From patchwork Fri Jan 26 14:32:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Enderborg X-Patchwork-Id: 10186539 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 62C30601D5 for ; Fri, 26 Jan 2018 16:24:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 544FD2A1AF for ; Fri, 26 Jan 2018 16:24:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 488182A1C2; Fri, 26 Jan 2018 16:24:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from USFB19PA12.eemsg.mail.mil (uphb19pa09.eemsg.mail.mil [214.24.26.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1AF92A1B3 for ; Fri, 26 Jan 2018 16:24:22 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by USFB19PA12.eemsg.mail.mil with ESMTP; 26 Jan 2018 16:24:21 +0000 X-IronPort-AV: E=Sophos;i="5.46,417,1511827200"; d="scan'208";a="8604634" IronPort-PHdr: =?us-ascii?q?9a23=3AJt2qKRXI8s/AVKH13SmHUcSyTCrV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYhSCvadThVPEFb/W9+hDw7KP9fy4ACpYud6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCybL9uMRm6txndutULioZ+N6g9zQfErGFVcO?= =?us-ascii?q?pM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLf?= =?us-ascii?q?QguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmUwHjhj?= =?us-ascii?q?sZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXSmRbXsZVSidPHIWy?= =?us-ascii?q?YYUSBOYFJOpUspXxq14IoBCjBwejGfnvxydIiHHo06M00OMvHgPI3AMvA90ArW?= =?us-ascii?q?zUodfoOKocT++117LFzSnfY/5MxTvw8pTEfgwnrPqRXbxwa83RyUw3Gg7CllWf?= =?us-ascii?q?t5DlMC2P1ugXrWeb6fdvWvy1i2E8rAFxuDevy9w3ionOgIIUykrI+jl+wIYwPN?= =?us-ascii?q?C1TlNwb928EJZIqi2XOIR7TtkiTm11oio21LILtYChcCQX0JgqyRzSZ+aaf4WG?= =?us-ascii?q?5h/vTvudLDd5iX5/Zr6ygxC/+lW6xOLmTMm7ylNKozJAktnLq38CyQTe6tOCSv?= =?us-ascii?q?th5keh3iuP1xzL5uFEP080ka3bJoY9wrEqjJoTsFnDHjTslEXqjK6ZakUk+u+y?= =?us-ascii?q?5+ThfrrmvYOTO5VxigH/NqQigs2/AeImPQgSR2WX5Oux2bL58UD5XblGlOM6n6?= =?us-ascii?q?bHvJzAOMgXvqu5DBVU0oYn5Ra/FTCm0NEAkHkcMl1FfBOHj470O1DBOfz3FvC/?= =?us-ascii?q?g0mqkDh32f/GJabsAonNL3ffkLfheqxx60hHyAUp19xf6JVUCq8ZLPLpRkDxrM?= =?us-ascii?q?DYDgM+MwGswebnD9N92ZkCWWKPGKCZNrjfsV2P5uIpJumDfpQVuCrjJPg//P7i?= =?us-ascii?q?l3g5mUUSfaOxx5sYdGi4Huh6I0WeeXfsgNUBHn0WsQo9V+zqj1uCUT9NZ3upUa?= =?us-ascii?q?I84iw7CY29AofeQICtnKGB0D28Hp1MaWBMEkqMHmvwd4WYR/cMbzqfItd/nTMf?= =?us-ascii?q?S7ehTY4h1Q2ptALhyrpoMPTb9TMCuZLkzth16PXZlQsu+jxsE8Sdz2aNQnlpkW?= =?us-ascii?q?MPQT822r1wrlJ5yleCyqV3meJXFcZU5/9TVQc6L5HcxfRgC9/uQgLBYsuJSFG+?= =?us-ascii?q?T9q7HTE+VMgxzsQSbEZ6HtWtkgrM3zG2A7MPkbyEGoA0+LrG33ftP8Z912rG1K?= =?us-ascii?q?45glknRMtPKXOphqph+AjWGYHJj1+ZlqaxeKQbxC7C6mGDzW+Us0FZVA5/SqLF?= =?us-ascii?q?XH8FakvRt9T56VvIT6WyBrQ/LgtB1cmCJ7NKa9zoilVGQuzuONHaY26ommewAw?= =?us-ascii?q?yExrWWY4rweGUd3TvdB1YenwAV43mGKRA0Bj29rGLGEDxuCVXvblvi8Ol/rHO7?= =?us-ascii?q?S1E7zxuRYk1vybW65xkVheaGRPMLxLIEvyUhpCtoE1ahxd7WDMCApwV5dqVGfd?= =?us-ascii?q?w9+EtH1X7etwFlMJygNbpthlgCfAR2pEPjzBB3Cp1BkcQzt3MrwhFyJbif0FNb?= =?us-ascii?q?eDOSxYrwNaHPKmnu4BCvbLbb2lLE39aV/acP9e81q1b5swGqEUoi7m9r095P03?= =?us-ascii?q?uT/p/KFhYdUYrtUkYr8Bh3v6vVbTQn54PVy3JsK7K5vSXe1NIsHuclzQygf9hH?= =?us-ascii?q?OqOeCADyC9EaB9SpKOEyh1emdBYEM/5J9K4oP8KmcOCL2LW3M+Zhgj2mi3hH4I?= =?us-ascii?q?Fn3U6W8SpzVPLI1Y4fw/6ExguHSyv8jFC5v8DthI9LeCofHmW6ySnrHoJRYLN9?= =?us-ascii?q?fZoTA2e0P8K33sl+h4LqW3NA716jCUkG2MiyeRqOdFH9xgtQ1UMZoHyigyS4yS?= =?us-ascii?q?Z4kzc3oaqDxCbO2fjtdAIbOm5XQ2lvlVntLpKwj9AGQkeodRMpmQC75Unk3ahU?= =?us-ascii?q?v7l/L2zJTUdPZSj2IHloUrGsubqaf85P9JQovD1JUOS9fV+aVrn9owEA3yz/H2?= =?us-ascii?q?tewzY7dz6xt5X9nhx6jniSLGx0rHbDfsFw3xjf7sTGRfFNxjoGWDV4iT7PC1i4?= =?us-ascii?q?Ptmp5smUm47Ysu+gU2KhV5tTcTTkzI6bryu7/WxqARu+n/+vgd3rCw463jHn19?= =?us-ascii?q?NyTyXHsA78YpX316S9Ke9nZE5oBFv468VkAIFxjowwhZ8L1HgBm5Wa4WEHnX30?= =?us-ascii?q?MdVB1qL0dGANSiITw97J/Ajl31VuLnGXyIL/TXWQ2chhaMe8YmMN3CIy8dxKBL?= =?us-ascii?q?2T7Lxekit/ukC4oh7JYfhhgjcdzuMj6GYAjOEUvAoi0D2dDaoUHUlEIyPsjQ+F?= =?us-ascii?q?782lrKpJfmavaqK81FF5ndC8FrGNvh9TWHj+epc4Ei9/8N9zMFTS333v8ovkYs?= =?us-ascii?q?XfbcoPth2IlBfNl/ZVKJQsmfcRmypnP3/yvX0/x+49kxNuwYmwvJKbJGV14KK5?= =?us-ascii?q?HhlYOyXtZ8wJ5zHtib1TkdqX34CzHpRtAzsLU4HuTf6yFzISr/vnPR6UEDIgsn?= =?us-ascii?q?ebBabfHQiH5Udlr3PPF46kOmqSJHkew9ViSgeSJFBDgAAUWzU6m4A2GhqsxMP/?= =?us-ascii?q?bEdz/ioR6ULgqhtQ1uJoMAHyUmnFqweudjc0T52fIQFY7g5c+kjVNtae4fhrHy?= =?us-ascii?q?FC+Z2hrhKCJXCHZwhSCmEJQEOEDUj5Pray/dnA7/SYBu2mIvvUe7mPp/ZSV/KS?= =?us-ascii?q?ypKr1Ytn/y2BOd+TMXlnFfE73VBDXX9hEcTDhzoPUzAXlz7Kb8ODqhe84DN4od?= =?us-ascii?q?2k8PvxXgLv+YyPC6BJPNp15x+2hL2PN+mKhCZ2MTxYzI8DxWfUyLgD214fkydu?= =?us-ascii?q?dyO3HrQYrS7AV6zQmq5NDx4AdyNzOspI76Qm0QlLJcHbi8n61rpigv4yEVdFWk?