From patchwork Wed Feb 15 14:42:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 9574271 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9E517600F6 for ; Wed, 15 Feb 2017 14:58:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8C4E728486 for ; Wed, 15 Feb 2017 14:58:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7FB9D284A7; Wed, 15 Feb 2017 14:58:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 51B8528486 for ; Wed, 15 Feb 2017 14:58:24 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.35,166,1484006400"; d="scan'208";a="3899556" IronPort-PHdr: =?us-ascii?q?9a23=3Af4GeMBc/xrOXfXKSOUd8rua6lGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxcq4YhaN2/xhgRfzUJnB7Loc0qyN4v2mATZLvs/JmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBW7oR/NusUIjodvKLs9wQbVr3VVfO?= =?us-ascii?q?hb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnY?= =?us-ascii?q?UAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhS?= =?us-ascii?q?waOTE56mXXgdFugqxdrhyquhhzz5fJbI2JMfZzeL7Wc9EHSmpbRstfSTFPDIOy?= =?us-ascii?q?b4QNDOQPOuJYoYfyqFsWrxayGAehC//gxDBWnX/7xrE63uY7HA3axgEsA8wCvX?= =?us-ascii?q?LJp9v1LqcSVuW1wbHWwzrdc/NWwir96I/VeR4ju/6MW69/ftDMwkQoDwPKkFOQ?= =?us-ascii?q?qYP4PzOU0OQBqmub4PR6VeKplWEnrxp8ojm2yscojYnJmJwaxkrf9Spjw4Y1OM?= =?us-ascii?q?e4R1Rhbd6iDpRcrSOaN5NvT84kXmpmuz46x6UbtZO0cyUG0pQqywPFZ/CZfIWE?= =?us-ascii?q?/AjvWPuJLTtlmn5oeaiziwis/UWi0OHwS8a53VRQoiZYj9XAq3YA3AHJ5MedUP?= =?us-ascii?q?ty5EKh1C6K1wDU9+5LP1g5lbHeK5492r4wkYcTsVjbEi/2hkr2iKiWe104+uey?= =?us-ascii?q?8eTnY6jmpoSGO49oigDxLqQumsulDeQ+LgcORHSU9f651L3i+U31WLRKjvsona?= =?us-ascii?q?nFqJ3WOMsWq6GjDwJVz4ov8QizAji43NgCgHULNFdFdwiGj4jtNVHOOvf4DfKn?= =?us-ascii?q?jlS3jjhrw/HGPrv8ApTCN3TMi7Dhfat760FA1gUz1stS545UC74dIPLzXVX9tN?= =?us-ascii?q?rDDhAjKQC0zOHnCMtl2oMERW2PGrOZML/VsVKQ5OIvJO+Ma5UJuDb9Mfcl4eXj?= =?us-ascii?q?jX0+mV8beKmmx4AXaGymEfR8OEWVe33sgs0OEW0SpAoxUPTqiEGeUT5Uf3uyXa?= =?us-ascii?q?A86SsnB4KlFofDQYatgL2f3CqgEJ1WYn1GC1+XHnf1cYWER+oMZDiVIs97nTwO?= =?us-ascii?q?TaKhRJM51RGyqA/6zKJqL+TV+i0csJLsysJ16vbdlR4s6DN0CN6d3HuVT2FumW?= =?us-ascii?q?MIRSE507xjoUBnzVeDy6d4ieRCFdNP//NJThs6NZnEwuNnF9/yXwXBftGVSFq7?= =?us-ascii?q?WdimHy8+Tsgww94PZEZ9Hc+ujhbd0Cq2G7UVjaCEBIQo8qLA2Hj8P9tyy2rc26?= =?us-ascii?q?k7lFQpXsxPNWi6iaFl7AjTG5TFk0OHmKa2ba4cxjLC9H+fzWqSu0FVSA5xUKTC?= =?us-ascii?q?XXAZfUbWqND56lrDT7+oE7gnNBFOydSBKqtLdN3mk09KRPH9N9TCe2ixgXu/BQ?= =?us-ascii?q?6UxrOQa4rnY34S0z7aBEgAkgAT5mqGNRMkCie6vW3RECZiFUnxbEPo8Ol+rm67?= =?us-ascii?q?T0Avwg6Wb0xhzae1+gUPif2SUfwTwqkEuCAnqzluG1a9xd3WAcKapwV9ZKVcfc?= =?us-ascii?q?894FBf2G3HrwxyJIagL6F5hlMFawR4pVnu1xRsCoVYlcgltm8lwxRoJaKfylNB?= =?us-ascii?q?eCuS3YrsNb3PNmny4BevZrbY2lHEytmW/LsA6PUjq1j4uQGpDksi/2x809hbyH?= =?us-ascii?q?uQ/JLKDBAdUZjpSEY46wB6p63GYik6/47U1mdjMaqzsj/fwN8pB/EqyhWnf9dC?= =?us-ascii?q?Kq+EExXyE8ICDci0NOMqg0Spbg4DPO1K7qE7Itmmd/qY166xJ+tvhi6pjWFd7I?= =?us-ascii?q?B6yEKM+DJ2SvTU0JYd3/GYwgyHWi/8jFi/tsD3nYdEaCoWHmqi1SjkA4tRabdo?= =?us-ascii?q?cYYME2euLNW9xs9iiJ71R35Y6FmjCksd2M+nYxqSaEf93RFL2EQMp3ynniW5zz?