From patchwork Wed May 30 14:11:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Enderborg X-Patchwork-Id: 10439081 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4F659601E9 for ; Wed, 30 May 2018 14:21:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D34C28F93 for ; Wed, 30 May 2018 14:21:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0765129019; Wed, 30 May 2018 14:21:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from upbd19pa10.eemsg.mail.mil (upbd19pa10.eemsg.mail.mil [214.24.27.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B55B28FF0 for ; Wed, 30 May 2018 14:21:00 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa10.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 30 May 2018 14:20:58 +0000 X-IronPort-AV: E=Sophos;i="5.49,460,1520899200"; d="scan'208";a="13920394" IronPort-PHdr: =?us-ascii?q?9a23=3AG0oJTxysh+yhvQHXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd1uMQK/ad9pjvdHbS+e9qxAeQG9mDtrQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPYwhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vy?= =?us-ascii?q?i84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/RkfqPZYNgUW2?= =?us-ascii?q?xPUMhMXCBFG4+wcpcDA+8HMO1FrYfyukEOoAO+CweyCu3hyThGiX343aI1zu?= =?us-ascii?q?ohCQPL0BEuEt0Sv3rbss71ObwOUe231qTE0S/OY+9I1Tr79YPGcgohofaJXb?= =?us-ascii?q?9oa8Te11UvGB3fjl6NpoLlOS6a2foXs2eA6OpgT+2vgHMgpgFpvDev2tkjip?= =?us-ascii?q?PTio0LzFDL6Dt2wJwuKt2/Uk57bsWpEIBXtyGcN4p6WN8tQ2ZtuCsjzLANpJ?= =?us-ascii?q?21fDASxZg6yBPSZOaLfoiV7h75SuqcLil0iGh4dL6niRu/81KsxvDyW8Swyl?= =?us-ascii?q?pGsypIn9jWunwT0xHe7NWMROFn8Ue7wzmP0hje6uRDIU8pi6XWM4Uhwrsslp?= =?us-ascii?q?oLtkTDAzP2lF32jKCIckUk/fCl6/j9bbX8p5+cKpR0hhviMqUuhsO/AeM4Ph?= =?us-ascii?q?IIX2eH4uSzyKfv/Uj4QLVOlvE2k6/Zv47GJckDu6K0DABY3pwj5hqiFTuqzt?= =?us-ascii?q?sVkWcdIF5YYB6HipLmO1DKIPD2F/e/hFGsnS9wx//YOr3hA5PNLmXMkbv4Zr?= =?us-ascii?q?l97FNcyAwvwt9B/JJZEa0BIfLvVU/xs9zUFBk5MxeuzOr9B9V90Z0eVXqVAq?= =?us-ascii?q?CFKKPSrUOI5uU3LumOY48VvizyK+Ql5/H0i380gl0dfa6v3ZsScn+4BehmLF?= =?us-ascii?q?uDYXr3mNsBFn0KvgUmRuzwlFKCSSJTZ2q1X68k5DE7CpipApvARoC2h7yB2i?= =?us-ascii?q?a7HoNNa2BIDlCMDHjpeJ6ZW/cKdCKSP9VtkjseVbiuU4Uhzw2htBfmy7p7Ke?= =?us-ascii?q?rZ4iMZtZPn1Nhw+eLTjwo/9TJqAMuA1GGNVXt7nnsSRz8x3qBwv1ByykuZ3a?= =?us-ascii?q?h/mfxYGsRZ5+lVXQciKZ7c0+t6BsjvVQ3de9eJT1CmQsm7DTwqUNI+3cUOY0?= =?us-ascii?q?d8GtWliBDPxSyqDKEJl7aTHpw77rrc32TtJ8Z603vJybUhgEM8QsZUKWKmga?= =?us-ascii?q?t/+BTJCI7Sj0WVjaCqeroA3CTV7meM0XKOvF1EUA53SajFU2ofaVHQrdvl50?= =?us-ascii?q?PCVKSjCbE/MgtA0MKCMaVLasbzgVVBXvfjN8zUY3itlGeoGRaI2rSMYZLpe2?= =?us-ascii?q?oH3yXdD1UEnhsQ/XmcNgg+ATqhr3jZDDx0GlLle1ns/vVmqHOnUk80yBmHYF?