From patchwork Mon Jun 5 15:45:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Mayhew X-Patchwork-Id: 9766405 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F20236034B for ; Mon, 5 Jun 2017 16:00:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E499A283C8 for ; Mon, 5 Jun 2017 16:00:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D9563283CF; Mon, 5 Jun 2017 16:00:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 69BD1283C8 for ; Mon, 5 Jun 2017 16:00:40 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.39,281,1493683200"; d="scan'208";a="6361031" IronPort-PHdr: =?us-ascii?q?9a23=3A72u7MRUv1IwZldukqPocagFpxFzV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYhWEvadThVPEFb/W9+hDw7KP9fuxBipdud3Z6zgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyrwjdrMkbjZdtJqotxBbCv2dFdf?= =?us-ascii?q?lRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2UKJVAi0+P286+MPkux/D?= =?us-ascii?q?TRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5KplVBPklC?= =?us-ascii?q?EKPCMi/WrJlsJ/kr5UoBO5pxx+3YHUZp2VNOFjda/ZZN8WWHZNUtpUWyFHDIy8?= =?us-ascii?q?dY8PBPcfM+heoYf2ul8CoQKjCQWwAe/izCJDiH3r0q0gy+kvER/I0hEuEdwNsn?= =?us-ascii?q?vUos31OaUPXe270qbI1i7OY+9K1Trn9ITEbgwtre2KULltccTR004vFwbdg1uN?= =?us-ascii?q?tYPlOC+V1vgQuGac9eVhVeKvhHApqgpspTWv3cIshZPJh4IV1F/F+z50wJwrKt?= =?us-ascii?q?KlSE50e8KkHIFMuCGdMot7W8UvSHxrtiYi0rAKpJG2cScQxJkn2hLTceKLfoeW?= =?us-ascii?q?7h75SeqdOSl0iG5hdb6lmhq//1asxvfhWsS33ltGtDRJn9rKu3sQzRLc8NKHRe?= =?us-ascii?q?F4/kq53DaP0B3c5f9cLEAvkKrbN4YhwrktlpoPqUjDHjH5mEHxjKKOakUr4PKo?= =?us-ascii?q?6+X6YrX9vJOcK491hR3+MqQpgMC/B/g3MhMSUGSB/OS81bnj8VX4QLVMkPI2jr?= =?us-ascii?q?HUvI3VKMkUvKK0AxJZ3pw95xuwETuqyskUkWECLF1feRKHi4bpO0vJIPD9Ffq/?= =?us-ascii?q?mEqjkDNqx/DAI73gDYzBIWPEkLf8e7Zy91BTyBEowNBD55NbFrEBIPXpVk/3r9?= =?us-ascii?q?zXFAU1MwOzw+b5ENl9zJ8RWXqTAq+FN6PfqV2I5uUpI+aWeI8VuCzyK/4+6v7s?= =?us-ascii?q?in85n1odcrOy3ZsLdn+4BO9mL1+eYXr2jdcLCX0KsRYmTOz2lF2CViZeZ3SwX6?= =?us-ascii?q?0m+j47C5mmDYDFRoCsnryMxym7HplLZmFJEV+MDHHod5mZW/sWbyKSOMBhmCQe?= =?us-ascii?q?Vbe9U48hyQ2utAjixrp/MOXb4TMXtZTi1Nhp4O3ejhAy+iJqAMuDyW2NSHt0nm?= =?us-ascii?q?wQTT8swK9/uVB9ykuE0aVgnvNYEtpT5/VUXQgkMZ7czvd3BMrsVQLbedeFUlGm?= =?us-ascii?q?Qs+pATspVNI+38cOY1phG9Wllh3MwjaqDKUPl7GQGJM09afc0GTrKMZm13bKzq?= =?us-ascii?q?8hgEc6QsFXL22pmrZ/9xTPB47Oi0iZlqCqdbgC0y7J6miDyHSBvF1CUA9wSqjF?= =?us-ascii?q?WmgfaVXQrdT8/EzCTruuBq8gMgpO08KCLbFKatLxh1VcWPjjIMjeY362m2qoBR?= =?us-ascii?q?eJx7SMbIzxdmUY2CXREUkEkwYJ8XaALwc+HCSho2PADDNwD17vZV3j8fVmonOh?= =?us-ascii?q?UkA01x2Kb1Fm17et9B8VhPicS/YN0bIeoyohpSt7E0u639LMEdWAvxBhfKJeYd?= =?us-ascii?q?wj/FhHyXjVtwtnPpyvN6pinEIRcxxrv0Py0BV6EotAkdIwo3Ms0AVyKLmY3UhE?