= =?us-ascii?q?lunDEvtKaf2jLBw/j6fhodJmFLXHVijUvrIYWsgdEVRkyobxQ3mxu//kb33LZb?= =?us-ascii?q?q7plL2bIXEdIejL6L2Z4Uqu/rrCCedJA6Is0sSVLV+SxeUyaRaPgrBsbySzjG3?= =?us-ascii?q?BTyyw8dzGvppr2hQd6iH6HIHZ1snXZZdl6xQ3D69zEWf5Rwj0GSTF+iTnWAli8?= =?us-ascii?q?O8em/c6PmpjZrO++TWWhWodUcSnxwoOKrDG76nFyAR2jg/CzncXqERY70SDny9?= =?us-ascii?q?lqUj/IoAzgbYnr0KS6N+1nc1JsBF/97cp1AJt+kowqiJEXw3gaiY2f/WAbnmfr?= =?us-ascii?q?LdVbxaX+YWIJRT4K2N7V/BHp2FZ9IXKNxoL5UGidw8R6atmhemMW2yQ978FWB6?= =?us-ascii?q?eP9rBEmzV6okagpwLLffd9hisdyecp6HMCmeEJvw4tziGDDbAIAUZYOiLtmg+T?= =?us-ascii?q?79CjsKpXf3yjcb+q1EpxhdqhFq2NohlAWHblfZcvBTdw4d9iMFLIynH88Jvod8?= =?us-ascii?q?LXbdIXqh2UlBHAgvNQKJ4tkPoKgjZoNXj7vXI71+4xlQZu0o2ivIibN2Vt+7q0?= =?us-ascii?q?Ah1GOT3zfMMe4TLtgrhYnsaN2YCgAIlhFi8MXJvyQvKiCCgSuuj/NwaSDD08rW?= =?us-ascii?q?+WGaTZHQCC80pmsXTPHI2rN32NInkW08liTgGHJENDmAAUQCk6npkhGwCy3sPh?= =?us-ascii?q?bUN56ysN6V75thtNyvtkNxflXWfZvguobS00SJeHJhpM8g5C/1vVMdCZ7u9rBS?= =?us-ascii?q?FX44CuoReCKmyeaAVEF2cJVVKYB1r7JLmh+cHA8/SEBuq5N/bOea+BqfFaV/iW?= =?us-ascii?q?3ZKgyI1m/yqSOcWVJXRiEuY71VRZXXBiAcjZgDIPSzENly3RccGbqhC8+jd4rs?= =?us-ascii?q?+h6vjrXhzg5ZeXAbtILdpv4wy2gbuEN+OIiiZ2MzBY1o8LxX/N07Uf0kAdhDxp?= =?us-ascii?q?dzm3C7sArTTNTKXSmqBJExEbdzl/NMxS76IzxgNNI9LUisvp1r5kif44E1JFWk?= =?us-ascii?q?blmsGte8MKP329O0ndC0uQMrSJOyHLw9rrbqymUb1fkv9YtxuutjaHC0XjJCiM?= =?us-ascii?q?lyH1VxCzNuFBlDubMAZQuY2ndxZiE2zjTNXmaxCgKtB4kTg2zaczhnPQOm4WKS?= =?us-ascii?q?J8fF9Vrr2M8SNYhe1yG2Jb7nV7MOaEgDyW7+/EKpYRqvtmGT57mP5f4HggzLtV?= =?us-ascii?q?9i5ETuRvmCTOtt5uv02mku6XxzphShpBsC5LhJqQsEVsOKXZ7IJAWWrK/BIM62?= =?us-ascii?q?WfERIKqMdkCtL1v6Bc0N/PlLj8KD1a6dLb4dMcB9TIKMKAKHchKQTmFyXKAwsD?= =?us-ascii?q?TD6rKWbfildckP6M6HKasII2qp/2mJoBUrVbTkA6FusGCkR5G9wPOIp4Xig6nr?= =?us-ascii?q?GBg84I/2CxrAfKScVBpJ/HVe+SAe/1JzqDiblEeh0IzqniLYgKKo373E9ia1l9?= =?us-ascii?q?nIjQHUrfQ8xNqDV7bgAouEVN7GR+Tmor1kL+cAyt/mUcFfGqkR4tkQZ+ev4i9C?= =?us-ascii?q?n27Fc4OFXKvzE8kE8vltX5mTqRaiL+LL+sXYFKDCr5r1M+MpL0QwZyaw2/hlFr?= =?us-ascii?q?OynfSLJQlbRgc3pniAjGuZtAAfRcV7FLYAcMxfGLYPUlyU5Tqiq9yk9Z++TIEp?= =?us-ascii?q?xilBM0fp6qqnJPwQNjbNouKqzXK6tF1F9QhriBviWwzOA+3BceJ1oR8GOVYCMI?= =?us-ascii?q?pEsINrw8Kyqy+ext6BKNmz1Yd2gWUPolvPFq+1ghNOSHyiLvz6RMKlutN+CFKa?= =?us-ascii?q?OWpXTAn9aSQlwszkMIi1VF/b9u3Mcgc0uUU14gwaCUFxQOO8rCJx9ab9ZO9HjT?= =?us-ascii?q?eiaOtPvCzYhzP4qjCuDiVfWOu7oMgkK4AAYpGJwB7sIfEZa21EHVNsTnLLkeyR?= =?us-ascii?q?Ux/gvrIk6FDPdIeB6RljcIvd2/xodt3YZBPjEdHXl9MSKv67bNuAAqm+SMU80s?= =?us-ascii?q?YngGXosJLWk5WMygmyFEuHRAAiG30vgHxwmC9TP8oDrfDCXkZdp5ePiUfQ9sCM?= =?us-ascii?q?2x+Tgn7qe2jljX8pPDKG7kMdRiu8TC5vkEqJadDPNYV759s13Tm4NAXXylT3bP?= =?us-ascii?q?EcKpJ5j3c4QjcMb7Cmi7UlOikDI4VN3+PMy3LqiPjwDoXphbv5WG3DA5NM+9Cj?= =?us-ascii?q?EfFw12p+4d+KJ2fRcDbIYjYR70qwQ+MLSyIAOf0tW0XWmtLzpXT/5EwOW1YbxX?= =?us-ascii?q?0jAgbuigyHsvVps61fW48VYRRJEWiRHT3e2jaJdaUSjyHHxdZgrOqDElmGhmM+?= =?us-ascii?q?Y93v0wwAjUsVUGNTCEavBpYnRev94gHVOSPWl2Cm0gSl+fl4rC4hSj37YO/ytd?= =?us-ascii?q?hNtU3upFsGDisZPFZjKjRrCro43PsyU8ddgmv7FxMYv7L8uatZPemzvfTIXQsg?= =?us-ascii?q?yFSyO1Cvtam9hKLy1DWvVIn38qOdAes4pb9UUxTts+J6BICKQ0vL+qbTtkAjIM?