= =?us-ascii?q?Trmtu1aswSP2G9KFTHCV6QO7udIjHLx8D3YbigSb1LlulUrAO/tiqBH0/4IDuD?= =?us-ascii?q?kzjpVxayMeBDlyyUIBxfuJugchZ2E2TiQsjpagGgMN9wiz0627o0hmnFNWQEKz?= =?us-ascii?q?hzb1tNrqGM7SNfmvh/HW1B7n5hLeaagCaU9PPXJYgMsftsGCh0kPha4HsiwbtP?= =?us-ascii?q?8C5EXOB1mDfVrtN2uF6mk+aPyj1hUBdVtzlEmpmEvUR4NqXf7JVAXmzE/B0V52?= =?us-ascii?q?WKFxsKv8dlCsHou61I0NfPm7j8KClc/N/P+sscH9bbKMSCMHU7MBrpHCXbDAwK?= =?us-ascii?q?TDKxMmHfnUNdmumI9nKJtpg6toTsmJ0WR79HU1w1E+kWCl5iHN0DPph3WCgrka?= =?us-ascii?q?ScjMEW5nqztwXeRMJfvp/bTP2SGunvJCyfjbZaexsC2an4IpgLNo3nx0xibUF3?= =?us-ascii?q?nILUFEXKWdBAuS5hbggvoEVR6nd+SHYz20Hkag+35n8cC+K0lAYsigRieeQt6C?= =?us-ascii?q?vs41AvK1rQuiQwi1c+ls//gT+NcD78N7y/XYBMCyXpsEgxPIv7QxxrYgyyh0Bk?= =?us-ascii?q?MinLR65Jhbt6aW9rkBPcuYdIGfNEUKJLegEQxfCKaPUzyllTsD+nxVVA5erLEp?= =?us-ascii?q?ttihclcYO2r3JBxwJibMQ5JarOK6pV1lJQnL6Bvje01uAtxw8TP0IN8GSIeCEW?= =?us-ascii?q?vkwJN74mKjGn/uxq9AyOgTxDeHIDV/AyuPJl6ls9O/iczyLny7NDMV6+N+ieL6?= =?us-ascii?q?OfpmjBmtWFTU831kMNi0ZK56N20ds5f0qSSU8v0KObFw4VOsraNQFVc81S+WDO?= =?us-ascii?q?cimStOXNxpR1P5mgGu3zU++BqrwUgkOlHQYuGYQA9MIBEYew0EvAN8foMKYFyQ?= =?us-ascii?q?kx5ATsPFiFEPVJeBeMkDcbo8G+zIR60pRcJjAdG2pyKj+75rDJqQ82mPCDRss5?= =?us-ascii?q?Ym8GXosYMXI7QNe1mypYv3tcEja4yucZyQiE7z/7oCTfFiLxYMFiZPiOYxNgEd?= =?us-ascii?q?+2+Sgl/6iwl1HX7o3UJ3vmOtR6pt/P9eQaqo6cBPxKS7lwqF3TlJRGR3O0SW7P?= =?us-ascii?q?CsS6J4LwaoU2atz0EHm6WESliz0pV8fxIMqtLq+QjAHyQ4ZUsZWU3DAkNc+5DT?= =?us-ascii?q?EQAw5+qfwZ6q9gYgMOeIY0YRnttwsiLaO/OxuY3s+oQ2mzNTtcV+NfwvmiZ7xL?= =?us-ascii?q?0yosafe3x2ciTp4g0+a66lICRJYOjhHaxPaseZNeUTTtFXNBewXDvy05l3JuNu?= =?us-ascii?q?wq2Ocw3AvIsUUAMzCMbOFpcnZLv8s7BVyJOnh2FnA4SEWCjYXd5g6s3rYS/yRZ?= =?us-ascii?q?n9ZV3u1FsGT+vpHFbzK2Xayns5PVvDQ8bdI+ua1+LZTjIteatJPZhjHeQoPcvR?= =?us-ascii?q?GFUC67Evpam8JfICFDTflJh24qJ9IJtZBG6UorWcc0P6ZPB7U0prC2dTpkCjYf?= =?us-ascii?q?zSoDWIOa3zwNnPu827rclhefa5kjPgYLsJNejdsZVC52fz4RpLS5W4XQiWCEVn?= =?us-ascii?q?ABIB0P4gRU+AIAiohwc/j94IrPSJ9D0SRWovxzUivPGJll7F77SmaRgVjjVvqu?= =?us-ascii?q?j/ap3QVJzPL309kbXhF/BVJax+ZMmUsiMKt3JLUIvo7Wrj+Iclv3s3j3yOu7Il?= =?us-ascii?q?ld087Uekb5DIrEtGr8TjYT9WcSRYBR1HHVDY4SnBZhaKY3uFVMJ5irelr55zwh?= =?us-ascii?q?3IlpA6W0VcWwyFo/q3YJWTuqGcJbC+56qFLXRCFlY5ezpZXlIZpSWHVf+JmApF?= =?us-ascii?q?pCjUpiLTa5yYJCJMFJ/DEMRiJDoTKHvNu9UMdDw9N5D4cQItdjvHfwAKFEOJ+P?= =?us-ascii?q?rHAtp7Pg1GTZ9C4msFem2jq8BrW0T+RH8G0CAg8pPXiRqlEzD+sw9Wff6kzNvU?= =?us-ascii?q?1p8OdaHLePiV58ryp6HpBLGjlGz2ulL0hpQHlArepaNLzfc9ZATPkqeR+vJxs+?= =?us-ascii?q?GOY90EyH4U54gXX0bzF8uwZB5y/dWAw0WjUPjbf2hT0SsMenNiEGS5hQdzUucz?= =?us-ascii?q?/FKx6HmSBQpBtfcV9lVI0ZAtlf57EWxo9U/s3cSUmyNy0KQBtiOR8m3vZFk05M?= =?us-ascii?q?rlmYczjHDQW0bfbPrgF3fcCJoc6xN/T54B1IhZ77sO0j7KUDQGCmmRexTt/AqY?= =?us-ascii?q?/8qseKuVGKdKviNO28e3DBRiDWjR+snbckE4XK/y/LPQpHMZl112QrboX6BG7W?= =?us-ascii?q?ORRGO7gbKFBFVaB7btVGpv5VZ9N+dKYO469tCQqNRgnzF4y3sPlGMlHTSCzbLy?= =?us-ascii?q?qb9uy/pZzc7aDBSef6fMOB3HDHTLxrPpdh9Tb0Aa/q3pFE9krwxPht6ltwSULa?= =?us-ascii?q?PCCZsNThOgQL6dGgdkT4pJ0pGijWAJNqn3rz3UxActcXQym28JQZ1JxZ6Wz/Se?= =?us-ascii?q?Rj0kTpt+1S7bZk45Et47910ce0ObvSKfNCvE9lGBeUAAtq9o8qAGdiWW9cefMR?= =?us-ascii?q?J+3XfaQCisDiseb3GLIL6BeN4exWdcPHJ13dmsm4EjycRgFEnAYFqT4eMASc0u?= =?us-ascii?q?WIlLJqRsm+pOj2wEQt70K5Lh4cw7Bn/Z2E9baQpO/LcxvRyqAJWqrrRsP2tbks?= =?us-ascii?q?vl2d5P06m74Ue2x1ZQKnHPIbVsED2mfq1boqwj40E8PfA7Lg/+ZOV3Q9nj/7mp?= =?us-ascii?q?B9GVAWFukVHbqN84RehH03m/fFNt0Mb6BNhnqPFQO+ErAc03Kr7DGXIGZ9iBHU?= =?us-ascii?q?zx7wWX+z7EPxrSJgRCvMyNHjklZaVrapHkpSWiupNlV+sDyRIArput33ub427E?= =?us-ascii?q?EtKGDkssyClHe5MrNNA8L/PMCcITUzpF8PiJ0xXdmv1IAAFNqzPtge7XZ+buHE?= =?us-ascii?q?5GOziS9BpKVHiJTC7cGJ4PnXGmOgj6KCobWX2D9Y0mQ4vU046t24N/HP5seFTO?= =?us-ascii?q?602GsKVCdwpRfBUACppbDBqFAUI0OL2l/RmIMWJtFZwWU41kb+6ec4QdIz7wtf?= =?us-ascii?q?GZzCZ/MDuTDzICH7wUubY98sSiae1CZYEUzvHlllAqg833jws9jTmXfX4V0oSZ?= =?us-ascii?q?F6d1b7ihxvE4U4NUUt5UAPwiUZDQgCdRCbDb+vBUT/LosITFMDZgqD3Li7fKc3?= =?us-ascii?q?wEJyz6i35ODJcexzG6oNN/hajg6Un1hXAJEWvrMEQLJ6ZVBd8LTbpg/4C4joR/?= =?us-ascii?q?Lmj2Y/NeWpQsBG9sAUr3Qi7RylRxW+9ZdD760WiJSJdq5Yf5fMvNpz71p85TIV?= =?us-ascii?q?cCxCngR/hQujUe8AvODj/sTbsJ2w5+ahSqktQfkX9x8zB2h5lJv/nlQjodDR1+?= =?us-ascii?q?dBRYzYkoD//x5XI3+KoonWyR98JvQSK4izZrZv620HJzQCJ3IJJdeWbfg87DNq?= =?us-ascii?q?MDXX/VNCGdkAZdIfPMrKggBUkVbkWLRc+8vUAFOYDJ1zd88w5Wrt1D816Yc8Uv?= =?us-ascii?q?rn6DKuKpDQ80pNP+hagCtxm9zMoukVwfzPCCkY+nSZZB11zTmEy5aTEfrw+v+M?= =?us-ascii?q?yN7MXVMcAiE2S5tdJCaF+QG/ROq1k5XpUgWO5sDvgJI+cF+QSWGwnaQEtKZMCu?= =?us-ascii?q?1AiiTg0zhAF4D1meias96x52tWrFFHFph87QHdEqVFIpp7IQj4ltWsRkVkByv/?= =?us-ascii?q?Ztvbdhw1teqS2+cD/uR+N0zlZYMBJRIE0b3642JPTgRyUL72okqZXeUJadtkVv?