= =?us-ascii?q?dzOA3JD8I6bXK2fp/By1bK7WwF7e2s6M+qgT8PQ4t0njvAaxG0oh6Xpn0N5V02?= =?us-ascii?q?aH65XJFgUSUpXxUlst+xh9vbHabTE355nI2n10Lam0rjjC1sozC+Q40BagfslQ?= =?us-ascii?q?MLmfGQDoD8IaAtKiKOswm1imdhgEJvxd9LYoP8O6cPuLwLKkM/xknD24lmRH/I?= =?us-ascii?q?B80kWX+ipnVuHI3ogKw/eE3guGTTjwllGhvd7rmYpcfzEdAnK/yTT4BI5WfqBy?= =?us-ascii?q?ZogLCX2pI82s2tVznIXtW3hf9F+tAlMJwsmpdQCUb1PjwQ1azV4XrmC/mSuk0z?= =?us-ascii?q?x0lCkkr6SF0yzK3+TtagAHOnVQSWl8k1jsO5O7j80fXESyaAgpjhSl717gx6dH?= =?us-ascii?q?vKR/M3XTQUBQcijqMm5tT6qwuaCGY8NU9JwotiBXX/imblCBVr7xuR0a3D3/H2?= =?us-ascii?q?FG3jA0aymquonlnxx9kG+dMndzo2bFecF33xfT/sDTRf5W3joASyl1kj3XBlm6?= =?us-ascii?q?P9az59WUkI3PsuekV2KuTpdTazXkzZuctCun4m1nGRm/n/Gomt37CAQ6yjH019?= =?us-ascii?q?1rVSXOsRb9bZLm17+iMeJmeEloBUPz69FgFoF4jIQwmIka2WIGiZWN4XoHjWDz?= =?us-ascii?q?PM1B2aL5aHoNQSAEw8TJ7wji1kxuNWmJx5/lWXWG2MdhYMO6YmwO0CIn889KEL?= =?us-ascii?q?uU7KBDnSZtulq3tx/RYfxnkjgH0/ch83kag+UVuAoqyCWQGbUSEVVePSzrixuE?= =?us-ascii?q?9da+o7tLZGy3a7i/yFJ+ncy9DLGFugxcW2j2epE5HSJr7cVwLlTM0Gb16o76ZN?= =?us-ascii?q?ncd9UTtgebkx3YlehaNIoxluYWhSpgIW/9pWcqy/M/jRNwxZG1po6HK3lz86Kj?= =?us-ascii?q?GRNYKyb1aN0J+jH2l6pehcGW3521Hpp9BDoLUpzoTeinED0Mr/jnMRiBECEkoH?= =?us-ascii?q?eBBbXfBROf6Fthr3/XDZCrMWyYKWIHzdVkWRadJFZTgAYKUzUmhpQ5DBylxNT9?= =?us-ascii?q?cEdl4TAc/kb4pQFRyuJsLBTwTmbfpBuoazstRpiQNhxW4htF50fPPsyU9vhzED?= =?us-ascii?q?1A/p29sAyNLXSWZwdIDGENREOJHFXjPr6g5dnO7eeYGva+L/vJYbWLt+NSTfGI?= =?us-ascii?q?yoyz0oF+5TaDKt2PPmV+D/08wkdDU2p2G8LFmzUITiwajCzNYNCGqxe74C14tN?= =?us-ascii?q?i/8O7sWALt+4SAF6dSPc9o+xCsjqeJL/SQizphKTZEypMMwmfFyKIF0F8ckS1u?= =?us-ascii?q?ciOiEbAHtS/NV6/fgLNYDxsBZyN0LstI4Lo23hNRNs7DltP1yrl4g+Y7C1dfS1?= =?us-ascii?q?Puh9qpatYMI2GhM1PHH12GO66aKj3O2c33Zrm8SbJIhuVOqxKwoSqbE1PkPjmb?= =?us-ascii?q?kTnpTQqgMflUjCyAMhxeuZu9cg1xCWjtTdLmbAe0MNlrgj0327I0gmnGNWkGMT?= =?us-ascii?q?hza0lNtKGf7TtEgvVjHGxM9mFqIvKDlyad7unYMYoWseBxDiRvie1V/G42y6BL?= =?us-ascii?q?4yFARfx1njbSr9F1rl66kuiP0CdnUAFUpjdFno2LoV5iOaLf9pVaXnbE5h0N53?= =?us-ascii?q?2KCxsWv9tlFsHvu6dIx9jJlaLzLDNC/MzP/cYHHcfbNtiHMH07PRruAj7UAxMP?= =?us-ascii?q?TSS3OmHHm0xdjPaS+2WOoZg7pZjsn5wOR6RGW1MrDfwaC15qHNoYLJdwRDMknq?= =?us-ascii?q?aRjNQU6nqmsBnRWMJas4jdWfKdG/rvNiiWgKJDZxsQ37z4K4ETOZf620xmcVZ6?= =?us-ascii?q?m4vLF1DXXdBXrS1rdhU0r1lV8HhiUm0z3Froah+q4H8WD/K0hBk2iwpgbuQr7z?= =?us-ascii?q?js+VA3KUTJpCYrjEYxntDljiyLfz7qMKe8R4dWBDTot0IpKJP0Xx51bRGunUxj?= =?us-ascii?q?LDrEQaxegKFkdW1wiw/cvoBPGeJGQq1Cex8QxvCXa+8u0VtCtiWt3VVH6vfdCZ?= =?us-ascii?q?t+iAsqdoahr2he1AJ4ctE6P7bQK7ZJzlVLna2OvzWo2f02wA8QP0YN6n2deS4S?= =?us-ascii?q?tEwOKLYmOzKi/vZw5gyahztDZG8MWuI3rf1w6EM9OvmPzzn73rFZMECxLeufLq?= =?us-ascii?q?2Cu2feicGIX0kw1kIUl0hF57R219ksc1aMXUA10LSRDwgJNdbFKQxNcsVS72bc?