= =?us-ascii?q?d82Lqv+x4am+acRugJ0b0YvSctsTJ0HEyy39jOEdqPuxJhfLlAYdM6+FpHz3?= =?us-ascii?q?/WuBFmM5yvKqBjiUQScwJpsEPyzx93EJlPkdA2rHM2ywp/MbmY0F1bdzOfxp?= =?us-ascii?q?DwJqbaKnL0/BCoZa/W30vR0NCM9qcJ9vs4t03pvBu1GUo673Vnz95V3mOS55?= =?us-ascii?q?rQCAoSTYz+Ulws9xVhubHVfDM96JjJ1X1pK6W0tSXC290xDus/1hmgZ8tfML?= =?us-ascii?q?+DFALqFc0aBsyuKOg0lFiydR8LJv5d9LQzP8+8cPuGwqGrNv56nD26lWRH/J?= =?us-ascii?q?x90kWU+ipiS+7Hw4oFw/aC3gedSzj8jFChssb4mY1fYTESH2y/xjL+BI5WfK?= =?us-ascii?q?FyepwLCWi2Kc2t2tp+n4LtW2Jf9FO7A1MG2dSpeQaLY1zmwwJQ0UUXoXq6mS?= =?us-ascii?q?q31DF0iCkprquZ3CzP3+vibwALOmhVS2l+lV3sO5S7j8gGXEi0aAgkjAGl5U?= =?us-ascii?q?H+x6hfuqt/NXXcQUBGfiXtNGFiT7e/tqGYb85I8pMovj1dUP6gblCCVr79vx?= =?us-ascii?q?wa3jvgH2RAwjA7bCqnupbnkBx8k2KdKmh8rGbDdcF33xff68TWReRN0ToeWC?= =?us-ascii?q?l4lT7XC0CkP9az4NWUk4nMsvikWGKnSp1cbzPrwJidtCug+2JqGwa/k+qomt?= =?us-ascii?q?3gDAg6yzP02MdkVSXPthb8bZfk2768Me15YkliHEX85NZiGoFijoswg4kd2W?= =?us-ascii?q?YchpqI5ncHj2HzPshb2a7kanoCWyILycbP4Af5wE1jMm6Jx4XhW3WF2MRhet?= =?us-ascii?q?26b3gK1SI888BLCL6Y7LJekitzuFa4qhjRYfdllDcH1fQu8GIag/0OuAc1wC?= =?us-ascii?q?WSGLYSHVVfPSzpjBmI4c6xo7hQZGa1a7ewzFB+ndejDL6cvg5cRGz1epA4HS?= =?us-ascii?q?9/9s9/Kk7D0GXv6oH4f9ndddcTuQeQkxfEkedVNI4xmeAQiid8P2Lyo2Ely/?= =?us-ascii?q?UnghN0xZG1opKLK2Nz86KlGhRYLCH6Z9sP+jHxiqZThsiW35qxEZp8ATUERp?= =?us-ascii?q?3oTe6vEDIJrvnoLRqBEDgmpnecA7rfEheV6F16oHLXD5CrK3aXKWEfzdV4Xh?= =?us-ascii?q?adPFRfjRsaXDU7hJ45DRyqxMLgcEd//D8R4EL3qhpWxeJsLRX/VX3fpAiwYD?= =?us-ascii?q?cuVJefNAZW7h1F50rNKcyR8Pl8ED9e/p2gsAyNLXeWZwVWAm4XREOIHVfjPq?= =?us-ascii?q?Oh5dPY6eiXGvK+L+fSYbWJseFRTOyHyZWr0otn5DaMKt6PMmN5D/IlxkVPR2?= =?us-ascii?q?t5FNrdmzUOTSwXii3MYtWHqxa84C13s9u//O7lWQ31+YuPELxSMdN19xCxm6?= =?us-ascii?q?eDOPaahDxlJjZAypMM2XjIxaAE014ThCFucD+tHK8duiHTV63Qm7VYDxgBZy?= =?us-ascii?q?N0LstI4Lo23hNRNs7DltP1yrl4g+YvBFdKT1PhhN+maNcNI2GlKlzHAkOLO6?= =?us-ascii?q?6HJT3P2M73Zqy9RadXjOVOuB26oSybHFP7PjSfiznpUAiiMf1LjCGeJhBeoo?= =?us-ascii?q?a9cxdzBmjlV93mcBq7P8F0jTAt3bI0gXbKOnIGPjhnb0NBtLuQ4j1Egv9nAW?= =?us-ascii?q?xO8mJlLfWYmyae9+TYKJYWsPtzAiRzk+Ja4Wg6xKVO4SFBRfx1hDHSocB0r1?= =?us-ascii?q?GhiOmPxSJtUABSpTZTmIKLoUJiNL3a9phAXXbL4gkA7WCXCxQEqdtqFMHvu7?= =?us-ascii?q?xQytjIkaL8Ni1O89TK8ssAH8LUMt6IMGI9MRr1Hz7ZFA0FQiCxOmHbnEFdk/?= =?us-ascii?q?aS9maJrpcgrJjsg5kOSr5BWFwzCPwaFlxvHMYeL5dvQjMkjbmbgdYS5XWgtx?= =?us-ascii?q?neWt9VvorbWfKSGvjgMzeZjaNZaBsPz7P4NZ4TOZP72kB4bFl1gpjKEVLKXd?= =?us-ascii?q?9Rui1hchM0oEJV/XdjSW0z3UTlZR6z738XFP65hQQ5hRVkYeQq7jvs5E03Jl?= =?us-ascii?q?XSrisqjEYxgcnlgSyWcDPpMai/R59WCyvpuEgqKZ70WRx1bRe1nU1qLzfLWa?= =?us-ascii?q?5ej6Z6dWBqlA/duYFDGfhCQq1YeBUQ3+2YZ+000VRArSWq3UtH5ezfCZR8kg?