From patchwork Tue Nov 22 19:40:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9442053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 83A7B605EE for ; Tue, 22 Nov 2016 19:48:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 70CDE1FE95 for ; Tue, 22 Nov 2016 19:48:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 64D571FF27; Tue, 22 Nov 2016 19:48:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5209A1FF13 for ; Tue, 22 Nov 2016 19:48:53 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,682,1473120000"; d="scan'208";a="1226881" IronPort-PHdr: =?us-ascii?q?9a23=3AIOlSExBr6ij7+RAJkRVgUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPr/oMSwAkXT6L1XgUPTWs2DsrQf2rGQ6f2rADZfqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLd8IRmsswnctsYajZZ8Jqsz1xDEvmZGd+?= =?us-ascii?q?NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLD?= =?us-ascii?q?TRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljj?= =?us-ascii?q?oMODAj8GHTl8d+kqRVrhy8rBB72oLYfZ2ZOP94c6jAf90VWHBBU95RWSJfH42y?= =?us-ascii?q?YYgBAe0DMuZWt4nwpUYCoBWxCgawC+3g1CRIi2Tq3aA4yektDRvL0BA+E98IrX?= =?us-ascii?q?/arM/1NKAXUe2twqfH1zPDZO5S1zfg8ojIfQ4uofeXXbltdsfe1FMgFwXEjlqO?= =?us-ascii?q?rYzlPSiY1uETvGif6+pvT+Svi2koqg1rvjevwcIsh5DPi4kIyV7E7T10zJs6KN?= =?us-ascii?q?C3UkJ2YcOoHIFOuyyVKYd6WN4uT3l1tCs+xLAKo5G2cSoQxJg6xhPSa+aLf5WW?= =?us-ascii?q?7h/nUuuaPC12i2h/eL2lgha/6U2gyurhWcaqyFtKtS9FksXUtnAKyhzT9tCLSv?= =?us-ascii?q?tj8Uel3jaCzxzT5fteIUA1iKrbMIQtwqIwl5UPsUTDGTX6mEPqg6+Nakoo4O2o?= =?us-ascii?q?6+XjYrn+p5+cMZF7ih3mP6gzlcGyDv40PwgTU2SB5+ix26Pv8VfkTLlSi/05iK?= =?us-ascii?q?jZsJTUJcQBoa65BhdY0p095Ba7Djem1skYnHYeIF1efxKHko7pNE3QL/DjFvq/?= =?us-ascii?q?n1Stnytrx/DBJLHhBI7NIWLZnLfuerZ99VZQyBAvwtBH+5JUFrYBLer9Wk/rrt?= =?us-ascii?q?PYCAM2Mw2vw+v8DdV9zoIeVXuUAq6XK6Peq1iI5vggI+OUfo8apC79K+Q55/7p?= =?us-ascii?q?lXI5mkUSfaqu3ZsKc324He5pI0aeYXrxmNsBFn0KvgUmRuzwlFKCSSJTZ2q1X6?= =?us-ascii?q?8k/D40FZimDYbdSYC3m7GOxju0HphMamBBEFCMHm/id5+YVPcUdCKSPshhnyQE?= =?us-ascii?q?Vbe/T48h0RauuRT+y7p6MurU/SgYuoj52Nhy/e3Tmgk49SZoAMSFz2GNU2Z0k3?= =?us-ascii?q?sTRz84xqB/pld9ykuY3KhjhfxYEtJS5/ZTXQc8L5LcyfJ1C8zqUALbYtiJUEqm?= =?us-ascii?q?QsmhATwpQNM+2dsOY1pjFNW4lRDOxDSqDKEPl7OQGZw097jQ33/rJ8Zy03zGzr?= =?us-ascii?q?Uuj0E6QstTMm2rnrJ/+BXOCI7IiUqZk72nergb3C7I6GiM13GOvF1CXA52T6rF?= =?us-ascii?q?QWgVZlHKotTh+kPCU7iuBKwhMgtAzc6CLrVFasbygFpcWvjjItPeb3i2m2eqCh?= =?us-ascii?q?aC3qmMY5bye2UBwCXdD1AJnB0J8naaLwcxGCmhom3FATNyFVLgeVns8fVgp3Oh?= =?us-ascii?q?VEM0yR+Fb1F53bqv5hEVneCcS+8U3r8cpichqil7HEq639LMEdaPuwphfKJaYd?= =?us-ascii?q?My+1pH0WPZtwpnMZy6KKBunFkecx54v0n2zRV4Fp1AkdQ2rHMt1AdyLaOY0Ehd?= =?us-ascii?q?dz+BxpD/JLnXKmj0/BCyZK/bwUre0M6X+qcJ6fQ3t07jsBuvFkU873Vty8NV3G?= =?us-ascii?q?eE5pXWEAoSVor8Ulww9xh+o7HVfDM96J/T1XxiKqS0qSLC1M4yBOc/zRagZdhf?= =?us-ascii?q?OrueFADuC80aG9SuKOsyllixdB0EIeRS+LQuMM+8bPSG36qrPPpnnDKglmlH5Z?= =?us-ascii?q?xx0kSL9yVgUOLI2YgKw+2A1AudSzj8lEuhstzwmY1cYDESGnOzxjbiBINKeK19?= =?us-ascii?q?Y4ILCWOwLM2t3Nl+gYDiW2JA/l65G1wGwNOpeQaVb1Hl3g1fy0IXoWe8lCu70T?= =?us-ascii?q?N0lSoprqyB0yzS2ejicwAHOmFTTml4kVjsOZS0j8wdXEWwcQgpkgaq6F3kx6hd?