= =?us-ascii?q?cjyBseXX2511IZ6wFvvyQu+NqaYUmFirEBwtH4QR6MQOBIOs3FjELcfgL74EyR?= =?us-ascii?q?It6B7tJFqbEPRDYAiLnysfo8Gj0J932pFQJjUaAWVnLyq34LfWpggxjfqMWtc2?= =?us-ascii?q?f20WXoweNnI5QMe6gTJWv2xcDDmr1eIU0BOC4CH4piTRCjn8ctViaeyIahNrDd?= =?us-ascii?q?G55S8w87OqiVLN9JXROX36P8x4utDT8eMau4qHC/RMQLZgr0jcno5YR3q2U2LS?= =?us-ascii?q?CtO1OYb/a5Mtbd31DXa6VEazizQrQMftJNytNLSHgRn0RYZIt4mWxDMjNdW9Fz?= =?us-ascii?q?4EHRdwu+ED6blzZQ0Ee5o0fQTktwIgOKyjOA2YyMmhQ36xKTtKSPlS1fm6Z71S?= =?us-ascii?q?zyorcu+6yHshQ4onwOm28U8CXooFggvYxfm9e4lUSTLzFWBFewXTuSo5kHBsNu?= =?us-ascii?q?kowuglxhPIrUIRMzGMdO1nbmxEo9E8Ck2TIXVwFmo3WUWcgZDF4gGyw7AY5zFd?= =?us-ascii?q?kMpM0e1ZrHj+uYfSbyioWKyqtZrarTIvbd0moq13NozjJNGJuYjFkTzeVpbQtB?= =?us-ascii?q?SJUCCnF/ZAnNhfPj5YSuFSmW45IcwGpZZB6U0pW8glObNPDrIhqaq3Zjp6EyES?= =?us-ascii?q?1zQZWJma3D0CmOu83KHalhiIepQ4LBMEqIlCgscaUyNueCMeoq6jWJnWl2+DTm?= =?us-ascii?q?gLOx8d4x1R6gwaioJ+efvo75bPTJ9J1zFZuel0UjfRGplu6VT7VnmcgULkR/W5?= =?us-ascii?q?j+ypwQVSwerw3dkZQhFwFVNQyPpRlkssLLF3KrcfvpTWsjCWaUz6vHjhyOy8JF?= =?us-ascii?q?le0cfUbUH3DJLZtWrgVS0R4WcUSpVVyHHYDpsfiBZ5aLwxq1VSPo+mfkf+5zor?= =?us-ascii?q?x4RtHrm4WsCrx0orrXkcXSeqFsBNC+d4v1LLQDdleYykqI35O5VORW9d4JOcp0?= =?us-ascii?q?1Fn0VtMi65zJtcJNtO4jMXXThAvyuSs8WoRM1Ew892AIcGIs1jtHflBKNEJJ+R?= =?us-ascii?q?rmUuurzozn/W4So8sVm9xDW3Fa+1VOdZ/2oZGgUyOWuRtlMvD+w38mfJ81DNtF?= =?us-ascii?q?908/1cBriVgkV7uCx9EYxWBjZVyXClKEx+Q2Ncs+VHLqTZac9cTuIzZR+uOhw+?= =?us-ascii?q?CeUp01aP/U5qgXfzezZyuRdC+yDBQwk0UjEYgqvqmT0bscynJSMWS5dTYjk7aS?= =?us-ascii?q?fKNR6bkzhNvBlDc0FqR4wZAtFd9rEbx4RU5NDNSUKxJiweQRNtKBo40eJBmk5H?= =?us-ascii?q?rkqYYzrRDQ2ydfbAqhd3Z9uerNa1LPTl+wdKkoHnsOcm+KgYWnKphxatTs7Er4?= =?us-ascii?q?/gqNKFq1GCdKHmPO2geXXBViTDjQishbc4CJnH5zPcMARHJJVmy3cofJbsBHXX?= =?us-ascii?q?MhRBIqIUO1BUVbtmadlcpOBVedNkcr4T+aBxHhKHWg/vGIu3oflcMFncWDTeID?= =?us-ascii?q?+d8uGkpYLT6qLdRvb+asOQwHbIXrx4Mo186TblB7fgyZVe9Vbu2vdx6kN6TkDL?= =?us-ascii?q?MziarNT9PAwE+dWie1D5vp0uADPWGot/n2TrxkFcbcoYWSmq/I4fyJND53b6Uf?= =?us-ascii?q?h43VTrsO1O67lk7pE646xzyciqO6jdNO9XsVJjAhiIHAVl7IstAGl4R2BVfOAR?= =?us-ascii?q?NO3dfaMDjcDhs+r3DbAY6AWJ++xFbtvKP0TBldO7CjGYVxNEgBsBpiQAIQaH0f?= =?us-ascii?q?6KhbN0Sd25qufjwkIi/UKyLhgYw7Bx/Y2E4LaHpPfLbxvNyrgJQqrqSdnprrQr?= =?us-ascii?q?oEOS4ecrlKAVd2xwfg2nFPQdVs8ByWfh168qyzksH9nEH7L69/5JT2g5kS74m5?= =?us-ascii?q?BhA1UWHesZHbiR8oRYkGc4gevZOcAIfa1ZhmaADxikEqQFyXKx7SuYPnVliAnU?= =?us-ascii?q?0x7sWWOz8EP2rShgTCvD0tfjk05VVr2pCkdXRCemJFF3vyiOPAXystr7o6M17F?= =?us-ascii?q?s5Mmb8rtKCiHOhOK9LH834PNGcJy00qUkWjJ03Q9yjw4EbGdyzINcL6n5+defe?= =?us-ascii?q?63m2kyBdv6dHmpDe7d+P9vXQB3mggLWQq6+RyzBA1ng4oVY/58ilNvHJ4d2KX/?