From patchwork Mon Jul 10 07:57:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9832835 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B425860363 for ; Mon, 10 Jul 2017 12:23:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F88326E4A for ; Mon, 10 Jul 2017 12:23:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 92675282EC; Mon, 10 Jul 2017 12:23:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EF0A726E4A for ; Mon, 10 Jul 2017 12:23:26 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.40,340,1496102400"; d="scan'208";a="7430894" IronPort-PHdr: =?us-ascii?q?9a23=3A2fWnHxML5B+sVj1ra38l6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0LP3yp8bcNUDSrc9gkEXOFd2CrakV26yM7eu9ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngu6oATeusQWnYdpN7o8xAbOrnZUYe?= =?us-ascii?q?pd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbY?= =?us-ascii?q?VguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLzhS?= =?us-ascii?q?wZKzA27n3Yis1ojKJavh2hoQB/w5XJa42RLfZyY7/Rcc8fSWdHUMlRTShBCZ6i?= =?us-ascii?q?YYUJAeQKIOJUo5Dgq1cSqBezAxSnCuHyxT9SnnL43bM03fkvHw/F2wIvHdwOsG?= =?us-ascii?q?zWodnoOqodT/u1wbLUwTnfdf5axS3w5JTUfh0nvPqCXahwcc3UyUQ3Eg3KkEuf?= =?us-ascii?q?qZf4ND6L0eQNtGub5PdnWOKslWEotRpxrSSoxscriYnEnZ4aylDe9SV+xYY1JM?= =?us-ascii?q?C4SEthbd6jCptQuDiXOo1rSc0hW2FloDs2x7IJtJKhfCUG1Y4rywDQZvCZaYSE?= =?us-ascii?q?/wrvWPuTLDp2nn5pZbOyihmo/US91+HwSNO43EtEoydLlNTHq2oD2AbJ6sedT/?= =?us-ascii?q?tw5kKh2TGS2A/N8uxEOkU0lbbDK54m374wioIfsUTdES/yn0X7lLOWeV8++uip?= =?us-ascii?q?9uTnea/qpoOcNoBoigH+Nb4imsqjDuQjLgcCRW2b+eW41LH7/E35RqtFjuEun6?= =?us-ascii?q?XEv53XKt4Xq66kDwNPzIou5AizAy273NgAmHkINlNFeBaJj4jzPFHOJej1Deyh?= =?us-ascii?q?jFSokTdrwe3GP7L4DprWKXjDjbHhcqpj5E5H0wcz0dBe6I5UCrEGOv7zXFTxu8?= =?us-ascii?q?bCAh82NAy03f7rCM9h2YMGRWKPHqiZPbvQsV+P4OIgOfWMZI8Ptzb7MPUl5fnu?= =?us-ascii?q?jXk8mVAHZqmpwYUYaGqjHvh8JEWZe3XsiM8bEWgWpgo+UPDqiFqaXD5RZXa9Rb?= =?us-ascii?q?4z5jIgCIKhC4fDR56tjaeP3Ce/A51XaXtJCk2KEXf0aoWIQfAMaDidIsV5iDwL?= =?us-ascii?q?SaChS5M91RGprAL7xbtnLu7R+iIGr5Luz9Z16PPOmhE17zx7Fdyd03uKT2F2gG?= =?us-ascii?q?wHWyM20Lp4oUxnxVeJybJ4jOBAFdxP+/NJVR83OoPAwOx/DNDyXB7BcsqSRVa4?= =?us-ascii?q?XNqmGzAxT9M2w98IeUp9Hcutjgzb1SqwH7AVj6CLBIAz8q/EwnfxO9xyy2zd2a?= =?us-ascii?q?Y9iFkmR9dAOne9hq5j7QTTAZDGk1mBnaawaascxDLN9HuEzWeWvEBZUQlwUaPe?= =?us-ascii?q?UHAaYkvatNX55kXYQ7+oE7snKAhByc+cKqRUcNHpi0tJROv7MtTEf22xg3uwBQ?