= =?us-ascii?q?uat/L3PfQUFWcCjqN2tiSLe/tqKeY85T75MlqT1XX/6hYVCeUbPyvxoa0z/jHm?= =?us-ascii?q?dHyjA0bTeqto/+nxxgh2KXNGxzo2bBecFs2Rff48TRReRM0TUbXyR4hjzXB1em?= =?us-ascii?q?M9mv49qUi4/JsvqiWGK5Sp1TbS7rwJuYtCSh+G1qBQOwn+ipld3hDQg1zzX72s?= =?us-ascii?q?J3VSXTshn8eJLr276hMeJgY0loHkPz5NR0GoF5iIswi48f1WIchpqL4XoNiX3z?= =?us-ascii?q?PslD2aLicHoNQiYGw9DP7wjjxE1jKXeJypn3VnqD38RhYMO6bXkO2iIn6MBKCr?= =?us-ascii?q?mb46BYnSdvpVq4tw3Ra+BnnjgB0fsu9GIag+YRtQoiziWSHqoSHElAPSzwkBSF?= =?us-ascii?q?9Na+o7tLZGa0bbe/zlJ+ks67ALGEvA5cRG7zeo0+Ei9o8sV/LFXM3WX26o7+fN?= =?us-ascii?q?nQacwctgGIkxjaledYM5QxmeQWhSp8JW3yp2UlxPAhgRxow566oJCNK39x86Kh?= =?us-ascii?q?Hh5YKjr1atsJ+j33g6dShMOW0JqrHpVmGjQGR4HnQu6tED4IsvTnLQmOGiUmqn?= =?us-ascii?q?iHAbrfAROf6EB+onLJCZCkLWmXJGECwNVsRRmdPldfgBwaXDU7mJ42DAaqy9Dg?= =?us-ascii?q?cEhj4jAd/Fn4qgFDyuhwLRnwTn/fpBu0ajczUJWfNARZ4Rpc6EfTMMye8uVzEj?= =?us-ascii?q?pZ/pK/sgOCNHaXZwNSDWEGQkaEHUzsPqGy5dnc9OiVHvGxIODJbbWKqOxeTOuI?= =?us-ascii?q?xYm13ot94TmDKt+DPmJ8AP0/20pDW215GsvCljoTSy0XjT/Nb9WBqBay4CJ3st?= =?us-ascii?q?u/8PPtWA714ouPEbRSO811+x+qmaeDK/KQhCFhJDZDzJwM22XHyLcB014JkCxu?= =?us-ascii?q?bCOiEaoaui7CUq3QgbVbDxgFZCNvLMFI9b4z3hFROc7HjdP4zqV3jv86C1dCU1?= =?us-ascii?q?zsgdymatIRLGG8LlzHAlyHNLOcJT3E28v3e7+zSaVMjOVIsB29oSyUE0D5MTSd?= =?us-ascii?q?iTbkTBevMflSgyGdORxRooC9chJ2BmjkQ9PqcBq7MMV4jTcu2707mmvKNXIAMT?= =?us-ascii?q?h7a05NsrqQ7SZCjvVlHGxA72RqLe+flCaD6OnXNJUWvOB3DSRzkuJV/G41y6BJ?= =?us-ascii?q?7C1eQvx6hjfSpMZ0o166iumP1iZnUB1WpzZIhIOLuVttNL7c9plHV3bE8gwC7X?= =?us-ascii?q?mMCxQKoNtlD8Pgt7pWytfRiKL5MC1C/M7M/csAG8jUL9qKMHsnMRr1BjHUCBUK?= =?us-ascii?q?TTu1OmHDnUxckOqf9nqNrpckrJjsnYABSr5fVFMuEfMbBV5pHNsYIJd4Rjkki6?= =?us-ascii?q?KUjNYU5XqiqxncXMNasY7dWfKWGvjvKzGZjaJYZxQSx7P4NocTNozh10xkdFZ6?= =?us-ascii?q?gJzAG1DMUtBVvi1hcgg0rV1X8HdgVW08xVjqahmx738TDvO7hR82ihFjbuQq+j?= =?us-ascii?q?fs+003KUTKpScqlkk+h8nliyiLcDHtNKewQZ1WCy3sukcsNZP7RQB1YhCskkxg?= =?us-ascii?q?NTfJXKhegKV6dWBskgPcvoFPGfFER61efBAQ3e2XZ+kv0VlEtyqo31FH5erYBp?= =?us-ascii?q?t5jwYla4Ssr2hH2wNtd946O7DfJLdTzlhRmqKPvjWk1uYvzw8CP0wN6n+deDYU?= =?us-ascii?q?uEwUMbkrPzen/vdy5gOYlDtDYnIDV+Qxr/Jx7Ew9OPmAzzj63LJZLkCxKuqfIL?= =?us-ascii?q?mDu2TZic6IRVAw10MPl0Vf+7h5z9sjeVKOV08z1LuRCwgJNc3aJAFbdcpd6mXc?= =?us-ascii?q?fT2UvuXL3ZJ1OJ69G/vyQuCSsaYYmEWkHBwmH44U9MQOAoGs0F3ELcfgNLMFzR?= =?us-ascii?q?It5B71K1WDDfVJfwmGkDgBo8Gi1pN32pNdJj4FC2VnLSq3/qrXphMtgPebR9c5?= =?us-ascii?q?fHMaXooCNnIrV8y3gDJWv3NFDDaryO0Z0xSC4yX6pivOEDn2d8Bja+uMZRNwFN?= =?us-ascii?q?G2/i0y86usiV/X6JreIX36NdR5t9/A7uMav4qIB+lSTbZjr0fWg5NYSGCyU27T?= =?us-ascii?q?Dd61IID9a5UtbdzxDXa6Tly/ijIuQsjsPdasLrKHjhrySYZSroabwCgpNdWhGT?= =?us-ascii?q?EGBxdwu+YD6bp8ZQ0EfZU7bwDntx4lOqy+PgiXzMuhT3yqKTtMQPlV1f+6aKBP?= =?us-ascii?q?zyowcu+6z2MtQYs+z+m27UECWokFjhTexPalYIleVzL8F2dGdAXOvyU5kXFtNu?= =?us-ascii?q?gvwuslxhPHr0UcOSiRdON1cGxEo808BVSKLHptFGU4QUSRgpDe7Q6ywb8S5TBd?= =?us-ascii?q?kMxO0exFqnT+uYXfYD20UqyxtZrVqzYgbcQho6BpPozjP8qGtJfanjPBSZndqR?= =?us-ascii?q?CKXzChGPpbgNdQJjhUQP5SmWEqIcYGo5ZO6VItVsciILxCELMspraraTV4DS4S?= =?us-ascii?q?yisZV5iY0jIbn+mywafXmBCLfZs+NxwEtYlNjcEGUy5qeC8eorGsV5nOnW+eVm?