From patchwork Fri May 11 00:53:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10394417 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 22F4F602B1 for ; Fri, 11 May 2018 14:40:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1349A28EB7 for ; Fri, 11 May 2018 14:40:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 052E428EA1; Fri, 11 May 2018 14:40:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.4 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7D0B928EB0 for ; Fri, 11 May 2018 14:40:40 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.49,389,1520899200"; d="scan'208";a="558723557" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa12.eemsg.mail.mil with ESMTP; 11 May 2018 14:40:39 +0000 X-IronPort-AV: E=Sophos;i="5.49,389,1520899200"; d="scan'208";a="11697054" IronPort-PHdr: =?us-ascii?q?9a23=3ACnrwPB1/wH+1HMzQsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8ZsewWKfrxwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3?= =?us-ascii?q?RHUMhfSidNBpqwY5YTA+YEO+tXqIvyqEEOrRu5AgmgHfrjxyNGi3L3wKE2yv?= =?us-ascii?q?gtHRzb1wAkAd4CrHHYodPoP6kQTO+11rHFwyvNb/1W2jnz5obHfR8jrv6QUr?= =?us-ascii?q?x+bNLRxEsyGw7LkFqQspfoPy+X2+kXr2SX8+RtWOCphmU6qw9xuD+vxsI0h4?= =?us-ascii?q?TXnI0V0U7L9CVky4goOdK4SFR0YcOqEJtUqS6aLZZ9T8Q+TG5yoyY11L0HtI?= =?us-ascii?q?WgfCcWyJQo3QPfa/KDc4eW+BLvTfqeLi1iiH15f7K/gg+//E69weP/Tsm5yE?= =?us-ascii?q?tGoyVKn9XWtn0Bygbf5taIR/dj5EutxC6D2gHR5+1ePEw5lK7WJ4Qgz7MwjJ?= =?us-ascii?q?Yfr1rPEyDwlU7rlqGZbF8k9fKt6+n/Z7XmoYKTOJFshwHlN6QuhtS/AeMlMg?= =?us-ascii?q?gSR2Sb+fqz1Lnk/UDhXLVFlOc2kqjEsJDBP8gbuq64DBNV0oYk8Rq/CSup0M?= =?us-ascii?q?8EknUdKVJFeRaHg5DoO1HIPv/4Ee+yj0mjnTpk3fzLPqDtDo/TInXMjrvtZ6?= =?us-ascii?q?tx51ZZyAUpzNBf45xUCqsGIPL2QkLxr8LXDhs4Mwyy3ubmB8xx2ZgZWWKSBK?= =?us-ascii?q?+WLL3dsUST6+IzI+iDeI8VuDHnJ/gj/P7hl2U1mVAafam3xZcXcmy3Hux6I0?= =?us-ascii?q?WFZnrhmtUBEWAMvgUkUOzqiEeNUThIanawWKI84DQ7B5i9DYffWI+tmqeB0D?= =?us-ascii?q?28Hp1MaWBMEkqMHmvwd4WYR/cMbzqfIs1jkjMeSbehSJQh1RaotA/71bpqNe?= =?us-ascii?q?TU+ikFtZPsz9d1+uvTlQ0v9TBuCMSdyW6NRXlunmwUXz82wLx/oUtlx1aN0K?= =?us-ascii?q?h4h/lYGsJJ5/5SXAc1K4PTz+tgC9/oQgLBZNCJSFS4Tdq6HTE9VNUxw8UBY0?= =?us-ascii?q?xlAdWtkgjD3za2A78Sj7GEGYA78qfb33j3O8Zx1m3L1Lc/gFk8Q8tONGqmhq?= =?us-ascii?q?hl+wjVGYHJj12Tl7y2eqQEwC7N6GCDwHKTs0FESgFwS77IUmwYZkvTsdv2/F?= =?us-ascii?q?jCT6O0BbQhLARB1daIKrFWZd3xkVVGWPDjNczeYmOwnGewAw2FxraIbIbzem?= =?us-ascii?q?Ud2j/RCE4enAAJ/naGNBY+CTm7r2LYEjNuCUrlY1nw/ulmtHO7Ukg0whmUYE?= =?us-ascii?q?15zbW14B8VheeHRvMLxL0EoiYhqy5sHFa5xd3ZF8SPqxBmfKVGbtM3+E1H2n?= =?us-ascii?q?7BtwxhIpygKLhvhlAEcwttuUPhyxR3Cp5bnMgvtHMqzRN+KbmW0VNabT+Y2o?= =?us-ascii?q?rwOrLPIGno4B+vc7LW2k3Z0NuO+acA8vc4q1L+vAyyFUot6XZn095I03eG4Z?= =?us-ascii?q?XKFgUSW4rrUkkr7xh6u63aYi4l6ozOyHJsK6i0vSHY298yHuQq1hOgc81YMK?= =?us-ascii?q?OeGw/4C9caCNS2KOw2h1ipaQoJPPpP+6EpJM6meP6G2aGxMOZmgj2mkXxN4J?= =?us-ascii?q?ph3UKU6yp8VunI0o4ew/GWxAuHUCz8jEu6v8Dsn4BEYj8THm+lxijiHoJRYL?= =?us-ascii?q?N9fZoTA2e0P8K33sl+h4LqW3NA+l+sHVcG2NO3dhqIdFzwxhNQ2loNoXO8hC?= =?us-ascii?q?u4yiZ4kzYzrqqQxCbO2fjtdAIbOm5XQ2lvlVHsIYmwj9AeQkeodBMkmwG76k?