= =?us-ascii?q?wiABUoOB3DoCguC627TAjRqfa5UiPwYCsJlbjNsdTjR6YiUAq6+/T4/WjXOLSn?= =?us-ascii?q?AXIAcP6gRB/BkPmZF2fu3++oXHUYFMxCBMo/JvSCTLDJlp+0H8SmGMjljyUO+h?= =?us-ascii?q?nPCx3QJO0PLs1cEWWBFiCUhcw+ZWklUnKLRsJqYNoIHFqT6Ieln8vG73z+umPl?= =?us-ascii?q?ZRw9XOd1LkFIrFqXb8UioE9H0OQ49PyW3QFZQVkwp9c6YlvExCLp28dEvi4DIp?= =?us-ascii?q?3JhmH769Vc+33VkltmoGSz2sE9VfF+FsqEjXVyF9Y5C3tJXlPI1fQnVK952HrF?= =?us-ascii?q?dWi15gMzKjyZVGNcFC/DoMXDlJoTWSuNuyScJD2c9qD58CONh/oXL9FLlCOJeP?= =?us-ascii?q?v308oqbvxWPB+zAgrFe6wy2+GqGiQ+1F/20eGwApJ2WEpUksFOYs83nd/U7TvV?= =?us-ascii?q?xu+OdbHLePh11roDlhBpBOGipJ1Xe9IltpVnlGruNaJL7Wc8FHQvkyZB6vOwAl?= =?us-ascii?q?GvI82UyG4110l2/jYyNurgta5zzdXw4sWCkUhLfthSMRqsW5Nj8fVZ1IcS8hbi?= =?us-ascii?q?feJgKcgSBYohBfa0RwVJAYBtZK4LYb3IRO8srFU0asJjkPXAZ+OQIgzfpfiUlD?= =?us-ascii?q?vV2XeSDHFwWoc+rPvwZ2fceWos+pKuj5/AdZhYPmtuA467sMR2e8lQ2rX9/es5?= =?us-ascii?q?f2tseWuUuWaKf4L+q8bGfdTDjLiBC9nqskA4XP/yfIKgZbLYd1yWY8a5j7FWHL?= =?us-ascii?q?JQhGJ74cJ0dDVaB1c89GrfpeZ8B5Y6sG5LFiBgqfRhzxHIygsuNGIkzURTTEIC?= =?us-ascii?q?WL6va/rp7L7bzBVejgYdSBx3TAQ61pJZp19Cf0G6z03o9E5kr5xOpi+ll8SVfY?= =?us-ascii?q?LyCLtM7hKR8T5Mm+akviuYUkEijYAJhsjHbgxFxMesQMTiK295QYzY9W52zrSe?= =?us-ascii?q?JkyETztvNd96V844kt/79p0du0JbvVKflCq09oHAWbBgVw+ZUxG2V/Q2dRYvEP?= =?us-ascii?q?J/vPYasZit3hpP7tG6wR9hKV5/RTacHbKEHZhsm/FjacRARcnAcatT4VNBaT1+?= =?us-ascii?q?Kelq9vTsaluPL51V4z7Fi4Mh4G1qpi5YOe9qqPvu/XYAPbzaIYVajyWsPzsrMs?= =?us-ascii?q?tluO5f0+irEBZHF6bha6EOgZSs4d3H3vzb4rzSIrF8PMAa7g9OREV3IjkTLqg4?= =?us-ascii?q?p9EEkOGvMIAbqL+pxTkXo+m+PDLdAZb6ZClXyVGR6jCL8Cxmah6zGLL2l9nhHO?= =?us-ascii?q?zxbwTHux7FDsty94RjDMz9P5nUpLTbS3AFpSXy61OU95rDyPPRDntNzsuagv60?= =?us-ascii?q?E2KGPkvsqXlGS9ILNXA9H/JNuELCk2vl0XipMxRsao2Y8GB9WwO8sR/2t4bvvF?= =?us-ascii?q?7GOniSlBrLlbh4DG+MGa5u3XHWW8j62ds7iNwjRYx2M5vVE579CsLPDO59uEQ/?= =?us-ascii?q?SyzWkRVDt/uxHcXxGptrzbskoUNlKR3EfMgowKMclT3WMk2UH++OgjXNUz+R1Y?= =?us-ascii?q?FobBe/wCojTzNyHvwVqFYtI3US6e0yBMHl/uFFl1F6c91Hj3vMLTmnfa40coSZ?= =?us-ascii?q?Vod0z7mRx3CJ01Jl4351gT3CUDChQNaBCcDLyzHkTqMYoEWlYFaRSb3bi1YL07?= =?us-ascii?q?3UttzbOz/OXTd/BzB7IRNvZBiQ6DhFxbGokTsaAeW798dUFS+7PQpgj4EYfnR+?= =?us-ascii?q?LmlX0yNfKrXs9a7doVt3w44gawXxCg84tM764HiJCUca5JeZrMvMF570p84D4A?= =?us-ascii?q?aCxMjwZljxO4V+Acq/rv4t7Fv5q08uyuTroiR/0L9xgoAGRzl5rwgVE5rt7Ny+?= =?us-ascii?q?hRUZbVhprj8A9TP3GGooHa0wNzKeAWMYKkYK5g92kbJygZP38BJtuWa+Iy4iB3?= =?us-ascii?q?MjXT5kBCAtsWatMFOMrAghxbikr0V75N7MXbB0WYC4Bpd88y9Wb3zyo18ZQkWO?= =?us-ascii?q?b69DC2PYzf701KP/5blCVjjs7Cq/QVwfvcDygX+3qZZwFuwiycz5mNCvDw/fiD?= =?us-ascii?q?ydzPT1MJBDI2XJtdJDuM/gynXOm1mI/qUgyK8M/zhowxdEaKSny2hqQFvb5GEf?= =?us-ascii?q?RchSXjwjheCof1iuqJs9q29mRXskdIEIBt4hDeBapfP5p7ORXklsaxXUhzHDH/?= =?us-ascii?q?eNzOehoopuWW2v8G4/9iOEvmeY8bPhUExqr16XVPVAthVqL2vlaCUOIVZdtmVO?= =?us-ascii?q?3LrnBP5oJ9MK8DJl6dq4L2rj1QslA5HBcpaKMsrjxdbkTOkxNaW6DouL4HjQsQ?= =?us-ascii?q?VsV5tlFIGWKxPmI++jXGWL9RjKaPEvwU8i+cQrYIU0p2LiN0Wwm114l2e7u1gf?= =?us-ascii?q?BHtXtLkT9/oPcwzzNrXwezuSrop6IJ2DIv5qu4tCkftnNZTuWSiSDICU9MzP4S?