= =?us-ascii?q?cLOBsT7RhL5A8YioBwfPrq75bTQZBQzD5Wp/Z0UirVGZly61v0VH2ZgVjiRPWm?= =?us-ascii?q?ieyp0hpYzOjw3dkDRB5/FU9dyv5MlkQyMrF3LLIfs5XWsj+Sb0z6onziyO+nJF?= =?us-ascii?q?lXxs3Uc1z4DIXFtWrgXC0T42cURYpVxHHZC5sSjxJzaLw3q1VUPICmZkH+6iQk?= =?us-ascii?q?xotzBLm3T8Wrx1cjrXsdRieqD8BOC/p6v13NQjFlZY6kqIn9MZVIXmBQ4IGdq0?= =?us-ascii?q?tekEh1PS+104ZTK8FM4j4JXThAuzadscCzSMJdx8B5EYUAItBlu3fyAKlEIoSe?= =?us-ascii?q?o2UqurzzzX/U4yozsE2nxDW1AaO4TPlU/2wfGgUoO2SRsVMjD+0y/WfO6lrNqE?= =?us-ascii?q?x7//9HBriTikV8uDl9HopUCTZPyXCoNFVzTH5IsuVcNKTVc9JTQ/g0ZR+zJRM+?= =?us-ascii?q?D+Qq30qX8kFohX35eTB9thNG+yDBWAk5TTUVgrDomTAFtsGrJToaRIlSYTUncS?= =?us-ascii?q?jFNxqRmTpLsxZHd0FqR5cZD85F+74Bx4tb5M7CRlu3JC4YQhNiLho43uRblUFd?= =?us-ascii?q?qkWUYyfdDRCndfzXqB14Yd+RrNK1LPT+5ApHiITnv/4j+qoeWXKmghOiQcrCr4?= =?us-ascii?q?Diq9KGrE2Oe7nkM+eke3/OUCDMjQyshbcjF5TF5CbTPxZHJ5R41HYpb4PsBnLM?= =?us-ascii?q?PRRDO60UPVFbVbxgZdVAvO9ae9dueLwV9q91GhKHWhTvFZS1rPZYM1nTRS7RLz?= =?us-ascii?q?ma/+y7poLT86LSRfb8acyL2nnIXbh7PpFk5jnnA73qy5NR+lLq2vdx8UN3UUDG?= =?us-ascii?q?MzudrNv7OwwL+NKvdlDlvp00BzPZHIl/kHzxxkFabcUXRzem8JMCyJNW8HzwU/?= =?us-ascii?q?530lDvsO1O8Llp8ZU346p3xsiqOKjfMulasUt7AhiOHApq6JQtAG97R29Pfu8d?= =?us-ascii?q?MvDRfb4Wjcr2seD4C7QX6AGJ++xecdbIOkfBldOkBz6BTxxLhh0NqTkALguTz/?= =?us-ascii?q?SFgbN7Sd65pejl3UIg+1q+IQQczLBq/oeE/rCHpPHMYhvU0LgEXrTqRsLvobQt?= =?us-ascii?q?oUyS4+YkmKQJemxvbA2tCPIdWdIFxmf80aAqyjohE8HZELLm9v5DTXU5kS/+lJ?= =?us-ascii?q?1mA1UZAPUUHaGM/YhEmGc3hfDZPMUMcq9egmaPCQKkErgaxH6t7yuaO2hlghfL?= =?us-ascii?q?0x3qQGOz6lH2rTViTivX09fjiFdVWaWrBUdPRSqmJ1V0sDSVPArnrND3o7g67F?= =?us-ascii?q?kqMmz4s9KAjG2hOLJLEM34INyTOzI0qEgWjJ02QdyvwpsbFMG4INoe/3BydPze?= =?us-ascii?q?63mkkyVZuadIm5Le4t2J+vXQBXSvk7eVq7GTyzBD1ng5vVY/58u7Nv7S5t2FXf?= =?us-ascii?q?Ko13oQTyhloQfBWQC6qqDDpVAOJUOLyFvLmJANPtxB2Xk4zUTm6eg4TdI96gpR?= =?us-ascii?q?C4HAZ+kYqjDrIjv0xlSfbMwrWSmCyTdXGUj1EVZgEqgmxG3wpN7JlWvX+1AwQ4?= =?us-ascii?q?lwc1LohRlwD4omLUIg81cXzTQEEQgWcRCUFq2oBUX/IosAVEgDbwiH06a+eqcz?= =?us-ascii?q?3E1zza2g5OnPYuNiHaYNMOhSjhKWllhBBp0WqbEeQK57e1JF9q7Xpw3iBpPiX/?= =?us-ascii?q?f4lXs/K+e1QsFc8cAWrXci5BiwRwa445dZ87kbkIyIdrJDYZXUvcB97l1o6iQT?= =?us-ascii?q?eSFWmxhwkQ+5Xv4Aq+z55djbqpWo4P60VKkxX+UX6wQ0B2NmgpTrgVAjut/W2P?= =?us-ascii?q?1eSo3UlYT/6BpCI2OOuIvBzxZ8LvcBJJyxc7Z97XUHIDIeKGgUMdqRcfk87Ddn?= =?us-ascii?q?MC/P6FxaHsMMedQYMdLVmQ9Olk3mRLFT98TcGl+CCId/btso4HTzyDA095s8T+?= =?us-ascii?q?nh5SSuJZ/F81FCI/NDjStrlNLYp+gZ2/nSBzYN4XmfdRd1xjmOy56XC/b/5e+M?= =?us-ascii?q?0s3bV0saHi4qVIdQPCaC+Ra5SeqxjprpVB2b59Tuj5I/e0KQR2Cxk74esqlWC+?= =?us-ascii?q?5Alz/33j5AGYDpn/iVqcaj6HNLtl1bF4Z+9RLFF79FPpplJRT4ltKmRkx9Bivj?= =?us-ascii?q?Zs7UdgAhuPeNxusW5eVxKVf+b5cBIh0Y07L69WZVTgx2Rb75oFmZW/4RZNxhSP?= =?us-ascii?q?/DtXBa94ZgK64JPFiAq53ntTNIp04sAA4pcrA8tDpaeVfSnAdNQab7pKYAihcA?= =?us-ascii?q?Ud5+oUJMHGWwOGQi5zrIS6tYl6yRCP0P/TWVUKMOT0tpMiRkQxO2w5ViYb2pku?= =?us-ascii?q?5bsmlehCNyvOAq0yB6RBu7oSDsqL4C2Sk7+L2hqTsPtnpLTuSYkyfVBlRO1/sK?= =?us-ascii?q?jaIGBHbk91Owen4DbJH94LN/P8Tv6ZEh42gjYRUkZyAGX+OgCyH2j6+SHoOPsN?= =?us-ascii?q?ZchAOQt8TPbL+zKzMSNrc8yR/4WXh90xbekwxs8GQWQzWs9tkkK5uhOcw93Cqn?