From patchwork Wed Nov 23 14:17:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9443473 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CFF96600BA for ; Wed, 23 Nov 2016 14:27:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BFF352624D for ; Wed, 23 Nov 2016 14:27:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B3FE32675C; Wed, 23 Nov 2016 14:27:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 67BB72624D for ; Wed, 23 Nov 2016 14:27:28 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,538,1473120000"; d="scan'208";a="1249843" IronPort-PHdr: =?us-ascii?q?9a23=3Ajjj+NByFKPrs9xXXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?1e4RL/ad9pjvdHbS+e9qxAeQG96KsLQe1KGI6ujJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMijexe61+IRe5oQjQq8UdnJdvJLs2xhbVuHVDZv?= =?us-ascii?q?5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnM?= =?us-ascii?q?URGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LplRx/yjC?= =?us-ascii?q?cMKiA3/mfZhMdtiK5XuQ+tqwB6z4PSfYqbNudxfrnFcN0aW2RPQ8hfWS9GDIy+?= =?us-ascii?q?YYsPF+gMMftWoobyu1QAogWxBRK3CePzyDJFnGP60Lcm3+g/FwzNwQwuH8gJsH?= =?us-ascii?q?TRtNj7Or0dUeaox6fM0DXDdfxW1in76IjTbxsspuyDUqh2ccrQ10YvEwHFg06V?= =?us-ascii?q?qYP7OzOV0v4Cs26c7+tvT+6gl2knqwRorzWp28wiiZHJi5oIxl3L+ih12oY4Kc?= =?us-ascii?q?CiREJlbtOoDoFcuzyCO4drRs4vTXtktSk4x7EcpJK2fSgHxI46yxLBb/GKdZWD?= =?us-ascii?q?7Aj5W+aLOzh4gWpoeLe4hxmv70et0vb8Vsyo0FZSqSpFj8XMumgN1xPN7siHTe?= =?us-ascii?q?Nw/lu71jaV1gDT9/pELVoolavbN5EhwrkwmoAVsUvfBS/5hF/6jKqXdkUg4uSo?= =?us-ascii?q?6uLnbav6ppKEKoN5hQ7zPr4ul8CiG+g0LAcDU3aB9eihzLHj+Ff2QLROjv04iK?= =?us-ascii?q?nZt5XaKNwApqGnBw9V04Aj6wuwDju/y9sYmmQHLFRZdx2ZlIjkIE3OIfDkAve/?= =?us-ascii?q?hFSgijFrx+vcMbH7DZXNKWbDnK/7fblh805c1BYzzddH6p1PEb4NJ/bzWk7qtN?= =?us-ascii?q?zEFR81KRe0zPj7B9lnzYMRR2aPAq6fMKPPvl6F/f4gIumWZI8IozbxMfYk6OTy?= =?us-ascii?q?jX8inl8de7Ol3ZwNaHC3Bv5mOVmWYWLwgtcdFmcHpgQ+TPbwh12ETTFTZm2yUr?= =?us-ascii?q?k55jEjCYKqFJzDR462gLCb2ye7BJJWbHhcCl+QCXfoa5mEW/AUZSKROMBhkTsE?= =?us-ascii?q?VaW6Ro8izx6utwj6y6d9IurT4C0Yuorp1MJp6O3LiREy6Tt0AtyH3G6QVWF0n3?= =?us-ascii?q?0HRyUt0a9lvUN9z02P0a9ig/xXDdZT/e9GUh8mNZ7AyOx3E9DyVRzFfteNT1ar?= =?us-ascii?q?WdGmASwtTtI2xt8BeVxxG9K4jhDMxyCqGaMal6SXBJwo9aLRx2PxJ8hny3bBz6?= =?us-ascii?q?khk0IrQtBJNW2hiK9/8hLcB4jTn0WfiamqabwW3DTR+2eb0WqOoEZYXRZ+UKrf?= =?us-ascii?q?WXAfelXZrc7i5k7ZUb+hF64nPRBcyc6HMKdKbcfpjVpeTvf5JNvee36xm3u3BR?= =?us-ascii?q?uQ2rODcZfle2QH0yXZE0ULjwcT/XOaOgckHSehv3jSDDpwGlLze0ns6/VxqGun?= =?us-ascii?q?Tk8oyAGHd0th17ux+h4Rm/OcUOge0agatyc7rDV4BlG938jZC9CYvQpuYL1cYc?= =?us-ascii?q?8h4FdAzW/WqhZyPoC6IK98iF4ffB96sF/u1xptEIVAjdYlrGkwwAp0N62YzEtL?= =?us-ascii?q?dymE0pDoJr3XNm7y8Qixa67Xxl7ezNGW+r0V5Pskq1XjuwepFkU5/nVj0tlV1W?= =?us-ascii?q?GT5o/NDAYIVpLxSEk3/QBgp77Geik9+5/U1Xp0PKmwsz/CwM4pCPI+yhm+e9df?= =?us-ascii?q?MaWEFBL9EsABHMiuMO0qm16obh0YJ+Be7qg0MN26d/Gewq6kIP5gnC66jWRA+I?= =?us-ascii?q?19yEWM9y54SuHWxZYK3/aY3wWcWjfnkVeurtv3lZpDZTEIEWq10TLkC5JJZq1u?= =?us-ascii?q?YYYLDn+jI9WtydVjg57hQWRX+ES4CFMB3M+pZR2Sb1rm0A1VyUgXp3unljeiwz?= =?us-ascii?q?xyjT4psrKV3DbSzOT6aBoHJmlLSXFnjVfoOIS7kdYaUVO2bwc3kBul4Vj1x7JB?