= =?us-ascii?q?zEoH5V6YZ7Jq4BJledooLlritSpFAwHgApdKc6riZGeUnWgA1VR6H0taYPigsY?= =?us-ascii?q?Vt54t1FDGWa0OG8l/DrHUqJVjKiNB/AP9DWcULAOWV1yMixiWxO1xIlue7yxkP?= =?us-ascii?q?BFsmNHnjt9oP8u0zxnWBuzpzbhp6cM2TI84rG3qi8NuXtfTuWRiy3IE0lMzOwW?= =?us-ascii?q?jacADHbv8UC8YHgGbIbp/LlnJNjv9Yo/7HQ7exkjeTMJXfi4ASHqk6yIGpCPsM?= =?us-ascii?q?5bhBOVvcXObLyzLSsVNrkmyxLsXXt90g/YnBl29msHWDOg48E4JI+lI8Yq2jKo?= =?us-ascii?q?GXTHdFYL+q5Gq9X+tVgXTOYtclNhxGJj0tSbRi0TWsPABnw5jg8+aWVLaJhD8w?= =?us-ascii?q?MVF7E0gjaUualL5g8UbynQEoSk4onfg9zF2Hg8Tddvw2LZuLeFhpc033F/nNN0?= =?us-ascii?q?9CGOsmwId+PES89sHmTz1oBHxO3wf/WtqOEHR5d4x7m6Vf8CM9Wj+XGo15lwXU?= =?us-ascii?q?+l3LseFUKjMOAf3rfbTzulSWqAVOSMd2iDgS00Mlb25RayNV03dMZKoFMhMuvY?= =?us-ascii?q?mJFTiRftUbVqSSWMvVXb1nAsMfsGdwIqv4eqYwgKTO8XZ+iBKuki2fk+CFoXb3?= =?us-ascii?q?/VBit7EO62vkSrnIh8IXlg5l/6Yev1+AD8LNSSAgUEEZLdrpNp/Py1XH6OOX9h?= =?us-ascii?q?zB10O0l57PnfF1U3tuBCd5aRnN7Qh8l00OIfcPdtKyI9sMYJmo1/8YmUzNuKcR?= =?us-ascii?q?bJw5bwP97Vof+YDObEwkQ3fGFaTroZYQTo54U1Pt45R6ffHb1HshQAHaI6WoAu?= =?us-ascii?q?N3/t9KFoKwN+agzRZLGzgsnwvOKLZ4BUqmTQ7l0qKSfTpRwDxuazTQxhYJCgn2?= =?us-ascii?q?/yL4woRjJds91tDQNrHJBBG8MFswWqAp2Zlbqli9Cv4UN6uu4Lsa32CvzQ0tS2?= =?us-ascii?q?wZlxDNBm4hmzNSvVTIxshV5oxrCqi+rE+oH4FMenfNQDTuU9SWnAPPuOJZmyMj?= =?us-ascii?q?KDPIrHfkdC97ONmOZiXg65eDHyX63Asjatcvpj/xN/gqFifeGb9DU37qqTjNbq?= =?us-ascii?q?bntavQ+7pGSIL4Nb5VfHQ+vEUEQQAdiM9Wt+VYgQd5H1769aM9UnzcPa50926y?= =?us-ascii?q?5Y0dCtJLKopUvBnEl8cMSfZGfg3Sc0XcEoPQ6wPE03yTvVo3LcDHBeBs2pLc1k?= =?us-ascii?q?htGFSBfq4h810U0qe2EJPmfkS9CLNSBP18azaAON7g5jFdsPn+erP0U/s/v2Ab?= =?us-ascii?q?1zN5FEn/i6nKkWmtZubSfUTY5VOD+GaPciOjtXE/WKv1UjfwQFr6lwX4A5eJyD?= =?us-ascii?q?CF0IPV3Gyi7oywbGl0rueIronPKNISAL4jBEwqjD3DxkuQa0o7Caj9flXbSfa4?= =?us-ascii?q?v5CrqaESwqUXm/QjA0GFzhrVKlvfUDlOCVLWcWvhYfZSfETEZHr6R0pJ3cA3He?= =?us-ascii?q?ncVqeIYDweiAXCL9QzE+k7A9UGID/3uBWfUOXSSeKTfBiW5YqQrobqtX8GjqYp?= =?us-ascii?q?WYz65RSupQCYxJJK63WdzdLKRGKisljHMUPuqxZdfbtbkRyVXOXC0SFKyepw7W?= =?us-ascii?q?d1KfXvHJn2GjZo4SpYVh/3Nxot8=3D?= X-IPAS-Result: =?us-ascii?q?A2ByAwC4VWta/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYM/A4F?= =?us-ascii?q?aJ451jXaCAnyZAYdDVxUBAQEBAQEBAQIBaiiCOCQBgkcDAwECJAVNAwMJAQEfH?= =?us-ascii?q?woIAwFTBgESBYowAwGyCTolg3EBAYY/DAElE4Q/ghWDP4J4g2UEh2sBBIpjmTC?= =?us-ascii?q?VWQ2CG5INin+OHDUjgVBwgnyCUgMcgSwBOQJ3i2ErgiABAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 26 Jan 2018 16:24:20 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w0QGOJQD023468; Fri, 26 Jan 2018 11:24:20 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w0QEXHH9037501 for ; Fri, 26 Jan 2018 09:33:17 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w0QEXHxS007376; Fri, 26 Jan 2018 09:33:19 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1B7AABOO2taly0YGNZdGwEBAQEDAQEBC?= =?us-ascii?q?QEBAYM/gV0njgGOa4ICfJZIgheFRQKCHVQYAQEBAQEBAQECEwEBAQEBBhgGhXs?= =?us-ascii?q?DAycFTRAgHxJXBgENBYo4AbJeOiWDcQEBhj8BAQEBAQEEAQEBAQEBAQEBHxOEP?= =?us-ascii?q?4IVgz+CeINlBIdrAQSKY5kwlVkNghuSDYp/jhwfgglwgnyCUgMQDIEsATkCd4t?= =?us-ascii?q?hK4IgAQEB?= X-IPAS-Result: =?us-ascii?q?A1B7AABOO2taly0YGNZdGwEBAQEDAQEBCQEBAYM/gV0njgG?= =?us-ascii?q?Oa4ICfJZIgheFRQKCHVQYAQEBAQEBAQECEwEBAQEBBhgGhXsDAycFTRAgHxJXB?= =?us-ascii?q?gENBYo4AbJeOiWDcQEBhj8BAQEBAQEEAQEBAQEBAQEBHxOEP4IVgz+CeINlBId?= =?us-ascii?q?rAQSKY5kwlVkNghuSDYp/jhwfgglwgnyCUgMQDIEsATkCd4thK4IgAQEB?= X-IronPort-AV: E=Sophos;i="5.46,416,1511845200"; d="scan'208";a="184421" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 26 Jan 2018 09:33:18 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AMIu/RxUBsnZbGwMi4lxM9nK8ifjV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZRaDvKdThVPEFb/W9+hDw7KP9fy4AypauN3f7DhCKMUKC0dcz5?= =?us-ascii?q?1O3kQJO42sMQXDNvnkbig3ToxpdWRO2DWFC3VTA9v0fFbIo3e/vnY4ExT7Mhdp?= =?us-ascii?q?dKyuQtaBx8u42Pqv9JLNfg5GmCSyYa9oLBWxsA7dqtQajZFtJ6ot1BfFuGVEd/?= =?us-ascii?q?lZyW5pKl+YghLw6tut8JJ5/Clcp+8t+9RcXanmeqgzUKBVAikhP20p/sPgqAPN?= =?us-ascii?q?TRGI5nsSU2UWlgRHDg3Y5xzkXZn/rzX3uPNl1CaVIcP5Q7Y0WS+/76hwUx/nlD?= =?us-ascii?q?0HNz8i/27JjMF7kb9Wrwigpxx7xI7UfZ2VOf9jda7TYd8WWWxMVdtKWidfHo2z?= =?us-ascii?q?cZcAD+sZPeZZsYb9oUcOrQCjDgWoHe/j1yNEimPz0aA8zu8vExzJ3BY4EtwTsH?= =?us-ascii?q?rastv7OqQVX++3wqnHwinMYuhK2Tvh8oXEbgosre2QUb92bMHfyVMvFwTAjliI?= =?us-ascii?q?roHlJy2a1vgTvGiB9eZvS+SvhHM5pAFruTevwd0siobSi4IOzVDE8yV4zJwpKt?= =?us-ascii?q?2/TU52eNipG4ZTuSGCL4Z6XN4uTm5ytCokxbAKo4C3cScQxJkoxxPTc/KKfoqS?= =?us-ascii?q?7h7+WuucJS10iG9ldb++nRq+70ytx+vhXceuyllKtDBKktzUu3ANyRPT7s+HR+?= =?us-ascii?q?Nz8Uq/wDiB0Q7e5/9eL00oiabWKYQtzaAumZoWqkTDETX6mEDsg6+XckUo4O2o?