= =?us-ascii?q?srcJmsomlP2wJlcd45P6vQJLBGzlJInKKBojeo1vwtwA8ZP0sN632deCoJuE?= =?us-ascii?q?wOK7knKDGl8fBr6QyHhzRMYnMMV+YwrvJs6Ew9J/yKzzj83L5bNkCxK+ufIr?= =?us-ascii?q?uFu2jBkM6IRU8w1kMIlkRe4Ld20McifFCPWEw1yrueCQgJP9LYKQ5Jd8pS6G?= =?us-ascii?q?TTfSGWvOrXxZJ1PpmyGf7wQu+LtKcUhEWkHAAzEIkX9csBH4Oj0EfBIcfpMb?= =?us-ascii?q?4J0xMt6xr3JF+dFvRGZAqLkCsbo8G41JJ4xpdSJjcGDGpnLCq3+KjYphUxgP?= =?us-ascii?q?WZRtc3Ym0WXoweNnI5QMe6gTJWv2xcDDmr1eIU0AeC7yL9piTUCDnzcd9jae?= =?us-ascii?q?yJahxyE962+C8w866shV7Q6JXeKHnwNc5+td/X9eMau5GHButOTbl7skfTh4?= =?us-ascii?q?lYR3uuU27UCdC7PoX+ZZMwYNLzEXu1Tlu/izcpQMjrJ9atMrKEgQf2SoZIqI?= =?us-ascii?q?ObxiwsNdehFjECHBd9v/sD67hmZQ0EeJU2egLotx4kOKyhPgiY1tSuQ2CiKT?= =?us-ascii?q?tSTvlfwuW6Z6BZzyU2dO+6zWEsTpckwOmr6UQNXo0FjgnCxfa/YIlTSSbyFm?= =?us-ascii?q?ZBdAXPpCo5kmlhOfwxwuokwRPHr0cTPC6ReOxucmxEsMk2BUmOLnVuFmo4W1?= =?us-ascii?q?icgJLG4gG2xbAS/DVSn8pV0e1Dv3jzpZHebyiqWKO3rZXVtDcgYsU9o6FrN4?= =?us-ascii?q?zsPNeGvovEnjPDVJnQrhGFUCmiGvVAgNhQPSRYTONLmWw+OMwGuItB6VYqWc?= =?us-ascii?q?skIbxAFrUsrKiwaTV4FS4S0TMZV4SY0TwDhOe8x6XVlhOOf5QnLhMErI9Cg9?= =?us-ascii?q?sGXi5xeiMRuqmjV4DMmG+FTmgEOwAT7AtW6AIHjI9wcfjv4JDUQ59U1z5Wv/?= =?us-ascii?q?V0XzPXFplv8lv2UX2WjUT9SPq6ieCp2xxdzO702NkBRBF/EVRdx/pRlkYwKL?= =?us-ascii?q?F4MbMQsZTOsjCVbk71oXziyPO+JFZPzc3baUf4AJDCtWrmXS0W4WcUSpNXyH?= =?us-ascii?q?HDCZQSlBJ0aKQspFpSO42pZ1jx5yc6yIRzA7m3S92ky0wjrXkYWyegC8BBBP?= =?us-ascii?q?1+sFLLRD1lZIimqIn4NJpPQ29f4pmdpkxFn0VqNi621YBTK9pR4jIWWjhAvy?= =?us-ascii?q?mdtsOoSMJfwc92E4MMItBntnjmFqNLJISdrn8rtrHh0XLW5zc8sFKmyzqpAK?= =?us-ascii?q?+4U/hV/2sAFQU1P26esFUgD/Mw8mfO9VDAqkp08PlGCbiPl0pxvC1wHpRJBj?= =?us-ascii?q?ZXy3+pMUh8TH5bvOpEMqjVddJTQ+Uqbx+1JxM+DeIm31CO/UxshXf5eDByuR?= =?us-ascii?q?FH9CDBRAQ0Ti4Vgqr3mTICtM6nPyMaS4hSYjUldSvFLBibmS9PthZFd05qQ4?= =?us-ascii?q?wZAspC+7wDwYtU5NTNRlixJiweQRxiMh440eBFmk5dsUWYfiTdAhS0dfrVtR?= =?us-ascii?q?13Z8iRptazLPvl5AdHlp/nsOcg+qUBXXKmgwqtQcvar4DmqN2HrU6OdLr8M+?= =?us-ascii?q?2gYH/OUDnMggq2hbc/FZXK+DLTMAVDIZlg1XUkeYThCXLMPRleJaIUPUxbVa?= =?us-ascii?q?5gadVBv+9VedRpeLoT9q9rHRKHQQnjGIqxo/laNlzTXyjRLz2d8uyjpoLe9b?= =?us-ascii?q?rdSez7a8yNwXbHRrh7PpZ86Tn1Abfly5Re+lbs2vdw6kx6VUXGMzqfo9j7IQ?= =?us-ascii?q?ML/saifFP4vpI1BTPWHItwkH31y0FGdsoYXyqq8JACx5NC8nrwSOV40k/osO?= =?us-ascii?q?1J7LRk7IY64r9zxcezP6fSJuxQsVV7DRiMGgVq6pItDXBjSG9LZu8eNuzRfb?= =?us-ascii?q?gZjMDpsO33DLAY6ByL9OxfddvHJlvOltO5Cj6CVRxOhB0BpiICLguAy/6FnL?= =?us-ascii?q?d5ScK+pej82k8g+Fa+IQAbw7Bq/4eL4LKIpPXQbxvT07cLRrTqStn0rrQ2tE?= =?us-ascii?q?OY/eckm6IWemxpfw2nF/AQVswcxmfl1q0qyDwjEsPdELL6+f5DUX05kijmm5?= =?us-ascii?q?9jA1UcAukUEqaT/YRCgmc4nPTUNtwXc69YgGmACQWpEqQcxn639SSYPHNpgh?