= =?us-ascii?q?qPxr6Ud4XlYGIR3CHcCEgfjwAT5myKNRMgCSi9uW7eFyJhFVbuY0Pq7Ol/p2i2?= =?us-ascii?q?QVM0zgGQck1hzKC5+xAPivyAUPMT2bQEtD0mqzVuE1a3x8jWBMaYpwp9YKVcZs?= =?us-ascii?q?sw70lf1W3DrQx9P4egIrt6hlEEaQR3vlju1w1zCopajcclsmkmzA1oKaKXyFlB?= =?us-ascii?q?bS+X3YjsOr3LLWn/5B6va7TM1VHYzNmW+7wP5e89q1X7vQGlD1Ei8nt809VP1H?= =?us-ascii?q?uc/JrKBhIIUZ3tSkY36wR6p7bCbyk+/YzU1npsMbSvvz/Bwd0pB+wlygu6c9dY?= =?us-ascii?q?KqOEGxf4E9cGCMi2NOwqh1+pYwoeM+9P7q40Pt2pd+Gd1aGxIOlgmSiqjWNd4I?= =?us-ascii?q?ByykiM7TZzSvbU35YZxPGVxhGHWCrhg1q6vcD3nI9FaSsUHmWh1SjuHJRRabFq?= =?us-ascii?q?fYYXFWeuJNW6xs5wh573XH5Y70KjCkgd2M+vfhqTYVn90hdW1UgNp3yohze4xS?= =?us-ascii?q?Rukz41tqqfwDDOw+P6eRsJIGFLQHVigkn2IYivlN0aQlanbxIymxu44Eb23a9b?= =?us-ascii?q?pL5wL2PLW0dHYzD2L31+Uqu3rreCf9NA544psSpNVOSxekyVSrn4oxQGySzjBH?= =?us-ascii?q?deyCo9dz60ppXzhwZ6h36FLHZvsHrZftl9xRHe5NzYQf5ewCEGSTJihjbJHFi8?= =?us-ascii?q?OMOl/dKOl5fMquq+TX6uVoVPcSn3yoONrDW75Wx2Dh2jmPCzgMfrHhQ60S/80d?= =?us-ascii?q?lqWj7FrBL9Yontzau6K+VnclNvBF/m5MpwApt+nZcohJEMxXgagY2Y/X4GkWfo?= =?us-ascii?q?LdVXwLn+Y2QJRT4Kxd7V/Qfk1VZ4LnKRxoL5UHSdzdd6Z9WgZGMZxD495dhQCK?= =?us-ascii?q?iI9LxEgTd1ol2goALLZvh9mjMdxuU06HEGhOEIthEgzj6AAr8OBklUJyvslw6H?= =?us-ascii?q?79qmtqVYeH6vcaSs1Ep5hd2hFKuNohxYWHrjYJguBzR/7sJ7MFLQ133z7JrpeN?= =?us-ascii?q?zMYdIVsR2bjw3Mj+5LJ5ItjvAKnzZoOXrhvX05zO42lR9u0o+8vIicMGht/7y2?= =?us-ascii?q?AhhDNj3zecwT5ivhjaFEnsaZx4qvBIluGi0XXJv0SvKlCCoSuu76NwaKDjI8sm?= =?us-ascii?q?2UGbzDHQCB8kdrtG/PE4u1OHGNP3kV185iRB6AJExFnA8bQjs6npkjFgCl2sPt?= =?us-ascii?q?akF56S4N5lTgsBtD1vpoNwXjUmfYvAqodDE0R4WEIRpI6AFN+kfVPdaY7u1tAy?= =?us-ascii?q?FS5oehoxCVKmyHewRICnkEWlSeCFD+Ormj/sXP8+mEBuu+NvfOb6+BqepEW/eP?= =?us-ascii?q?35Kv3ZNs/yyQOcWXInliE/o711JNXX9jHcTZhzIPSykMmiLDccGUuRC8+jdtoc?= =?us-ascii?q?Cn6vTrXwDv6pWTBLtOK9lv/Aq2gaibPe6KmCl5MSpY1o8LxXLQzbgQxloSiyVw?= =?us-ascii?q?eDmxDbQPrzTCQbnWmqBJEx4bcD98O9FQ760ixAVNP9DUis/t3L5ikvE1E0tFVU?= =?us-ascii?q?Dmmsyxf8wGOW+8OEnCBEmRMLSGIj3KztrtbqygTL1cluJUtwe/uTyDCU/sIiyD?= =?us-ascii?q?lyX1VxCoKexMgjubMwJDt4GmaBltD3TjTNX9ahCgKtB4kTg2zaczhnPQOm4WKS?= =?us-ascii?q?J8fF9Vrr2M8SNYhe1yG2pb7nV/NemEgz2U7+fZKpYMqvtrHip0l+Nc4Hsgzbta?= =?us-ascii?q?8CBES+ZxmCfIqd5uuV6mmPGVyjV7SBpOtipLhIWTsEV6J6rW7YdPWXDF/BIR6m?= =?us-ascii?q?WdEBUKqMV7BdLxoaxQzcLPlK3rIjdY793U5dccB9TTKM+fLXUhKgTmFyTbDAsf?= =?us-ascii?q?VzGrK3rSh1dHn/GR632VtII1poLomJoTTL9UTkY1GuoGCkRiH9wDIJB3Uikikb?= =?us-ascii?q?GFkM4C/WC+owXJRMVGopDHUeqfAe71JzaHl7ZEaAUHwajjIIQILIL7xVZtalZk?