From patchwork Thu Jun 1 14:46:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Mayhew X-Patchwork-Id: 9759731 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4B317602BC for ; Thu, 1 Jun 2017 14:48:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 39387284ED for ; Thu, 1 Jun 2017 14:48:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2DD18284F8; Thu, 1 Jun 2017 14:48:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B3BB1284ED for ; Thu, 1 Jun 2017 14:48:35 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.39,280,1493683200"; d="scan'208";a="7652077" IronPort-PHdr: =?us-ascii?q?9a23=3ACjXathz5ydwrcAPXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?1esVKvad9pjvdHbS+e9qxAeQG96KtLQY2qGJ4+jJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMhjexe7x/IRG5oQjTtcQdnJdvJLs2xhbVuHVDZv?= =?us-ascii?q?5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnM?= =?us-ascii?q?URGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LpwRRT2lC?= =?us-ascii?q?kIKSI28GDPisxxkq1bpg6hpwdiyILQeY2ZKeZycr/Ycd4cS2VBRMJRXDFfDI26?= =?us-ascii?q?YYUEEu4NMf9Fo4XholcDqwa1CwuxC+P10jJGhmH407A03eoiEw7G0hQgEtATvH?= =?us-ascii?q?nastr1L7wfXfypwKTS0TnPc+9a1Sv75YPVch4hu/aMXbdofMTM1UYvEB/FjkmN?= =?us-ascii?q?ooLiJTyU1uQNvHaV7uF9Uu+vkGsnpBtxoziv2MgthJLEhpgLxV/Z9SV22po1Kc?= =?us-ascii?q?ekR058ZN6pCZ1dvDyZOYtuWs4uXm5ltSkgxrAGpJK3ZjYGxZs5yxLFdvCLa5aE?= =?us-ascii?q?7g7nWeqLPDt1imxpdKiiixux/0Ws0PPwW8qy3V1XtCRKiMPMuWoI1xHL78iHTe?= =?us-ascii?q?Zy8Vm51DaU0gDT9vlEIUcplarHM5IhwqA/lp4UsUnbAi/5gl/2jK6LdkU/4OSo?= =?us-ascii?q?9+Tmbanmpp+bLYN0jB3xMr8ylcClBOQ4MwwOU3Ca+eS6yrLj4VX0TKhFg/A5iK?= =?us-ascii?q?XUsI3WKd4FqqO2HQNZyJsv5w66Dzi80dQYmXcHLEhCeBKCl4XpIE/BIPT5Dfe5?= =?us-ascii?q?nlStny5nyOvBPr38BJXCMmbMkKz6cLZh609T1AozzddF65JSEbEOOuj/WkD2tN?= =?us-ascii?q?zGFhM5KRC7w/77CNVh0YMTQWCPAqifMKzIrV+I5vggI++XaY8Xvzb9Lf0l6OT1?= =?us-ascii?q?jX8lh1AdZ7Kp0YEQaHCiEfRsO1+Zbmb0gtcdDWcKuRIzTO7oiFKYTTFTZG2yX6?= =?us-ascii?q?U65jE6FoKrFonDRoSwgL2Oxyi7A5tWZnxbClyWFnfobYqEUe8WaC2OOs9hjiAE?= =?us-ascii?q?Vb+5Ro85yx6hrxH1y7xmLurI/S0VrpPj28Zr6OLNjx0y8iZ0D8uF2WGXU250hn?= =?us-ascii?q?8IRyMx3K1nvEN9zVGD0a5ljPNGEdxT5uhEXR0kOp7GyOx2EdfyWhjOft2RUlap?= =?us-ascii?q?Xs2mAS0tTtI229IBflp9FM+4jh3YwyWqBLoVmKCRC5wv7qLQxX7xKNhhy3zezq?= =?us-ascii?q?kuk0EmQtdTNW2hnqN/9g7TB5LXnEWdiamqcLoT3DLX9GaD1meOu1lYXxB2UaXA?= =?us-ascii?q?R38fZ0/Wos/+5kLNVbOuDq4nMgRZw86YNqRKcsHpjUlBRPr7ONXfYmWxm2GrCB?= =?us-ascii?q?aNwrOAdYvqe2MH0CXbEkcEiQMT/XeYNQcgHCuhpXzRDCB2H1L1f0zs6fV+qG+8?= =?us-ascii?q?TkIs1A6FdEpt1760+h4OmfycUOkf3qkatyg9sTl0B0iy39bXC9qGugpgc75Rbs?= =?us-ascii?q?894VddyGLZrBZxP5K6IKB+nV4edAJ3s1np1xVtBYVKidIqo28yzApuNaKY10tM?