= =?us-ascii?q?bU0xH/WWmz9kP5rTdkQSvQyNfuilFaVrisBUZcRSWpO054sC+XPAXyqdr3vb?= =?us-ascii?q?84410xMmP5qt2CjnahOKlQH83lPtOQOy40pEgYjJcpXNygxZgbGcahINcW6H?= =?us-ascii?q?x+duHR63+3nC9BraZHgJDe4sKM9vXMA3agi6yaq7OQxDFX0XU4pUsw6sy8Of?= =?us-ascii?q?HO6dyKRO6o12ULQyd8pQTBRRi1paLfr1wOPkyLykjLkpQQPt5FxXk4yl3m5O?= =?us-ascii?q?87TdI87gpeDJjPZ+8CpT3oPDv0wEqfbMw3ViaEzjtXBUj5EV9mF6ggwGjwpt?= =?us-ascii?q?7GlW/M+100QYl9b0PnigJxD4UkLkIt718bwjEdHggJaBCbCqyoBEv+IIsAS0?= =?us-ascii?q?cDcxSG06Kgdqcxw0Jz3qul5PXPYuxkG6oNKvFdgxaSk1hZAJ0ZrbYTT657e1?= =?us-ascii?q?9Z8K7XpxbtC5L7X/f4iXUwNee5QsdA8cAWr3Ei+BqwRwK86Zdf6LYWkJWIdq?= =?us-ascii?q?lCYZjQs8Bz8Vxq5TsOdiNXhhhwkQ+5UO4bpOD54djbq4Ck6uCwW6YxX+8X7Q?= =?us-ascii?q?Q7B3xij5vsh1Auud7X2PtHSo3OkIjx7Q9DLXiLuIbczhl9JvEDK42ufLl68X?= =?us-ascii?q?UIOTISJ3UUPdqZc/M8+TNiMC3P51xeBcMBfdEYPM3NmQBSkEHmRLFT9s7GGl?= =?us-ascii?q?CFCoZzdsYo73H0yDA06pY8TOfg6CGsKpDb8l5NPulPjCNym9LevOIV2+bdCD?= =?us-ascii?q?AL4XmFbBh42iKCy4eXBPb25uiMzMzUWE4HHi4xSIdRPj2C+RaoRuCtjpXmTh?= =?us-ascii?q?uU6tPvgJI5bE+QRGK+nKoLsqZICuNBhD/03j5AGYDpnf6VtcSj6HdPvF1dDI?= =?us-ascii?q?lz9QHFGLlYPphjNhT4ks6rR0ZiCSv7fMHZbQEuuO2QxucN/+pyLU3+apEHIh?= =?us-ascii?q?gc0bL19WJVThdySL7xpluZWOMRZNhlSPPDtX1V65hvK6wIPFibupPqqC1EqF?= =?us-ascii?q?YoDw81cLUwtCBVdlHSnA1JXKb5oKUPhRUaUd5lokJMAmawOGUi5zrbS6Rakr?= =?us-ascii?q?SeBOYS8jWJQawES19oPT9mQxOpxJVufKOknehAsmNChCx9uvYr0ztiRBuyoi?= =?us-ascii?q?DsoqUN2TU7+L6mqDoBo3tFTv6FkyfJD1VDw+4GjaAGC3bt8Va8emUMbJPu4L?= =?us-ascii?q?l7IsTt7Ych7Go7YRUiZy0JQ/+tCiDxj6ONB4yArshchBqTt8nUar+zNycSPK?= =?us-ascii?q?wnyR3/X3h9zhTenBFw/WoFWjWg9t4kK5mjNss+wyqoGHTbdEwS7a9Tt8vxr1?= =?us-ascii?q?ELRvMsaVx92GVjztSHRioVSczIH2Y6kBMpaX1AcJ1Z8h8aC6gojSqUvqlc4A?= =?us-ascii?q?4bfi3YEoK79YnMhc3Iw2UyTc92xmLKoa2Inpcq0Hxjm9Np4S+CoXASd+3DU8?= =?us-ascii?q?9wGXj+zYZfxvb4Z/WqqOwHT5FmyLu5Wv8YLsaj4Xe22IltWkK9w7QRBUa2MO?= =?us-ascii?q?8CxrfdVCeoUnOYWeWNc2eSmzY5M0jy5QSnL1Etb8dKtUA9OPPYhpFAjw3hTa?= =?us-ascii?q?90RiKIqF/Z1mMjMuQaeBkttYe6fQwKUO4RZ++BJeghwP0+FEEAb3nXEitqE+?= =?us-ascii?q?W2q0KinJBnO3V85kX3eebt8gXhMNuIABkEEJXao4V3+fOgQ2KOJ35gwAd1PE?= =?us-ascii?q?lu+OfVD04xufNEc5aNgdjQgMx20fULd/doLSIwu90el5l96YaKyseKcBDQzp?= =?us-ascii?q?H0Jd3PpPiXHeHfnAwWfTQOSrcFbBmz6oM2M8QzXKfcNaBeuwVaDq8/FthpD2?= =?us-ascii?q?7s8OlRKwRpf0aFfL2phuHyr/+PI55ToGXbqFk3KXGY8yYfx+S0QAozVJWjg3?= =?us-ascii?q?H/MdhkXT5ah8F8ARthWo1UEoUPqBTxR9a5gqCww+e44UJh87sHqaPqC+vizN?= =?us-ascii?q?2j3p5pW5FR6AqMJjmHQOFJi0FolayXhe3a04K5XcHrfN4fEuw9R2nfcL7dNo?= =?us-ascii?q?KlIzmKN4T3fEsQt/aw2bR4XxHZRj3jUKeAr2XwOPxi4Eg/yKR9ce7XxToq//?