= =?us-ascii?q?bgwKhXvqN/L3PcQU1QZSj5M3liUrestrqFe8NP9pIovjlLUOS7e1CWUKLyox?= =?us-ascii?q?sd0yPlEGtT3zQ7dzCsuprjhRx6j3iRLHFprHrWYctw3wvQ5MTARf5N2ToLXC?= =?us-ascii?q?14iTjMBligJtWp5subl5PCsuC4SmKgWYZecTLzzYOBsiu75HFlAQalk/C1hN?= =?us-ascii?q?LnDRAw0TXn2NlySSXIsBH8b5Hx16S9NeJneldnBEXg5Mp9FIBziZAwhIwM1n?= =?us-ascii?q?gBnJmV+mAHkWjrO9VBxa3+dGYNRSIMw9PN4wjqxktjLmmSyoL6SHqdxNBhZ9?= =?us-ascii?q?+kbWMKwC496NpKCKiM5rxegSR1uka4rR7WYfVlhjcS0+Yu6HoEjOERogUtyD?= =?us-ascii?q?mdDa4IHURDICzsjAqH78qlrKlNf2avdqWw1FBikt+/ArGCpRtcWHnndZs4Gy?= =?us-ascii?q?9/8Nl/OkrW0HLv8oHkZMXQbdULux2KlRfPkvNYKIw3lvUXhSprI2T9smM5y+?= =?us-ascii?q?QjlxxhwYm6vJSbK2Vq5K+5GgRXNiDxZ84I5j7tjLpen8aP04ChBJphHC8HXJ?= =?us-ascii?q?zyTfKnCDgSr+joNx6SED0grXeWAbTfEhWZ6Ed6qHLPFoumN3+JK3YEytViXg?= =?us-ascii?q?OSJFRFgAATXjU1gII2FhywyMzmakd56Sgb5kTkpRtU1uJoKx7/X3/apAiybj?= =?us-ascii?q?c0TIaQLAZK7g5Y/UjYKsqe4fxvHyFD4pKuthSNJXKBawROE24JRlSOB0r/Mb?= =?us-ascii?q?m2+dnA7++YC/KwL/vUf7qBtPdeWO2OxZKz1Ytm5C2BOd+TMXlnFfE73VBDXX?= =?us-ascii?q?9hEcTDhzoPUzAXlz7Kb8ODohe84Dd4rtin8PnwVgLv5JGPC6BOMdVh+hC2h7?= =?us-ascii?q?2MN+iMiyZ4MzlY0okAxXjSyLgQxFQSkT1hdyGxEbQcsi7AVLrQlbFMABEFbS?= =?us-ascii?q?NzNddI76Un0wlMJ8HUlM362qR/jv4vBFdPTUbhld2xZcwWP2G9M0vKC12QO7?= =?us-ascii?q?iBIT3Lwtr3Yb+nSbFKl+VbqQG/tSyAE0D9OjSDlj/pVw2gMOxXkC6aPAZeuJ?= =?us-ascii?q?ymchp3B2nsVs7maga8MN9xlzE2xqc0hnzSP24GLTd8a19NrqGX7S5Amfp/Gm?= =?us-ascii?q?NB7n1jLeSfhimW8fLXKpcMvvttGCh0kPha4HsiwbtP8C5EXOB1mDfVrtN2uV?= =?us-ascii?q?6mnfOAyiR5XxdVrTZLnJyEvUNnOarD95lAXW3L/BUC7GmKDBQKvdRlAMX1u6?= =?us-ascii?q?9M0tjPiL7zKDBa/tLI+sscAtLYKNiAMHsgLxXpHiXbDBECTTG1NmHSnFBSkP?= =?us-ascii?q?aX9nKJtJc6sYTslIAISrBFSFw/DukaBVh9HNwePJd3WSspkbybjM8I/Xq+qx?= =?us-ascii?q?3RRMRGvp/ZTf+SBPTvKCqDjbZafRcIxqn4LYsLPI3hx0NickV6nJjNG0fIXt?= =?us-ascii?q?BMoilhYREvrUVI93h+QGMz1Fz5agOx4H8TEvu0kQAshgt4f+st6C/m400rKV?= =?us-ascii?q?rSuCswjE4xlM3jgT+PajHxKLy9XYJRCyrvq0g+KJX7Qx12bQ2zh0BkMinLR6?= =?us-ascii?q?5Jhbt6aW9rkBPcuYdIGfNEV61LfgQQyu+NaPUyzVtcqj6qylRG5evfFJRikw?= =?us-ascii?q?UqcYa2r31e2wNvdtg1KrLMJKBR1FhfmrqOvjO01uA22AIROkEN8GWUeCEVpk?= =?us-ascii?q?MIMrgmKjGy8eNy8wyCnCFPeG8WV/oluvhq7F8yO/yczyL81L5OMl2+OPaBL6?= =?us-ascii?q?OYpmfAjtWFTUkq1kMSkElE86N23tk/fEqJTUAvzaeRFhQTOcrENw5Vc9JY9G?= =?us-ascii?q?LPciaWreXN3ZV1Mp25FuDvV++BqqAUg0OjHAsyEIQM6NkBEoOr0EHCIsftNK?= =?us-ascii?q?QFxgk15AT3OFWFC+xEeAmVnzcDosG/yoJ33IZGKz4BBmV9NDm46azMpg82mv?= =?us-ascii?q?aDWsk5YmsCVIseKn02QNG6mzJev3lYEDm30+cZyA+e7z/8piXdFyTzb9tjZf?= =?us-ascii?q?iOfhxgEte29isj86Kuk17Y7o3eJ33mNdRlotLA8+cap5ebBPxKVbZ9tkfdm4?= =?us-ascii?q?9fR3ysSWHCCsW6J5nqZIkqdND0BGu6Xka5iz0rU8f7JMytIbSQgQH0WYZUt5?= =?us-ascii?q?GW0ys9Os+7DTwRAQp/p/8d66Jmfg0MeYA7YB7yuwQ5Lay/Lx+S0s+yTGa1NT?= =?us-ascii?q?tWU/5fwP21Z7xKziosauu6x2UlTpwh0ua471UCRJAQgRHY3/qjYJNeUSfrEH?= =?us-ascii?q?xHZwrPvTY5l3RmNusq2Oc/xhLIvkUcMzCMcOxpc3RKscghC12IPXh4DXE1SE?= =?us-ascii?q?ObjYrG/gGjxasS/zdHk9ZSz+JFrGD0voXDbzK0RKyrtZLVvjI6bdc8ua1xNp?= =?us-ascii?q?fsL9CatJPEhDPfUoffsgmEUC68GPpantlQIC1YQPlUl2EqI9YGuY9b5Uo3SM?