= =?us-ascii?q?dj2Z3ZD0P73YNHPy8Quha6HIx17e18yW9b0X6PQirFXjvh+mGVY+83l91NlVyX?= =?us-ascii?q?Sc7I3QDAUOSZLxTlo39x9iqrHUeCky/YXU2mFtMamvqTLC3sopBOo8xha7cdZf?= =?us-ascii?q?K7mIFAjoE80VH8KuMvAlm0C1bhIYO+Bf7K00MNmld/uBxa6mJ+VgkyiljWRA/Y?= =?us-ascii?q?BxyEWM9zBzSuTQxZYK3+mY3hebVzf7lFquqN34mZpFZT4MBGqy0jLrC5JUZqFo?= =?us-ascii?q?eoYLE2iuKdWtxtpin57tR2JY9Fm7ClwawsCpfQSdb0fh3QxQ0kQaumenlje5zz?= =?us-ascii?q?NqlTEpsquf0zbUz+TkahUHJnZBRHN+glf0PYi0k9caUVCzbwgnjhul4l36x7RA?= =?us-ascii?q?qaRkKWnTRklJfy3sIGFkSKewsKSNY9JX4pMyrSpXSPi8YUydSrPlrRoVySfjH3?= =?us-ascii?q?dAyzAhbDGnoYv5kAJgiG2GMXZzqWDVecZqxRfQ/NbcX+Je3iIaRClkjjnaHkS8?= =?us-ascii?q?MMS08tWVjZjDtvuzWH6mVp1WbSbk15iAtDeh6W1sHxK/g+i5msf7HggizS/7y9?= =?us-ascii?q?5qWD3WrBb9fobry6O6Mfh9ckZ0BF/87Mx6Go5ln4s0hZEQ32IVho+S/XYdlmfz?= =?us-ascii?q?K9pb07rkbHURXT4L38LV4A/91U1nL3KJ3J75WmyGwsR/Y9m6Y2UW2j8y7s1RE6?= =?us-ascii?q?eU9L1EnS10olWktgLde/59kSkByfE28n4Vn/kJuBYxziWaGr0SB05YPSjolxuW?= =?us-ascii?q?9dCxsKJXZWi0fLiryUpxgcuhAKuFogFGV3bzYo0iEjNo7sVjLFLM12X+6pn+d9?= =?us-ascii?q?nNadIfrAebnw3bgOhSLJIxiv0KhSx8NGL4oXElzek7ggB00ZG8ooeHN31n/Lil?= =?us-ascii?q?DR5AKj31e8QT9ynujalAmMaWxJuiHpZ/FTUNR5voS+ynEC4IufTgLQaOHyU2qm?= =?us-ascii?q?2HFrrHAQ+f9EBmomrXE5+xKnGXIGcWzc14SxmbOExQnhoUUS4nnp4iCA+q3tfh?= =?us-ascii?q?fF1i5jAW+174sAdDxfxmNxn4SGffqxmnZi0ySJeBMBpc9htC6FvNMcyC8uJzGD?= =?us-ascii?q?lV/oOnrAOQMWGbeQJIAnwJWkCeAVDsIKWu78Ha8+eEHuq+M+fOYbKWpOxGTfiI?= =?us-ascii?q?2Jav35B68DaNKsWOPmBuD/Mh1UpFR3x5HN7ZmzoXQSwNiy3Nd9KbpAu7+iBvrc?= =?us-ascii?q?C+8PDrVxz06IuKDLtSP9tv9A6qgaefN+6QgyN5JihC2pMK23DI1KAV3EQOhCF2?= =?us-ascii?q?azmtDbMAuDbDTK3KnK9XExkbayZoOctG8a0zww5NOdTBhdPtzL54ifw1BElZWl?= =?us-ascii?q?z9gM2pYtYKI26lPlPdGEmLLKiGJSHMw8zve6OzVKBfgf5btx21tjeXCUnjMSqf?= =?us-ascii?q?lzPxTRCgLflMjD2HPBxZoIy9aAxhCGb5QNLjcBK7NNh3jD0tzLIumnzKMHQQMT?= =?us-ascii?q?9mc0NCtreQ9z9Xgu1jG2xd6XpoNeeEmzyH4ObFMZYZq/1rAjhzl+JB+3k10ada?= =?us-ascii?q?7CReSPxygivSocZko0u6nemX1jpnTB1Opy5NhIKRp0piIb3Z+4JOWXbF5hIN9n?= =?us-ascii?q?mQCxoLp9tjENLvvbxfytnVm6L3MjtC9MjU/cQEDcjONM2HKGYhMQbuGDPMEQQF?= =?us-ascii?q?ViCkOnvQh0xHiv6S6GaYroMgpZjvhZoOUKVUWEYxFvMHDERqBsYCLI5rXjMjkr?= =?us-ascii?q?6ajMkI6WC4rBbPWMVQporHWe6KAfXzNDaZiqFJZx0JwbP8KYQcKJb71ld4ZVZk?= =?us-ascii?q?hoTKHFDcXddXoi1udgU0ullC8GBiTm0v3ELochii4H4cFf6zmB47kRZxbvo2+z?= =?us-ascii?q?ft+Vg3IEDGpCwqkEk+gd/lmyyecCbtLKesWoFbEzD7t0crPZPlXQl4dgqynVR6?= =?us-ascii?q?OzfCQrJelbpgdWRwhw/btppDA/lcTbdLYBUI3/GYe+0o0UhAqiWg3UJH+ezFCZ?= =?us-ascii?q?54mAswdp6trmxP2wR4Y94vIqzfOqlJw0NMiaKJuy+nyvo+wBQCJ0oX9mOdZjII?= =?us-ascii?q?slQSNrY6Pyqo4vBs6QualjtFZmcDTf4qr+lp9kM6IOSA0zjv07hYKkCyNuyTNa?= =?us-ascii?q?WZtHbclcSQWFM/ylsIl1VZ/bhxycojaVSbV1sxw7SLDRQGKcrCJBpOYMpT7njc?