= =?us-ascii?q?fQ396kIyl3oTqs5VqEOJVY9lCCUeDaUh5aTuCJ2HxoEa0ecc3/8+JYdZR229?= =?us-ascii?q?WY4g9u/BxewcCFJO6ntUaK1UVlI9aTeE/o3TspHJIHKwmlMFc9xGrepmnZDF?= =?us-ascii?q?xCIcW+b8pgmtCYClrq/UYn3Sl5Ym9HB3qtRtqLP2Uf89yxaRfM9w9RCdsH2e?= =?us-ascii?q?mtdhh8/ueJRPNnN91o0aPilLwDlcdvYWmbX8VAMCz4LLZyOitXSO7IoQ5sKl?= =?us-ascii?q?Q8uqUxEqp9I9CrK2AKNkGN2Gm6mRPLzEnxfN+E0KePPTZQ7HNK0/TE2z0KrA?= =?us-ascii?q?6876W3mMrmBYjUcJzsFNPUPCc/XDaASnxmCUu19E3itvwIseCSJn0QiksTZD?= =?us-ascii?q?PUAwkW8PM85ePMB3PezLUwNKYBg+qXDmWpEXUizvg7GzpLuEaQQvEKCQjRaT?= =?us-ascii?q?r7jXFBvBC5eaQewErJROaz/oMNCqobD45XfbucStrcP/VfI2RN9H0VO+e5Kt?= =?us-ascii?q?vbqbtxklfFVnAQHKSA8lqCBFWXTfqRy3OjXYgcs4Uu/Ct9/NXWkyI=3D?= X-IPAS-Result: =?us-ascii?q?A2AIAQANsg5b/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYNBA?= =?us-ascii?q?4EFXBYSi3tfjAGDCJM8FIFZLhMBhl4hNBgBAgEBAQEBAQIBayhCDgGBZCQBg?= =?us-ascii?q?k8DAwECJBMUIA4DCQEBPgIICAMBLRURBgEHCwUYBIMBggEDAacdM4N4AQGES?= =?us-ascii?q?4FoiDeBVD+BD4dNARIBC4VoAoc8CIRngSOLFwcCgWeMbguBO4ZShH8rkik4Y?= =?us-ascii?q?XFNI1CCQ4IgF41hATdtegEBiA6ERg4XgiEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 30 May 2018 14:20:57 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4UEKsfa011726; Wed, 30 May 2018 10:20:55 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w4UECZrP011034 for ; Wed, 30 May 2018 10:12:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4UECcOa011002; Wed, 30 May 2018 10:12:39 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DPAADrrw5bly0bGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNBgWQWEot7jGCDCJM8gXiEdwKCHCE0GAECAQEBAQEBAhQBAQEBAQYYBoYAAwM?= =?us-ascii?q?nYj8SVwYBEoMiggQBpxIzg3gBAYRLgWiIN4FUP4EPh2yFaAKHPAiEZ4EjixcHA?= =?us-ascii?q?oFnjG4LgTuGUoR/K5IpggpNI4MTgiAOCRGNUAE3bY1QgkYBAQ?= X-IPAS-Result: =?us-ascii?q?A1DPAADrrw5bly0bGNZcHAEBAQQBAQoBAYNBgWQWEot7jGC?= =?us-ascii?q?DCJM8gXiEdwKCHCE0GAECAQEBAQEBAhQBAQEBAQYYBoYAAwMnYj8SVwYBEoMig?= =?us-ascii?q?gQBpxIzg3gBAYRLgWiIN4FUP4EPh2yFaAKHPAiEZ4EjixcHAoFnjG4LgTuGUoR?= =?us-ascii?q?/K5IpggpNI4MTgiAOCRGNUAE3bY1QgkYBAQ?= X-IronPort-AV: E=Sophos;i="5.49,460,1520913600"; d="scan'208";a="288402" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 30 May 2018 10:12:39 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AiTPYJxxpkS05INnXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd0ugTI/ad9pjvdHbS+e9qxAeQG9mDtrQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPYwhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vy?= =?us-ascii?q?i84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYP+d8cKzAZ9MXXX?= =?us-ascii?q?dPUMZPWSJPAY2yaIkAD+QOMulEtIT9u0cCoAGiCQS2GO/j1jlFjWL2060g1O?