= =?us-ascii?q?g+O6RFCLMwqbCydTpkESkSwDcXVo+awDMCgua8277blhiKc5QvKx0Ev4tcjd?= =?us-ascii?q?QDSSJ2ZTkepKC7XYXMi2CEUnQLIBsU7QlU4QIPjJVwfuP774rUTZ9MzTFWru?= =?us-ascii?q?l6UyTREJln61/7SmaLgVflU/Wtieqp0hxOzPj0yNkURAZ/CVRBx+ZRjkYnMq?= =?us-ascii?q?t3K7QWvoLQsT+FbkL6vGPsyOu6P1Zd08vUeEPkDIDdr2rzTjUc+WEIRY9I0H?= =?us-ascii?q?zfFJISkxZnZ6YvulpMJZ6pelrk5z0k3IlpGKG4Wt6tx1Ygt3kGRiOqHMFGC+?= =?us-ascii?q?Bpql7XXydlY5+zopX/J5pSWnNQ+IGaq1pBjEVtNCu5xIFAK81R5z4DRyJDoT?= =?us-ascii?q?ODs9uuUMdDw9N5D4cQItdjvHfwAKNEN4KLo3Isvrzg12TU9C0iv1ei3DW8Ba?= =?us-ascii?q?u4QPxD/2EEHQUpPWueoFE1D+Qw6mfS7kzNslds8udZAbiAk158rytjEZBVGD?= =?us-ascii?q?lJz2ylIEpuQ3VcteVVNrjVedRGQ/YufR+vJwA+Ffk+0kyV4E57gHb5bDZ2tg?= =?us-ascii?q?ZB5y/dWAw0WjUPjbf2hT0SsMenNiEGS5hQdzUucz/FKx6HmSBQpBtQcE9qVI?= =?us-ascii?q?wFDttH5r0W05BZ8dbFSUapNS4KRgdiNh4i3fpZi0FDrF2SeTrBAgqwafbPrh?= =?us-ascii?q?p3cN+LrMG3Mfv5/B1Iip/8veA88KUDWWOplROxTtDZsoDzqMeGtk2Qe6fkK+?= =?us-ascii?q?e8e2POTCDQjRCsgrcpF4HK/zPPMAVBNpZ61WEpYYPmCW7WJxRJO7wUJ0xHVa?= =?us-ascii?q?Bgc9pGpvpWZ8h+eKYG4aVtHA6IRgvzGIyzq/lLNkrTRS7AICqf7+Oyup/T7b?= =?us-ascii?q?jBSej6fMOM2XfHQ6VzPphk9Tn3AbDq0ZVR+kDuwPdi6lt6SUTaMyCGtNnhJB?= =?us-ascii?q?kE5NOldkv5up0mBy3WDYx1kHrwwkFAa8sXTDGr8JsCzpNZ82z8SeVi0kj8qO?= =?us-ascii?q?dS7aVr6ZEr47B1zse5PaXSJu5csU9pGBiUARhl+Ys2DWhjXW9RZPQRKPDLca?= =?us-ascii?q?Qfk8/ut/j9F7YL5x2N5+xZddzHKlnHmsm7ETycSBpEnAIbpT4bKAuc2eSFlL?= =?us-ascii?q?VvSca5v+j5x14i40SjLh4c0r9h/4CE+rCHpOXPdRve0aAEWrT2RsP0trksvU?= =?us-ascii?q?KS6uEjlL4KYGN1eBerEOkaVs4a3Wfg1rsnzScjHsLMBb7g/+RDV30hlDL6h5?= =?us-ascii?q?99B0kWGu8THbeT4YtRhGM4lPLCNt0KcqFCnX2CFQW4Hb8D13Gr7TeXIGh/jR?= =?us-ascii?q?3U1RH/X3+z5kfsrSBkWSvM08vjkk1NW7mzHkdSWiqkNFR2sDyRIQXos8D3tr?= =?us-ascii?q?4t7EEsNWzktsyCm3e9OL9NGM3/PtOcKzEupF0LlJ0xWsCv2YcDFNq/IdcR9W?= =?us-ascii?q?pzbv7A5GKrjSBBuaZHh4zR4s2P/PXYA2WghbWAq7qR3DBY1mQ4vVYn59ChN/?= =?us-ascii?q?DB/ceFTOiz2mYKUSh/pxXOUAKvprzctVAUNlSB0F3Xl4wSItFZwX4421n96+?= =?us-ascii?q?giW9Iy+h9RFoTBZ/MevTD8Iib0wVKEbt0rUSmRziVYEUjoEVliH6g8wnj/sN?= =?us-ascii?q?jOlXfK9F0iXpNweFD/hRxrE4U4Llog6EANzSofDQcNaR6aDLayBUTmNIcETl?= =?us-ascii?q?YMaRCG3Li8Z6c20lZ+wqu16+/PceN8B6QMNvFHjg6NhlRbGYwZsbcYQL1if1?= =?us-ascii?q?9R7qnXphLtC4L/RfjpiWIwNeGpQsBd6c0ZuGEt4hyhSBq86ZdO9LIbiJGUdq?= =?us-ascii?q?FaYZjDpt1871x96T4JaCNNnAB1jwmlXuAEuODj/t/bvYKn6umwUqYtW+IX9x?= =?us-ascii?q?8zC2RlkZTwhFEjodfK1+ZTUYDVjZrw8BpNInGQoora1QdzKfYWIYKxYLlg72?= =?us-ascii?q?kHJzQZJ38WIdWWaeMz7DN2PTrP4FxCBscMZdIGM8rXhQBblFHmWLFJ+srcAF?= =?us-ascii?q?+YBJ95d9o04Grv1DA17Zw8X/7l6D+xI5Df815NMO1YgSVpldLNvu4VzuTOCC?= =?us-ascii?q?kZ5nmZcRt1wjiYx5mLFfnw4f2GyMvIWFMeAi42T4BdKSKN+QO7Xeq1j4zlXB?= =?us-ascii?q?6b5MH1gZI+cl+QR3OqkaQKt6ZDC+hAhTvh0jhZDID1iOqfs8Cw52tPql1HDI?= =?us-ascii?q?Fz4AXHGKVYPpV7Pw70mdWrRkh4GyvwZcDVdhsouOqNxecM4v5zN1X/ZY8FOB?= =?us-ascii?q?0Ez6/16XtPQgtoVrH2ok6TXfgNa9t+VPPEsndV5JphK68RJledoofnrjNVqF?= =?us-ascii?q?8rAQ8pb6QwoiZddknUkw1fQ7z0t6IYigsATd55vldBGWCuN2Iw6TrHUb9Yja?= =?us-ascii?q?eLB/wT7DqTUrYCU0N2PSNiWxm1wolhe6O1nfBbtWNLhix9oPwt0z1oWhS8vS?= =?us-ascii?q?nsqrkW2TIn/rG4tSkOtWZDTuqAjyfCEU9Dw+gSjacAF3bi7kSxYHwCbIvx47?