= =?us-ascii?q?qKR5MWbTXV9CfzLqIGF6Tquwqr2CbtZM6Jw2tyVXS/+xYVOERb77uBsa1T3sH3?= =?us-ascii?q?dEyDA8bTGqtY3znwZmh2KFMHZzsH3ZdNluxRfZ+dPRXuBR3jwbSyl4kzXXAEaz?= =?us-ascii?q?P8Wx99WOi5jDqvy+V36mVpBLaSnk156AtC+g6GJ2AB2/g/CylsTpEQcg1y/3zd?= =?us-ascii?q?5qVT/HrBzkeInky7y6Mf57fklvHFL889B1Gpx6koQunJEfw34ahomL8nodimrz?= =?us-ascii?q?LM5b1rzkbHoWXzIL2NnV4BX/2EJ/MH2JyYX5Vm+SwsR/fdW6ZH0Z2j4l5cBQFK?= =?us-ascii?q?iU9KBEnTdyolegowLee/59nisayfsr83Majf8GtxcqziWHGL8SBVNYPSvulxuW?= =?us-ascii?q?89++sL9bZGG1cbi/zEB+h8yuDKmeogFAX3b0YpgiHS9s4cVlMFPMyGHz6ob/dd?= =?us-ascii?q?nWc90TqgaUnAvagOhNNp09jPwKijR7OWjlp30q1/Y7jQBy3ZG9pIWHLn9i/Ka9?= =?us-ascii?q?AhFGKj31e9kc9Sv2gKZYgMmWw5uvEYl7FTUTQpTkV/SoHywOtf7/LQaBDCU8qm?= =?us-ascii?q?uHGbrYBQKf8l1qrnzVH5CuLX6XIH4ZzNV5SRaHOENfhRoYXDIgnp42Dgqq3tDu?= =?us-ascii?q?cF9l5jAN4V71sh1MyvhyOBnnSmfSvwmoajYuSJiEMBpW4ABC50HPPsyY8u1zHj?= =?us-ascii?q?tX/pm7oAyKMGybaBxCDXsVVUycG1DjIr6u6MHY8+eGHeWxMf3OYbSSqexZTPqI?= =?us-ascii?q?xIyg3ZV48DqWMcWPJHZiBeUh2kVfRXB5B9jZmzIXRiMKjCLCcdSUpBim+iJtsM?= =?us-ascii?q?Cy6+/rVxjs5YuSEbtdK89j+xSrgaeFLeGQnj91KSpf1pMPxX7Iz6IT3FgMhCFy?= =?us-ascii?q?bzOtC6gPtTbRTKLMna9aFwUbZDltNMRS4KIzwBJNNNXAitzvyL53lPE1BEleVV?= =?us-ascii?q?D7nMGme9AKKXmnNFzbHEaLKKiGJTrTzs7sYKO8RrpQjONPuhKtpzmUCE7jMS6F?= =?us-ascii?q?lzXzUBCvK+5MhjmBPBNCoIG9bgptCW/7Qd38ZR20KsF3giMtzL0znnPFK2gcMT?= =?us-ascii?q?1mfENMqr2f9iRYg/plF2xG9HplIvGOmzyF4OnANpYWrfxrDzxol+Jd5XQ20aFV?= =?us-ascii?q?7CZFRfNrnivdtcRuo1a4nemM0TdoTB1OqjNXi42RpkViJb/V9p9eVnbY5BgN93?= =?us-ascii?q?mfCwwWp9t5Dd3io6NQy9jLlK3tMzpC9tXU/cUSB8fKNMKHLHohMR3sGDHKFgcF?= =?us-ascii?q?SyCkNX3HjUxHjP6S7mGVroQ9qpX0mZoOTKNbW0IxFvwED0RqAsACII13Xz4/lr?= =?us-ascii?q?6blNAH5Xy7rBbLRcVauovIVvWdAPn1LzaZl7ZEbQMSwbzkNYQTKpH720t6Z1l8?= =?us-ascii?q?govFAU7QUMtOoi1mdQ80vF9C8H5lTm0w2kLpcAWt72EPFfSshB45lhN+Yfgx9D?= =?us-ascii?q?fr+1o3PETFpDAun0Yrg9XqnTCRfSXqI6exR4FZFi30t0YpMpPhXQl0bRe+nUp6?= =?us-ascii?q?OzfYX7hRladvdXh3iA/AvptCAeNTTapCYB8W2P6YefEo0VVHpyq920BH/+zFBY?= =?us-ascii?q?FllAswfp6mt2hA1B57bN4pOazQI7JEwUVKiaKQvy+ny/sxzRQEKEYX6mOSfyAJ?= =?us-ascii?q?uFcWObY6Oiqo5O1s6RCCmjdZfmgDSeYqqOpw9kwhI+SA0z7g07lbJ0C/LeyQMb?= =?us-ascii?q?6Wu3Pams6OXlMw0VgImlJf8rdq1McvaU2UV1ogzLGJDRQGKdLCKR1Jb8pV7HXT?= =?us-ascii?q?eSGOsf/TzpJzPoS9EfvlTeCItKYJmE6kGxwpH4sU5MQbApasyF3YLdvgLLMd0h?= =?us-ascii?q?Ui+gDrJFSDDPRUdxOGiysIo8a6zJBrx4ZdPS0dDX97MSqp+rbdvhUqj+abXNcq?= =?us-ascii?q?fncaWZMJNnEsWMy6gSFZuWhADDms3+IWzwiC9yPzqj7WDDbic9ppfO2Uag90CN?= =?us-ascii?q?Gq5TU/9LC7iULW8pXbIGH6KdRiu9/U5OwHppaGC+lbQqJnv0fahYZYW2SgU3TT?= =?us-ascii?q?Ht6tO5jwd44sYMT0Cna9TFO/hSw6T93qMdasMKeHnx/nSZxTsImB0zApLdW9GS?= =?us-ascii?q?0GGxdsu+ED47pxahcHY5o6fRHnqRwxN6m/IQee1dWuRXyiJCBNQPle1+q6YaVb?= =?us-ascii?q?zyQxbuOgznsvUI06xfGt8UERXJEKkg3exfG7aoZFTyfzHGdQdB/SqioniWdhLP?= =?us-ascii?q?0yzf0lwBLIq1UcNCqLdONxYmxeo948HU+SIWlxCmcgSF+ckIvD4gqo378M+itQ?= =?us-ascii?q?hMtb3vNev3j/pJDfZiigWKuxqZXaqyAgd8Qpo7VtMYz/JcuLrInenjreTJbMsg?= =?us-ascii?q?2FVyq6F+FClNZJPSxWWuVFl2Y+NMMavopB7FY+Wd0lJ7xTEqUsoK6laSZ8By4I?= =?us-ascii?q?0SAZT5+A3CAFguqkwbvViwqffY8tMBwBv5ROmN0dXDBqYikGvq+sS53Wl3OYSm?