= =?us-ascii?q?uo2HgKQid6ugvORRi1paLHr1EaPkyLykTLmJcQMtFfw3Y4ylns5PI/T9Ir6AVe?= =?us-ascii?q?CoHAausYpT/uJTT52lmfY9c4VyWE1TtYAE71G0FiGKcgwGLwoN7JlXDI9l0sXY?= =?us-ascii?q?lwckzqiAd5D4omNE0t70IXzTAbEQgXbhCbDq+nClj5LYceUkgDcxuH1qCgeqgr?= =?us-ascii?q?xU1z3q+v5OjLYOxnHaUNKOxSjgGQk1hAAZ8WqrcRQKxmdF9S6qHXvRLuC475UP?= =?us-ascii?q?j6jXAwL+G6QthG8cAFsHsv+gS/Rxul6ZpY6rYUlpCJebBeYZjNusB84F1r5TgR?= =?us-ascii?q?eSxRmBJ/lQ+2UfgApOD/5djWqJuo6+e0W6k3W+oa7AM0CHpij5TunF8vu9bX1/?= =?us-ascii?q?1TSofNk4Tw7BhNI2KWuIbdyxRzMusOK5mlfbl69XUHJjQeJ2oUMtqLb/kx+DNi?= =?us-ascii?q?MDLO6FNcGMwMeMkYPM3XmQ9OkEHpX6tT9sXDEF+CF4hzb9wo73bwyD0t6ZszSP?= =?us-ascii?q?rg5yO2JZHR6FFNJfBDgDx3lN3coOgVwPzSCDUY4HSCcxh62D+CxIWNC/f++uWM?= =?us-ascii?q?0tLUW0kFHiEoSYddIiSN+Qi9SuqyjpXpXRue6tXvj5ImaEKQWnuxkbwZsqZWD+?= =?us-ascii?q?FAjj/03j5AGY3umv2VstWs6GpLtlJdC4Z89wfFGLhFMpV9Jxv4itGhRlJgCSvn?= =?us-ascii?q?ZMHUah0utfKZxugW+eVxKVf+ZY8ALxIAyrL69WRaTgt0R77rpVaVR+QRa8V6SP?= =?us-ascii?q?nctHBa9ZpgK7MTPFiavJHqoSlHqFYqAA8ub788qSdaeVfKnA1UXab0pbEBhxAY?= =?us-ascii?q?UdFno09NGXi/NHg45zXZSaRflLORB+AN8jWPUqwOVF1lMiV/Qxyp35Vuf6Gmne?= =?us-ascii?q?tdvmNHmSN9p+Mq0yd9SRu5tiDtqLgB2TU6+LG3rD8Bo2BKTv2CkyfUDlVO1PsK?= =?us-ascii?q?grsHC3b58FCyfXYNYo3z4LlhOMTh+pIs43s6YRo5eS0JQ/6sCybqj6OHGoaPqs?= =?us-ascii?q?5ThAaRuMXSar++NSoSNrM9yRLlXXRyzgjenBJ18GQWQzSg7dkkJJ6+OcYk3Seo?= =?us-ascii?q?B2nbdEgW7aNNrcTxtEQHTO0oZlN92G9jyNSIRjURRMzTHGY4lgkkaXtef5JF8h?= =?us-ascii?q?IaE7QojSuJvqlB5QEYejDUEp6q+oPIh8fHxWE9Tct2xmLRvqCFhI0l0HNrm9Nw?= =?us-ascii?q?9SOPtm4dd+rGXM9wGHTz0JlQyfDmbfW3ru8HUJdmyKimUPIaPcmj/Wy22Zt0VU?= =?us-ascii?q?+hwrQTBEG5MOgFxrfaTyipU2uYVvqXc2KUhTY2Llby5QW0Ll0wcMpKrU89M+va?= =?us-ascii?q?hp5bkw3hUK90STuLqF/ezWwjLfkaeBwstIegYQwKQ/YbZ/KAKug23P0+FFwMYm?= =?us-ascii?q?fVHSt3Du+7qkKtnIlnNHVj/0r6Zf7h8gb4P9uOAhMEC5LVroZt+fymQWKMIXpg?= =?us-ascii?q?zBxxPEl38OfSDFYxufVfc5aWm9jfmdJ73fQDd/hzLS03osQTlZ576YmIzMeKdg?= =?us-ascii?q?ncwY3sKtHTvviVGObfz0AtemFGTroZfx366JggMt4+Qb3TEqNTvQ4ACqgiXJwh?= =?us-ascii?q?K2Dx+bl6LAxtdg7RZay0jdfxq+OKZ5tUonrW4UwqLCfYpRIP0Pu0TRZ0b5qynX?= =?us-ascii?q?X9PIgwRi5dr91qEhZnEpNPG9kBrwW7HZGZg6S7i96t+0NgpeAGq63wCurF1N6h?= =?us-ascii?q?xYV+Q4Ba5VCXPDbWHKRrhUBlgfqpj/fY1pn+E9jiec8FVOdnXm7FcKHJEZulJj?= =?us-ascii?q?KIJM38Z1ZM86SA37JhThWReCf5UrKCtC2lMvVk/Eo6xpV8fOrS1zwt86rb1cDz?= =?us-ascii?q?Z25BoCejqmSFNJxF7FzFHebeRQ5bSeKZ8GZ5Gq0adZD0+/kKMdwjxtic/gZy4D?= =?us-ascii?q?NN3suZI6iusFXM1VxjdZ3BN0bp2Dg2WZMMIBuhNUsjmnLZqnvHDXRbNMikJtFn?= =?us-ascii?q?gMyJARz1+0lxhWYta3ZEGmXyWdiROWkb28S5ZACR6gJLDtADkPCzeU45sK2yVO?= =?us-ascii?q?ZpNo9CmeWwu7UNicxpJD3XRMhGIyHQK6d7PjhLAeXMo1gneQUJs6UzWocpZZiO?= =?us-ascii?q?J14HMEiAySPu1wfC11P7d8C03qaTPCkW6mlHz67C0TVUqAm2o+2WgtfiUL/HaJ?