us-ascii?q?o3hPhv1R4BdEU7UnBn3nBM2vfoMtxQSVkTymipRfA=3D?= X-IPAS-Result: =?us-ascii?q?A2BcCwD+5Uxb/wHyM5BcHAECBAELAYNHgQlKEiiMX409g?= =?us-ascii?q?SGBX5J5gWInFIUEgkA3FQECAQEBAQEBAgFsHAyCNSSCXgMDAQIkEwYBAQwgC?= =?us-ascii?q?wECAwkBAUAICAMBLRQBEQYBBwUGAgEBARgEgn+BaAMVA55EihuBaTOCcQEBB?= =?us-ascii?q?YECAQFfgjUDgycIF4dUgy2BESeCNYIJgnQBEgGFVSCHZ4UvLowaCY8haodVh?= =?us-ascii?q?SyMP4csImFxTSMVO4JpgiUXg0WKHAFVT3yKYII5AQE?= Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 16 Jul 2018 18:42:04 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIg3rv023744; Mon, 16 Jul 2018 14:42:03 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w6GIOWKP024386 for ; Mon, 16 Jul 2018 14:24:32 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIOfnW020832 for ; Mon, 16 Jul 2018 14:24:41 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1ClBgCx4UxblywWGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNGgWUog3yIY4tdgWCBIYFflF+EdwJCgh8hNxUBAgEBAQEBAQIUAQEBAQEIFgZ?= =?us-ascii?q?MhUMDAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHIFoAxUDnj2KG257M4JxAQEFg?= =?us-ascii?q?QIBAV+CNAODJwgXdIZggReCFoERJ4I1ggmGKII1IIdnhS8ujBoJjyFqh1WFLIw?= =?us-ascii?q?/hyyBdE0jFTuCaYIZDA4JEYM0ihwBVU+OFQEB?= X-IPAS-Result: =?us-ascii?q?A1ClBgCx4UxblywWGNZcHAEBAQQBAQoBAYNGgWUog3yIY4t?= =?us-ascii?q?dgWCBIYFflF+EdwJCgh8hNxUBAgEBAQEBAQIUAQEBAQEIFgZMhUMDAyMEGQEBN?= =?us-ascii?q?wEPJQImAgJFEgYBDAYCAQGDHIFoAxUDnj2KG257M4JxAQEFgQIBAV+CNAODJwg?= =?us-ascii?q?XdIZggReCFoERJ4I1ggmGKII1IIdnhS8ujBoJjyFqh1WFLIw/hyyBdE0jFTuCa?= =?us-ascii?q?YIZDA4JEYM0ihwBVU+OFQEB?= X-IronPort-AV: E=Sophos;i="5.51,362,1526356800"; d="scan'208";a="324726" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 16 Jul 2018 14:24:41 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AJrEC4xfpbSsyxMkkuCeuJ5BflGMj4u6mDksu8p?= =?us-ascii?q?Mizoh2WeGdxc24ZRCN2/xhgRfzUJnB7Loc0qyK6/6mATRIyK3CmUhKSIZLWR?= =?us-ascii?q?4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBx?= =?us-ascii?q?rwKxd+KPjrFY7OlcS30P2594HObwlSizexfbJ/IA+qoQnNq8IbnZZsJqEtxx?= =?us-ascii?q?XTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM3?= =?us-ascii?q?0u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xy?= =?us-ascii?q?mp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwdR2?= =?us-ascii?q?VORMZRVytGAo+ldocCE+QMMOdFo4Xku1cCsAa1CQ2yCO/zzzNFgGL9068n3O?= =?us-ascii?q?Q7CQzIwRIuH9wOvnrXotv6OqgdXuKpw6fH1jjDc/Fb1C3h5ITUfB0so/eBVq?= =?us-ascii?q?9wf8rLzkkvEhvIg0uKpoz+ITyU1vkGvXWH4OpgT+2vlmAnqwVvrTi128whjZ?= =?us-ascii?q?XGiZgOyl/a9SR02501KsG4SEFhfN6kHp9QuD+AN4dvXswtWXtktzo9yr0DoJ?= =?us-ascii?q?O2ejUBxpc/xxPHdfCLboeF7gj9WOueOzt0mmxpdKiwihu96USty+/xWtOp3F?= =?us-ascii?q?tLqidJiNjBu3AX2xDN9MSKRf1w9Vq71zmVzQDc8ORELFg0laXFL54hxaY9mZ?= =?us-ascii?q?QOv0nfACH7llv7grWKe0k4++Wk8frobavjpp+HOI94kAT+Pb4vmsy7G+g4Nw?= =?us-ascii?q?kOX2yD9eS90r3s41H5Ta1UgvErnaTVqo7WKMsBqqKnHQNZyIku5hmnAzejyt?= =?us-ascii?q?sYnH0HLFxfeBKAiojkI03BL+rjDfihg1WhiyxryOzGPrL7H5XNIHzDn6n7fb?