= =?us-ascii?q?gMOAoc8QZM6xgcmYJrYu/l547ITJtNyzFIufJ0TjXEGYVo91fhTWGWm1f4Qu27?= =?us-ascii?q?k+O1xQJS0O7s0t4DVR5lE0dd3eFWmVAzJbFrMakfpJDKvSGMdUP7umLtx++mJF?= =?us-ascii?q?heyc3Ua134ApDKtXD5UiEG/30bW5NPwmnFFZsOiwp5dLorpFJULYGmYEn+/CYr?= =?us-ascii?q?x4FoH7m+Ts2rxkolomwdRyi2CdVNEedmv0zLWDd9eZCktI3lO4lOQm9X4JCcpU?= =?us-ascii?q?1Vn1ltMy64zJpcKttC4j0XUThOvzqSosW9RNdE2c9sAJ8GOs1/tGvlGKNYJJiR?= =?us-ascii?q?pGU7tab1yn/E/TAwqlS6yS6yG6+5TuJZ43YRFh8vJ2uAtkklF/Es/XvK8lDRrl?= =?us-ascii?q?B0+P9WBreVjUprpjZ9AotDBjdO1XGrKVRzUHlGvPtbKKTTb8xTXeMyaQWpOxMg?= =?us-ascii?q?Cf4sx1aJ8l1snXflfyxysRNX+zzaXwkxTiQVnqvhmTgFpc29Pz8VVY5IZy07by?= =?us-ascii?q?jZMwKbhTxXvBFHZkFqQZ8ZGMxK+7UG0oZP48XNV16sKTkbUxxmKA04y+BTlUlZ?= =?us-ascii?q?sEWXYSrdFxande7Tsh1resectMypLPPn8wpcl4zorvs4+LsZR326hwKiXMrSr4?= =?us-ascii?q?niud2WrkGObrv3M/WgYX/dSzjBlQu/hbk4AJXW/SXfLQRWJoJmxnojZJjuFXTE?= =?us-ascii?q?PQ9aJ64BIUpUS7x6Y81cou9Gf89kZLoJ+ah1CxKdWBzgBYyvo+NaLlvIQTTeKD?= =?us-ascii?q?uB/fKhrY3P6rzSVPbvataKx3nZX6J9Jo165iXjG7f2zY9e/VL72u929kNmU1fJ?= =?us-ascii?q?LjyBoc/6JgMM+cmibFftsYMvHTPKGpd/in7tyltHd8oNTC2g6I4Yx49B6HbsVe?= =?us-ascii?q?J41VD+sPFI97Z694Y4/qtkydqwJafOM/RVq1FnAhmTBgVu6JotHHJzR2dLYu8e?= =?us-ascii?q?MP3RZ7gWjdjyq+DrEKwa8ACa++pDZtbcOk7BnNOwBiubSRxekwcLsSQaIReE1/?= =?us-ascii?q?6Zh690Tt6operj1UI35Fi+NRoGw6pz5Yqf/6qIuevXbwfQzbcYW6jlXMXzrq82?= =?us-ascii?q?t0OV//0km6YEenZpbA2/DOgdSskdy3/iza8wyyIsHdnDH7X99/FdTH85gijvm5?= =?us-ascii?q?ZmH1URAP8UG6SE/ZhGlGcih+PZLsEWcrxFmmuXEx6kFqQPyX+t6yuSOmVlgxfO?= =?us-ascii?q?0x/qQWyp91/2sTV4QTbQwNf/j0pVTKe4CV1VXyqzNk9yqCmPMxbwtNrrpaQ161?= =?us-ascii?q?k7MmrltN2Rk2uhPKlYH9blKNydJik0o0kXjIYqS9yq1o0aFsCxINAL8HFxdvHe?= =?us-ascii?q?8X+kkzddo6dbgIrT+t2a9e/THXa+lK2at7WMxDdDx3gjoV4/686vNvfS592LWf?= =?us-ascii?q?ukzWARQDljuwHZRR66tqTbr0wIOUyMyErLnJcKPtRZ0HQj2EHp+vUsQNUp9ApE?= =?us-ascii?q?DobAffQCpTLtNzTo3VaTedU3VjOR0zFPBFL6DUF4GLQg2GL3pM/JkHPQ9EMtRo?= =?us-ascii?q?l3aUPngQd6D4omJkIq81gX2jAMERQMaR+BCLGoBELlLZcaWkgHbRSH3be6dbkx?= =?us-ascii?q?3UJv3Lyj/unTYvJgB6AVLPZSkhaOnERHGpIRqaAeQrN8e1pG+a7SuAfjC5boX+?= =?us-ascii?q?LnlXo2Ov25WMZa/t4Ft3E6+AawWwKg6Ytf77YckJ2Id69FboLWs89g9Epn/iAA?= =?us-ascii?q?djBTjxdjlR+5VvocpO/76NjBrJWo8vquVLoqR+gP7Bc0Bn9+jpXqj1AhoNHXy/?= =?us-ascii?q?9cRZfIiYT76w1CP3mKt5vE3BZmNOoOMYWrfKx6+HkdICgePX0ON8KMa/Yg+y9t?= =?us-ascii?q?LCnT51taD8MUf9wYINbCmQBai03uQrFT9dPXGkSGBId3dsAo6Xf3yT8u/JskSO?= =?us-ascii?q?ng9CO5JZDR7lFKJfNDjz9glNHcq+gPx/rdFiwX7WOeaxhvzSOI04ONBOro/eWQ?= =?us-ascii?q?1NHUUEsLHjIsU4hDIDqN4wqnSfSumZr0UwOU5c7zgI4ke0KLXHOxhrkFvrxKEe?= =?us-ascii?q?FeliXxxiJeGZzth/KJr9qs73NatlJdH4Zp8xLFBKVfM45/ORT5ismkWEh8CTHi?= =?us-ascii?q?eMHPbBYuvvSZxvsU6eVkK0T+fZMbIg4Dy7/i5npaUA1uSKLxvlaeWu4Rf8VpSP?= =?us-ascii?q?fFrnBT9IJhJLQCPFyDq5zwrjZHsko6AAk3Z78stjZabFXBnBVJW6bov74Nkg4c?= =?us-ascii?q?Udl/uU9QFmK/Jnkz5z/GVatPiqmeFuAV8zuUTqwUUEVoKTlyQxWr15VyY7Gph+?= =?us-ascii?q?xIsntaniNhp/gnyzNmSwenuS33vq4DxD0u9re5tDUHpHxEQf6TkyjNCVpZyvQF?= =?us-ascii?q?k70QC3H46VyzeHMDdpf94KF7JcT88oks+3Y/YRIjfy0AR+ivFyHwj6eVAoOSsd?= =?us-ascii?q?NchRiNuN7Nbb+yNiUSKLU9yQz5SHh5zwfenQxk8G0VTTW89NUkPpmyOd45xiq0?