= =?us-ascii?q?l6cTF27i6UCgYHkEdIby5b5nJcL89Yku/XsyehAjfywcUuSmFS7wk62JAouVsN?= =?us-ascii?q?Jfnx6BosPOYqGvLSIKLLQy1QrjR2Rh0gjZhBto/3cEQi677NM9OYuzNsArxiuu?= =?us-ascii?q?GWjGe1cB+axJsM7rul4NUuQ6c1RhwH9s0sKfXC0CWNTPG3opjggjcWhEcpVD6R?= =?us-ascii?q?8cF6UynjmIvq1G/hwJbzbVE4Sl/JLQncTJ2XQmU9dqx3zWqbeBhpw30X1pgdV0?= =?us-ascii?q?4TCSuH4KbezXT9dsAmTv1odY0eH+ZuutvfoBSIZ9zLShTeINMsik+WutwplqXV?= =?us-ascii?q?WlxrsGFVqjLOAD3qvbUzuiSWCAW+SEbWaMnzg9MkPp6xinNFs3Z9lWr0MnNOvN?= =?us-ascii?q?mIJcnRX7UbxoXiWQuUPbzGs7POMVcwI2v4mmdBIOTO4VfOWcPu8uwPs/CFQQdX?= =?us-ascii?q?PJGzV5C/Ouu163gId7I2lg4Vn9Yen18ADmMNuTGgEDEY7er55x5eK1S3mEOX9h?= =?us-ascii?q?0B1yJld7+/3YF1Qrue9Wa4yRksTIh9Rnze4FcO9gMTE8ut4WgY9j9YiU39uJcR?= =?us-ascii?q?7Pypb+P9fVreaEA/fH1UQlZnlaUqYFYQPy/4g6O985W77QHbtephkcB7I1QJ8m?= =?us-ascii?q?N2f36q50Khl/cgjPa7SomsPqvP6EZoNIp3/K6VI9NDzTtAMFyvyoVgF7dJSqh3?= =?us-ascii?q?LuIJAsWDJOscBiBgFhHItVFMMKtxCnDIKMmKGnl9+x/Ft3u/cNsar0EP/Kztq4?= =?us-ascii?q?34J1X5hU/kGLOTHRBK5wgkt7kuuymPDA0oLqCcPjf9MEW/J3Qmnfar/JBo+/MC?= =?us-ascii?q?6BOtrge05a9L6RyLx5XQuVZCD4R6qJqjapNfRl4UU+z4x3YvDTzDgz4L3B39vy?= =?us-ascii?q?fW5brD+5rXGVLJtf8EDKBevGUhNaUfqF6mdlErEJYobv8ecOMMAiwMKC7AVp6z?= =?us-ascii?q?RCysSFKbC7rkDQwkJ7aY7bLEzx1iY+XYkFPg+yMVMogWDDsXTdHXVcIdS4Kcl3?= =?us-ascii?q?ntmaEAbh509vlmExfmRBAHbnRc+NOWgH3MKzfAmK9ANND9YekO+7YEo4tqypSe?= =?us-ascii?q?l0IZVIguSqu68BkdZuMS3PQ9JaPy7IJr9sIjVRFvnPpEQvYhMcqLg6RIM1ZZmI?= =?us-ascii?q?IEMaP0aMziz8zRfC0ULqbdyjyr6JLzwN/3VE0b3Fyz5MqBe9ufmCn83jX6rVbJ?= =?us-ascii?q?bsXP7dKCAlTC2VRSwuEUa1/lepo/8Es+CELmcfo1AUZCWSBRUNpqBuq9jfEGvT?= =?us-ascii?q?mexlfJ0Xi/GWQSfwSDd3lKAqHCZEqViMQ+YfFQnRd3LhgnBTuA+lJvBX5n/lcr?= =?us-ascii?q?uYxrZVW+wRH4tMff2ZQ8fCdfBYOTgoii0TOPygcN3Es7Y5zlXIQHMWE6bS71Ke?= =?us-ascii?q?Vk+WTeKYxz/wQ4UVu5I7ujEp+tLNhCN3FbrHP6qHrT607oG4lDqYufHZVmQ1eE?= =?us-ascii?q?w1jucCD3WAzRRDM2wEFc8auFvsQq+BYEZM0mglieRw1B8QYA5zSGFh0mVKnPah?= =?us-ascii?q?Hc1UUVwUjGSoQP0Cd113CS0/8lKE4g31e9wPpd7cS3VY9rQSVYpOZMUvvYvSP7?= =?us-ascii?q?EKwe0B2jtjrS18tD+SXH1HiQfQz6fMB797jp1L42Uxt6VuU0eAXjLZN2vK0Iyr?= =?us-ascii?q?D+pOgCNpv32izMPXo/pkcr1X4YNhVgRZSRlqL8zQqGgSGVr/3xG/6lPiRDk=3D?= X-IPAS-Result: =?us-ascii?q?A2HQAgAcbKRY/wHyM5BeGQEBAQEBAQEBAQEBBwEBAQEBFAE?= =?us-ascii?q?BAQEBAQEBAQEBBwEBAQEBgyeBao5Tj3UBBoEikGOGWyOGA4IUVwEBAQEBAQEBA?= =?us-ascii?q?gECXyiCMyKCHAEFAQIkExQgCwMDCQEBCg0LHggIAwEtCwoRDgsFGASJPQwBsX4?= =?us-ascii?q?6JgKLaoYIhTSEJhEBHIVlBYcJB4g0fYs2ig+KAIhbDIYkSJJPWHgIIBRvhEUdg?= =?us-ascii?q?XBmh1qCLQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 15 Feb 2017 14:58:21 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v1FEv16X026337; Wed, 15 Feb 2017 09:57:21 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v1FEh8BK078912 for ; Wed, 15 Feb 2017 09:43:08 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v1FEh7OJ022028 for ; Wed, 15 Feb 2017 09:43:08 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DgAAAWaKRYWUhhtcpeGgEBAQECAQEBAQgBAQEBg1IgMY9sj3ABAQEBAQEGgSKQY4JEhBuGIgKCElcBAgEBAQEBAgYBGQsJByCFIAEFJxM/EAsYLh8dBxSJdwyxbDqLYgEBCAEBAQEkhgiFNIcgDIMNBYcJB4g0fYs2G4l0igCIZ4YkSJJPgVcgFG+ERR2BcIptAQEB