= =?us-ascii?q?lnIt/t9Ys77HQ8ZhUjeTMJXeK6ByH2kayIHpSFsMhAix6VpMXOcbizIDAJOb?= =?us-ascii?q?sjzxLjW2Nw0hPanBZv7GsLXiug48E5K4mnPsYl3CWoE3DBdFkQ+qNJrNfxtV?= =?us-ascii?q?kTQesublNhxH9s0tKJRy0KQMzPFX04jg0jaWVDa5JM9wMVF7MvgjaTpalG/w?= =?us-ascii?q?cUYDjOHoSi4InQkt/C2WMhQtdy2mLWuqqFi4sk0HJ7n9N07zaOt2oJeu3ZUs?= =?us-ascii?q?9sB33z2ZlFyez6efqhqOcHSJFpyL65Sv8NLtGj+Xeq2JVtQkKkyKweH0C4MO?= =?us-ascii?q?Af2LjWSCKlSWyEWeSRbWeAhTE5MlT95ROwNF04dN9Kr1MhMuvFnpNckAnhXq?= =?us-ascii?q?1vSyWIoV/U1ncjMf8bdw0qpIenYRIFQ/ALa+iaO+cu3OU0CEEQYH/RASt2F+?= =?us-ascii?q?i2vEapnIh6PXVg/Er7bf3p8gDnK9uSBgIEHJXbrpFr//y6QXiNOXh6zB19JE?= =?us-ascii?q?N07fvQF0wttu9AdJachd3QiM5n3u4FdvdtNyo9t8UNmoJi74mbzsOKcRDXzp?= =?us-ascii?q?bvKtDZuP+YA+fQz04yYGFVTqIZYR/p54U9JtM5WafcHbhevRsHHqU6XZohN3?= =?us-ascii?q?vx9KFzMQNzfQ7RZKiujsnsuO2LeoNep2XK4VIoMCfcpxoDx+SvTQx1apClm3?= =?us-ascii?q?T/LZMrSzJfsdJtEBpmHYpIG8MGtQanBYCbmL3ow+O2rmdBnqdetav2F+CPz9?= =?us-ascii?q?mywp9wQ4kf4EuHITLcLLdkj14jjemohPrElJ7rBpWmMfcncM0zFmrEbKLWW4?= =?us-ascii?q?ayMDSDPuridENctb2RyrR0VlOWfi+vG+K+vTCgfNBj5l82gthgdffX5CQk8r?= =?us-ascii?q?We3dz1fWwdrSCm+zrBD4dS9FzHA6TlWhtQTfeUuDJ+EbY/cZr/9OBIN8crht?= =?us-ascii?q?eb/V83pA9vmO+EJbWx5hvX10Z6c4/LBFf40CY+H48RKVKwNlV6xSeTkVH0Kl?= =?us-ascii?q?cZIsm/ItR2m/6RDwfx/A8pwCcqfGELUj7TYP66Gi0X2tm1eRaR3AZKFMoY2b?= =?us-ascii?q?buP0kiufv2ActvOpMNu+KqvbMcnNAhfyPIRM4cPSbQJbltMzx5BezJo14paR?= =?us-ascii?q?cA9bMyX9FxLbuDLVhPG0CHymumzgbPykbzcN+E36aTJyMX73AByKjKh3wEmw?= =?us-ascii?q?Slouueyu3qVrzQJMXuUfjdLSsjEzKXXzI/FW6ovFOjpfdCp/ObPH0W5FYZJC?= =?us-ascii?q?CKXkpbhKlqoMOYK2jJg+x4NMkIgfeAQSHrYCtxkaczQCFRuhbfbeAEEFz9Zm?= =?us-ascii?q?TskSJnswyrO/FI8GitO7aR3adEc/cdAoJRfPmUWZ7TcLZVIDJ+xWZRA/q1Y9?= =?us-ascii?q?CJ9+Vx6VnPV2ZMVviQrgfMRVOKQvGa2zPgVJkUuI5xoCcz59bMhXAmQZnwE5?= =?us-ascii?q?3EjAaHq9T+gSudouKYU2AsZwowgeZRZQvJzBpBLTQcAsoO8AH2Q6GGblpRzn?= =?us-ascii?q?9hl+902hENdQgyGn1j23FbhrC8T+VIQF4TiyWlR/gL?= X-IPAS-Result: =?us-ascii?q?A2DKCQD6qvVa/wHyM5BcGwEBAQEDAQEBCQEBAYNAA4FcK?= =?us-ascii?q?INyiGKMEYF5dRqBQJNmKhMBhQeCQyE4FAECAQEBAQEBAgFrHAyCNSSCTwEDA?= =?us-ascii?q?wECIAQZAQE4AgMJAQEbAwECAwIiBAICAwFBCggGAQwGAgEBAYMegWkDFQOhS?= =?us-ascii?q?IoYbYFpM4JvAQEFgQIBAV6CNAOBNYJACBdyhHiCJIITgQ8jgjOCCYYfglSHM?= =?us-ascii?q?giFQTyKfAmOS2SHE4R4izWGSjMhgVJNIxU7gkOCFAwXg0WKHAFVT3oBAZAVA?= =?us-ascii?q?QE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 May 2018 14:40:38 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4BEeaeh003381; Fri, 11 May 2018 10:40:37 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w4B0rNm5007123 for ; Thu, 10 May 2018 20:53:23 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4B0rUlB001599 for ; Thu, 10 May 2018 20:53:30 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1AIBACA6PRalywbGNZcHQIFDINBgV8og?= =?us-ascii?q?3GIYIwQgXl1GoFAk2uEdwJFgjshOBQBAgEBAQEBAQIUAQEBAQEGGAZLhTQBAwM?= =?us-ascii?q?jBBkBATgPHAMBAgMCJgICRQoIBgEMBgIBAYMfgWkDFQOgaIoYbYFpM4JvAQEFg?= =?us-ascii?q?QIBAV6COgOBNYJACBdyhHiCJIITgQ8jgjOCCYYfglSHMAiFQTyKegmOSWSHEoR?= =?us-ascii?q?1giuJB4ZJM4FzTSMVO4JDgiAOCRGDNIocAVVPkDsBAQ?