= =?us-ascii?q?HmjWbFcM4r1Tv8v3rlMLSPY2Zk5gwGVkyciLXCoNRNbAG2wtlAgrdX1EcI5f6R?= =?us-ascii?q?8dD6QogCiHvqdI/gEQezrVHJ6q+o/OksfUw3U9S8llxn7OrK2fmpwqyGFlm89z?= =?us-ascii?q?7iOWt3QSc+vYUsFyDXj30odS0vf+Z/KrsuAGVIRq0rKhX+EeMsO742u5xI1qWl?= =?us-ascii?q?O5xrQZB1e5Mu8Dx7fDUyeiTW2YWPiLfHaXkjY8M07y+QOoIUMtZMdNtU89PfPI?= =?us-ascii?q?hoRAmA35TbN0WiKQqEfHzGwiNOMXbB42uIa7dAwJUuERY/KQJe4wz/0iEFEMdW?= =?us-ascii?q?PGHTNqC++qtl6ghI17O3Rj4UX5ZuTg6QLmP8GRGhkDF47VsJhx9ea8Rm2fJX9q?= =?us-ascii?q?1AdyM1Vs9+fDC1QxsfdRfI2PktjWm9R2yvUFd/NqMS0hpt4ThJxs5pSO3MeNax?= =?us-ascii?q?HRwY74JcvJrfiAH/3f00Mqd3lCUroeZQP6/Z86P9A+W73XE7tUphEcBa89QJw6?= =?us-ascii?q?KWj+6Lt0LARocg7KZbS0hMbqqviMZptOqH/c9kgwIzvEux0f1vy0ShR2b560iH?= =?us-ascii?q?X2IZAwXixOosZsCxtnGYtPHt0PrxCjA5GKgq27jMWx+0xise8QraXwEuzK1Mi+?= =?us-ascii?q?34hpX5ha+UyLPDHUBKZxmURoleGygvbc0pnrF8zuY9QEVPJ0QmTdcL/JAp2/Ki?= =?us-ascii?q?6SOsL7Y0NH/aac0Kh4UhqNei/0RK+GtCy4NPV+/0o30It4fPDczDY19bHUxMPy?= =?us-ascii?q?Z31HpiektXOJM59f40LRCOzGWxJbU+GF8HpkHaILcYv07vkBPsI4zNia/QZz8C?= =?us-ascii?q?xI0NGZLKi5sk/MxkV7eIrfLEvo3SY5RIYLLA27MUstmm/Ztm/dDG9dLse+L8lt?= =?us-ascii?q?h8yZDhv350l+gWstfHJOGnL0RdeNPmgWw9m+axOO9AJKCdYDguG2dUk3uK2uSe?= =?us-ascii?q?lnJI9FlvuytLodittpKD/ARNJcPy7OKL95JSdRDurVqFgveB4EvKA/Wp0papiW?= =?us-ascii?q?PEMHLECAxDv2zQvDyk30a8eh1aeQICYQ6HpL1bTF3iZQpwOho/aWntXjUKzFbJ?= =?us-ascii?q?HxRPPSNTAqWS2aRTQzF0ap/kypu+QFvPqeP2gfplEUYiSPCA8cvKxvqsLQDmDL?= =?us-ascii?q?k+15YJIKnOyaWzz3SCBglqo9HCVLtUeXTPcYCAnWaWPhgGpbuAy/Kf9M/W7lY6?= =?us-ascii?q?eexqVLR+wcGpFMfeGBQ9vEZfBeIC8lljoDN+mnZd3crqg20lbTQGsHF6nH7kae?= =?us-ascii?q?TE+LQvCGwTLkQ5kVtZAuuiU04tLQgjN3E6PQMradoj6u9ZS4jDyZue3FTWQtZV?= =?us-ascii?q?Y6gOccD2mA2hVAL3sEC94NskH3XqGAf1pM1G4uie92xRAMegNzUn1o0n1Nm/a9?= =?us-ascii?q?HNZUSVEOjGOzXv0Jckp3ACk2/UCU/g34ecYAttzLR29C6rsMTpIQLOIm6InSJK?= =?us-ascii?q?QdwfUk0Sl4oCMkqSWdDlJcjgWD86bKGqJz2KFC73Ei//5qRkGPXy/fcm/fx4qk?= =?us-ascii?q?DMJPwyNurGvh18XKo+9tOrxap5tlD1gUGy52IM7S/SwSGV3zjQCypRegAxyFJy?= =?us-ascii?q?8CpS0MIWoCbOkxh/dyrRLgbt/c7QaVsKU7pQ2gDgPPQqG4w7RXG8rp0kO+ciAN?= =?us-ascii?q?fjK1U9h7sv9Xlc06eao9ZJOmB1nKI075FA3c8ywI+RTkpa6nJdBHzmUXjuMnL9?= =?us-ascii?q?StF5IHBN+f3Dx232dgxZwTwGnXCdTaItX54sg+H3YVO5+mVX7gY7rGOjzzsLYI?= =?us-ascii?q?1ZJ9OVyVbbA2NWQTkYMsmWrsdBv89Y72/yKJLIm9eDi9MccJINKjjGwY0fWJDZ?= =?us-ascii?q?/n+/EXUSlPxqM7k86V8CmGpw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EMBQBapjVY/wHyM5BeHQEFAQsBGAEFAQsBgw0BAQEBAR+?= =?us-ascii?q?BWqRalnYhgk6DLIImUwEBAQEBAQEBAgECXyiCMxqCHAIEAQIkExQgCwMDCQEBF?= =?us-ascii?q?wghCAgDAS0VEQcHCwUYBIhMBLEkPSoCizwLAQEBI480CwYBhX0BBJoHSJECihy?