X-IPAS-Result: A1DgAAAWaKRYWUhhtcpeGgEBAQECAQEBAQgBAQEBg1IgMY9sj3ABAQEBAQEGgSKQY4JEhBuGIgKCElcBAgEBAQEBAgYBGQsJByCFIAEFJxM/EAsYLh8dBxSJdwyxbDqLYgEBCAEBAQEkhgiFNIcgDIMNBYcJB4g0fYs2G4l0igCIZ4YkSJJPgVcgFG+ERR2BcIptAQEB X-IronPort-AV: E=Sophos;i="5.35,166,1484024400"; d="scan'208";a="5945033" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 15 Feb 2017 09:43:06 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AfjjOuhJCnMI/S6/1ddmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgRI/rxwZ3uMQTl6Ol3ixeRBMOAuq8C07Cd7fCocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDqwbaluIBmoognct8obipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2ThLjlS?= =?us-ascii?q?UJOCMj8GzPlMJ+kaJVoByjqBJ8xIDUZI+bO/Vica7GYdMWWXBMUtpLWiBdHI+x?= =?us-ascii?q?aZYEAeobPeZfqonwv0UAogWiBQm3GePvzSJDiH3s0q08zusuCxzN0Qs4H90Qtn?= =?us-ascii?q?TUo8j1NKYUUeysz6nH0y/Db/VI1jf584XGcQktofWLXbJub8Xd01QhGh/AgFqe?= =?us-ascii?q?tYLoIymZ1uITvGSB7epgTfuihmg6oA9yujii3tkghpXXio4P11zJ9jh1zJwxKN?= =?us-ascii?q?C6UkJ2Y8CoHINNuy2ENoZ6WN0uT39qtSog17ELtpy2cDIXxJg62hLSbeGMfZKS?= =?us-ascii?q?7RL5TumRJC91hHJ7d7K7gBa/6Uahy+PyV8Wq0VtGsDBJksLWuXAOyhzT8NKIRu?= =?us-ascii?q?F7/ki/wzqP1RjT5vlFIUAyi6XbN4YszqAsmpYNq0jPAyz7lFjsgKKSdEgo4Oql?= =?us-ascii?q?5/r/brXjvJCcNot0ig/kMqQpn8yyGfw4PRYIX2iU5OS81bvj8VT6QLpUlP02lL?= =?us-ascii?q?fWsJTBKMQav6K5BwhV0pg95BqlFDepytcYnWQdLF1fYh6HiZbmN0vMIPDgFfu/?= =?us-ascii?q?mUijkC93x/DaOb3sGo7NIWbHkLfge7Z99kFdxREvzdFf+51UCrYBLOj1Wk/qrt?= =?us-ascii?q?PUFBA5Mwuqw7WvNNIo1IYZQ3iOGYefOabfsBmP/O18DfOLYdoptSrmNv9tx/fo?= =?us-ascii?q?gXZxzUcQe6a03J1Sa32iGPliC2TcZX3yj5E6OEQ3hCN4SuGsikXUAm0bXGq7Q6?= =?us-ascii?q?9pvmJzM4mhF4qWHo0=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EvAQCTaKRYWUhhtcpeGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBFQEBAQECAQEBAQgBAQEBgycfMo9sj3UBBoEikGOCRIQbhiICghJXAQE?= =?us-ascii?q?BAQEBAQECAQIDARkLCQcgL4IzIIIeAQUnEz8QCxguHx0HFIl3DLFxOotiAQEIA?= =?us-ascii?q?QEBASSGCIU0hyAMgw0FhwkHiDR9izYbiXSKAIhnhiRIkk+BWCAUb4RFHYFwim0?= =?us-ascii?q?BAQE?= X-IPAS-Result: =?us-ascii?q?A0EvAQCTaKRYWUhhtcpeGgEBAQECAQEBAQgBAQEBFQEBAQE?= =?us-ascii?q?CAQEBAQgBAQEBgycfMo9sj3UBBoEikGOCRIQbhiICghJXAQEBAQEBAQECAQIDA?= =?us-ascii?q?RkLCQcgL4IzIIIeAQUnEz8QCxguHx0HFIl3DLFxOotiAQEIAQEBASSGCIU0hyA?= =?us-ascii?q?Mgw0FhwkHiDR9izYbiXSKAIhnhiRIkk+BWCAUb4RFHYFwim0BAQE?= X-IronPort-AV: E=Sophos;i="5.35,166,1484006400"; d="scan'208";a="3191142" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from www262.sakura.ne.jp ([202.181.97.72]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-CAMELLIA256-SHA; 15 Feb 2017 14:43:04 +0000 Received: from fsav407.sakura.ne.jp (fsav407.sakura.ne.jp [133.242.250.106]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v1FEgdx5069412; Wed, 15 Feb 2017 23:42:39 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav407.