= =?us-ascii?q?6+XjYrn+p5+cMZF7ih3mP6gwh8CyDv40PhYBUmSB5+ix26fv8EL5TblSi/05iK?= =?us-ascii?q?jZsJTUJcQBoa65BhdY3Jw95BajETimys4Uk3YBLF1YZh2HlZPmO1bUIPD3Fvq/?= =?us-ascii?q?mFOskDFrxvzcIrLhBZDNImDZkLj9ZbZ991JcyA0rwNBE+p1UEaoMIO7zW0DttN?= =?us-ascii?q?zYCQU1Mwqvw+n9Etl92YQeWXyXCK+DLKzSqUOI5v4oI+SUf48apjL9K/kj5/7z?= =?us-ascii?q?gn40gkMdfKm10psXb3C0BPJmI16Dbnb2jdcBFnkK7UICS7nSgUCGGRtUYGy/F/?= =?us-ascii?q?Yk7yw/IJqvEIOGQ4eqmrHH1yC+SNkeXXxLElCBFz/TcoyAX/odIHaJLtRJji0P?= =?us-ascii?q?Vb/nTZQokx6pqlm+g5d9L+GcwiQCtImrgNVt7vfSjjkq/CZ1FNyZ2mqACWZukT?= =?us-ascii?q?VMDx0/2a1k6Wl60E2CyuAsgfVdGMcV47VMVR0gNIX0yPZzANT/HAnGe4HNAHqv?= =?us-ascii?q?RNSrBXkTU8g+ztkVKxJxEtOjgxTB9y+nB7sckbubQpcz9/SYl1T2Osk173vK2q?= =?us-ascii?q?47gxFyTs9COWOhnKJX7QXfB4fV1U6ekvDuPfAH0SrM8nqT5Xaft0FfFghrWOPK?= =?us-ascii?q?Wm5JIgOCqdX/+1OHVLKlFK4mLhoEzMmON69HQsPmgE8AR/r5PtnaJWWrlDH0TU?= =?us-ascii?q?KMx7WRfM/pdn8b0SH1FkcJiUYQ8GyAOAx4AT2u9SaWLTphEhrKZEfq+PM2/Ha6?= =?us-ascii?q?SEAz5xuHY01oy/y+/RtDwbTIQvcI1/cItTksrx19GE20msrMDNiNrBYne79TN5?= =?us-ascii?q?d1qmxKz23U/yE1eNSAJqRml1hUO1Bsslnh2j13A4FEgM5sp3QvmllcM6WdhQdZ?= =?us-ascii?q?ei+Vx9b9PLHaMGP15h+HcKnQyxfV19PAqfRH0+gxt1i25FLhLUEl6XgyloANi3?= =?us-ascii?q?Y=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BhAABOO2taly0YGNZdGwEBAQEDAQEBC?= =?us-ascii?q?QEBAYM/gV0njgGOa4ICfJZIgheFRQKCHVQYAQEBAQEBAQECARIBAQEBAQYYBle?= =?us-ascii?q?COCQBgkcDAycFTRAgHxJXBgENBYo4AbJeOiWDcQEBhj8BAQEBAQEEAQEBAQEBA?= =?us-ascii?q?QEBHxOEP4IVgz+CeINlBIdrBYpjmTCVWQ2CG5INin+OHB+CCXCCfIJSAxAMgSw?= =?us-ascii?q?BOQJ3i2ErgiABAQE?= X-IPAS-Result: =?us-ascii?q?A0BhAABOO2taly0YGNZdGwEBAQEDAQEBCQEBAYM/gV0njgG?= =?us-ascii?q?Oa4ICfJZIgheFRQKCHVQYAQEBAQEBAQECARIBAQEBAQYYBleCOCQBgkcDAycFT?= =?us-ascii?q?RAgHxJXBgENBYo4AbJeOiWDcQEBhj8BAQEBAQEEAQEBAQEBAQEBHxOEP4IVgz+?= =?us-ascii?q?CeINlBIdrBYpjmTCVWQ2CG5INin+OHB+CCXCCfIJSAxAMgSwBOQJ3i2ErgiABA?= =?us-ascii?q?QE?= X-IronPort-AV: E=Sophos;i="5.46,416,1511827200"; d="scan'208";a="8031982" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 26 Jan 2018 14:33:17 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;86b695e0-dbe0-4b86-96e7-c7d686bc02de Authentication-Results: ucol19pa08.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 113084182|UCOL19PA08_EEMSG_MP6.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 37.139.156.29 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CuAABOO2tahx2ciyVdGwEBAQEDAQEBCQEBAYVDjgGOa4ICfJZIgheFRQIIghVUGAEBAQEBAQEBAhMBAQEKCwkIKC+FJAMDJwVNECAfElcGAQ0FijmyXjolg3EBAYY/AQEBAQEFAQEBAQEBAQEgCQEJhD+CFYM/gniDZQSHawWKY5kwlVkNghuSDYp/jhwfgglwgnyCUgMQDIEsATkCQDeLYSuCIAEBAQ X-IPAS-Result: A0CuAABOO2tahx2ciyVdGwEBAQEDAQEBCQEBAYVDjgGOa4ICfJZIgheFRQIIghVUGAEBAQEBAQEBAhMBAQEKCwkIKC+FJAMDJwVNECAfElcGAQ0FijmyXjolg3EBAYY/AQEBAQEFAQEBAQEBAQEgCQEJhD+CFYM/gniDZQSHawWKY5kwlVkNghuSDYp/jhwfgglwgnyCUgMQDIEsATkCQDeLYSuCIAEBAQ Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]) by ucol19pa08.eemsg.mail.mil with ESMTP; 26 Jan 2018 14:33:15 +0000 X-Authentication-Warning: seldlx23035.corpusers.net: 23059638 set sender to peter.enderborg@sony.com using -f X-EEMSG-check-009: 444-444 From: To: Paul Moore , Stephen Smalley , Eric Paris , James Morris , Daniel Jurgens , Doug Ledford , , , , Ingo Molnar , , "Serge E . Hallyn" Date: Fri, 26 Jan 2018 15:32:37 +0100 Message-ID: <20180126143241.23108-2-peter.enderborg@sony.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <20180126143241.23108-1-peter.enderborg@sony.com> References: <20180126143241.23108-1-peter.enderborg@sony.com> MIME-Version: 1.0 X-Mailman-Approved-At: Fri, 26 Jan 2018 11:22:23 -0500 Subject: [PATCH v2 1/5] selinux:Remove direct references to policydb. X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Peter Enderborg Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Peter Enderborg To be able to use rcu locks we seed to address the policydb though a pointer. This preparation removes the export of the policydb and send pointers to it through parameter agruments. Signed-off-by: Peter Enderborg --- security/selinux/ss/mls.c | 69 ++++++++++++++++---------------- security/selinux/ss/mls.h | 37 +++++++++-------- security/selinux/ss/services.c | 90 +++++++++++++++++++++++++++--------------- security/selinux/ss/services.h | 3 -- 4 files changed, 114 insertions(+), 85 deletions(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index ad982ce..b1f35d3 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -33,20 +33,20 @@ * Return the length in bytes for the MLS fields of the * security context string representation of `context'. */ -int