= =?us-ascii?q?BXDbdEoQ4qNOqMbxtEALQ/EwaV56xGVjz9WIRiwKRMzUAWo1iRIkaWpcepJZ9R?= =?us-ascii?q?AaD7UogiqPvqRe/AEbfjnUEoqh+oTLk8bHw389Qsl2xm7MoK2KmI8q2mV/m9xo?= =?us-ascii?q?9i6OpGgSd+vAXs9jBnjz0YlexvL6Z/Wpqe0HU4xmyLKgUPAeKMWj/3W52IlyUE?= =?us-ascii?q?+/2rseB0a5MPMExrrDUSelSW2ZWfyMc2iInjY5LlD96AKtLl02dMdKtVEyPvHF?= =?us-ascii?q?hp5GmA3rSal0STmIpV/H0GwjNvsXdx43uIeiYAEKUO8RaPSfJecwxP0yEl0MYG?= =?us-ascii?q?HVHSFuEe+5rUatnJRnO3Vn+Uj6ZOXt8gPlMNuVARQEE5TVrp12+fy8WG2BP2Vs?= =?us-ascii?q?zBtsM0lo7+3fDUg+tvdAc5aNmtjdn8903vADd/dxKiA9odoTmoV/6YmIzseFbw?= =?us-ascii?q?zewoz1JdHPrfiSG+ffwFgyemFGTroZZhv45509Pt49QbLTB7VYvRMYBag0W5Eh?= =?us-ascii?q?MmDx9KZvLAxtbgHRfrO0gtLxpuKKYJtUqGXa7lUqLCfToxcD0OC7TRRnb5C2gH?= =?us-ascii?q?X/OJ4wSSxFr91sEhtpApBCGsIBrwqiBp6bhru7i9uv9E9gvO8Kq6XwAOjQ1Nul?= =?us-ascii?q?x4VxQ4Ra5UuTMTbRGKlrgkNljuGojffbyZTxDMLiec8eVOdlWGLFbaXGHoqnID?= =?us-ascii?q?KUJs38Y1JG86Kb0L9hXBSRfDr5X6uauyK6L/hk5EQ7ypBifOXN1jAt6Kvb2NTq?= =?us-ascii?q?bWFBuiijtWKJNIdY7FHSAuzeWwxbROGd8GZhB6IXdpf09OYSPtw+2tiT/Rd84C?= =?us-ascii?q?5E0MSbP6irtlXM1V5jdZLHMEvp3D40WY0LIBS5LEstjnbVqnDcAXRHMsikMtJg?= =?us-ascii?q?gNePARzr4El9g2YtZnROGmDwX9eeJXAb296iZA2N7A9LFMgMn+q2eU4+q62zRu?= =?us-ascii?q?5kNJpZmeWqqroHi8hmKznVS8VBPCHfMqV2PjxPAeXLv1cofxEEv6IyWocvapiE?= =?us-ascii?q?OFkHP1uYySPu0QvC1lX5d9it1KaSPCYb6XRGz6vD0TdWvQW5v+iWgtH7WrDDcJ?= =?us-ascii?q?72ROLSMDYiVjyCQDQ9C1qm+Velu/oCu/qVOnkfolESYi2MDA4Tp6ZvrcXfD2PJ?= =?us-ascii?q?nu1jZpIKjuiAWy/sUC14iLYyBiFTuECOWfUDFg7WYGT6jWpBvgyiOv9M/XX4b7?= =?us-ascii?q?2XxqpVR/YaAo1Sff2FW9HYY+xRJy80ljUFP+axZ9LcoKwi3VLSTGsWDa3I+UaA?= =?us-ascii?q?TE6SWPOc3DPrXZgPs4gypCUo5sranjVrHKTQI7afuzmu/5a6jCadvu3eTHMtY0?= =?us-ascii?q?0ugO8ZBmmO2hxAJ38FC90Pv0HtWKGAbV5W1H01keJuxwMMeANrX3Jw0H1Wm/a9?= =?us-ascii?q?GstCSV4TimOjW/IGbEpqDDMu40CK+Bf+YdoetsDPX2Ve7KcDSZIBLPk074naIL?= =?us-ascii?q?AQwPgs3D16oSE3sD6QD01DgQKf8qrRHaV8xrtY6Wk+4f52QlmFQynDfWjf1oqm?= =?us-ascii?q?F8VPyD9soXDj0crUuvtgNL5EqI5kDlcKBjh2KczD8jxbV2H7xhey7F6HG2GVIC?= =?us-ascii?q?gY+ykjPisYbaNuyOs9twzHMp7Z4F6Un7ootU/uDAGMELfy05tOTony2R6QdThA?= =?us-ascii?q?cTLtEYt/7PlKipJabLsuf4mlK0jINAnlFgaRsC1K8wLl5vynCcdGzGIEno02Jd?= =?us-ascii?q?3pVpVMBt7cmHljzn9OgpoCw3GAKtLZepD9rcd/ADVGNpC5D2Pse5/PJCn1v/Mr?= =?us-ascii?q?3ZInFkLUY+Ifb0xBtJtjum7sJ3G144j9+DTFeq2xcz20PMMmNZmsj2BIhbaHPY?= =?us-ascii?q?Trsa8RQUEb9LQx3JuT/UvVrS6RNJPuJnI=3D?= X-IPAS-Result: =?us-ascii?q?A2EMBQCPoDRY/wHyM5BdHQEFAQsBGAEFAQsBgw0BAQEBAR+?= =?us-ascii?q?BWaRZlm8hgk6DLIInUwEBAQEBAQEBAgECXyiCMxqCHAIEAQIkExQgCwMDCQEBF?= =?us-ascii?q?wghCAgDAS0VEQcHCwUYBIhMBLFJPSoCiyQLAQEBI48zCwYBhX0BBJoGSJB/ihq?= =?us-ascii?q?GEI1mhAxVXjQegykBHIFfcIVQDheCFwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 Nov 2016 19:48:51 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uAMJml7i019665; Tue, 22 Nov 2016 14:48:48 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uAMJfQ15031469 for ; Tue, 22 Nov 2016 14:41:26 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uAMJfNct017179 for ; Tue, 22 Nov 2016 14:41:25 