= =?us-ascii?q?k4TRAUbQW85CojF5ZA8uvEpN6GR+TnE020/9cQyt4XATFfmynhMtlwRxf/8i9D?= =?us-ascii?q?b27FcxPFbKozEwkEYpk9X/nT+RaCLxLLu3XYxOESX0uFI+Mo3lTAtuag2yhVJr?= =?us-ascii?q?NDHBR71LjrtgcXtkiAjTuJdVHv5cV6JEagcKxf6Lf/UozUhcqiK/yE9b4uvFDI?= =?us-ascii?q?FulBEtcZ+tsX1A3RlsbMQyJaPOJ6pE1URfhqWLviC0zO8x2xMeK1wL8GyMZC4C?= =?us-ascii?q?oFYIOaU+Jyq04uxs7hSPmzhDeWgISfUnufdq9kQzO+SO0S3gz6JDKkC2N+yaMa?= =?us-ascii?q?yVoW7AmtCUQlkozEMHi1FF/aRq0ccka0eUUV4gw6GVFxkSNsrCLhpVb9ZI+3jV?= =?us-ascii?q?ZiaOsuTNzYhzP4qjCuDiVfWOu7oMgkK4AAYpGJwB7t4fEZm3zk7XN93nI6IFyR?= =?us-ascii?q?g2/wvrJU+FA+lOeBKFiDcHud+wzZ9t0YlbOD4dHX13MT+r6bbPug8qnP2DUc8r?= =?us-ascii?q?bXcdWIsEMG85V9O+my5YpHlPFie40vgeyASY6D/8vCvQBiHmb9V/fPeUeQ9sCN?= =?us-ascii?q?au9Doi6ae2l1/X/YjFJ2zhL9tioMXP6eQUppacFfxbUaR9s13dm4lER32mSWjP?= =?us-ascii?q?HsCpJ5LocYkjccT0CmqmUly4kz81S8DxPMyzIaiOgADoQp1ZsIad3DA+L8O9ES?= =?us-ascii?q?seGxhoreEZ+K18fREDY4Y8YRPwrAQxKai/IAae0tWzTGegMidZT/5azeqmfbNX?= =?us-ascii?q?1DYsYvW8yHQ+UpEw1/O3/lIVRJEWkhHewu6uZ4pEUSnzAHNdfRnPpSoimmhuMe?= =?us-ascii?q?Yy2vswzAnOsVYCLzCBbPZpZ3Bcv9EgGVOSJm17CnY5R1+ZiorD/g6s3rAJ8iRA?= =?us-ascii?q?ntZV0fdKv2Pksp/Zfj2sRLShqY/JvCo4cdgmv6pxPJT5LcuCtZPRgiLQQ4HVsg?= =?us-ascii?q?yFVi66EPxalcJLLS1DQflHg2clNdUIuYpc80YxUNkxJ6BXAqk2ur+qcSZkDTIV?= =?us-ascii?q?zSIBTIyPwjoCj/ym1LTHiBefbo4iMAcev5VYgtoRSSl2YjkRpKW7TYXZi3eESn?= =?us-ascii?q?QXIAcU9QlM6x8Alo50fuDh/oXISYRBxCNIrP1vUyvEDJ9o+0H8SmGMjljyUO+h?= =?us-ascii?q?nPCx3QJO0PLs1cEWWAR5CUhc2+lWlkwoKLVsK6cIp4DEryWGeF/9sm/21OSmI1?= =?us-ascii?q?xRxtHOeF3jEIrJr2z8XTMA+XcMX49A1GnfFYgOkwp+cKsrvk9DIJqheknl/DEk?= =?us-ascii?q?255pEKOmVc+1w1YlrHAGRyiuE9pABOFmsE7XWDN/bJCxrZXpIZNSTXFM+JeFsV?= =?us-ascii?q?dWjF1tMzKlyZpbM8xM7CQAUyRPoTWcuduySddM2cxtAp8NPNhwpWnyFLlDOJiL?= =?us-ascii?q?rH08oqbvxWPB+zAgrFe6wy2+FLWiT+JE+W0SAAYpKn+fqkkuDuss7nzd/krLsl?= =?us-ascii?q?9q4+dRHqKPgllpoDZhApBOAS5E1XGjL1RvUnZGt/tVKKHLfMxAWfkzZQSiOxsm?= =?us-ascii?q?FfE42UyJ+Ft7nXb9YyNpsQtb9DrRXw4uVSkamr3tgyERqtm7OT8GTJJFdTohbz?= =?us-ascii?q?3fJAKdhSBapxdfa0ZkWpAfHtZF+68U3YpS/sreV0msMzsJXBp8OQIkyfBfj1JM?= =?us-ascii?q?sF2EeSDBCgqlberPshpyfcqKsM6lMPH58xxdhoPhru84670JR2e6lg21XdDes4?= =?us-ascii?q?j8u8WKtkSUbqf3Kem8bmLaQTfRkx+wna8kAIfO/yfNKgpXMZ56yWArYZL5E27E?= =?us-ascii?q?IQxGJ74HJ0pcTa16a9JGrf5BasB5ZqkJ4rFiBgibRhzxBYOjtv9GIUjPRT7GNS?= =?us-ascii?q?WO7vS/oZ7P7bzaUeXvfcKMyGrbT691I5t35yL2FKvt0Y9b5kX5wOxt9l9gRVjA?= =?us-ascii?q?LS+BsMzrJhkX68m6akviopopECvMAJhujXXtxltPd9YMTi2u95QY1o1W5GjsRu?