= =?us-ascii?q?H7R+DSMC4/WTGBRDQyDFyl+VG6tPoYpPCYO3sQokgIYiKODw4evqJvrd3XDm/J?= =?us-ascii?q?g+1jfYYKieucWy/qTS13iqsyCjxMtUCWTPoJDRPWYGP5gGpApAyiIedB/Wnrb7?= =?us-ascii?q?2d2qVYWu8bD5BScvKHWdvYePFfJzAuljkDPuazYcHc/P4F1QfTQG8YFbTY3EGP?= =?us-ascii?q?R06RBPqHznTkWptR94w1vDc4v9TehQdpHKnSebWSvTij9si/linLl/fZUzwWaE?= =?us-ascii?q?spnKonCXiBzQYIfHoBAsAVtV7FWKOMZ09QknkujLQ9iFc3ZA1vXyg2gTVtl/Gn?= =?us-ascii?q?F5gcEAdMgQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2E2AQBjjTBZ/wHyM5BdGQEBAQEBAQEBAQEBBwEBAQEBFQE?= =?us-ascii?q?BAQECAQEBAQgBAQEBgwEoA4Fvjn+iHIZnKIh5VwEBAQEBAQEBAgECaCiCMyQBg?= =?us-ascii?q?kEGAQIkUgMDCQEBFy4DCAMBKCsHEgWIU4FSr3E6JgKLKQExhmGJUoYIAQSQK41?= =?us-ascii?q?+kx4NinsnhldIlA9YgQowIQgbFYVMHBmBZlqJbwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 05 Jun 2017 15:59:59 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v55Fw6vE003216; Mon, 5 Jun 2017 11:58:28 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v55FjK61148927 for ; Mon, 5 Jun 2017 11:45:20 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v55FjF1C029621; Mon, 5 Jun 2017 11:45:15 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1C8AACaezVZhxy3hNFdGwEBAQMBAQEJAQEBgy0ogXKOf6Ithm+GJAKDAVcBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSrwI6ixUBAQEBBgImhmGJU4YJAQSQLo4FkyANin6GfkiUF4FhMCEIGxWFTBAMGYFnJDaJdgEBAQ X-IPAS-Result: A1C8AACaezVZhxy3hNFdGwEBAQMBAQEJAQEBgy0ogXKOf6Ithm+GJAKDAVcBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSrwI6ixUBAQEBBgImhmGJU4YJAQSQLo4FkyANin6GfkiUF4FhMCEIGxWFTBAMGYFnJDaJdgEBAQ X-IronPort-AV: E=Sophos;i="5.39,300,1493697600"; d="scan'208";a="6078594" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 05 Jun 2017 11:45:10 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AwbJHOR3AeR95C9WlsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?se0fKPad9pjvdHbS+e9qxAeQG96KtLQZ06GO6OjJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMhjexe7N/IAm5oQnNuMQdnJdvJLs2xhbVuHVDZv?= =?us-ascii?q?5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnM?= =?us-ascii?q?URGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LpwRRT2lC?= =?us-ascii?q?kIKSI28GDPisxxkq1bpg6hpwdiyILQeY2ZKeZycr/Ycd4cWGFPXNteVzZZD428?= =?us-ascii?q?cYUBEuQPM+VaoInzvFYCsQeyCBOwCO/z1jNEmnn71rA63eQ7FgHG2RQtEc8Sv3?= =?us-ascii?q?TTsNX1KLoZX+evw6jIzTXMcf1X0ir65YjTdxAuu/GNXbJufsvf0kQvDR3KgUiQ?= =?us-ascii?q?qYP/IzOZzPgCs2+e7+d5U++klm0pqxlprzSx2sshjpPFip8bx1za7yl13YU4KN?= =?us-ascii?q?OiREJlYtOpFoZbuTuAOItsWMwiRnlluCYkxb0Cvp62ZC0KyZs6yxLFcfyIbZWH?= =?us-ascii?q?4hL5W+aNOzt3mHVleLenixaz90iv1PH8W9Gq3FpWqidJiMTAu34T2xDJ98SKSf?= =?us-ascii?q?Vw8l2/1TuMzwzT7/tLIUEwlarVMZ4hxbswm4IIsUTGBCD3mEX2g7GYd0g/4Oin?