= =?us-ascii?q?pk90FT0hA/wsxY55JREr0BOu78WlfttNzECR80Kxe0zPjjCNV80IMeRG2OD7?= =?us-ascii?q?SFMKLSrVCI5uUvL/OKZI8OojnxMfcl5/nwjSxxpVhIWZKMlc8TaXalDrF9Lk?= =?us-ascii?q?6Ee3vwk5IEFmsXugcWUuPnkhuBXCRVanL0WLgzsHVzLKGCKM+XQoGrnazE3y?= =?us-ascii?q?qhGJBSTn5JB0rKEnrycYiAHfAWZ3TWavdojzhMcL+mUYJpgQmnqQvS07N6Kq?= =?us-ascii?q?/R/SoCuNTo090jo6XoiRwq9TFyR/+Y2mWJQnA8yngEXBcqzat/pgp70V7F3q?= =?us-ascii?q?9m1bgQLvEbw/JPTxdyYYXRy+18FsDaRhPKftDPTk2vBNqhH2d1BpgK5vYlQA?= =?us-ascii?q?NxGs6pkwvY9y6rGKMO0eTSQpsu/eiUi0PUDu1ejnrHz6I8lEIORspUKXbg3v?= =?us-ascii?q?c58BLcUcqBsUKZke6IcqQV2jXA8i/Xz22OugdaVw55V77IW1gUb03Rq9Xy70?= =?us-ascii?q?eERLirX/BvEQZM0oapLaxJIonqgFhdT/DkO/zVY3i2nmatAFCP3LzaKMLWdn?= =?us-ascii?q?kGwSKVKEECnwlbqW6LMwcjByHkoG/ECjFqPVOqZ0Ty/K9loXCmVEZyyQzMbV?= =?us-ascii?q?U3k/KX8xsYnrS5TOkJ36lM7CUkrC9uHU2V2dvTBtvGoBBuKvZye9Q4tXxOzm?= =?us-ascii?q?/I/zd2PpW9IaRvnBZKeA1sslLGzB53A5hOlcUw6XgjigF1LPTLgxt6azqE0M?= =?us-ascii?q?WoafXsIW7o8UXqO/aMgAPXzcqW96ET6f8xt1TkukSzG1E/92l8iYIIgWaf65?= =?us-ascii?q?GTXRIbCc63X0sy7Bc8orjbZm845oeHnWZ0P/yStTnPk8ksGPNj0gypKtxWK6?= =?us-ascii?q?6VPBT5E8QHCcyjMqkhkh6iaRdXdPtK+vsSOMWrP+CDxLbtOe9hmDy8imES64?= =?us-ascii?q?lm31Ok7CF8Q/PG25sfhvqRmACAUmS0l0+v5+bwn40MfjQOBiy/xCzjUZZWfb?= =?us-ascii?q?F3dJ0XBH2GOMqxx94l386oAiMe/1mlHFYcnsqgeB7UYEWkmxxZ1UMQ53egnH?= =?us-ascii?q?jwwz91lmQxp7GElGzVwuvkfQYaIGMDWmR4jFntLIT1x9AXVUSldU4owTO07E?= =?us-ascii?q?b9wO5Qo6Fy?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AnBgBg4kxblywWGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNGgWUog3yIY4tdgWCBIYFflF+EdwJCgh8hNxUBAgEBAQEBAQIBEwEBAQE?= =?us-ascii?q?BCBYGTAyCNSSCXgMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFQOePoo?= =?us-ascii?q?bbnszgnEBAQWBAgEBX4I0A4MnCBd0hmCBF4IWgREngjWCCYYogjUgh2eFLy6?= =?us-ascii?q?MGgmPIWqHVYUsjD+HLIF0TSMVO4JpghkMDgkRgzSKHAFVT44VAQE?= X-IPAS-Result: =?us-ascii?q?A0AnBgBg4kxblywWGNZcHAEBAQQBAQoBAYNGgWUog3yIY?= =?us-ascii?q?4tdgWCBIYFflF+EdwJCgh8hNxUBAgEBAQEBAQIBEwEBAQEBCBYGTAyCNSSCX?= =?us-ascii?q?gMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFQOePoobbnszgnEBAQWBA?= =?us-ascii?q?gEBX4I0A4MnCBd0hmCBF4IWgREngjWCCYYogjUgh2eFLy6MGgmPIWqHVYUsj?= =?us-ascii?q?D+HLIF0TSMVO4JpghkMDgkRgzSKHAFVT44VAQE?= X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="13850940" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from usat3cpa06.eemsg.mail.mil ([214.24.22.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 16 Jul 2018 18:24:40 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;e0e01752-62c8-42a6-99f9-9e6f10cd2e1e Authentication-Results: ukel19pa04.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic308-15.consmr.mail.gq1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 331398671|UKEL19PA04_EEMSG_MP1.csd.disa.mil X-EEMSG-SBRS: None X-EEMSG-ORIG-IP: 98.137.68.39 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3Al8pacReFJkQviR9m03j/wVUGlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc24ZxyN2/xhgRfzUJnB7Loc0qyK6/6mATRIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfbJ/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf?= =?us-ascii?q?5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbD?= =?us-ascii?q?VwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0li?= =?us-ascii?q?gIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwdR2VORMZRVytGAo+l?= =?us-ascii?q?docCE+QMMOdFo4Xku1cCsAa1CQ2yCO/zzzNFgGL9068n3OQ7CQzIwRIuH9wOvn?= =?us-ascii?q?rXotv6OqgdXuKpw6fH1jjDc/Fb1C3h5ITUfB0so/eBVq9wf8rLzkkvEhvIg0uK?= =?us-ascii?q?poz+ITyU1vkGvXWH4OpgT+2vlmAnqwVvrTi128whjZXGiZgOyl/a9SR02501Ks?= =?us-ascii?q?G4SEFhfN6kHp9QuD+AN4dvXswtWXtktzo9yr0DoJO2ejUBxpc/xxPHb/GKcJKE?= =?us-ascii?q?7g/tWeuTOzt1hXFodKixihu26USty+/xWtOp3FtLqidJiNjBu3AX2xDN9MSKRf?= =?us-ascii?q?1w9Vq71zmVzQDc8ORELFg0laXFL54hxaY9loEUsUTFHy/5hEv7gLOVe0k95+Sl?= =?us-ascii?q?6/7rbanhpp+aLI90jxv+Pr4rmsOlAOQ4NhICX2eC+eihzrHi/Vf2QLVNjv0xiK?= =?us-ascii?q?XWrJfaJcEDqq64BQ9azJoj5g67AjqlytgUgHcKIVBfdB+GjIXlIV/DLfTgAfe6?= =?us-ascii?q?mVuskTNrx/7cPr3mB5XANmTMn636fblj609R0xEzwsxf551OF7EBLvbzVVHrtN?= =?us-ascii?q?DBEhA2KRa4zPrgCNV4zo8eQ36AAreFMKPOtl+F/vkvLPeIZI8Uvjb9Nvck6uXy?= =?us-ascii?q?jX45hVAdfa6p0YERaHCjBPtqOUqZYX3ygoRJLWBfmjEbBLjuiVufQXtIan2vRa?= =?us-ascii?q?Mg93Q+D467CYrrWI+gmvqC0T29E5kQYXpJXBTENVTMUs3QX/YKdTLXIcJ7lDEA?= =?us-ascii?q?faauRpVn1hy0sgL+jb19IbyQshURqJar8d9y/eCbwQk76DhcF82A1ySISGZuky?= =?us-ascii?q?UDQDpgmOhEvUFlylqFmZN9ivhcGM0bs+hFSS8mJJXcyKp8ENm0VQXfKJPBc3vu?= =?us-ascii?q?ZtSgHCF5Gsk8x94IflZVB8SpjheF2TGjRbASierPTNYP14v3/D39Jt121m3d/K?= =?us-ascii?q?0glEU9BJMWc2q8ieQ3ozP2LqXq1kmYjK23br802C/W6HzFlTPIu1tXBko4c6LF?= =?us-ascii?q?Wzg9YUvfq8/04AuWTbiuD/IlNQtIz9WPLINBY9vui1RNTfOlM9PbNSb5uGq9Hl?= =?us-ascii?q?6jwbSPJN7pdmgG1yLaC2APkxoU+HebME45HCj35yriASB1CFWnQ0rq/eA2/Gu2?= =?us-ascii?q?SEApzgfPbEB70bex0h9QgfuCRrUI17EZoi5nrTgyHk7rm5r0At+NvEJEe79GYM?= =?us-ascii?q?h1tFVC0njDthdVOJWlIqEkgUQRJVdZpUTrgj5+EYhR2fMhrHo3wg5/M+rM21pa?= =?us-ascii?q?eiKwxpvwM6DZLmTouRumLaXR3weNg56t5q4T5aFg+B3YtwazGx9noy0+gotllk?= =?us-ascii?q?CE75CPNzI8FJf4U0I57R9//uGIeSI97p7a0XB2dKK99DTF3oBxXbd3+lObZ95a?= =?us-ascii?q?dZi8OkrqCcRDV5q1I+wjhlatYwhBN+kU/6kxbZv/Kqm2nZWzNeMlpwqIyGRK5I?= =?us-ascii?q?cmgxCX8Cx9QbWQj9NcnreT2Q2cUi26iV6gtob4gNkCdDgSGW35wi/hVtZc?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DMDAAo4kxb/ydEiWJcHQEBBQELAYNJg?= =?us-ascii?q?WIog3yIY409gSGBX5JlgXoehFkCQoIfGQYGMhYBAgEBAQEBAQEBAWwcDII1JIJ?= =?us-ascii?q?eBiMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHIFoAxWeQYobbnszgnEBAQWBAgEBX?= =?us-ascii?q?4I0A4MnCBd0hmCDLYERJ4I1B4IChiiCNSCHZ4UvLowaCY8haodVhSyMP4cdCie?= =?us-ascii?q?BUk0jFTuCaYIZDBeDRYocAVUfMI4VAQE?= X-IPAS-Result: =?us-ascii?q?A0DMDAAo4kxb/ydEiWJcHQEBBQELAYNJgWIog3yIY409gSG?= =?us-ascii?q?BX5JlgXoehFkCQoIfGQYGMhYBAgEBAQEBAQEBAWwcDII1JIJeBiMEGQEBNwEPJ?= =?us-ascii?q?QImAgJFEgYBDAYCAQGDHIFoAxWeQYobbnszgnEBAQWBAgEBX4I0A4MnCBd0hmC?= =?us-ascii?q?DLYERJ4I1B4IChiiCNSCHZ4UvLowaCY8haodVhSyMP4cdCieBUk0jFTuCaYIZD?= =?us-ascii?q?BeDRYocAVUfMI4VAQE?