mls_compute_context_len(struct context *context) +int mls_compute_context_len(struct policydb *p, struct context *context) { int i, l, len, head, prev; char *nm; struct ebitmap *e; struct ebitmap_node *node; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return 0; len = 1; /* for the beginning ":" */ for (l = 0; l < 2; l++) { int index_sens = context->range.level[l].sens; - len += strlen(sym_name(&policydb, SYM_LEVELS, index_sens - 1)); + len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1)); /* categories */ head = -2; @@ -56,17 +56,17 @@ int mls_compute_context_len(struct context *context) if (i - prev > 1) { /* one or more negative bits are skipped */ if (head != prev) { - nm = sym_name(&policydb, SYM_CATS, prev); + nm = sym_name(p, SYM_CATS, prev); len += strlen(nm) + 1; } - nm = sym_name(&policydb, SYM_CATS, i); + nm = sym_name(p, SYM_CATS, i); len += strlen(nm) + 1; head = i; } prev = i; } if (prev != head) { - nm = sym_name(&policydb, SYM_CATS, prev); + nm = sym_name(p, SYM_CATS, prev); len += strlen(nm) + 1; } if (l == 0) { @@ -86,7 +86,7 @@ int mls_compute_context_len(struct context *context) * the MLS fields of `context' into the string `*scontext'. * Update `*scontext' to point to the end of the MLS fields. */ -void mls_sid_to_context(struct context *context, +void mls_sid_to_context(struct policydb *p, struct context *context, char **scontext) { char *scontextp, *nm; @@ -94,7 +94,7 @@ void mls_sid_to_context(struct context *context, struct ebitmap *e; struct ebitmap_node *node; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return; scontextp = *scontext; @@ -103,7 +103,7 @@ void mls_sid_to_context(struct context *context, scontextp++; for (l = 0; l < 2; l++) { - strcpy(scontextp, sym_name(&policydb, SYM_LEVELS, + strcpy(scontextp, sym_name(p, SYM_LEVELS, context->range.level[l].sens - 1)); scontextp += strlen(scontextp); @@ -119,7 +119,7 @@ void mls_sid_to_context(struct context *context, *scontextp++ = '.'; else *scontextp++ = ','; - nm = sym_name(&policydb, SYM_CATS, prev); + nm = sym_name(p, SYM_CATS, prev); strcpy(scontextp, nm); scontextp += strlen(nm); } @@ -127,7 +127,7 @@ void mls_sid_to_context(struct context *context, *scontextp++ = ':'; else *scontextp++ = ','; - nm = sym_name(&policydb, SYM_CATS, i); + nm = sym_name(p, SYM_CATS, i); strcpy(scontextp, nm); scontextp += strlen(nm); head = i; @@ -140,7 +140,7 @@ void mls_sid_to_context(struct context *context, *scontextp++ = '.'; else *scontextp++ = ','; - nm = sym_name(&policydb, SYM_CATS, prev); + nm = sym_name(p, SYM_CATS, prev); strcpy(scontextp, nm); scontextp += strlen(nm); } @@ -375,12 +375,13 @@ int mls_context_to_sid(struct policydb *pol, * the string `str'. This function will allocate temporary memory with the * given constraints of gfp_mask. */ -int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) +int mls_from_string(struct policydb *p, char *str, struct context *context, + gfp_t gfp_mask) { char *tmpstr, *freestr; int rc; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return -EINVAL; /* we need freestr because mls_context_to_sid will change @@ -389,7 +390,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) if (!tmpstr) { rc = -ENOMEM; } else { - rc = mls_context_to_sid(&policydb, ':', &tmpstr, context, + rc = mls_context_to_sid(p, ':', &tmpstr, context, NULL, SECSID_NULL); kfree(freestr); } @@ -417,10 +418,10 @@ int mls_range_set(struct context *context, return rc; } -int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon) +int mls_setup_user_range(struct policydb *p, struct context *fromcon, + struct user_datum *user, struct context *usercon) { - if (policydb.mls_enabled) { + if (p->mls_enabled) { struct mls_level *fromcon_sen = &(fromcon->range.level[0]); struct mls_level *fromcon_clr = &(fromcon->range.level[1]); struct mls_level *user_low = &(user->range.level[0]); @@ -460,7 +461,7 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, * structure `c' from the values specified in the * policy `oldp' to the values specified in the policy `newp'. */ -int mls_convert_context(struct policydb *oldp, +int mls_convert_context(struct policydb *p, struct policydb *oldp, struct policydb *newp, struct context *c) { @@ -470,7 +471,7 @@ int mls_convert_context(struct policydb *oldp, struct ebitmap_node *node; int l, i; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return 0; for (l = 0; l < 2; l++) { @@ -503,7 +504,7 @@ int mls_convert_context(struct policydb *oldp, return 0; } -int mls_compute_sid(struct context *scontext, +int