= =?us-ascii?q?YCGOsevVwZJvIYq8FvrkTemQu6YImkikBhomH5wQ7sQdGZmhyFzXIt35LL4E1B?= =?us-ascii?q?ot/x/mK0+fDPRTfxKKniwHrN+jw59qx4ldJy0dAGVnPSWx+LnXuhcggOCfU9cu?= =?us-ascii?q?fncaQowEO2oyWM29gS5WoXJADTiw0u8CxwiC6SL8qj7XDDnmYNppfO2Uag90CN?= =?us-ascii?q?Gq5TU/9LC7iUXJ/ZXaJmH6M8liu9DU5OwGoJaHDu9bQqNms0fAgYVYQWKlU3LX?= =?us-ascii?q?G96vO5fwc5UsbcDzCnuiT1Owlzc1T8D3PNaxM6SFmh/oSphOsIma3TEjMsm9Gi?= =?us-ascii?q?sYGxhuu+EJ/Lh8ahEbY5onfR7osBwzN6+lIAaYyNquRXqtKTtNQvlQyuW6f6BY?= =?us-ascii?q?wzAqbuCk1HsqVos6wPWv8U4RWJEKiQnTxeqiZ4lbVijzBnxdegXUqCUklmhgNv?= =?us-ascii?q?w9zfwlzBPOr1YcLyiBdPZ1Z2xco9E8GVSSLG15CmoiXVCci5bD7xWt37AV8Spd?= =?us-ascii?q?mcpU0e1bv3j/uJ/ffCyjWLaxpZXTrSUgccAso7dtPoz7PsuGqJTekyTFQ5nUsw?= =?us-ascii?q?2KTDC1GOJfmtlQJiJYR/9Ilns+NMMduIpO80wxWt4wJ7xSEqUsoK6laSZ8By4I?= =?us-ascii?q?0SAZT5+A3CAFguqkwLTViBGQfY84PxMZrpVNnMEdUzVsbSMEpK6vTYLWl3WLSm?= =?us-ascii?q?ITOgcc8RxM5B4clo93Zu3l+ozITJ5QxD5WpPJ0VjDLGIFx+VXmUG+bnV/2Re69?= =?us-ascii?q?nOyu2AJd0Ojj0sIHWBJlD0hS2fpWnFMyKL5rM6kQopLKsjiQeEzmvmLi0vepKU?= =?us-ascii?q?JNxs3Tc134CIvFunTmUi0A53IbWY9PxGvYFZQInApzcLwrq0lUIIC6Zkb+4CQp?= =?us-ascii?q?x55zELmiUsCk3E0orWocRyiwDdpOFeVmsFPRWD1qZ5CrqZrlO5VOQm9e4pKdsV?= =?us-ascii?q?JZnF9rMyGn1ZpWM9tN7SIUXDhTvTWdu8O/ScNZ1cBqD58MI9J/u3bnF6NHI5WR?= =?us-ascii?q?omM5taLxxXPD/DA8qli6zi2pG6CkV+JZ43EeGgIxKmSGrUkvC/Ej8n3c81DKtl?= =?us-ascii?q?B08fxWBr2IjUV2uzZyAIxBBixO1XC+NFRzTX9Gs+pAJKTSacxcTOE4ZQWzNBwm?= =?us-ascii?q?Cf4mw0uJ8FluknfjfixysBFW+yPGUgk1VCkVg6vtliYEpsGhJzAaV4pCbS89YC?= =?us-ascii?q?fdNwKbhSdXsQ5Da0FtXpAUGcpF960e3YRP5MbCT1ijKT0dVhx4Kg04yeZflVJE?= =?us-ascii?q?sEiAeSDSFxCoeuzLshJqZsqesdCmLOzh/AhZjoPorvo4+78ER328lg2nWcreoJ?= =?us-ascii?q?Pktt2WqkuOc7/1M++7YXDfVzXDkA6/haw6AJnQ4yjcLhdUJ4N8yXU6fZjrEXTL?= =?us-ascii?q?MgheJ6IHO0pbUrh3Zs5Iou9Ge8NpersF9KF2Cx2bQRPvHZCgo+NdLlbPXzjeKT?= =?us-ascii?q?uO8vCnq4LJ8bPdUfTgZtCLx3vfWaJ4IIp16TnhFLf2yoJe/k322ulz+U9kVVfG?= =?us-ascii?q?ND2Oo8r7KgMN+saialPovoc1EjPOHJdwjH3ty1lYd8oMXy2l6okXyI9C5XbrTu?= =?us-ascii?q?J4z1Lzv/FM+Lli9Yk3+apmycOuKafVM/RavldtAgKICQVy6pUtHG9/SnhNYu8L?= =?us-ascii?q?NvjeY7kWgNvzq+DzC6wX8gea+/JYadvAI0HOhNW/BiubSRxekwcLsSQaIReE1/?= =?us-ascii?q?6Zh690Tt6ope3j1UIp51ixMAIGzKx36oie4aeIovHYbwfKzbcYQKfqXt38oq4q?= =?us-ascii?q?u0yM+f0ujKQOdXBtYw27DOgdUdYQxmX6wqAwyiIsCMfDEKj++PNYUnI5gzbgm4?= =?us-ascii?q?x8H1oKG/MbB7yL/Z9Ekmc/gezZOcUccrpelWaXCR6kDrgCxGap6ySNJmlljAvO?= =?us-ascii?q?0xbtTmyt91L2sTV3QS3Xz9fkiEZVUKe4BVtKVSqzJUB4qC+PPBbvtNfvtqQ18U?= =?us-ascii?q?A2MmjgtN2TkWusI65YENPkK9ydOyY0okgbjJorRtygwYobA8ayIM8N8HFiafvT?= =?us-ascii?q?82WrkytarqdGgYre59uZ+vTRHXmula2Vsa6NxCxCyngloV4/9s2gNuvQ6NGQRP?= =?us-ascii?q?SozWkRRT9luwTdRx61tqDbr1cMNEyO10fLnpAKPt5H0nQj00Hm5fIsQNQt+wVC?