= X-IPAS-Result: =?us-ascii?q?A1AIBACA6PRalywbGNZcHQIFDINBgV8og3GIYIwQgXl1GoF?= =?us-ascii?q?Ak2uEdwJFgjshOBQBAgEBAQEBAQIUAQEBAQEGGAZLhTQBAwMjBBkBATgPHAMBA?= =?us-ascii?q?gMCJgICRQoIBgEMBgIBAYMfgWkDFQOgaIoYbYFpM4JvAQEFgQIBAV6COgOBNYJ?= =?us-ascii?q?ACBdyhHiCJIITgQ8jgjOCCYYfglSHMAiFQTyKegmOSWSHEoR1giuJB4ZJM4FzT?= =?us-ascii?q?SMVO4JDgiAOCRGDNIocAVVPkDsBAQ?= X-IronPort-AV: E=Sophos;i="5.49,387,1520913600"; d="scan'208";a="274389" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 10 May 2018 20:53:29 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A7Tf+mh0WyUt1Ur7esmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8ZsesUK/jxwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5fKzSZ9MaRW?= =?us-ascii?q?1GXspITiBMHo2xYooSA+YYIepUspT2q18QoReiAAWhAv7kxD1ViX/sxaA0zv?= =?us-ascii?q?ovEQ/G0gIjEdwBvnvbo9fpO6kdSu210KvFwC/fY/9K1zrw6o7FeQ0hr/GWWr?= =?us-ascii?q?JwdNLcxFc1GAPekFqRqZHuMS6J2eQNqWeb8uRgVeaxhG49tgp8pSSgyd03io?= =?us-ascii?q?bXhoMY0UvE+jl5wIkvON24Rkp7bsC+EJdJqy6VLZF6Td8lQ2FtoSs3zKANt5?= =?us-ascii?q?2jfCUS1pgr2hHSZ+aZf4WH+B7vSuScLS13iX9qYL6yhhS//VK9xuD9UsS4yl?= =?us-ascii?q?dHoypfntXSqHwA2Bre4dWdRPRn5EeuwzOP2hjT6u5aJUA0krLWJJA7zLA+iJ?= =?us-ascii?q?cev1rOEDXqlUnqjKKabFsr9fat6+T8bbXqvJqcOJV1igH6KKgun82/AeAgPg?= =?us-ascii?q?gPWWiU5/i82aX98UHkT7hGlOM6n6bDvJzEJ8kXvKG0DgBN3oYm8Rm/DjOm0N?= =?us-ascii?q?oCnXkAKVJIYA6IgJLyO17QIPH1Fuy/jEiskDhx2vDGMLnhDYvXLnTajLjuZ6?= =?us-ascii?q?xx5FJbyAo21dxf/Y5bCqkdIPLvXU/8rMfYAQE9Mwy1xebnFdp825gCWWOPHq?= =?us-ascii?q?CZMKTSvUWO5uI0OeaAfoAVuDHjK6tt2/m7qUQc0QsZfK+0zd4MZXulBPV6Mg?= =?us-ascii?q?CcZnbxhtopD2gHpEw9QfbshVnEViRcMTL6e4EYw3lvDIOgEJeGRY23hrGF9D?= =?us-ascii?q?m0E4cQZW1cDF2IV3DyeNPAE88FdSbaB8hmiDFMAaCoVosJzRizsEr/zL19I6?= =?us-ascii?q?zf/ShO8drYyNVt5+DV3So3/DhwAtXVh3qBVEloj2gIQHkwx6k5rktjnBPL6o?= =?us-ascii?q?Uwp/1eCMwbs+hEVgY8KI700/1xC9e0XBnIONiOVgDiCp+dJBgabZc9wsQFfl?= =?us-ascii?q?1mM9GjlQzYmXLzRbgPmPbDUKcR24n/mnTwPM1g0G3u0Kg6k0JgGpIJMnep0O?= =?us-ascii?q?o31Q/TAcbrlEWQkb2nc+xI3inN8iGBymqHulpVViZ7WKPCW3EUb0+QptP8sA?= =?us-ascii?q?eKbLKjEvwMNQxCgZqBJ6ZRYdrujn1NRO3kPdXDZiS2gWjmQV60y6+XcY2iW2?= =?us-ascii?q?wb0CyVXFAJlQ8O/HDDNgUkACqli2ObCDtwGBT0akDx6+A4rn79TFdii0moZk?= =?us-ascii?q?hszPKQ/QQPhOfUH/EW2ageuTwJrTxxEVf72MjZXYmuvQ1kKY5Vet4sqGxM1W?= =?us-ascii?q?vEuQhwJNT0JKl5i082aA93tl7g0xhtT45J18MtqSV5n0JJNauE3QYZJHuj1p?= =?us-ascii?q?fqN+iSejGopkKmdrLW11fC0d2f5qYI7rEipk7+uB2ySRVwzk1L+IJ+61LFvN?= =?us-ascii?q?PHAQ8JXtT0W0czsR17o+KSbio84tbM3GZ3eemvszDE0s40HuZt1Bu6ftlePa?= =?us-ascii?q?/FXA//GsEXHY6vfcQ7kliuaVQPO+Vf?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C6AwD46PRalywbGNZcHQIFDINBgV8?= =?us-ascii?q?og3GIYIwQgXl1GoFAk2uEdwJFgjshOBQBAgEBAQEBAQIBEwEBAQEBBhgGSwy?= =?us-ascii?q?CNSSCTwEDAyMEGQEBOA8cAwECAwImAgJFCggGAQwGAgEBgx+BaQMVA6Boihh?= =?us-ascii?q?tgWkzgm8BAQWBAgEBXoI6A4E1gkAIF3KEeIIkghOBDyOCM4IJhh+CVIcwCIV?= =?us-ascii?q?BPIp6CY5JZIcShHWCK4kHhkkzgXNNIxU7gkOCIA4JEYM0ihwBVU+QOwEB?= X-IPAS-Result: =?us-ascii?q?A0C6AwD46PRalywbGNZcHQIFDINBgV8og3GIYIwQgXl1G?= =?us-ascii?q?oFAk2uEdwJFgjshOBQBAgEBAQEBAQIBEwEBAQEBBhgGSwyCNSSCTwEDAyMEG?