= =?us-ascii?q?GE41qhAxVXjYegzABHIFfcIYJDheCFwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Nov 2016 14:27:19 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uANER5bs023708; Wed, 23 Nov 2016 09:27:09 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uANEKAl3047361 for ; Wed, 23 Nov 2016 09:20:10 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uANEK8xA021342 for ; Wed, 23 Nov 2016 09:20:09 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CoBABHpTVY/4GlL8FeHQEFAQsBgzgBAQEBAYF5pFqSZYQVgmuDNgKCbQECAQEBAQECYiiEaQIEJ1IQGAgxVwcSiHGxKz2LaAELJY8/hgQFmgdIkQKQL41qhAxVgRQegzABHIFfPDSGCYI8AQEB X-IPAS-Result: A1CoBABHpTVY/4GlL8FeHQEFAQsBgzgBAQEBAYF5pFqSZYQVgmuDNgKCbQECAQEBAQECYiiEaQIEJ1IQGAgxVwcSiHGxKz2LaAELJY8/hgQFmgdIkQKQL41qhAxVgRQegzABHIFfPDSGCYI8AQEB X-IronPort-AV: E=Sophos;i="5.31,538,1473134400"; d="scan'208";a="5840638" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 23 Nov 2016 09:19:53 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3ASSCm0xL2MJ0Yac4znNmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgeL/jxwZ3uMQTl6Ol3ixeRBMOAuqkC0bWd7fmocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDSwbalsIBi0ognct9QaipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?= =?us-ascii?q?b5UBAfcPM+hbqIfypVUOoACiCQWwHu7j1iVFimPq0aA8zu8vERvG3AslH98Wvn?= =?us-ascii?q?rbttP1P7oWX+Co1qnIwivMb/VN2Tzg74XHbwouofeNXb1udcrRy1IiFwbbgVWU?= =?us-ascii?q?rYzqJTWV1uMCsmSB8+VgUuevhnchpgpsoTav3t8hhpTNi48b0FzJ+id0zJwoKd?= =?us-ascii?q?C5SEN3e8OoHIVUuiycKoB4WNktQ3tytyY/0rAGuYC0fCwNyJk/wh7QdfiHc4yS?= =?us-ascii?q?7RLlU+aQLi10i25ieL6lhhay9VCsyuz6VsaqzFZHtjdJn93Cu3wX2BHe6NKLRu?= =?us-ascii?q?Z880qhwzqDyh7f5+VcLUAxj6XbKpohwrAqlpoUtETOBjL5l1/wjK+XaEok/uqo?= =?us-ascii?q?5v/iYrr4op+cM5V7igf5MqUhgMCwHeM4Mg0WU2iB5eu8zKHj/VH+QLhSlf05jK?= =?us-ascii?q?3ZsJHcJcQGqa+0GBNV04Y/5Ba/CDeqytIYnWIdI15fdxKHiJbpaBnyJ6XzDe2+?= =?us-ascii?q?mEuEizB23LXdObmnBY/CajDbmarlVa509koZzQ00190Z7JVRTvkaLOnbRl76tN?= =?us-ascii?q?ueCAQwdQOz3aKvBc10zIIFcXqGGK6CKKfbulLO4fggZ6GAYIIZtjHnJ9A/6vLu?= =?us-ascii?q?hGN/klgYOeGy0JIRLnC1EOh3C0SffXfoxNwGFCNCvgM6Cvbtk1CESiJUbHWaUK?= =?us-ascii?q?c15zV9A4WjXqnZQYX4rLWHlAWmBJJbYHsOXlyFF3blc4esXvoIbCuUJd8nmTsB?= =?us-ascii?q?A+vyA7Q93A2j4Vepg4FsKfDZr2hB7cru?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GoBAAGpTVY/4GlL8FeHQEFAQsBGAEFA?= =?us-ascii?q?QsBgw0BAQEBAYF5pFqSZYQVgmuDNgKCbQEBAQEBAQEBAgECXyiCMxoBghsCBCd?= =?us-ascii?q?SEBgIMVcHEohxsTE9i2gBCyWPP4YEBZoHSJECkC+NaoQMVYEUHoMwARyBXzw0h?= =?us-ascii?q?gmCPAEBAQ?= X-IPAS-Result: =?us-ascii?q?A0GoBAAGpTVY/4GlL8FeHQEFAQsBGAEFAQsBgw0BAQEBAYF?= =?us-ascii?q?5pFqSZYQVgmuDNgKCbQEBAQEBAQEBAgECXyiCMxoBghsCBCdSEBgIMVcHEohxs?= =?us-ascii?q?TE9i2gBCyWPP4YEBZoHSJECkC+NaoQMVYEUHoMwARyBXzw0hgmCPAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,538,1473120000"; d="scan'208";a="1249502" Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Nov 2016 14:19:51 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 23 Nov 2016 16:19:46 +0200 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id uANEHdrT021742; Wed, 23 Nov 2016 16:18:41 +0200 From: Dan Jurgens To: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com, hal.rosenstock@gmail.com Subject: [PATCH v6 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Date: Wed, 23 Nov 2016 16:17:31 +0200 Message-Id: <1479910651-43246-10-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1479910651-43246-1-git-send-email-danielj@mellanox.com> References: <1479910651-43246-1-git-send-email-danielj@mellanox.com> X-Mailman-Approved-At: Wed, 23 Nov 2016 09:27:03 -0500 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-rdma@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens It is likely that the SID for the same PKey will be requested many times. To reduce the time to modify QPs and process MADs use a cache to store PKey SIDs. This code is heavily based on the "netif" and "netport" concept originally developed by James Morris and Paul Moore (see security/selinux/netif.c and security/selinux/netport.c for more information) Signed-off-by: Daniel Jurgens --- v2: - Renamed the files to ibpkey. Paul Moore - Fixed a bracket indentation mismatch in sel_pkey_find. Yuval Shaia - Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep warning. Dan Jurgens v6: - Fixed sel_pkey_sid_slow error handling. James Morris --- security/selinux/Makefile | 2 +- security/selinux/hooks.c | 7 +- security/selinux/ibpkey.c | 245 ++++++++++++++++++++++++++++++++++++++ security/selinux/include/ibpkey.h | 31 +++++ security/selinux/include/objsec.h | 6 + 5 files changed, 288 insertions(+), 3 deletions(-) create mode 100644 security/selinux/ibpkey.c create mode 100644 security/selinux/include/ibpkey.h diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 3411c33..ff5895e 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -5,7 +5,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ - netnode.o netport.o exports.o \ + netnode.o netport.o ibpkey.o exports.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 55b18b3..7ee9854 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -90,6 +90,7 @@ #include "netif.h" #include "netnode.h" #include "netport.h" +#include "ibpkey.h" #include "xfrm.h" #include "netlabel.h" #include "audit.h" @@ -173,8 +174,10 @@ static int selinux_netcache_avc_callback(u32 event) static int selinux_lsm_notifier_avc_callback(u32 event) { - if (event == AVC_CALLBACK_RESET) + if (event == AVC_CALLBACK_RESET) { + sel_pkey_flush(); call_lsm_notifier(LSM_POLICY_CHANGE, NULL); + } return 0; } @@ -6094,7 +6097,7 @@ static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val) struct ib_security_struct *sec = ib_sec; struct lsm_pkey_audit pkey; - err = security_pkey_sid(subnet_prefix, pkey_val, &sid); + err = sel_pkey_sid(subnet_prefix, pkey_val, &sid); if (err) return err; diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c new file mode 100644 index 0000000..2ce12bb --- /dev/null +++ b/security/selinux/ibpkey.c @@ -0,0 +1,245 @@ +/* + * Pkey table + * + * SELinux must keep a mapping of Infinband PKEYs to labels/SIDs. This + * mapping is maintained as part of the normal policy but a fast cache is + * needed to reduce the lookup overhead. + * + * This code is heavily based on the "netif" and "netport" concept originally + * developed by + * James Morris and + * Paul Moore + * (see security/selinux/netif.c and security/selinux/netport.c for more + * information) + * + */ + +/* + * (c) Mellanox Technologies, 2016 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#include +#include +#include +#include + +#include "ibpkey.h" +#include "objsec.h" + +#define SEL_PKEY_HASH_SIZE 256 +#define SEL_PKEY_HASH_BKT_LIMIT 16 + +struct sel_pkey_bkt { + int size; + struct list_head list; +}; + +struct sel_pkey { + struct pkey_security_struct psec; + struct list_head list; + struct rcu_head rcu; +}; + +static LIST_HEAD(sel_pkey_list); +static DEFINE_SPINLOCK(sel_pkey_lock); +static struct sel_pkey_bkt sel_pkey_hash[SEL_PKEY_HASH_SIZE]; + +/** + * sel_pkey_hashfn - Hashing function for the pkey table + * @pkey: pkey number + * + * Description: + * This is the hashing function for the pkey table, it returns the bucket + * number for the given pkey. + * + */ +static unsigned int sel_pkey_hashfn(u16 pkey) +{ + return (pkey & (SEL_PKEY_HASH_SIZE - 1)); +} + +/** + * sel_pkey_find - Search for a pkey record + * @subnet_prefix: subnet_prefix + * @pkey_num: pkey_num + * + * Description: + * Search the pkey table and return the matching record. If an entry + * can not be found in the table return NULL. + * + */ +static struct sel_pkey *sel_pkey_find(u64 subnet_prefix, u16 pkey_num) +{ + unsigned int idx; + struct sel_pkey *pkey; + + idx = sel_pkey_hashfn(pkey_num); + list_for_each_entry_rcu(pkey, &sel_pkey_hash[idx].list, list) { + if (pkey->psec.pkey == pkey_num && + pkey->psec.subnet_prefix == subnet_prefix) + return pkey; + } + + return NULL; +} + +/** + * sel_pkey_insert - Insert a new pkey into the table + * @pkey: the new pkey record + * + * Description: + * Add a new pkey record to the hash table. + * + */ +static void sel_pkey_insert(struct sel_pkey *pkey) +{ + unsigned int idx; + + /* we need to impose a limit on the growth of the hash table so check + * this bucket to make sure it is within the specified bounds + */ + idx = sel_pkey_hashfn(pkey->psec.pkey); + list_add_rcu(&pkey->list, &sel_pkey_hash[idx].list); + if (sel_pkey_hash[idx].size == SEL_PKEY_HASH_BKT_LIMIT) { + struct sel_pkey *tail; + + tail = list_entry( + rcu_dereference_protected( + sel_pkey_hash[idx].list.prev, + lockdep_is_held(&sel_pkey_lock)), + struct sel_pkey, list); + list_del_rcu(&tail->list); + kfree_rcu(tail, rcu); + } else { + sel_pkey_hash[idx].size++; + } +} + +/** + * sel_pkey_sid_slow - Lookup the SID of a pkey using the policy + * @subnet_prefix: subnet prefix + * @pkey_num: pkey number + * @sid: pkey SID + * + * Description: + * This function determines the SID of a pkey by querying the security + * policy. The result is added to the pkey table to speedup future + * queries. Returns zero on success, negative values on failure. + * + */ +static int sel_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid) +{ + int ret; + struct sel_pkey *pkey; + struct sel_pkey *new = NULL; + unsigned long flags; + + spin_lock_irqsave(&sel_pkey_lock, flags); + pkey = sel_pkey_find(subnet_prefix, pkey_num); + if (pkey) { + *sid = pkey->psec.sid; + spin_unlock_irqrestore(&sel_pkey_lock, flags); + return 0; + } + + ret = security_pkey_sid(subnet_prefix, pkey_num, sid); + if (ret) + goto out; + + /* If this memory allocation fails still return 0. The