mls_compute_sid(struct policydb *p, struct context *scontext, struct context *tcontext, u16 tclass, u32 specified, @@ -515,7 +516,7 @@ int mls_compute_sid(struct context *scontext, struct class_datum *cladatum; int default_range = 0; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return 0; switch (specified) { @@ -524,12 +525,12 @@ int mls_compute_sid(struct context *scontext, rtr.source_type = scontext->type; rtr.target_type = tcontext->type; rtr.target_class = tclass; - r = hashtab_search(policydb.range_tr, &rtr); + r = hashtab_search(p->range_tr, &rtr); if (r) return mls_range_set(newcontext, r); - if (tclass && tclass <= policydb.p_classes.nprim) { - cladatum = policydb.class_val_to_struct[tclass - 1]; + if (tclass && tclass <= p->p_classes.nprim) { + cladatum = p->class_val_to_struct[tclass - 1]; if (cladatum) default_range = cladatum->default_range; } @@ -551,7 +552,7 @@ int mls_compute_sid(struct context *scontext, /* Fallthrough */ case AVTAB_CHANGE: - if ((tclass == policydb.process_class) || (sock == true)) + if ((tclass == p->process_class) || (sock == true)) /* Use the process MLS attributes. */ return mls_context_cpy(newcontext, scontext); else @@ -577,10 +578,10 @@ int mls_compute_sid(struct context *scontext, * NetLabel MLS sensitivity level field. * */ -void mls_export_netlbl_lvl(struct context *context, +void mls_export_netlbl_lvl(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr) { - if (!policydb.mls_enabled) + if (!p->mls_enabled) return; secattr->attr.mls.lvl = context->range.level[0].sens - 1; @@ -597,10 +598,10 @@ void mls_export_netlbl_lvl(struct context *context, * NetLabel MLS sensitivity level into the context. * */ -void mls_import_netlbl_lvl(struct context *context, +void mls_import_netlbl_lvl(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr) { - if (!policydb.mls_enabled) + if (!p->mls_enabled) return; context->range.level[0].sens = secattr->attr.mls.lvl + 1; @@ -617,12 +618,12 @@ void mls_import_netlbl_lvl(struct context *context, * MLS category field. Returns zero on success, negative values on failure. * */ -int mls_export_netlbl_cat(struct context *context, +int mls_export_netlbl_cat(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr) { int rc; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return 0; rc = ebitmap_netlbl_export(&context->range.level[0].cat, @@ -645,12 +646,12 @@ int mls_export_netlbl_cat(struct context *context, * negative values on failure. * */ -int mls_import_netlbl_cat(struct context *context, +int mls_import_netlbl_cat(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr) { int rc; - if (!policydb.mls_enabled) + if (!p->mls_enabled) return 0; rc = ebitmap_netlbl_import(&context->range.level[0].cat, diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 131d762..cb039c0 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h @@ -25,8 +25,9 @@ #include "context.h" #include "policydb.h" -int mls_compute_context_len(struct context *context); -void mls_sid_to_context(struct context *context, char **scontext); +int mls_compute_context_len(struct policydb *p, struct context *context); +void mls_sid_to_context(struct policydb *p, struct context *context, + char **scontext); int mls_context_isvalid(struct policydb *p, struct context *c); int mls_range_isvalid(struct policydb *p, struct mls_range *r); int mls_level_isvalid(struct policydb *p, struct mls_level *l); @@ -38,50 +39,55 @@ int mls_context_to_sid(struct policydb *p, struct sidtab *s, u32 def_sid); -int mls_from_string(char *str, struct context *context, gfp_t gfp_mask); +int mls_from_string(struct policydb *p, char *str, struct context *context, + gfp_t gfp_mask); int mls_range_set(struct context *context, struct mls_range *range); -int mls_convert_context(struct policydb *oldp, +int mls_convert_context(struct policydb *p, struct policydb *oldp, struct policydb *newp, struct context *context); -int mls_compute_sid(struct context *scontext, +int mls_compute_sid(struct policydb *p, struct context *scontext, struct context *tcontext, u16 tclass, u32 specified, struct context *newcontext, bool sock); -int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon); +int mls_setup_user_range(struct policydb *p, struct context *fromcon, + struct user_datum *user, struct context *usercon); #ifdef CONFIG_NETLABEL -void mls_export_netlbl_lvl(struct context *context, +void mls_export_netlbl_lvl(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr); -void mls_import_netlbl_lvl(struct context *context, +void