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav407.sakura.ne.jp); Wed, 15 Feb 2017 23:42:38 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav407.sakura.ne.jp) Received: from AQUA (softbank126227147111.bbtec.net [126.227.147.111]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v1FEgcdF069400; Wed, 15 Feb 2017 23:42:38 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) To: jmorris@namei.org Subject: Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS From: Tetsuo Handa References: <201702142324.IFB95862.MOSJLOVFQFtFHO@I-love.SAKURA.ne.jp> In-Reply-To: Message-Id: <201702152342.GBH04183.FOFJFHQOLMOtVS@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Wed, 15 Feb 2017 23:42:35 +0900 Mime-Version: 1.0 X-Mailman-Approved-At: Wed, 15 Feb 2017 09:57:00 -0500 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, kernel-hardening@lists.openwall.com Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP James Morris wrote: > On Tue, 14 Feb 2017, Tetsuo Handa wrote: > > > > diff --git a/security/Kconfig b/security/Kconfig > > > index 118f454..f6f90c4 100644 > > > --- a/security/Kconfig > > > +++ b/security/Kconfig > > > @@ -31,6 +31,11 @@ config SECURITY > > > > > > If you are unsure how to answer this question, answer N. > > > > > > +config SECURITY_WRITABLE_HOOKS > > > + depends on SECURITY > > > + bool > > > + default n > > > + > > > > This configuration option must not be set to N without big fat explanation > > about implications of setting this option to N. > > It's not visible in the config menu, it's only there to support SELinux > runtime disablement, otherwise it wouldn't even be an option. > > > > > Honestly, I still don't like this option, regardless of whether SELinux > > needs this option or not. > > > > I agree, it would be better to just enable RO hardening without an option > to disable it. Here is my version. printk() is only for testing purpose and will be removed in the final version. (1) Use set_memory_ro() instead of __ro_after_init so that runtime disablement of SELinux and runtime enablement of dynamically loadable LSMs can use set_memory_rw(). (2) Replace "struct security_hook_list"->head with "struct security_hook_list"->offset so that "struct security_hook_heads security_hook_heads;" can become a local variable in security/security.c . (3) (Not in this patch.) The "struct security_hook_list" variable in each LSM module is considered as "__init" and "const" because the content is copied to dynamically allocated (and protected via set_memory_ro()) memory pages. (4) (Not in this patch.) If we add EXPORT_SYMBOL_GPL(security_add_hooks), dynamically loadable LSMs are legally allowed. include/linux/lsm_hooks.h | 31 +++++++--------- security/security.c | 89 ++++++++++++++++++++++++++++++++++++++++++---- security/selinux/hooks.c | 12 +++++- 3 files changed, 107 insertions(+), 25 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e29d4c6..00050a7 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1865,9 +1865,16 @@ struct security_hook_heads { */ struct security_hook_list { struct list_head list; - struct list_head *head; union security_list_options hook; - char *lsm; + const