= =?us-ascii?q?GIfAYOkCpTPoODfux1aQfc43XDGE0zRLBlL1DUV4GK8k1WL0p8LJkHfd9kYmRo?= =?us-ascii?q?ZuakPnggZ3AJ8gKUI371gXwDQMHhQRaRyBC7GoH0vlJ5MeVUcfcRSHwKS6eqAv?= =?us-ascii?q?0E1o2Lyv+vXcbeNiCKoWLftdlRSBnEZBFZIZr6IeW6hwe1lD+67LvgLiEZToX+?= =?us-ascii?q?D6lXosMv24WsJa8cEct3Y55wawWRqh5olZ77YajpCIebRIYZ7Ss8Bg901n/yIA?= =?us-ascii?q?djRRgBhjiBO0SeEcpeH57dfBrJWl8f2uW7gxR+oJ6xc4HWN+j4H/gFo7u9HYy/?= =?us-ascii?q?9cSpHJiYT46A1COH+KuJ3U0hZmK+oOKp6rfK56+HUaIygTPG4BPd2LZPYi+SBt?= =?us-ascii?q?LS/T51tYAswWf98YO9DNmQ9MgE3zRL5T7tbbGkOfC4prb8An9Xb3xyw18ZoyVe?= =?us-ascii?q?bg8jy2KYnE715TO/NDjSNslM/NpeUO2frdEjQX7mWZaxl7xSOC0ZqNB+zz/eqS?= =?us-ascii?q?0tHUUU0JHiosX4daPjqC9hStRvCpm5XxTgOU9sjzjYoidEKKWHOxmL4KsqBSHu?= =?us-ascii?q?Nblyr73zdeFoHph/2PqNqj8nFXtkBdHIZ18xLFBL1VPo9nNhTgismrWk98CzPw?= =?us-ascii?q?eM7ObBohpvaWxucX7uV6Nkv+eZEUIhIexLLn8npZVA1uR6DqvlyBR+IeeMNmSO?= =?us-ascii?q?/YrnBS8Y9gJLEAPF6BpJztqTdEr0s2DxEtaL8xqDxaa0bPkRZRW6nqor4BihET?= =?us-ascii?q?XcR/uUBSBWK6IHg+6CbfVaRJkKmRD+QY8jOSTqMSVEVoNjlxQwiv1JVvfLupmu?= =?us-ascii?q?tHsnhdkyN4r/Ur3CZqRBymuS3jv6gNwy4v+KmktDUdvnxIVuqenDvTCVVY1fgE?= =?us-ascii?q?kKgSBXDj6Vy6fXkCY5D/4LZiJcv684ku/W4zYRI5fy0JRe6gET3/j7uUAoyTt9?= =?us-ascii?q?JRnByNuMLObb+1NyQdKrQ9yRb+R3dg0wnenRBo8HAIQjWh99IkOoS9Odg/ySqs?= =?us-ascii?q?BGfbdUwA4qVXv8vtrVQLVvc5aUt9wGV/1ciKXiwNRNLVFGYzlQUkbXhEf49C6R?= =?us-ascii?q?8dDKkkmDGIvrNJ/gsMejfbDpyl+pXMncfPwXQ9T8llxmzYpq2BnZ4r3mdqm9Vq?= =?us-ascii?q?4S6SongScfLXU9N0CHjpyohf0fD+Z+mqsu0fR4tmzLOhUfEcPcmn/Wu7w45qWk?= =?us-ascii?q?ijxrQfA1W1KukDyanHUy29U22XRfyLc3SQnzY+KkPy5xmoL10vaMdNq089M/fC?= =?us-ascii?q?iYBHmg3kULN0Wj+QqkHBwGwkK+MaeBo8uJ27dAwSUO4Re++cKPAywP0/DVsBdG?= =?us-ascii?q?PJHSpqBO+1r1GtmJJ3O3N+7kXmee7t6BzpMMOOGhkYFo7Xtptx+f25RmKCPn9t?= =?us-ascii?q?1x9yM1N39+fYEVQ+qOlcf4yXndfOm9RxyfQFeOt1MS0hpt4TnZpu5pKK38eMbR?= =?us-ascii?q?Hc1Y3yJdXSoviEH/3f0VoldXxAXroeewP16J0wPsQlVL3LAbtZoRMcCLA0QJM/?= =?us-ascii?q?M2fx9bl0Ix1ofw/QZbS0h8zqqfyRZptQuXDa9FUwLD3Tuxcb0Py7URR7b4y2h3?= =?us-ascii?q?X1OJ0xSCpBr8dsChR6AoRCAMYArwu7A56Ohq63kdix+1l1u+USq6r/FujK1Mil?= =?us-ascii?q?34V2R5Va4kiLMyjKCalzhkRqlP+yguvB0pbtFcPiY80LW/ZhTm7DdLDGAp21Ki?= =?us-ascii?q?iSNcLkZ05G77mc3ap9UhWQYiD5QqWHuDSgNPVl+kU71pd4cfHSzDM36bHb38H+?= =?us-ascii?q?Z2ZBpiestXSJLodQ7ETWBezCWBJZUeGF/3hhHa0Wa4v06egPPdstztiA4wl88i?= =?us-ascii?q?5C39WdI6e7tULM2Vx0dYjdLET33yY2QpQKIBulPUsrm2/ZpWzXAW5AIci8Nclt?= =?us-ascii?q?nNGVAwTo50ZrhW4tZm9BGmzvRdqKJ2gb2sS+axOO9AJKCdYDguG2dVQ/tq2oRu?= =?us-ascii?q?liIo9FlvmytLUbjdZpLDnCRMpAMCHTK795JSFcDvjJpFg0Yh4EtKU1Wog1ZZiS?= =?us-ascii?q?Ok8HNlmPyT/qxwvYzUL0b8Cs1LqOICsO/XVI1anK0SJNpwanvfaUmdPjULTDY5?= =?us-ascii?q?HtXf7SLTApVjeESjQuCUyp40uru+IYvPqEJmcSulIUYieVCA4JvKBvrMPQA3TV?