= =?us-ascii?q?QEBOA8cAwECAwImAgJFCggGAQwGAgEBgx+BaQMVA6BoihhtgWkzgm8BAQWBA?= =?us-ascii?q?gEBXoI6A4E1gkAIF3KEeIIkghOBDyOCM4IJhh+CVIcwCIVBPIp6CY5JZIcSh?= =?us-ascii?q?HWCK4kHhkkzgXNNIxU7gkOCIA4JEYM0ihwBVU+QOwEB?= X-IronPort-AV: E=Sophos;i="5.49,387,1520899200"; d="scan'208";a="11679301" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 May 2018 00:53:28 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;9df38c99-3bb5-4ff8-988f-263d1d947607 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC13.oob.disa.mil (Postfix) with SMTP id 40hs6004lLz25sS4 for ; Fri, 11 May 2018 00:53:28 +0000 (UTC) Received: from UPDC3CPA12_EEMSG_MP28.eemsg.mil (unknown [192.168.18.23]) by UPDCF3IC13.oob.disa.mil (Postfix) with ESMTP id 40hs5y6TnQz25sS7 for ; Fri, 11 May 2018 00:53:26 +0000 (UTC) Authentication-Results: UPDC3CPA12.eemsg.mail.mil; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 24840775|UPDC3CPA12_EEMSG_MP28.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.188.210 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0ChAgCi5fRah9K8o0JcHQIFDIUgKINxiGCOCXUagUCTa4R3AkWCOyE4FAECAQEBAQEBAhQBAQEKCwkIKCMMhSgBAwMjBBkBATgPHAMBAgMCJgICRQoIBgEMBgIBAYMfgWkDFaBtihhtgWkzgm8BAQWBAgEBXoI6A4E1gkAIF3KEeIQ3gQ8jgjMHggKGH4JUhzAIhUE8inoJjklkhxKEdYsyhkkzgXNNIxU7gkOCIA4Jg0WKHAFVHzCQOwEB X-IPAS-Result: A0ChAgCi5fRah9K8o0JcHQIFDIUgKINxiGCOCXUagUCTa4R3AkWCOyE4FAECAQEBAQEBAhQBAQEKCwkIKCMMhSgBAwMjBBkBATgPHAMBAgMCJgICRQoIBgEMBgIBAYMfgWkDFaBtihhtgWkzgm8BAQWBAgEBXoI6A4E1gkAIF3KEeIQ3gQ8jgjMHggKGH4JUhzAIhUE8inoJjklkhxKEdYsyhkkzgXNNIxU7gkOCIA4Jg0WKHAFVHzCQOwEB Received: from sonic311-29.consmr.mail.ne1.yahoo.com ([66.163.188.210]) by UPDC3CPA12.eemsg.mail.mil with ESMTP; 11 May 2018 00:53:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1526000004; bh=v6/os2rgnboQYoqkUx780+Mmc6Whr79jpn7P8CQETtI=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=Fe96oszkADUStFfGiceFWJz28wdx7ieTBJO4Gr+qkdI5hi1+8hoJDYL4eWqm3+mY5DvHjuFr+nUkbAVpJS26kkoF5GN4uooCeOZ+/phQgmXKx5EInCNCqLEa/CKMTIO0nFqcrxjFYUCD/XbJvjF/hxHu6T+2Daoo8obhlncm31rcK79yKExpSJIoI6ihMWR5rGzWeo48Sn+2HuP6Kv+uBtNps/nxVgeddbJfmI8szXJx+/iuj6RM6muYOQ/uP2MaRyZntYC3k1lZiHMsDAypd9n+e6xeESpTNrsHSki8sKvjbe4qIn3RUOY0xO5hx3i4PuGhAoYhKzvvH4uSEMxrwQ== X-YMail-OSG: OUKYjRkVM1lAJANRLXzNt60ysl6w6rx1zrNHyP6s2xhohW8jH2u0RANBYblYtLX MuSZfzcY.JeOW84kBHSPdqFhDzq0RuF5FWZWekOjKJ9ymGb8nVwH5n7bQbhjRdecHNONfH5YYYC0 ZkyPBvC0kNQROgs3jpH1.YmX_lmBdxrqVFbVJhCI.SzuaSQd_evSmyk44511ffkU9ECwOE.wgyRO nCTXk.mLHH85BfaDys90C8snxF237lx51KVbv6Wrkavkgp.KTStmc6j9B2Xk8c6pC76r0fGLwpLk AWEwFK3VqnV96silBnKbcV2epFEWyQ4vbc5.xQH1cbpPWqd.U1CszwNUAK.Ss05q1KFrebqSyc.s LdLNkskIvH0JsPjSY6yiNZdttyt0Q4WxyUuJMf63asn6KRTRWDB5zi7nMF8V0bAU9gIOvxFTYdbB u8602lpjaAxYeLu1pn_xfa_M3aH8q8ZUzzJ9xX_DxlolRtHZ_y7Tzb8gkS5r.OlaL0A3B.55AwOa CvMvT6SYN8ZbO1O6ZnqbI5yaV7igW84Gopsk05y8tYEUE7rmWOjUdWwjHQ4mfX2ZLdywaBx0HHUg nik6EvuMFSV0KbjsCTiYh3o19tuRZJhPVQpF6BPuVBpjrW8YMudm6KzEVIr_9i6TWaIdvKDk1Y9y ErTU- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Fri, 11 May 2018 00:53:24 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp413.