= =?us-ascii?q?J/z0f8rvde97965okr+7pp09u7Jb/OKfRGtk9qGgCUBh529po3HWd/W3tcYvQW?= =?us-ascii?q?KPfMZ6QWkd7hq+brF6wN8hKV//ZVadzdJ0HOgsO/EC2TSQRYnAcdrj4XNhec1+?= =?us-ascii?q?SblKBqVMmovvX52kYx41ikNBEG0rFt5YCA+qWWuO/bdRzRzaILWqLyXMP8sqws?= =?us-ascii?q?u1+O5f0jjLMOeHZ6YxegEOgGUs4S3HngwLsvzSIxF8PDA7Pg9+JCV30jmDLggI?= =?us-ascii?q?pxH1IMGvMbBbCL55hRnn8km+zFMd0baqJClXyJFR6qCL8CzmOk5DWMLWl5mB7O?= =?us-ascii?q?1QrwQWSp4F/wsyB4XTPGz83/nUpNSrm3GUBSUjKvOU98qz6PPQzotN/ttaQ06k?= =?us-ascii?q?E2PHbku8iWlGu9IrNXAtHwJMCBISkuul0blpoxRsag2YoDA9qyPM8R8G1ibvvZ?= =?us-ascii?q?826rlS5BrLtAh4ra+M6V4e/bHXinj62dsLWN3ytVyn03sFAw8NygMevO59KSSf?= =?us-ascii?q?Syy2kRVzt/uxfGXxOttrPUtVQUNlKQ0EfXmI0KOcpU3WIk2UHn+ucjRs4z9ARE?= =?us-ascii?q?GYraYfMNuyzzMiPuwVmDe9I3SjWe0zxPE1LxCll4Hagx1Xn+vM3XiHjQ/EcoSZ?= =?us-ascii?q?Nod0z9ghx3DZs3Jl4x6FQNxSoDCwcNYwiBDL60HUTlMZcEVU8bZBSF3bi6f7w6?= =?us-ascii?q?3UhtzbKv+uDTd+18B6wCNvpHiA6BgkRbEIoMsaICWLJ8Z0Nd9KnPqwjjConoRe?= =?us-ascii?q?LpmmYrOP2uXM9a7d4WuGc47ga4XRqg5o9J76wHh5CQaq5EfZ/Msdhn4Edm/j4O?= =?us-ascii?q?eDZCgBp+jxOlSeATvv3j4tzAvZW07eahSbgiSP8K9xguAGR+lYH/jEokodHN2O?= =?us-ascii?q?dWUpfVhpjn8ABRP36Kv57X0wFmJuoSN42rfLhh93IdJygdPn4OJsSZa/094y9r?= =?us-ascii?q?LTXS6EdPAtsWatMEIMXNmQ5VikrzWLFQ7MbbGUGXC511d88262r70jc18YEzUu?= =?us-ascii?q?z48j+5OYjf701RP/NElChsiMjCq/YRwfXIDigY/2KUZAV0wiONypmNF+z//f6W?= =?us-ascii?q?x9HOSlMKBCg2XJlBJDCa4wyoWvK1lIn1UgOT8sLzj4gxdFiOSXytnKQIqaJMEe?= =?us-ascii?q?9ciirl3jhRDJ31h+mPv9qq9mRXqkVNEJxv4h3dBKVfIpJ7NAz3lsa1QEh8Giz/?= =?us-ascii?q?eMbTeho1puWWwuYM4+NjN0rxfoIbJgwLy6j66HVPVAduTqD5vkqBV+ILeNRmUO?= =?us-ascii?q?/ErmxS6Y94N6APPkKSq4DxozhUr1A2BAspaL4uoTxAaknBghFaW6butL4HkAsc?= =?us-ascii?q?XsZzuVVQFmKoJGI++z3HWLxQjKmWDvwV7jqTQbIVXkVtMyNxWRW114tye7qnmv?= =?us-ascii?q?BHqGBGnjhnrPgszTNmWAO2uTfwqKIVxTIg5La4uS0OuXNZVeWeiD7EB0hMwvoM?= =?us-ascii?q?jKccDWvi6FOnbXkMaYv9+r9nKtr6+Ykm+XQ/bg0pfzcaUuS4FyHwk6SID5SNsN?= =?us-ascii?q?JbhB6Nvt/CYqOzLSgWK7Qy1BPiR3l70gjFnxZo8XAGQiuh7N86Poq9Pdsqxiuy?= =?us-ascii?q?FWjdalkM/rtDsNHtul4TUOs2dVRhzX1i0siZXCINQtfCG2Iojgc5aGVEd4lD5Q?= =?us-ascii?q?UdF6kyjTaCprNG8R0MYDfIDoSl/ZHdncXW1nkzQ9dqwnnbp6OfiZMsznJlh8l4?= =?us-ascii?q?7iiQt3QOb+bYSdNjAmDv1odDzuzzf/qtsuQASIpo1ruhVPsCP9K4+Wux3pVqW1?= =?us-ascii?q?Oqyq4YH1WnLO8J3q3bXDu9SW2EReSLdHCBnzQ5Mk/y/RmoKVk3aMZWr0AjKebC?= =?us-ascii?q?g59clxH7UbxqXCmQokXbzGM7O+MAaw02oJunexANTOMJe+icJO0uzeYiCFsNc3?