= =?us-ascii?q?QhFBnL0hY+ENISrnvUtsj+OqgUUe+o0qbI1y7Mb/RM2Tfy9YPFdQghru+QXb?= =?us-ascii?q?1ua8rd01cgFwXYgVqOs4zqJDSV1v4Cs2WA9OpgUuSvim49pw5tpTivw94hh4?= =?us-ascii?q?/UjYwW0lDJ7Tt1zJs6KNGiVkJ2bsSoHIVSui2AOIZ7QtsuTm9qtSog17ELt5?= =?us-ascii?q?q2cDIXxJknxhPTceKLfoyO7xn+TuieOy14i2hgeL+nhxa970ygyurkW8a6yl?= =?us-ascii?q?hEoDRIn9fSu34XyxHf9smKRuFj8Ui/3DaPzA/T5vtBIU8ulKrbL4Qtwrsxlp?= =?us-ascii?q?oXqUjDHyn2l1vqjKKOaEko5+el5/75brjpvJOQKY15hhvxP6kugsC/BP43Mg?= =?us-ascii?q?kKX2iV4+S807jj8FXjTrpUkv05jLPZvIrVK8Qdu6G2HRVV3Z0k6xalADery8?= =?us-ascii?q?8YnX4BLFNFYh6Ik4/pO1TWLPDiEfi/m0iskCtsx/3eJb3uH47NI2PfkLbhYb?= =?us-ascii?q?l960lcxBA1zdBE/Z1YEL4BIPXtWkXprtzXEgc5MxCow+bgENh9zZ0RWWaOAq?= =?us-ascii?q?+fLaPTvkSF5v4vIuaQZI8VvyzxK/4+5/H0l3M5llgdfbf6lacQPSSgE+hrOQ?= =?us-ascii?q?OUZ3bhmN0GC2gipQ04Xarhj1jUFXZrbmu2F4c74Ss2QNa+BJrHbpiknbjE2S?= =?us-ascii?q?C8BJAQbWdDXBTEKmvlb4WJXb83bSuWJsJw2mgfWaOJV54q1RboshTzjbVgML?= =?us-ascii?q?yQsgACtJmr7NFv5vabwRwq/CZ1FOyF2nuMVHlwl2gFATgs0/Y76W50z1qYmY?= =?us-ascii?q?1/meZZDpQH5fpMXxx8MdjZyPZgCsvaXRjIddOEDl2hR4PiSR04SNM8x5csfl?= =?us-ascii?q?xyFtO5xkTP1iyrDrsXv7mGAJg99KXMmXP2IpA5g1rByaZpq1QqTMxVOSXyiq?= =?us-ascii?q?py+wbUHYLhiUiVl6+2M68b2XiJvDOYwG6PulxIeBJhWqXCG3YEbw3Zqsqvog?= =?us-ascii?q?uWS76oFKRiKQZK1NSDNroPb9rlkFFLbOnsNc6YYG+rnWq0QxGSyeXIJN7uem?= =?us-ascii?q?MAzGDeBVICngQ743mLL049Cz2nrmaYCyZhQxanKXjh6+Zz4F7zCAcUxgWOfk?= =?us-ascii?q?srn+6u9wQaiNScQvcXz7RCsyAk/XE8Vm60wtaeJpLG7y9qX6haZ94sqh8TzW?= =?us-ascii?q?vEswl2PbSkLqZ/lhgAdQlr+ULk0lN8DYAWwuYwq3Z/9AduJLjQ/VVNeimS2o?= =?us-ascii?q?r/cunPJ3X/5laibaLbwFvZytm+4aAJ+bIzrFC171LhLVYr73gyi4od6HCb/J?= =?us-ascii?q?ifSVNKCcirAE8q6xh3oa3baSAh5oTSkGdhKrSwriSdgoAUPMcOkT2YVo8Odq?= =?us-ascii?q?6JERT9VcgTBszoLe0uyBClbRMBaeZV8qN8f8arbOCP16PjOuF81CmngmJK7M?= =?us-ascii?q?E10k+F+ydmDO+d2ZEDzvw=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CjAADosA5bly0bGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNBgWQWEot7jGCDCJM8gXiEdwKCHCE0GAECAQEBAQEBAgETAQEBAQEGGAZ?= =?us-ascii?q?XgjUkAYJPAwMnYj8SVwYBEoMiggQBpxUzg3gBAYRLgWiIN4FUP4EPh2yFaAK?= =?us-ascii?q?HPAiEZ4EjixcHAoFnjG4LgTuGUoR/K5IpggpNI4MTgiAOCRGNUAE3bY1QgkY?= =?us-ascii?q?BAQ?= X-IPAS-Result: =?us-ascii?q?A0CjAADosA5bly0bGNZcHAEBAQQBAQoBAYNBgWQWEot7j?= =?us-ascii?q?GCDCJM8gXiEdwKCHCE0GAECAQEBAQEBAgETAQEBAQEGGAZXgjUkAYJPAwMnY?= =?us-ascii?q?j8SVwYBEoMiggQBpxUzg3gBAYRLgWiIN4FUP4EPh2yFaAKHPAiEZ4EjixcHA?= =?us-ascii?q?oFnjG4LgTuGUoR/K5IpggpNI4MTgiAOCRGNUAE3bY1QgkYBAQ?