= Received: from sonic308-15.consmr.mail.gq1.yahoo.com ([98.137.68.39]) by ukel19pa04.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:23:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1531765380; bh=fV7nyNiUgGKwHSJhrAIgWi8oFSvPnpEJsQ1eggyGHCM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=rVzQT0yMfsI7HG+gffENO2sPZVuYDulS6p6lnma+IDIppSxN0L9wjj2QBd4GTLTIt71MpnnOp6A3cDkZp7TwiPI9YDJWqhfDytbxseCjf5K/CaYCNdSAnVXbqNCVViNSZp2m2RWLvdL+8zPt4LCc1H307YnEH/gNaw18+sMLQsgjNJwUWH7vbVj7lbVkTU9hoMp2fwkFCEw7EsN02yzUrFZpCXP5mM/xEpfyGKezcZLd541gNhm9xwP3WqBuoE2B0KI43ecE6RrqTnAohkJcLuEmC9WPTa+1Hzbh7aclZyIYhCvLneKBEa5RP2cNWHTHla6k/Zdf9Y9PXoQynvgeEg== X-YMail-OSG: wIV9ukAVM1mNZ3xERau5XpAFjSpb4ct.U2p2Qhi4.NGHgGyLHYX_GiUF4dJgE3d Y1ZxSmjPTE4mLPp4ILEOwTymoipIvRETV5_Vl.mWsi_3.MkDMwybfBeL.Ue9p9FR4Ka1OI5NopIL JJ75AnxcBdSo_CPI11qVtasmO2hKI.msyGQydLDcl.ZTuVk90.nWpCODKNTbpxPoJty1BsMFqUOV _8ZSbsDk9oKFWbuwgCIDUdqhf2JoyrtxKnjTGoHtmaJ9GviK_xwA9KZcIsUu2Ksv8LM8ZviKPt7i dygDKj_qSaWEcDS0J0vrbjx_y6XuG0u8g75tYgMjkE7W61WPpQj61cgfUtVL5zBip.8ZgW..rEyN yX3TEC5IWHKUj6qA1JdX8w3oxD3rkGYTMe1aXUBmO92ewYUj1CW.Yc3mVCMqYDcG99GKQDJ6KvtP ZcSaxSRzjHqEZmimveHE_ZsoR0NsSBXin6ZH.1QEFPfuJIxyvqqTB54NDYNvg3SnyPoOYQ7oOvzk rQMuc6xsFgL8t5j4dAAYpooFym8ePsH9izytcpEa1UCIPUWOBdyxN0J646A0qw0GN7hchYc4kS60 rjNJCoyGwpsNKM4BqFscmd7EJCFzKUFU2sgUkZnvrZG9VqzY11HtqVh79E9oXNWS9EM9PLUTi8P9 fHTSv6YDsXTn1mPPEdZ7LmUA9.aIlXdC0byQyX9mAdgFOcZOsjBS4zRykfmHqzSGasSJ4LLnspjs i4w0.MUTpry397Fkz.SKDLrvUJJEvNZxuQBvvDcCevTrGASa0.nVBedOddBssv4o6bo8XtazM6N0 CN2vqbcG.NycCrUGfvYiBvlHErvXi_C067ZxHLdI.7GhV05MdLrfSPKi9nTpL4iLWfzTbhL8extq F7l6puu6xjJPp8YzSu_V8RaJAej28jaUErF3C_NSbCdd_.L8paWrD8Am9bkPM_4yqMT3uYhGLfRg AQbNtxRJwvqHuQG42rrLEk08X535o5wmlDRYqxsXIOpMMUuHJV3s08vFPSbVPJjcvQXOW4p85YGa 23iSKYtWe7ZACtaqCRlD6 Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.gq1.yahoo.com with HTTP; Mon, 16 Jul 2018 18:23:00 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.100]) ([67.169.65.224]) by smtp432.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 3bd43e371ea14f385f2b280b71689bba; Mon, 16 Jul 2018 18:22:55 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Mon, 16 Jul 2018 11:22:52 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Mon, 16 Jul 2018 14:38:37 -0400 Subject: [PATCH v1 06/22] LSM: Infrastructure management of the file security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP LSM: Infrastructure management of the file security blob Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 19 +++++++------- security/security.c | 54 +++++++++++++++++++++++++++++++++++--- security/selinux/hooks.c | 25 ++---------------- security/smack/smack.h | 5 ++++ security/smack/smack_lsm.c | 26 +++++++----------- 6 files changed, 78 insertions(+), 52 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 25de11adb4ea..ff8928dac619 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2023,6 +2023,7 @@ struct security_hook_list { */ struct lsm_blob_sizes { int lbs_cred; + int lbs_file; }; /* diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f80fbfe50618..271d96c39129 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -431,21 +431,21 @@ static int apparmor_file_open(struct file *file, const struct cred *cred) static int apparmor_file_alloc_security(struct file *file) { - int error = 0; - - /* freed by apparmor_file_free_security */ + struct aa_file_ctx *ctx = file_ctx(file); struct aa_label *label = begin_current_label_crit_section(); - file->f_security = aa_alloc_file_ctx(label, GFP_KERNEL); - if (!file_ctx(file)) - error = -ENOMEM; - end_current_label_crit_section(label); - return error; + spin_lock_init(&ctx->lock); + rcu_assign_pointer(ctx->label, aa_get_label(label)); + end_current_label_crit_section(label); + return 0; } static void apparmor_file_free_security(struct file *file) { - aa_free_file_ctx(file_ctx(file)); + struct aa_file_ctx *ctx = file_ctx(file); + + if (ctx) + aa_put_label(rcu_access_pointer(ctx->label)); } static int common_file_perm(const char *op, struct file *file, u32 mask) @@ -1131,6 +1131,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) */ struct lsm_blob_sizes apparmor_blob_sizes = { .lbs_cred = sizeof(struct aa_task_ctx *), + .lbs_file = sizeof(struct aa_file_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { diff --git a/security/security.c b/security/security.c index a9fc6975c338..cec46acb4061 100644 --- a/security/security.c +++ b/security/security.c @@ -40,6 +40,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); +static struct kmem_cache *lsm_file_cache; + char *lsm_names; static struct lsm_blob_sizes blob_sizes; @@ -89,6 +91,13 @@ int __init security_init(void) */ do_security_initcalls(); + /* + * Create any kmem_caches needed for blobs + */ + if (blob_sizes.lbs_file) + lsm_file_cache = kmem_cache_create("lsm_file_cache", + blob_sizes.lbs_file, 0, + SLAB_PANIC, NULL); /* * The second call to a module specific init function * adds hooks to the hook lists and does any other early @@ -98,6 +107,7 @@ int __init security_init(void) #ifdef CONFIG_SECURITY_LSM_DEBUG pr_info("LSM: cred blob size = %d\n", blob_sizes.lbs_cred); + pr_info("LSM: file blob size = %d\n", blob_sizes.lbs_file); #endif return 0; @@ -272,6 +282,28 @@ static void __init lsm_set_size(int *need, int *lbs) void __init security_add_blobs(struct lsm_blob_sizes *needed) { lsm_set_size(&needed->lbs_cred, &blob_sizes.lbs_cred); + lsm_set_size(&needed->lbs_file, &blob_sizes.lbs_file); +} + +/** + * lsm_file_alloc - allocate a composite file blob + * @file: the file that needs a blob + * + * Allocate the file blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_file_alloc(struct file *file) +{ + if (!lsm_file_cache) { + file->f_security = NULL; + return 0; + } + + file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); + if (file->f_security == NULL) + return -ENOMEM; + return 0; } /* @@ -957,12 +989,28 @@ int security_file_permission(struct file *file, int mask) int security_file_alloc(struct file *file) { - return call_int_hook(file_alloc_security, 0, file); + int rc = lsm_file_alloc(file); + + if (rc) + return rc; + rc = call_int_hook(file_alloc_security, 0, file); + if (unlikely(rc)) + security_file_free(file); + return rc; } void security_file_free(struct file *file) { + void *blob; + + if (!lsm_file_cache) + return; + call_void_hook(file_free_security, file); + + blob = file->f_security; + file->f_security = NULL; + kmem_cache_free(lsm_file_cache, blob); } int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -1080,7 +1128,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) return rc; rc = call_int_hook(cred_alloc_blank, 0, cred, gfp); - if (rc) + if (unlikely(rc)) security_cred_free(cred); return rc; } @@ -1101,7 +1149,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) return rc; rc = call_int_hook(cred_prepare, 0, new, old, gfp); - if (rc) + if (unlikely(rc)) security_cred_free(new); return rc; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 98ee88156e11..ea9557ad7b7a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -149,7 +149,6 @@ static int __init checkreqprot_setup(char *str) __setup("checkreqprot=", checkreqprot_setup); static struct kmem_cache *sel_inode_cache; -static struct kmem_cache *file_security_cache; /** * selinux_secmark_enabled - Check to see if SECMARK is currently enabled @@ -381,27 +380,15 @@ static void inode_free_security(struct inode *inode) static int file_alloc_security(struct file *file) { - struct file_security_struct *fsec; + struct file_security_struct *fsec = selinux_file(file); u32 sid = current_sid(); - fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL); - if (!fsec) - return -ENOMEM; - fsec->sid = sid; fsec->fown_sid = sid; - file->f_security = fsec; return 0; } -static void file_free_security(struct file *file) -{ - struct file_security_struct *fsec = selinux_file(file); - file->f_security = NULL; - kmem_cache_free(file_security_cache, fsec); -} - static int superblock_alloc_security(struct super_block *sb) { struct superblock_security_struct *sbsec; @@ -3560,11 +3547,6 @@ static int selinux_file_alloc_security(struct file *file) return file_alloc_security(file); } -static void selinux_file_free_security(struct file *file) -{ - file_free_security(file); -} - /* * Check whether a task has the ioctl permission and cmd * operation to an inode. @@ -6845,6 +6827,7 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) struct lsm_blob_sizes selinux_blob_sizes = { .lbs_cred = sizeof(struct task_security_struct), + .lbs_file = sizeof(struct file_security_struct), }; static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { @@ -6915,7 +6898,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_permission, selinux_file_permission), LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), - LSM_HOOK_INIT(file_free_security, selinux_file_free_security), LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), LSM_HOOK_INIT(mmap_file, selinux_mmap_file), LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), @@ -7117,9 +7099,6 @@ static __init int selinux_init(void) sel_inode_cache = kmem_cache_create("selinux_inode_security", sizeof(struct inode_security_struct), 0, SLAB_PANIC, NULL); - file_security_cache = kmem_cache_create("selinux_file_security", - sizeof(struct file_security_struct), - 0, SLAB_PANIC, NULL); avc_init(); avtab_cache_init(); diff --git a/security/smack/smack.h b/security/smack/smack.h index 0c6dce446825..043525a52e94 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred) return cred->security; } +static inline struct smack_known **smack_file(const struct file *file) +{ + return file->f_security; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index dca1db48f38b..d5c99ed8047d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1570,24 +1570,12 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) */ static int smack_file_alloc_security(struct file *file) { - struct smack_known *skp = smk_of_current(); + struct smack_known **blob = smack_file(file); - file->f_security = skp; + *blob = smk_of_current(); return 0; } -/** - * smack_file_free_security - clear a file security blob - * @file: the object - * - * The security blob for a file is a pointer to the master - * label list, so no memory is freed. - */ -static void smack_file_free_security(struct file *file) -{ - file->f_security = NULL; -} - /** * smack_file_ioctl - Smack check on ioctls * @file: the object @@ -1812,7 +1800,9 @@ static int smack_mmap_file(struct file *file, */ static void smack_file_set_fowner(struct file *file) { - file->f_security = smk_of_current(); + struct smack_known **blob = smack_file(file); + + *blob = smk_of_current(); } /** @@ -1829,6 +1819,7 @@ static void smack_file_set_fowner(struct file *file) static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { + struct smack_known **blob; struct smack_known *skp; struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct file *file; @@ -1841,7 +1832,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, file = container_of(fown, struct file, f_owner); /* we don't log here as rc can be overriden */ - skp = file->f_security; + blob = smack_file(file); + skp = *blob; rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) @@ -4615,6 +4607,7 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, struct lsm_blob_sizes smack_blob_sizes = { .lbs_cred = sizeof(struct task_smack), + .lbs_file = sizeof(struct smack_known *), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4652,7 +4645,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), - LSM_HOOK_INIT(file_free_security, smack_file_free_security), LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), LSM_HOOK_INIT(file_lock, smack_file_lock), LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),