= =?us-ascii?q?9fnoYrX8qZ+ALYN7lgb+MqE2lsylHes4KhQOX3Sc+emkz73s4Fb5Ta5Wjvw2jq?= =?us-ascii?q?bZsJfaKd4dpq6iGQBZyIkj6xGhDz2+ytQXgWEHLE5ZeBKAl4XpIE/BIPT5Dfe5?= =?us-ascii?q?nlStnyxmx+zGP7L9ApXNKWLPkLH6fbln8UJcxw0zzc4Mr65TX6oMJPP1R1/ZqM?= =?us-ascii?q?3TDhh/NRe9hengFpE10oIYRHLKBKGCGL3dvEXO5e81JeSIIogPt2XTMf8gssXl?= =?us-ascii?q?imMl0XoUbKmkwtNDc3WxD/RrPG2DbHbsi8tHGmAP6FltBNf2gUGPBGYAL025WL?= =?us-ascii?q?gxs3RiUNqr?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GyAABjjTBZhxy3hNFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBFgEBAQMBAQEJAQEBgwEogXKOf6Ichm6GJAKCdFcBAQEBAQEBAQIBAhABAQE?= =?us-ascii?q?KCwkIKC+CMyQBgkEDAydSEEYLLCsHEohYgVKvcTqLUQEBAQEGAiaGYYlShggFk?= =?us-ascii?q?CuNfpMeDYp7hn5IlA+BYjAhCBsVhUwQDBmBZiQ2iW8BAQE?= X-IPAS-Result: =?us-ascii?q?A0GyAABjjTBZhxy3hNFdGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEogXKOf6Ichm6GJAKCdFcBAQEBAQEBAQIBAhABAQEKCwkIKC+CMyQBg?= =?us-ascii?q?kEDAydSEEYLLCsHEohYgVKvcTqLUQEBAQEGAiaGYYlShggFkCuNfpMeDYp7hn5?= =?us-ascii?q?IlA+BYjAhCBsVhUwQDBmBZiQ2iW8BAQE?= X-IronPort-AV: E=Sophos;i="5.39,281,1493683200"; d="scan'208";a="6360295" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jun 2017 15:45:07 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0CF30C0467C7; Mon, 5 Jun 2017 15:45:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 0CF30C0467C7 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=smayhew@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 0CF30C0467C7 Received: from coeurl.usersys.redhat.com (ovpn-121-77.rdu2.redhat.com [10.10.121.77]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6BC008198D; Mon, 5 Jun 2017 15:45:05 +0000 (UTC) Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000) id D0340205C0; Mon, 5 Jun 2017 11:45:04 -0400 (EDT) From: Scott Mayhew To: selinux@tycho.nsa.gov, linux-nfs@vger.kernel.org Subject: [PATCH v3] security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior Date: Mon, 5 Jun 2017 11:45:04 -0400 Message-Id: <20170605154504.3659-1-smayhew@redhat.com> In-Reply-To: <20170602130918.gu22wnbd35idaurf@tonberry.usersys.redhat.com> References: <20170602130918.gu22wnbd35idaurf@tonberry.usersys.redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 05 Jun 2017 15:45:06 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "J . Bruce Fields" , Stephen Smalley , Trond Myklebust Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. In a similar fashion, NFSv4.2 mounts mounted with the context= mount option will not show the correct labels because the nfs_server->caps flags of the cloned superblock will still have NFS_CAP_SECURITY_LABEL set. Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS behavior will ensure that the SBLABEL_MNT flag has the correct value when the client traverses from an exported path without the "security_label" option to one with the "security_label" option and vice versa. Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is set upon return from security_sb_clone_mnt_opts() and clearing NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to be displayed for NFSv4.2 mounts mounted with the context= mount option. Signed-off-by: Scott Mayhew Reviewed-by: Stephen Smalley Tested-by: Stephen Smalley --- fs/nfs/super.c | 17 ++++++++++++++++- include/linux/lsm_hooks.h | 4 +++- include/linux/security.h | 8 ++++++-- security/security.c | 7 +++++-- security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++-- 5 files changed, 63 insertions(+), 8 deletions(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 2f3822a..b8e0735 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2544,10 +2544,25 @@ EXPORT_SYMBOL_GPL(nfs_set_sb_security); int nfs_clone_sb_security(struct super_block *s, struct dentry *mntroot, struct nfs_mount_info *mount_info) { + int error; + unsigned long kflags = 0, kflags_out = 0; + /* clone any lsm security options from the parent to the new sb */ if (d_inode(mntroot)->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) return -ESTALE; - return security_sb_clone_mnt_opts(mount_info->cloned->sb, s); + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL) + kflags |= SECURITY_LSM_NATIVE_LABELS; + + error = security_sb_clone_mnt_opts(mount_info->cloned->sb, s, kflags, + &kflags_out); + if (error) + return error; + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL && + !(kflags_out & SECURITY_LSM_NATIVE_LABELS)) + NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL; + return 0; } EXPORT_SYMBOL_GPL(nfs_clone_sb_security); diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 68d91e4..3cc9d77 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1409,7 +1409,9 @@ union security_list_options { unsigned long kern_flags, unsigned long *set_kern_flags); int (*sb_clone_mnt_opts)(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts); int (*dentry_init_security)(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, diff --git a/include/linux/security.h b/include/linux/security.h index 549cb82..b44e954 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -249,7 +249,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, unsigned long kern_flags, unsigned long *set_kern_flags); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, @@ -605,7 +607,9 