char *lsm; + unsigned int offset; +}; + +struct lsm_entry { + struct list_head head; + unsigned int order; + unsigned int count; + struct security_hook_list hooks[0]; }; /* @@ -1877,14 +1884,13 @@ struct security_hook_list { * text involved. */ #define LSM_HOOK_INIT(HEAD, HOOK) \ - { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } + { .offset = offsetof(struct security_hook_heads, HEAD), \ + .hook = { .HEAD = HOOK } } -extern struct security_hook_heads security_hook_heads; extern char *lsm_names; -extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); - +extern struct lsm_entry *security_add_hooks(const struct security_hook_list * + hooks, int count, const char *lsm); #ifdef CONFIG_SECURITY_SELINUX_DISABLE /* * Assuring the safety of deleting a security module is up to @@ -1898,15 +1904,8 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, * disabling their module is a good idea needs to be at least as * careful as the SELinux team. */ -static inline void security_delete_hooks(struct security_hook_list *hooks, - int count) -{ - int i; - - for (i = 0; i < count; i++) - list_del_rcu(&hooks[i].list); -} -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ +extern void security_delete_hooks(struct lsm_entry *entry); +#endif extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); diff --git a/security/security.c b/security/security.c index d0e07f2..dffe69b 100644 --- a/security/security.c +++ b/security/security.c @@ -32,6 +32,7 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 +static bool lsm_initialized; char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = @@ -47,6 +48,38 @@ static void __init do_security_initcalls(void) } } +static struct security_hook_heads security_hook_heads; +static LIST_HEAD(lsm_entry_list); +#ifdef CONFIG_DEBUG_RODATA +static inline void mark_security_hooks_ro(void) +{ + struct lsm_entry *tmp; + + list_for_each_entry(tmp, &lsm_entry_list, head) { + printk("Marking LSM hooks at %p read only.\n", tmp); + set_memory_ro((unsigned long) tmp, 1 << tmp->order); + } +} + +static inline void mark_security_hooks_rw(void) +{ + struct lsm_entry *tmp; + + list_for_each_entry(tmp, &lsm_entry_list, head) { + printk("Marking LSM hooks at %p read write.\n", tmp); + set_memory_rw((unsigned long) tmp, 1 << tmp->order); + } +} +#else +static inline void mark_security_hooks_ro(void) +{ +} + +static inline void mark_security_hooks_rw(void) +{ +} +#endif + /** * security_init - initializes the security framework * @@ -68,6 +101,8 @@ int __init security_init(void) */ do_security_initcalls(); + lsm_initialized = true; + mark_security_hooks_ro(); return 0; } @@ -79,7 +114,7 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); -static int lsm_append(char *new, char **result) +static int lsm_append(const char *new, char **result) { char *cp; @@ -122,18 +157,58 @@ int __init security_module_enable(const char *module) * * Each LSM has to register its hooks with the infrastructure. */ -void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) +struct