= =?us-ascii?q?meJ5eZ0FmvGaVzr3SC1im6o4HjxLulyUQ/ofCQnWaGfsgHFSuAynOvBB/HHoYq?= =?us-ascii?q?aGxqVLQewWA4pNcvqfQ9fCf/BROSsoxX0lP7Onctndqasp+k7ZRmseVa/T/RuR?= =?us-ascii?q?S1DSCvidwS/7GIMbpKAqtScyvNHdhCl6F+LPJbnMiSSp99uDhyGEpaX7X3gtbl?= =?us-ascii?q?N91PkHCXiBzQZoMmwIC9gJ/krqR/jTNA53yHs1hLc2iFc3cwNpXygriyQOkQ?= =?us-ascii?q?=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2E2AQBPKDBZ/wHyM5BdGQEBAQEBAQEBAQEBBwEBAQEBFQE?= =?us-ascii?q?BAQECAQEBAQgBAQEBgwEoA4Fvjn+iG4ZnKIh4VwEBAQEBAQEBAgECaCiCMyQBg?= =?us-ascii?q?kEGAQIkUgMDCQEBFy4DCAMBKCsHEgWIU4FSrns6JgKLKQExhmGJUoYIAQSQK41?= =?us-ascii?q?+kx4NinsnhlUCSJQPWIEKMCEIGxWFTBwZgWZaiW8BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 01 Jun 2017 14:48:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v51EkkLr015510; Thu, 1 Jun 2017 10:47:09 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v51EkgAC088340 for ; Thu, 1 Jun 2017 10:46:42 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v51Ekcjq015502; Thu, 1 Jun 2017 10:46:38 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1ACAQBqJzBZhxy3hNFdGwEBAQMBAQEJAQEBgywogXKOf6Ibhm6GJAKCc1cBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSrnk6i1IBAQEBBgImhmGJUoYIAQSQK41+kx4NinuGfAJIlA+BYTAhCBsVhUwQDBmBZiQ2iW8BAQE X-IPAS-Result: A1ACAQBqJzBZhxy3hNFdGwEBAQMBAQEJAQEBgywogXKOf6Ibhm6GJAKCc1cBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSrnk6i1IBAQEBBgImhmGJUoYIAQSQK41+kx4NinuGfAJIlA+BYTAhCBsVhUwQDBmBZiQ2iW8BAQE X-IronPort-AV: E=Sophos;i="5.39,280,1493697600"; d="scan'208";a="6074726" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 01 Jun 2017 10:46:36 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Ar/D/qxLbHQRCeqNiq9mcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgRI/7xwZ3uMQTl6Ol3ixeRBMOAuq0C17ud7PCocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDiwbal9IRiyognctMobipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?= =?us-ascii?q?b5UBAfcPM+hbrYb9qUADoQeiCQS2GO/j1iNEimPw0KYn0+ohCwbG3Ak4EtwTrH?= =?us-ascii?q?vUq8n1NLsPWu6y1qbJzTXDYO1Y2Dzg74XIaRUhruuMXLJwb8XQx1IiFxnbgVqN?= =?us-ascii?q?qYzqJS+V2v4RvGic6uptTOSigHMkpQFpujWj2Nsgh43Tio4IxF3I6z91zJs2KN?= =?us-ascii?q?C2UkJ3f92pHZ1NvC+ALYR2WNktQ2RwtSY61LIGvZm7cTAPyJUo2hLTceaHfJaV?= =?us-ascii?q?7RLjTumRPS10i25ieLK6nxqy8E6gxfPgVsSszlpGsi5InsPRun0DyRDf8NWLR/?= =?us-ascii?q?hz80u7xzqC1Bjf6uReLkA1karbJYQhwrk1lpcLqkTDGzX5mUX2jKCIeEQp4fKo?= =?us-ascii?q?5Pr6bbXmvJCcK5V4hR35MqQrgsC/G/g3MhASX2iH/uSxzKbj8lDiQLhRkv03kr?= =?us-ascii?q?XWsJDdJcgBoK65GBVa3pws6xa4ETesyM4YkmUfLFJZZBKHiJDkO0rQL/D8DPe/?= =?us-ascii?q?hUmskThwyvDaPrzuHpXNLn/ZnLfnZrZy8VRQyAU0zdBBtNpoDeQaLfbyXFLhnM?= =?us-ascii?q?DJBR8+dQqvyqDoD8s5nocfX3+fR6mXK4vMvlKSoOEiOe+BYMkSojmuBeIi4qvV?