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb, } static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { return 0; } diff --git a/security/security.c b/security/security.c index 714433e..3013237 100644 --- a/security/security.c +++ b/security/security.c @@ -420,9 +420,12 @@ int security_sb_set_mnt_opts(struct super_block *sb, EXPORT_SYMBOL(security_sb_set_mnt_opts); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { - return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb); + return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb, + kern_flags, set_kern_flags); } EXPORT_SYMBOL(security_sb_clone_mnt_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9926adb..9cc042d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -525,8 +525,16 @@ static int sb_finish_set_opts(struct super_block *sb) } sbsec->flags |= SE_SBINITIALIZED; + + /* + * Explicitly set or clear SBLABEL_MNT. It's not sufficient to simply + * leave the flag untouched because sb_clone_mnt_opts might be handing + * us a superblock that needs the flag to be cleared. + */ if (selinux_is_sblabel_mnt(sb)) sbsec->flags |= SBLABEL_MNT; + else + sbsec->flags &= ~SBLABEL_MNT; /* Initialize the root inode. */ rc = inode_doinit_with_dentry(root_inode, root); @@ -959,8 +967,11 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, } static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { + int rc = 0; const struct superblock_security_struct *oldsbsec = oldsb->s_security; struct superblock_security_struct *newsbsec = newsb->s_security; @@ -975,6 +986,13 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, if (!ss_initialized) return 0; + /* + * Specifying internal flags without providing a place to + * place the results is not allowed. + */ + if (kern_flags && !set_kern_flags) + return -EINVAL; + /* how can we clone if the old one wasn't set up?? */ BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); @@ -990,6 +1008,18 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, newsbsec->def_sid = oldsbsec->def_sid; newsbsec->behavior = oldsbsec->behavior; + if (newsbsec->behavior == SECURITY_FS_USE_NATIVE && + !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) { + rc = security_fs_use(newsb); + if (rc) + goto out; + } + + if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) { + newsbsec->behavior = SECURITY_FS_USE_NATIVE; + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; + } + if (set_context) { u32 sid = oldsbsec->mntpoint_sid; @@ -1009,8 +1039,9 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, } sb_finish_set_opts(newsb); +out: mutex_unlock(&newsbsec->lock); - return 0; + return rc; } static int selinux_parse_opts_str(char *options,