lsm_entry *security_add_hooks(const struct security_hook_list *hooks, + int count, const char *lsm) { int i; + /* + * entry has to be an PAGE_ALIGNED multiple of PAGE_SIZE memory + * in order to pass to set_memory_ro()/set_memory_rw(). + */ + const size_t size = sizeof(*hooks) * count + sizeof(struct lsm_entry); + const unsigned int order = get_order(size); + struct lsm_entry *entry = kmalloc_order(size, GFP_KERNEL | __GFP_ZERO, + order); + if (!entry || !PAGE_ALIGNED(entry) || lsm_append(lsm, &lsm_names) < 0) { + kfree(entry); + goto out; + } + if (lsm_initialized) + mark_security_hooks_rw(); + printk("Allocating LSM hooks for %s at %p\n", lsm, entry); + entry->order = order; + entry->count = count; + memcpy(&entry->hooks[0], hooks, size - sizeof(struct lsm_entry)); for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; - list_add_tail_rcu(&hooks[i].list, hooks[i].head); + entry->hooks[i].lsm = lsm; + list_add_tail_rcu(&entry->hooks[i].list, (struct list_head *) + (((char *) &security_hook_heads) + + entry->hooks[i].offset)); } - if (lsm_append(lsm, &lsm_names) < 0) + list_add_tail(&entry->head, &lsm_entry_list); + if (lsm_initialized) + mark_security_hooks_ro(); + return entry; + out: + if (!lsm_initialized) panic("%s - Cannot get early memory.\n", __func__); + return NULL; +} + +#ifdef CONFIG_SECURITY_SELINUX_DISABLE +void security_delete_hooks(struct lsm_entry *entry) +{ + int i; + + mark_security_hooks_rw(); + list_del_rcu(&entry->head); + for (i = 0; i < entry->count; i++) + list_del_rcu(&entry->hooks[i].list); + /* Not calling kfree() in order to avoid races. */ + mark_security_hooks_ro(); } +#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ /* * Hook list operation macros. @@ -1622,7 +1697,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, } #endif /* CONFIG_AUDIT */ -struct security_hook_heads security_hook_heads = { +static struct security_hook_heads security_hook_heads = { .binder_set_context_mgr = LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr), .binder_transaction = diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9bc12bc..4668590 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6319,6 +6319,10 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif }; +#ifdef CONFIG_SECURITY_SELINUX_DISABLE +static struct lsm_entry *selinux_entry; +#endif + static __init int selinux_init(void) { if (!security_module_enable("selinux")) { @@ -6346,7 +6350,11 @@ static __init int selinux_init(void) 0, SLAB_PANIC, NULL); avc_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); +#ifdef CONFIG_SECURITY_SELINUX_DISABLE + selinux_entry = +#endif + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + "selinux"); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); @@ -6475,7 +6483,7 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; - security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); + security_delete_hooks(selinux_entry); /* Try to destroy the avc node cache */ avc_disable();