= =?us-ascii?q?DJHjV5C+usvV6rgod7J21q4V/mbuT17gDmLNySFwEBEY7brZ5x+vu6S3mDOXB6?= =?us-ascii?q?zx1yO090+PnZF1grsO9TbYqRl8DKh9tnye4Fa+ttMSolt9EIhI1j75WU3dyRcR?= =?us-ascii?q?HVyZbyOc3VouaGDPLC1UgqfXtaUrUBawPv+4o6JsI5W6HUHbZBpRQcAqw6T4Y7?= =?us-ascii?q?N2b/86F0KA1zfxXUZLSzhcnqvfyEaYdOp3/R9VIwNybcuxsMyvCuSgx7dZ+qjW?= =?us-ascii?q?3oIJ8sXjJBs8FtChx+EYtBBcwAqwunA4aKl6ygit6x+kZ6u+oUvqrqDvDFys61?= =?us-ascii?q?34JrX5hV/UaLJireBLF3gkR5ieS/mvnB0oHrCcPjZdwLSvN2QmvEar/aBIWwNC?= =?us-ascii?q?iCOsXme05J67Scyq52Ug2NZCDlWKqLrCqkNPF67kgg0ox4ePDczCcx77HaxNTy?= =?us-ascii?q?e3tbqTm9onKTMptQ8kDKD/TEXx1IUfqF7HplHaoPYIvw9ecON8EiwdeF7wl37T?= =?us-ascii?q?RCy9eFI7O6o0/NwE17c5XbIFHu2yYjVokAOA6/Plc0gW/FtnTdBmxRLtO6Jslp?= =?us-ascii?q?gdaVCAHt5kZ2lW8iem5BGnTnRc2PNmgDwc2zfw6K+xxRD9YFgeG3fVU3trC9Se?= =?us-ascii?q?VyPZVFg+qqvq0dkdl1MyHPWNRaPybIIb9zJDVeEuXPpFkuYh4DqLU1RIY1ZZ6Q?= =?us-ascii?q?L0MDMUeAzz7yzATY3U3zbdys276DIDwK/XVf07LFzT9MqhG7ufmDgc3jV6vWYY?= =?us-ascii?q?rrXP7ULColVjaaRSk9EUap5VeoofwEs+SEIW0HuFAbfjqSCBIPpqBotdXQAXXc?= =?us-ascii?q?lvZ5fJ0Lmv+aXzv9SDN8lKUoHSZLtF2MT+AFFQbIc3/rmHBctxC6Jv9Q4XLlaK?= =?us-ascii?q?WVxqhQW+wRGItMaPyZQ8DDdPBYPTgokysWOOemc93btbY53UrCTXEFHKnQ6F2e?= =?us-ascii?q?UEmWT+SHxzLlWIUao4k5tykz99LOgCB3CaXIPreYpz6o6IK4ijiXufGNHlUqNm?= =?us-ascii?q?g0hv8ZSFWG2gdJLG0fQ4UJv1vzS6qMfG5I1XQ0madg3AIKdA1vU3polHpMk6Du?= =?us-ascii?q?NNdeTAs3gW61CNYBa1M/WDA98FSB5QrxSdcAo8fWRnJbsLwWRtxOf7ET9IDLNf?= =?us-ascii?q?5Ik74S1zV8rXl/6nzFAg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EJBAAzcWNZ/wHyM5BdHAEBBAEBCgEBFwEBBAEBCgEBgy+?= =?us-ascii?q?BeI58qQMqgjCGcFcBAQEBAQEBAQIBAmgogjMkAQ1GWAEBAQEBASMCDV4DAwECJ?= =?us-ascii?q?BkBATcBAgMJAQEXJwoIAwEwAQUBHAYTBYoqnhc/ix+CVzokAoJhAQEFiDEBKQg?= =?us-ascii?q?SgxaBMoIagWGOApFdjUaUDIsTKIZlSJMwM4EVWIEKMSEIKAiFTQ8cggdWiGYBA?= =?us-ascii?q?QE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 10 Jul 2017 12:23:25 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v6ACNODu019621; Mon, 10 Jul 2017 08:23:25 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v6A7vjkK291323 for ; Mon, 10 Jul 2017 03:57:45 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v6A7vipx011214 for ; Mon, 10 Jul 2017 03:57:45 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BHAgBGMmNZhqnAVdFdHQEFAQsBhVKOf?= =?us-ascii?q?KZ7ghGCUYNLAoNQQRYBAgEBAQEBAQETAQEBCAsLCCiFSAMDJxkBATcBDz8SNAE?= =?us-ascii?q?FARwGE4ovnhg/ix+CVzqDBwEBBYgvAQEBAQEBAQMCAR0ICQEIgxaBMoIagWGOA?