SID + * is valid, it just won't be added to the cache. + */ + new = kzalloc(sizeof(*new), GFP_ATOMIC); + if (!new) + goto out; + + new->psec.subnet_prefix = subnet_prefix; + new->psec.pkey = pkey_num; + new->psec.sid = *sid; + sel_pkey_insert(new); + +out: + spin_unlock_irqrestore(&sel_pkey_lock, flags); + return ret; +} + +/** + * sel_pkey_sid - Lookup the SID of a PKEY + * @subnet_prefix: subnet_prefix + * @pkey_num: pkey number + * @sid: pkey SID + * + * Description: + * This function determines the SID of a PKEY using the fastest method + * possible. First the pkey table is queried, but if an entry can't be found + * then the policy is queried and the result is added to the table to speedup + * future queries. Returns zero on success, negative values on failure. + * + */ +int sel_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *sid) +{ + struct sel_pkey *pkey; + + rcu_read_lock(); + pkey = sel_pkey_find(subnet_prefix, pkey_num); + if (pkey) { + *sid = pkey->psec.sid; + rcu_read_unlock(); + return 0; + } + rcu_read_unlock(); + + return sel_pkey_sid_slow(subnet_prefix, pkey_num, sid); +} + +/** + * sel_pkey_flush - Flush the entire pkey table + * + * Description: + * Remove all entries from the pkey table + * + */ +void sel_pkey_flush(void) +{ + unsigned int idx; + struct sel_pkey *pkey, *pkey_tmp; + unsigned long flags; + + spin_lock_irqsave(&sel_pkey_lock, flags); + for (idx = 0; idx < SEL_PKEY_HASH_SIZE; idx++) { + list_for_each_entry_safe(pkey, pkey_tmp, + &sel_pkey_hash[idx].list, list) { + list_del_rcu(&pkey->list); + kfree_rcu(pkey, rcu); + } + sel_pkey_hash[idx].size = 0; + } + spin_unlock_irqrestore(&sel_pkey_lock, flags); +} + +static __init int sel_pkey_init(void) +{ + int iter; + + if (!selinux_enabled) + return 0; + + for (iter = 0; iter < SEL_PKEY_HASH_SIZE; iter++) { + INIT_LIST_HEAD(&sel_pkey_hash[iter].list); + sel_pkey_hash[iter].size = 0; + } + + return 0; +} + +subsys_initcall(sel_pkey_init); diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h new file mode 100644 index 0000000..387885a --- /dev/null +++ b/security/selinux/include/ibpkey.h @@ -0,0 +1,31 @@ +/* + * pkey table + * + * SELinux must keep a mapping of pkeys to labels/SIDs. This + * mapping is maintained as part of the normal policy but a fast cache is + * needed to reduce the lookup overhead. + * + */ + +/* + * (c) Mellanox Technologies, 2016 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#ifndef _SELINUX_IB_PKEY_H +#define _SELINUX_IB_PKEY_H + +void sel_pkey_flush(void); + +int sel_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid); + +#endif diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 8e7db43..4139f28 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -133,6 +133,12 @@ struct ib_security_struct { u32 sid; /* SID of the queue pair or MAD agent */ }; +struct pkey_security_struct { + u64 subnet_prefix; /* Port subnet prefix */ + u16 pkey; /* PKey number */ + u32 sid; /* SID of pkey */ +}; + extern unsigned int selinux_checkreqprot; #endif /* _SELINUX_OBJSEC_H_ */