mls_import_netlbl_lvl(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr); -int mls_export_netlbl_cat(struct context *context, +int mls_export_netlbl_cat(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr); -int mls_import_netlbl_cat(struct context *context, +int mls_import_netlbl_cat(struct policydb *p, struct context *context, struct netlbl_lsm_secattr *secattr); #else -static inline void mls_export_netlbl_lvl(struct context *context, +static inline void mls_export_netlbl_lvl(struct policydb *p, + struct context *context, struct netlbl_lsm_secattr *secattr) { return; } -static inline void mls_import_netlbl_lvl(struct context *context, +static inline void mls_import_netlbl_lvl(struct policydb *p, + struct context *context, struct netlbl_lsm_secattr *secattr) { return; } -static inline int mls_export_netlbl_cat(struct context *context, +static inline int mls_export_netlbl_cat(struct policydb *p, + struct context *context, struct netlbl_lsm_secattr *secattr) { return -ENOMEM; } -static inline int mls_import_netlbl_cat(struct context *context, +static inline int mls_import_netlbl_cat(struct policydb *p, + struct context *context, struct netlbl_lsm_secattr *secattr) { return -ENOMEM; @@ -89,4 +95,3 @@ static inline int mls_import_netlbl_cat(struct context *context, #endif #endif /* _SS_MLS_H */ - diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 33cfe5d..47d8030 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -90,7 +90,7 @@ int selinux_policycap_nnp_nosuid_transition; static DEFINE_RWLOCK(policy_rwlock); static struct sidtab sidtab; -struct policydb policydb; +static struct policydb policydb; int ss_initialized; /* @@ -117,8 +117,12 @@ struct selinux_mapping { u32 perms[sizeof(u32) * 8]; }; -static struct selinux_mapping *current_mapping; -static u16 current_mapping_size; +struct shared_current_mapping { + struct selinux_mapping *current_mapping; + u16 current_mapping_size; +}; + +static struct shared_current_mapping *crm; static int selinux_set_mapping(struct policydb *pol, struct security_class_mapping *map, @@ -208,8 +212,8 @@ static int selinux_set_mapping(struct policydb *pol, static u16 unmap_class(u16 tclass) { - if (tclass < current_mapping_size) - return current_mapping[tclass].value; + if (tclass < crm->current_mapping_size) + return crm->current_mapping[tclass].value; return tclass; } @@ -221,8 +225,8 @@ static u16 map_class(u16 pol_value) { u16 i; - for (i = 1; i < current_mapping_size; i++) { - if (current_mapping[i].value == pol_value) + for (i = 1; i < crm->current_mapping_size; i++) { + if (crm->current_mapping[i].value == pol_value) return i; } @@ -232,27 +236,32 @@ static u16 map_class(u16 pol_value) static void map_decision(u16 tclass, struct av_decision *avd, int allow_unknown) { - if (tclass < current_mapping_size) { - unsigned i, n = current_mapping[tclass].num_perms; + if (tclass < crm->current_mapping_size) { + unsigned int i, n = crm->current_mapping[tclass].num_perms; u32 result; for (i = 0, result = 0; i < n; i++) { - if (avd->allowed & current_mapping[tclass].perms[i]) + if (avd->allowed & + crm->current_mapping[tclass].perms[i]) result |= 1<current_mapping[tclass].perms[i]) result |= 1<allowed = result; for (i = 0, result = 0; i < n; i++) - if (avd->auditallow & current_mapping[tclass].perms[i]) + if (avd->auditallow & + crm->current_mapping[tclass].perms[i]) result |= 1<auditallow = result; for (i = 0, result = 0; i < n; i++) { - if (avd->auditdeny & current_mapping[tclass].perms[i]) + if (avd->auditdeny & + crm->current_mapping[tclass].perms[i]) result |= 1<current_mapping[tclass].perms[i]) result |= 1<user - 1)) + 1; *scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1; *scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1; - *scontext_len += mls_compute_context_len(context); + *scontext_len += mls_compute_context_len(&policydb, context); if (!scontext) return 0; @@ -1230,7 +1239,7 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 sym_name(&policydb, SYM_ROLES, context->role - 1), sym_name(&policydb, SYM_TYPES, context->type - 1)); - mls_sid_to_context(context, &scontextp); + mls_sid_to_context(&policydb, context, &scontextp); *scontextp = 0; @@ -1721,7 +1730,7 @@ static int security_compute_sid(u32 ssid, /* Set the MLS attributes. This is done last because it may allocate memory. */ - rc = mls_compute_sid(scontext, tcontext, tclass, specified, + rc = mls_compute_sid(&policydb, scontext, tcontext, tclass, specified, &newcontext, sock); if (rc) goto out_unlock; @@ -1935,7 +1944,7 @@ static