= =?us-ascii?q?pFdjUaUDIsThw1IkzAzgRUlAYE7MSEIKAiFTQ8QDIIHVohmAQEB?= X-IPAS-Result: =?us-ascii?q?A1BHAgBGMmNZhqnAVdFdHQEFAQsBhVKOfKZ7ghGCUYNLAoN?= =?us-ascii?q?QQRYBAgEBAQEBAQETAQEBCAsLCCiFSAMDJxkBATcBDz8SNAEFARwGE4ovnhg/i?= =?us-ascii?q?x+CVzqDBwEBBYgvAQEBAQEBAQMCAR0ICQEIgxaBMoIagWGOApFdjUaUDIsThw1?= =?us-ascii?q?IkzAzgRUlAYE7MSEIKAiFTQ8QDIIHVohmAQEB?= X-IronPort-AV: E=Sophos;i="5.40,339,1496116800"; d="scan'208";a="14718" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 10 Jul 2017 03:57:44 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A55+mmBZ6288PTV3Nv9kQHEb/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZr8y6bnLW6fgltlLVR4KTs6sC0LuG9fq9Ejxfqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdxIRmsswnctsYajIhgJ60s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlT?= =?us-ascii?q?wKPCAl/m7JlsNwjbpboBO/qBx5347Ue5yeOP5ncq/AYd8WWW9NU8BMXCJDH4y8?= =?us-ascii?q?dZMCAeofM+hFoYfzpFwAohmwBQS3GO/j1iVFimPs0KEmz+gsFxzN0gw6H9IJtX?= =?us-ascii?q?TZtND7O7kMXuCu0aLF0zLDb/RV2Tzg74XIcQ4uru+XXb1sdsrRzkovGhjZgVWQ?= =?us-ascii?q?s4zlODaV1uUQs2ie9eZgUvivi2E+pgx3vzOhxd8sh5HXio4Jzl3I7yZ0zYYvKd?= =?us-ascii?q?GlTEN3f8SoHIZRuiyeL4d6X8EvTm9ytCony7ALtoS3cDUXxJg53RLTdvKKfoaO?= =?us-ascii?q?7xn+TuieOy14i2hgeL+nhxa970ygyurkW8mxyllKry5FnsDUtnADyxDf88aHRu?= =?us-ascii?q?Z880qlwzqP2AfT6uZLIUAwi6XXMYIuwrk1lpYLsETDGDH5mFnugaOIakkp/vKk?= =?us-ascii?q?5ufnb7n8u5ORM5F4hhvjPqkvnsGzGeE4PRIPX2if9+S8zrrj/UjhTbVJkPI5jL?= =?us-ascii?q?LZv4zdJcQcpa60GBNa0oY56xa4Cjem0ckYnXwdIFJCYhKHgJDlO0vSL/DgEfe/?= =?us-ascii?q?n1OsnS9wx//YOr3hA5PNLmXMkbr6YbZ861JTyAo0zdxF4ZJUEasOLOj8Wk/2qt?= =?us-ascii?q?yLRiM+Zii1xfv8QOl6zJ0XXW6USvuFN7nMuFuE/corIu+RdMobvyv7J/E55vno?= =?us-ascii?q?y3gjlglOU7Ou2M40ZX2jVt9hJEbRNXnhj8wKFmAJlgE+VuvviUCHFzlJaCDhDO?= =?us-ascii?q?oH+jgnBdf+Xs/4TYe3jenEhX/jEw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EaAwAIM2NZhqnAVdFdHQEFAQsBGQYMh?= =?us-ascii?q?SeOfKkMglGDSwKDUVcBAQEBAQEBAQIBAhABAQEICwsIKC+CMyQBDUZYAQEBAQE?= =?us-ascii?q?BIwINXgMDJxkBATcBDz8SNAEFARwGE4ovnho/ix+CVzqDBwEBBYgvAQEBAQEBA?= =?us-ascii?q?QMCAR0ICQEIgxaBMoIagWGKZAyDEpFdjUaUDIsThw1IkzAzgRWBYjEhCCgIhU0?= =?us-ascii?q?PEAyCB1aIZgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0EaAwAIM2NZhqnAVdFdHQEFAQsBGQYMhSeOfKkMglGDSwK?= =?us-ascii?q?DUVcBAQEBAQEBAQIBAhABAQEICwsIKC+CMyQBDUZYAQEBAQEBIwINXgMDJxkBA?= =?us-ascii?q?TcBDz8SNAEFARwGE4ovnho/ix+CVzqDBwEBBYgvAQEBAQEBAQMCAR0ICQEIgxa?