= =?us-ascii?q?hnglhRc4dLip0IRfPGu9F+VmLlqxe3fggt4dV2wNu1xtH6TRlFSeXGsLND6JVK?= =?us-ascii?q?Um62R+Udr+AA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EEAQBPKDBZhxy3hNFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBFgEBAQMBAQEJAQEBgwEogXKOf6Ibhm6GJAKCc1cBAQEBAQEBAQIBAhABAQE?= =?us-ascii?q?KCwkIKC+CMyQBgkEDAydSEEYLLCsHEohYgVKuezqLUQEBAQEGAiaGYYlShggFk?= =?us-ascii?q?CuNfpMeDYp7hnwCSJQPgWIwIQgbFYVMEAwZgWYkNolvAQEB?= X-IPAS-Result: =?us-ascii?q?A0EEAQBPKDBZhxy3hNFdGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEogXKOf6Ibhm6GJAKCc1cBAQEBAQEBAQIBAhABAQEKCwkIKC+CMyQBg?= =?us-ascii?q?kEDAydSEEYLLCsHEohYgVKuezqLUQEBAQEGAiaGYYlShggFkCuNfpMeDYp7hnw?= =?us-ascii?q?CSJQPgWIwIQgbFYVMEAwZgWYkNolvAQEB?= X-IronPort-AV: E=Sophos;i="5.39,280,1493683200"; d="scan'208";a="6272488" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Jun 2017 14:46:31 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8A49580470; Thu, 1 Jun 2017 14:46:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8A49580470 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=smayhew@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 8A49580470 Received: from coeurl.usersys.redhat.com (ovpn-121-77.rdu2.redhat.com [10.10.121.77]) by smtp.corp.redhat.com (Postfix) with ESMTP id B567C7F48E; Thu, 1 Jun 2017 14:46:28 +0000 (UTC) Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000) id 38581205C9; Thu, 1 Jun 2017 10:46:28 -0400 (EDT) From: Scott Mayhew To: selinux@tycho.nsa.gov, linux-nfs@vger.kernel.org Subject: [PATCH] security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior Date: Thu, 1 Jun 2017 10:46:28 -0400 Message-Id: <20170601144628.26535-1-smayhew@redhat.com> In-Reply-To: <1495813358.4586.1.camel@tycho.nsa.gov> References: <1495813358.4586.1.camel@tycho.nsa.gov> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 01 Jun 2017 14:46:29 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "J . Bruce Fields" , Stephen Smalley , Trond Myklebust Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. In a similar fashion, NFSv4.2 mounts mounted with the context= mount option will not show the correct labels because the nfs_server->caps flags of the cloned superblock will still have NFS_CAP_SECURITY_LABEL set. Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS behavior will ensure that the SBLABEL_MNT flag has the correct value when the client traverses from an exported path without the "security_label" option to one with the "security_label" option and vice versa. Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is set upon return from security_sb_clone_mnt_opts() and clearing NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to be displayed for NFSv4.2 mounts mounted with the context= mount option. Signed-off-by: Scott Mayhew --- fs/nfs/super.c | 18 +++++++++++++++++- include/linux/lsm_hooks.h | 4 +++- include/linux/security.h | 8 ++++++-- security/security.c | 7 +++++-- security/selinux/hooks.c | 43 ++++++++++++++++++++++++++++++++++++++----- 5 files changed, 69 insertions(+), 11 deletions(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 2f3822a..6a11535 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2544,10 +2544,26 @@ EXPORT_SYMBOL_GPL(nfs_set_sb_security); int nfs_clone_sb_security(struct super_block *s, struct dentry *mntroot, struct nfs_mount_info *mount_info) { + int error; + unsigned long kflags = 0, kflags_out = 0; + /* clone any lsm security options from the parent to the new sb */ if (d_inode(mntroot)->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) return -ESTALE; - return security_sb_clone_mnt_opts(mount_info->cloned->sb, s); + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL) + kflags |= SECURITY_LSM_NATIVE_LABELS; + + error = security_sb_clone_mnt_opts(mount_info->cloned->sb, s, kflags, &kflags_out); + if (error) + goto err; + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL && + !(kflags_out & SECURITY_LSM_NATIVE_LABELS)) + NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL; +err: + return error; + } EXPORT_SYMBOL_GPL(nfs_clone_sb_security); diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 080f34e..2f54bfb 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1388,7 +1388,9 @@ union security_list_options { unsigned long kern_flags, unsigned long *set_kern_flags); int (*sb_clone_mnt_opts)(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts); int (*dentry_init_security)(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, diff --git a/include/linux/security.h b/include/linux/security.h index af675b5..a55ae9c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -240,7 +240,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, unsigned long kern_flags, unsigned long *set_kern_flags); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, @@ -581,7 +583,9 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb, } static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { return 0; } diff --git a/security/security.c b/security/security.c index b9fea39..7b70ea2 100644 --- a/security/security.c +++ b/security/security.c @@ -380,9 +380,12 @@ int security_sb_set_mnt_opts(struct super_block *sb, EXPORT_SYMBOL(security_sb_set_mnt_opts); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { - return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb); + return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb, + kern_flags, set_kern_flags); } EXPORT_SYMBOL(security_sb_clone_mnt_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e67a526..80d9acf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -529,8 +529,14 @@ static int sb_finish_set_opts(struct super_block *sb) sb->s_id, sb->s_type->name); sbsec->flags |= SE_SBINITIALIZED; + + /* Explicitly set or clear SBLABEL_MNT. It's not sufficient to simply + leave the flag untouched because sb_clone_mnt_opts might be handing + us a superblock that needs the flag to be cleared. */ if (selinux_is_sblabel_mnt(sb)) sbsec->flags |= SBLABEL_MNT; + else + sbsec->flags &= ~SBLABEL_MNT; /* Initialize the root inode. */ rc = inode_doinit_with_dentry(root_inode, root); @@ -963,8 +969,11 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, } static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { + int rc = 0; const struct superblock_security_struct *oldsbsec = oldsb->s_security; struct superblock_security_struct *newsbsec = newsb->s_security; @@ -977,14 +986,23 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, * mount options. thus we can safely deal with this superblock later */ if (!ss_initialized) - return 0; + goto out; + + if (kern_flags && !set_kern_flags) { + /* Specifying internal flags without providing a place to + * place the results is not allowed */ + rc = -EINVAL; + goto out; + } /* how can we clone if the old one wasn't set up?? */ BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); /* if fs is reusing a sb, make sure that the contexts match */ - if (newsbsec->flags & SE_SBINITIALIZED) - return selinux_cmp_sb_context(oldsb, newsb); + if (newsbsec->flags & SE_SBINITIALIZED) { + rc = selinux_cmp_sb_context(oldsb, newsb); + goto out; + } mutex_lock(&newsbsec->lock); @@ -994,6 +1012,19 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, newsbsec->def_sid = oldsbsec->def_sid; newsbsec->behavior = oldsbsec->behavior; + if (newsbsec->behavior == SECURITY_FS_USE_NATIVE + && !(kern_flags & SECURITY_LSM_NATIVE_LABELS) + && !set_context) { + rc = security_fs_use(newsb); + if (rc) + goto out_unlock; + } + + if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) { + newsbsec->behavior = SECURITY_FS_USE_NATIVE; + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; + } + if (set_context) { u32 sid = oldsbsec->mntpoint_sid; @@ -1013,8 +1044,10 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, } sb_finish_set_opts(newsb); +out_unlock: mutex_unlock(&newsbsec->lock); - return 0; +out: + return rc; } static int selinux_parse_opts_str(char *options,