int convert_context(u32 key, /* Convert the MLS fields if dealing with MLS policies */ if (args->oldp->mls_enabled && args->newp->mls_enabled) { - rc = mls_convert_context(args->oldp, args->newp, c); + rc = mls_convert_context(&policydb, args->oldp, args->newp, c); if (rc) goto bad; } else if (args->oldp->mls_enabled && !args->newp->mls_enabled) { @@ -2043,8 +2052,9 @@ int security_load_policy(void *data, size_t len) { struct policydb *oldpolicydb, *newpolicydb; struct sidtab oldsidtab, newsidtab; - struct selinux_mapping *oldmap, *map = NULL; + struct selinux_mapping *oldmap = NULL, *map = NULL; struct convert_context_args args; + struct shared_current_mapping *new_mapping; u32 seqno; u16 map_size; int rc = 0; @@ -2055,9 +2065,22 @@ int security_load_policy(void *data, size_t len) rc = -ENOMEM; goto out; } + new_mapping = kzalloc(sizeof(struct shared_current_mapping), + GFP_KERNEL); + if (!new_mapping) { + rc = -ENOMEM; + goto out; + } newpolicydb = oldpolicydb + 1; if (!ss_initialized) { + crm = kzalloc(sizeof(struct shared_current_mapping), + GFP_KERNEL); + if (!crm) { + rc = -ENOMEM; + goto out; + } + avtab_cache_init(); ebitmap_cache_init(); hashtab_cache_init(); @@ -2071,8 +2094,8 @@ int security_load_policy(void *data, size_t len) policydb.len = len; rc = selinux_set_mapping(&policydb, secclass_map, - ¤t_mapping, - ¤t_mapping_size); + &crm->current_mapping, + &crm->current_mapping_size); if (rc) { policydb_destroy(&policydb); avtab_cache_destroy(); @@ -2164,9 +2187,9 @@ int security_load_policy(void *data, size_t len) memcpy(&policydb, newpolicydb, sizeof(policydb)); sidtab_set(&sidtab, &newsidtab); security_load_policycaps(); - oldmap = current_mapping; - current_mapping = map; - current_mapping_size = map_size; + oldmap = crm->current_mapping; + crm->current_mapping = map; + crm->current_mapping_size = map_size; seqno = ++latest_granting; write_unlock_irq(&policy_rwlock); @@ -2516,7 +2539,8 @@ int security_get_user_sids(u32 fromsid, ebitmap_for_each_positive_bit(&role->types, tnode, j) { usercon.type = j + 1; - if (mls_setup_user_range(fromcon, user, &usercon)) + if (mls_setup_user_range(&policydb, fromcon, + user, &usercon)) continue; rc = sidtab_context_to_sid(&sidtab, &usercon, &sid); @@ -2580,7 +2604,7 @@ int security_get_user_sids(u32 fromsid, * cannot support xattr or use a fixed labeling behavior like * transition SIDs or task SIDs. * - * The caller must acquire the policy_rwlock before calling this function. + * The caller must hold rcu before calling this function. */ static inline int __security_genfs_sid(const char *fstype, char *path, @@ -2639,7 +2663,7 @@ static inline int __security_genfs_sid(const char *fstype, * @sclass: file security class * @sid: SID for path * - * Acquire policy_rwlock before calling __security_genfs_sid() and release + * Hold rcu before calling __security_genfs_sid() and release * it afterward. */ int security_genfs_sid(const char *fstype, @@ -3214,7 +3238,8 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) case AUDIT_SUBJ_CLR: case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: - rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC); + rc = mls_from_string(&policydb, rulestr, &tmprule->au_ctxt, + GFP_ATOMIC); if (rc) goto out; break; @@ -3464,9 +3489,10 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, ctx_new.user = ctx->user; ctx_new.role = ctx->role; ctx_new.type = ctx->type; - mls_import_netlbl_lvl(&ctx_new, secattr); + mls_import_netlbl_lvl(&policydb, &ctx_new, secattr); if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { - rc = mls_import_netlbl_cat(&ctx_new, secattr); + rc = mls_import_netlbl_cat(&policydb, &ctx_new, + secattr); if (rc) goto out; } @@ -3526,8 +3552,8 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) secattr->attr.secid = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; - mls_export_netlbl_lvl(ctx, secattr); - rc = mls_export_netlbl_cat(ctx, secattr); + mls_export_netlbl_lvl(&policydb, ctx, secattr); + rc = mls_export_netlbl_cat(&policydb, ctx, secattr); out: read_unlock(&policy_rwlock); return rc; diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 356bdd3..50c7ceb 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -10,8 +10,6 @@ #include "policydb.h" #include "sidtab.h" -extern struct policydb policydb; - void services_compute_xperms_drivers(struct extended_perms *xperms, struct avtab_node *node); @@ -19,4 +17,3 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, struct avtab_node *node); #endif /* _SS_SERVICES_H_ */ -