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b5ba42c5ee225d026736555e1c0b30e8; Fri, 11 May 2018 00:53:20 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <1c87b84c-50ef-a81d-b428-03b03ec74423@schaufler-ca.com> Date: Thu, 10 May 2018 17:53:17 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Fri, 11 May 2018 10:37:08 -0400 Subject: [PATCH 07/23] LSM: Infrastructure management of the task security X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Casey Schaufler Date: Thu, 10 May 2018 14:08:37 -0700 Subject: [PATCH 07/23] LSM: Infrastructure management of the task security blob Move management of the task_struct->security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 2 ++ security/apparmor/include/task.h | 18 +++----------- security/apparmor/lsm.c | 15 +++-------- security/security.c | 54 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 27 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 2268e43709d4..3ba96e406827 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2017,6 +2017,7 @@ struct security_hook_list { struct lsm_blob_sizes { int lbs_cred; int lbs_file; + int lbs_task; }; /* @@ -2082,6 +2083,7 @@ extern int lsm_cred_alloc(struct cred *cred, gfp_t gfp); #ifdef CONFIG_SECURITY void lsm_early_cred(struct cred *cred); +void lsm_early_task(struct task_struct *task); #endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h index 55edaa1d83f8..039c1e60887a 100644 --- a/security/apparmor/include/task.h +++ b/security/apparmor/include/task.h @@ -14,7 +14,10 @@ #ifndef __AA_TASK_H #define __AA_TASK_H -#define task_ctx(X) ((X)->security) +static inline struct aa_task_ctx *task_ctx(struct task_struct *task) +{ + return task->security; +} /* * struct aa_task_ctx - information for current task label change @@ -36,17 +39,6 @@ int aa_set_current_hat(struct aa_label *label, u64 token); int aa_restore_previous_label(u64 cookie); struct aa_label *aa_get_task_label(struct task_struct *task); -/** - * aa_alloc_task_ctx - allocate a new task_ctx - * @flags: gfp flags for allocation - * - * Returns: allocated buffer or NULL on failure - */ -static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags) -{ - return kzalloc(sizeof(struct aa_task_ctx), flags); -} - /** * aa_free_task_ctx - free a task_ctx * @ctx: task_ctx to free (MAYBE NULL) @@ -57,8 +49,6 @@ static inline void aa_free_task_ctx(struct aa_task_ctx *ctx) aa_put_label(ctx->nnp); aa_put_label(ctx->previous); aa_put_label(ctx->onexec); - - kzfree(ctx); } } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index e986a0eed01e..5fee6ab3786e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -90,19 +90,14 @@ static void apparmor_task_free(struct task_struct *task) { aa_free_task_ctx(task_ctx(task)); - task_ctx(task) = NULL; } static int apparmor_task_alloc(struct task_struct *task, unsigned long clone_flags) { - struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL); - - if (!new) - return -ENOMEM; + struct aa_task_ctx *new = task_ctx(task); aa_dup_task_ctx(new, task_ctx(current)); - task_ctx(task) = new; return 0; } @@ -1123,6 +1118,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) struct lsm_blob_sizes apparmor_blob_sizes = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), + .lbs_task = sizeof(struct aa_task_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1439,15 +1435,10 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) static int __init set_init_ctx(void) { struct cred *cred = (struct cred *)current->real_cred; - struct aa_task_ctx *ctx; - - ctx = aa_alloc_task_ctx(GFP_KERNEL); - if (!ctx) - return -ENOMEM; lsm_early_cred(cred); + lsm_early_task(current); set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); - task_ctx(current) = ctx; return 0; } diff --git a/security/security.c b/security/security.c index ee77af08086b..b414186ad45f 100644 --- a/security/security.c +++ b/security/security.c @@ -108,6 +108,7 @@ int __init security_init(void) #ifdef CONFIG_SECURITY_LSM_DEBUG pr_info("LSM: cred blob size = %d\n", blob_sizes.lbs_cred); pr_info("LSM: file blob size = %d\n", blob_sizes.lbs_file); + pr_info("LSM: task blob size = %d\n", blob_sizes.lbs_task); #endif return 0; @@ -283,6 +284,7 @@ void __init security_add_blobs(struct lsm_blob_sizes *needed) { lsm_set_size(&needed->lbs_cred, &blob_sizes.lbs_cred); lsm_set_size(&needed->lbs_file, &blob_sizes.lbs_file); + lsm_set_size(&needed->lbs_task, &blob_sizes.lbs_task); } /** @@ -306,6 +308,46 @@ int lsm_file_alloc(struct file *file) return 0; } +/** + * lsm_task_alloc - allocate a composite task blob + * @task: the task that needs a blob + * + * Allocate the task blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +int lsm_task_alloc(struct task_struct *task) +{ + if (blob_sizes.lbs_task == 0) { + task->security = NULL; + return 0; + } + + task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); + if (task->security == NULL) + return -ENOMEM; + return 0; +} + +/** + * lsm_early_task - during initialization allocate a composite task blob + * @task: the task that needs a blob + * + * Allocate the task blob for all the modules if it's not already there + */ +void lsm_early_task(struct task_struct *task) +{ + int rc; + + if (task == NULL) + panic("%s: task cred.\n", __func__); + if (task->security != NULL) + return; + rc = lsm_task_alloc(task); + if (rc) + panic("%s: Early task alloc failed.\n", __func__); +} + /* * Hook list operation macros. * @@ -1112,12 +1154,22 @@ int security_file_open(struct file *file, const struct cred *cred) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { - return call_int_hook(task_alloc, 0, task, clone_flags); + int rc = lsm_task_alloc(task); + + if (rc) + return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); + if (unlikely(rc)) + security_task_free(task); + return rc; } void security_task_free(struct task_struct *task) { call_void_hook(task_free, task); + + kfree(task->security); + task->security = NULL; } int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)