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CoBAC6njRY/4GlL8FdHQEFAQsBgzgBAQEBAYF4pFmSX4QUgmuDNgKCbQECAQEBAQECYiiEaQIEJ1IQGAgxVwcSiHGxUT2LUAELJY8+hgQFmgZIkH+QKo1mhAxVgRIegykBHIFfPDSFUII8AQEB X-IPAS-Result: A1CoBAC6njRY/4GlL8FdHQEFAQsBgzgBAQEBAYF4pFmSX4QUgmuDNgKCbQECAQEBAQECYiiEaQIEJ1IQGAgxVwcSiHGxUT2LUAELJY8+hgQFmgZIkH+QKo1mhAxVgRIegykBHIFfPDSFUII8AQEB X-IronPort-AV: E=Sophos;i="5.31,682,1473134400"; d="scan'208";a="5839030" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 22 Nov 2016 14:41:25 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3APNpFPxVWohCffx8icplJqvfatHnV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYbBGAt8tkgFKBZ4jH8fUM07OQ6PG7HzZdqs/b6zgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyowjdrNcajIttJqos1BfErGZDdv?= =?us-ascii?q?hLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfM?= =?us-ascii?q?TQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklD?= =?us-ascii?q?sLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI63?= =?us-ascii?q?cokBAPcbPetAr4fzuUYAoxW9CwerBuzvxCRFimPq0aAgz+gsCx3K0BAmEtkTsH?= =?us-ascii?q?rUttL1NKIKXO671qbIyyjIYfdL2Tfn54jHbBYhoeqRVr93bMXe008vFwLbgVWU?= =?us-ascii?q?q4zoJDaV2foJs2if9eVgU+WvimE9pw5tpTivw94hh4/UjYwW0lDJ7Th1zYI7KN?= =?us-ascii?q?GiR0N2Y8SoHIZRuiyaLYd6X90uTmVutS0n0LMJo4S7czIPyJk/xx7QdfiHc4+Q?= =?us-ascii?q?7xLmSumRJTN4i2hjeLK4iBe+61SvyurmWsm11FZGtitFkt/SuXARzxHf98yKR/?= =?us-ascii?q?Vn8kqu2zuDzR3f5+BELEwuiKbXNZoszqY1lpUJsETDGiH2mF/xjK+Tbkgr5/Kn?= =?us-ascii?q?6+LmYrr4op+cNZR5igTgPaQqnsywG+I4Mg8BXmSB5eu807jj8VXjQLpWlv02jr?= =?us-ascii?q?XZsJfCKMQAuKG5Bw5V0oA+6xewFDqmzNQZkmUHLFJCYh6HiZPpNEvULPD3Cve/?= =?us-ascii?q?nQfkrDA+zPDcP6b+Ko7KM2OGi7DlO7Fn5AoU0AMuyfhH7o9QT7QGJ+j+HET2sZ?= =?us-ascii?q?iQFRMiGxClyObgTtNm38URXnzLSqKBObnTqneQ7/guOPGIbYQY/jHnJLxt6/rj?= =?us-ascii?q?gXE+g1M1Z6Sl3ZILLnu/G7AuOEiQZzzsj9kdAE8LuBYzSKrhj1jGGT5aYzCoWL?= =?us-ascii?q?kx4ConD4mlJYjGT4GpxreG2XSVBJpTM0xPDBiuDG3neoOfE6MAYSSTL8tjujkJ?= =?us-ascii?q?UbyoTYgxkxqpsVmpmPJcMuPI93hA5trY399v6riWzElq+A=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GxBAA+njRY/4GlL8FdHgYMGAEFAQsBg?= =?us-ascii?q?w0BAQEBAYF4pFmSX4QUgmuDNgKCbQEBAQEBAQEBAgECXyiCMxoBghsCBCdSEBg?= =?us-ascii?q?IMVcHEohxsVA9i1ABCyWPPoYEBZoGSJB/kCqNZoQMVYESHoMpARyBXzw0hVCCP?= =?us-ascii?q?AEBAQ?= X-IPAS-Result: =?us-ascii?q?A0GxBAA+njRY/4GlL8FdHgYMGAEFAQsBgw0BAQEBAYF4pFm?= =?us-ascii?q?SX4QUgmuDNgKCbQEBAQEBAQEBAgECXyiCMxoBghsCBCdSEBgIMVcHEohxsVA9i?= =?us-ascii?q?1ABCyWPPoYEBZoGSJB/kCqNZoQMVYESHoMpARyBXzw0hVCCPAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,682,1473120000"; d="scan'208";a="1226342" Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 Nov 2016 19:41:23 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 22 Nov 2016 21:41:20 +0200 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id uAMJenMd005134; Tue, 22 Nov 2016 21:41:17 +0200 From: Dan Jurgens To: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com, hal.rosenstock@gmail.com Subject: [PATCH v5 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Date: Tue, 22 Nov 2016 21:40:38 +0200 Message-Id: <1479843638-67136-10-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1479843638-67136-1-git-send-email-danielj@mellanox.com> References: <1479843638-67136-1-git-send-email-danielj@mellanox.com> X-Mailman-Approved-At: Tue, 22 Nov 2016 14:41:47 -0500 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-rdma@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens It is likely that the SID for the same PKey will be requested many times. To reduce the time to modify QPs and process MADs use a cache to store PKey SIDs. This code is heavily based on the "netif" and "netport" concept originally developed by James Morris and Paul Moore (see security/selinux/netif.c and security/selinux/netport.c for more information) Signed-off-by: Daniel Jurgens --- v2: - Renamed the files to ibpkey. Paul Moore - Fixed a braket indentation mismatch in sel_pkey_find. Yuval Shaia - Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep warning. Dan Jurgens --- security/selinux/Makefile | 2 +- security/selinux/hooks.c | 7 +- security/selinux/ibpkey.c | 245 ++++++++++++++++++++++++++++++++++++++ security/selinux/include/ibpkey.h | 31 +++++ security/selinux/include/objsec.h | 6 + 5 files changed, 288 insertions(+), 3 deletions(-) create mode 100644 security/selinux/ibpkey.c create mode 100644 security/selinux/include/ibpkey.h diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 3411c33..ff5895e 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -5,7 +5,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ - netnode.o netport.o exports.o \ + netnode.o netport.o ibpkey.o exports.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0954dfe..2fe4320 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -90,6 +90,7 @@ #include "netif.h" #include "netnode.h" #include "netport.h" +#include "ibpkey.h" #include "xfrm.h" #include "netlabel.h" #include "audit.h" @@ -173,8 +174,10 @@ static int selinux_netcache_avc_callback(u32 event) static int selinux_lsm_notifier_avc_callback(u32 event) { - if (event == AVC_CALLBACK_RESET) + if (event == AVC_CALLBACK_RESET) { + sel_pkey_flush(); call_lsm_notifier(LSM_POLICY_CHANGE, NULL); + } return 0; } @@ -6094,7 +6097,7 @@ static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val) struct ib_security_struct *sec = ib_sec; struct lsm_pkey_audit pkey; - err = security_pkey_sid(subnet_prefix, pkey_val, &sid); + err = sel_pkey_sid(subnet_prefix, pkey_val, &sid); if (err) return err; diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c new file mode 100644 index 0000000..6e52c54 --- /dev/null +++ b/security/selinux/ibpkey.c @@ -0,0 +1,245 @@ +/* + * Pkey table + * + * SELinux must keep a mapping of Infinband PKEYs to labels/SIDs. This + * mapping is maintained as part of the normal policy but a fast cache is + * needed to reduce the lookup overhead. + * + * This code is heavily based on the "netif" and "netport" concept originally + * developed by + * James Morris and + * Paul Moore + * (see security/selinux/netif.c and security/selinux/netport.c for more + * information) + * + */ + +/* + * (c) Mellanox Technologies, 2016 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#include +#include +#include +#include + +#include "ibpkey.h" +#include "objsec.h" + +#define SEL_PKEY_HASH_SIZE 256 +#define SEL_PKEY_HASH_BKT_LIMIT 16 + +struct sel_pkey_bkt { + int size; + struct list_head list; +}; + +struct sel_pkey { + struct pkey_security_struct psec; + struct list_head list; + struct rcu_head rcu; +}; + +static LIST_HEAD(sel_pkey_list); +static DEFINE_SPINLOCK(sel_pkey_lock); +static struct sel_pkey_bkt sel_pkey_hash[SEL_PKEY_HASH_SIZE]; + +/** + * sel_pkey_hashfn - Hashing function for the pkey table + * @pkey: pkey number + * + * Description: + * This is the hashing function for the pkey table, it returns the bucket + * number for the given pkey. + * + */ +static unsigned int sel_pkey_hashfn(u16 pkey) +{ + return (pkey & (SEL_PKEY_HASH_SIZE - 1)); +} + +/** + * sel_pkey_find - Search for a pkey record + * @subnet_prefix: subnet_prefix + * @pkey_num: pkey_num + * + * Description: + * Search the pkey table and return the matching record. If an entry + * can not be found in the table return NULL. + * + */ +static struct sel_pkey *sel_pkey_find(u64 subnet_prefix, u16 pkey_num) +{ + unsigned int idx; + struct sel_pkey *pkey; + + idx = sel_pkey_hashfn(pkey_num); + list_for_each_entry_rcu(pkey, &sel_pkey_hash[idx].list, list) { + if (pkey->psec.pkey == pkey_num && + pkey->psec.subnet_prefix == subnet_prefix) + return pkey; + } + + return NULL; +} + +/** + * sel_pkey_insert - Insert a new pkey into the table + * @pkey: the new pkey record + * + * Description: + * Add a new pkey record to the hash table. + * + */ +static void sel_pkey_insert(struct sel_pkey *pkey) +{ + unsigned int idx; + + /* we need to impose a limit on the growth of the hash table so check + * this bucket to make sure it is within the specified bounds + */ + idx = sel_pkey_hashfn(pkey->psec.pkey); + list_add_rcu(&pkey->list, &sel_pkey_hash[idx].list); + if (sel_pkey_hash[idx].size == SEL_PKEY_HASH_BKT_LIMIT) { + struct sel_pkey *tail; + + tail = list_entry( + rcu_dereference_protected( + sel_pkey_hash[idx].list.prev, + lockdep_is_held(&sel_pkey_lock)), + struct sel_pkey, list); + list_del_rcu(&tail->list); + kfree_rcu(tail, rcu); + } else { + sel_pkey_hash[idx].size++; + } +} + +/** + * sel_pkey_sid_slow - Lookup the SID of a pkey using the policy + * @subnet_prefix: subnet prefix + * @pkey_num: pkey number + * @sid: pkey SID + * + * Description: + * This function determines the SID of a pkey by querying the security + * policy. The result is added to the pkey table to speedup future + * queries. Returns zero on success, negative values on failure. + * + */ +static int sel_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid) +{ + int ret = -ENOMEM; + struct sel_pkey *pkey; + struct sel_pkey *new = NULL; + unsigned long flags; + + spin_lock_irqsave(&sel_pkey_lock, flags); + pkey = sel_pkey_find(subnet_prefix, pkey_num); + if (pkey) { + *sid = pkey->psec.sid; + spin_unlock_irqrestore(&sel_pkey_lock, flags); + return 0; + } + + ret = security_pkey_sid(subnet_prefix, pkey_num, sid); + if (ret != 0) + goto out; + + new = kzalloc(sizeof(*new), GFP_ATOMIC); + if (!new) + goto out; + + new->psec.subnet_prefix = subnet_prefix; + new->psec.pkey = pkey_num; + new->psec.sid = *sid; + sel_pkey_insert(new); + +out: + spin_unlock_irqrestore(&sel_pkey_lock, flags); + if (unlikely(ret)) + kfree(new); + + return ret; +} + +/** + * sel_pkey_sid - Lookup the SID of a PKEY + * @subnet_prefix: subnet_prefix + * @pkey_num: pkey number + * @sid: pkey SID + * + * Description: + * This function determines the SID of a PKEY using the fastest method + * possible. First the pkey table is queried, but if an entry can't be found + * then the policy is queried and the result is added to the table to speedup + * future queries. Returns zero on success, negative values on failure. + * + */ +int sel_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *sid) +{ + struct sel_pkey *pkey; + + rcu_read_lock(); + pkey = sel_pkey_find(subnet_prefix, pkey_num); + if (pkey) { + *sid = pkey->psec.sid; + rcu_read_unlock(); + return 0; + } + rcu_read_unlock(); + + return sel_pkey_sid_slow(subnet_prefix, pkey_num, sid); +} + +/** + * sel_pkey_flush - Flush the entire pkey table + * + * Description: + * Remove all entries from the pkey table + * + */ +void sel_pkey_flush(void) +{ + unsigned int idx; + struct sel_pkey *pkey, *pkey_tmp; + unsigned long flags; + + spin_lock_irqsave(&sel_pkey_lock, flags); + for (idx = 0; idx < SEL_PKEY_HASH_SIZE; idx++) { + list_for_each_entry_safe(pkey, pkey_tmp, + &sel_pkey_hash[idx].list, list) { + list_del_rcu(&pkey->list); + kfree_rcu(pkey, rcu); + } + sel_pkey_hash[idx].size = 0; + } + spin_unlock_irqrestore(&sel_pkey_lock, flags); +} + +static __init int sel_pkey_init(void) +{ + int iter; + + if (!selinux_enabled) + return 0; + + for (iter = 0; iter < SEL_PKEY_HASH_SIZE; iter++) { + INIT_LIST_HEAD(&sel_pkey_hash[iter].list); + sel_pkey_hash[iter].size = 0; + } + + return 0; +} + +subsys_initcall(sel_pkey_init); diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h new file mode 100644 index 0000000..387885a --- /dev/null +++ b/security/selinux/include/ibpkey.h @@ -0,0 +1,31 @@ +/* + * pkey table + * + * SELinux must keep a mapping of pkeys to labels/SIDs. This + * mapping is maintained as part of the normal policy but a fast cache is + * needed to reduce the lookup overhead. + * + */ + +/* + * (c) Mellanox Technologies, 2016 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#ifndef _SELINUX_IB_PKEY_H +#define _SELINUX_IB_PKEY_H + +void sel_pkey_flush(void); + +int sel_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid); + +#endif diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 8e7db43..4139f28 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -133,6 +133,12 @@ struct ib_security_struct { u32 sid; /* SID of the queue pair or MAD agent */ }; +struct pkey_security_struct { + u64 subnet_prefix; /* Port subnet prefix */ + u16 pkey; /* PKey number */ + u32 sid; /* SID of pkey */ +}; + extern unsigned int selinux_checkreqprot; #endif /* _SELINUX_OBJSEC_H_ */