= =?us-ascii?q?BMoIagWGKZAyDEpFdjUaUDIsThw1IkzAzgRWBYjEhCCgIhU0PEAyCB1aIZgEBA?= =?us-ascii?q?Q?= X-IronPort-AV: E=Sophos;i="5.40,339,1496102400"; d="scan'208";a="7424998" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-pf0-f169.google.com ([209.85.192.169]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 10 Jul 2017 07:57:42 +0000 Received: by mail-pf0-f169.google.com with SMTP id q86so45938774pfl.3 for ; Mon, 10 Jul 2017 00:57:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8WYH5HMDCQFMwTgQj611A5NWf5KKrPedGh1Kq77m/2Q=; b=eDrVz8G8/e+TKzECljrYIHId+fB0BxMDXDzVmdO7dD28PDlUD8kZmI1Kg508FarEto yEFOhm4Bnv9Tin1nPHm3JNf+FPzmnT4+3DDZuT8Att8+tdMw+Kw1Ud5gmGB6Q6LCLnSr lMdlsVVYidUErysb3Zrw80HN/juayek3ErvKY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8WYH5HMDCQFMwTgQj611A5NWf5KKrPedGh1Kq77m/2Q=; b=Zaz/J35nLrilVkNYAbRUUSL33u1OvXi3IKLKn98ShJgDccelbvY0kJ2/9x842gwS54 hBaGoI4vxGM1MPGPUuy5vfzvA4zJ5ckeERBVt4ye6l9psFCenxGxdCzcZ5J8d4g1BkfO ohtyp+8leiNmS1j8MvqYyqnXlkBe/6Bo4clXiLmNoYIPRtDtBGX7lbL1vfdwbh2Ce3kT 0AnlMf4Uvva98mUp/JOCH0K8FT9IsVRVU04oV46pU3bcWRfNH+vRvAxXdKQDUDTK4YfK u/G27I5r1ylHJYTKKz/8aK5vpB+f5jZjRH7vFQEAN3UZarDNGNv3F4QcY33qhTV5s3TN VdoQ== X-Gm-Message-State: AIVw112FUMcsOmkfGwJY5+E4BlKcWhytBBAYFuNpG8kyRHfn80sNL7K1 UFz0S1QpekwqOEkd X-Received: by 10.84.238.1 with SMTP id u1mr7582264plk.187.1499673461204; Mon, 10 Jul 2017 00:57:41 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w125sm9852512pfb.117.2017.07.10.00.57.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Jul 2017 00:57:37 -0700 (PDT) From: Kees Cook To: Linus Torvalds Subject: [PATCH v2 4/8] exec: Use secureexec for clearing pdeath_signal Date: Mon, 10 Jul 2017 00:57:27 -0700 Message-Id: <1499673451-66160-5-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1499673451-66160-1-git-send-email-keescook@chromium.org> References: <1499673451-66160-1-git-send-email-keescook@chromium.org> X-Mailman-Approved-At: Mon, 10 Jul 2017 08:20:01 -0400 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Nicolas Pitre , "Jason A. Donenfeld" , Andy Lutomirski , Tetsuo Handa , Michal Hocko , David Howells , selinux@tycho.nsa.gov, Ingo Molnar , Hugh Dickins , Greg Ungerer , Stephen Smalley , Vivek Goyal , Rik van Riel , Kees Cook , linux-fsdevel@vger.kernel.org, Alexander Viro , James Morris , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , John Johansen , Ben Hutchings , Oleg Nesterov , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Like dumpability, clearing pdeath_signal happens both in setup_new_exec() and later in commit_creds(). The test in setup_new_exec() is different from all other privilege comparisons, though: it is checking the new cred (bprm) uid vs the old cred (current) euid. This appears to be a bug, introduced by commit a6f76f23d297 ("CRED: Make execve() take advantage of copy-on-write credentials"): - if (bprm->e_uid != current_euid() || - bprm->e_gid != current_egid()) { - set_dumpable(current->mm, suid_dumpable); + /* install the new credentials */ + if (bprm->cred->uid != current_euid() || + bprm->cred->gid != current_egid()) { It was bprm euid vs current euid (and egids), but the effective got dropped. Nothing in the exec flow changes bprm->cred->uid (nor gid). The call traces are: prepare_bprm_creds() prepare_exec_creds() prepare_creds() memcpy(new_creds, old_creds, ...) security_prepare_creds() (unimplemented by commoncap) ... prepare_binprm() bprm_fill_uid() resets euid/egid to current euid/egid sets euid/egid on bprm based on set*id file bits security_bprm_set_creds() cap_bprm_set_creds() handle all caps-based manipulations so this test is effectively a test of current_uid() vs current_euid(), which is wrong, just like the prior dumpability tests were wrong. The commit log says "Clear pdeath_signal and set dumpable on certain circumstances that may not be covered by commit_creds()." This may be meaning the earlier old euid vs new euid (and egid) test that got changed. Luckily, as with dumpability, this is all masked by commit_creds() which performs old/new euid and egid tests and clears pdeath_signal. And again, like dumpability, we should include LSM secureexec logic for pdeath_signal clearing. For example, Smack goes out of its way to clear pdeath_signal when it finds a secureexec condition. Signed-off-by: Kees Cook --- fs/exec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 3e519d4f0bd3..d7bda5b60e7b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1361,8 +1361,7 @@ void setup_new_exec(struct linux_binprm * bprm) */ current->mm->task_size = TASK_SIZE; - if (!uid_eq(bprm->cred->uid, current_euid()) || - !gid_eq(bprm->cred->gid, current_egid())) { + if (bprm->secureexec) { current->pdeath_signal = 0; } else { if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)