= X-IronPort-AV: E=Sophos;i="5.49,460,1520899200"; d="scan'208";a="13919425" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 30 May 2018 14:12:37 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;9101f906-217c-4aff-a9aa-ad306c099c4c Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC07.oob.disa.mil (Postfix) with SMTP id 40wswD3J1Mz1wyJW; Wed, 30 May 2018 14:11:40 +0000 (UTC) Received: from UPDC3CPA09_EEMSG_MP25.eemsg.mil (unknown [192.168.18.20]) by UPDCF3IC07.oob.disa.mil (Postfix) with ESMTP id 40wswB66xnz1wyJh; Wed, 30 May 2018 14:11:38 +0000 (UTC) Authentication-Results: UPDC3CPA09.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 29466651|UPDC3CPA09_EEMSG_MP25.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 37.139.156.29 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DNAADHrg5bhx2ciyVcHAEBAQQBAQoBAYU7Eot7jGCDCJM8gXiEdwIIghQhNBgBAgEBAQEBAQIUAQEBCgsJCCgvhSkDAydiPxJXBgESgyKCBaZ9M4N4AQGES4FoCQGILYFUP4EPgl+FDYVoAoc8CIRngSOLFwcCgWeMbguBO4ZShH8rkimCCk0jgxOCIA4JjWEBNz0wjVCCRgEB X-IPAS-Result: A0DNAADHrg5bhx2ciyVcHAEBAQQBAQoBAYU7Eot7jGCDCJM8gXiEdwIIghQhNBgBAgEBAQEBAQIUAQEBCgsJCCgvhSkDAydiPxJXBgESgyKCBaZ9M4N4AQGES4FoCQGILYFUP4EPgl+FDYVoAoc8CIRngSOLFwcCgWeMbguBO4ZShH8rkimCCk0jgxOCIA4JjWEBNz0wjVCCRgEB Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]) by UPDC3CPA09.eemsg.mail.mil with ESMTP; 30 May 2018 14:11:38 +0000 X-EEMSG-check-009: 444-444 From: Peter Enderborg To: , Paul Moore , Stephen Smalley , Eric Paris , James Morris , Daniel Jurgens , Doug Ledford , , , , "Serge E . Hallyn" , "Paul E . McKenney" Date: Wed, 30 May 2018 16:11:04 +0200 Message-ID: <20180530141104.28569-6-peter.enderborg@sony.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180530141104.28569-1-peter.enderborg@sony.com> References: <20180530141104.28569-1-peter.enderborg@sony.com> MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 30 May 2018 10:18:15 -0400 Subject: [PATCH V3 5/5 selinux-next] selinux: Switch to rcu read locks for avc_compute X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP To be able to preempt avc_compute we need preemptible locks, this patch switch the rwlock reads to rcu_read_lock. Signed-off-by: Peter Enderborg --- security/selinux/ss/services.c | 152 +++++++++++++++++++++-------------------- security/selinux/ss/services.h | 2 +- 2 files changed, 79 insertions(+), 75 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 954ebe490516..a9aa863c47a3 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -84,7 +84,7 @@ static struct selinux_ss selinux_ss; void selinux_ss_init(struct selinux_ss **ss) { - rwlock_init(&selinux_ss.policy_rwlock); + spin_lock_init(&selinux_ss.policy_lock); mutex_init(&selinux_ss.status_lock); selinux_ss.active_set = kzalloc(sizeof(struct selinux_ruleset), GFP_KERNEL); @@ -779,7 +779,7 @@ static int security_compute_validatetrans(struct selinux_state *state, if (!state->initialized) return 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -837,7 +837,7 @@ static int security_compute_validatetrans(struct selinux_state *state, } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -879,7 +879,7 @@ int security_bounded_transition(struct selinux_state *state, if (!state->initialized) return 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -944,7 +944,7 @@ int security_bounded_transition(struct selinux_state *state, kfree(old_name); } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -1035,7 +1035,7 @@ void security_compute_xperms_decision(struct selinux_state *state, memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p)); memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p)); - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); if (!state->initialized) goto allow; @@ -1092,7 +1092,7 @@ void security_compute_xperms_decision(struct selinux_state *state, } } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return; allow: memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p)); @@ -1122,7 +1122,7 @@ void security_compute_av(struct selinux_state *state, u16 tclass; struct context *scontext = NULL, *tcontext = NULL; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); avd_init(state, avd); xperms->len = 0; if (!state->initialized) @@ -1160,7 +1160,7 @@ void security_compute_av(struct selinux_state *state, map_decision(&state->ss->active_set->map, orig_tclass, avd, policydb->allow_unknown); out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return; allow: avd->allowed = 0xffffffff; @@ -1177,7 +1177,7 @@ void security_compute_av_user(struct selinux_state *state, struct sidtab *sidtab; struct context *scontext = NULL, *tcontext = NULL; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); avd_init(state, avd); if (!state->initialized) goto allow; @@ -1212,7 +1212,7 @@ void security_compute_av_user(struct selinux_state *state, context_struct_compute_av(policydb, scontext, tcontext, tclass, avd, NULL); out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return; allow: avd->allowed = 0xffffffff; @@ -1319,7 +1319,7 @@ static int security_sid_to_context_core(struct selinux_state *state, rc = -EINVAL; goto out; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; if (force) @@ -1335,7 +1335,7 @@ static int security_sid_to_context_core(struct selinux_state *state, rc = context_struct_to_string(policydb, context, scontext, scontext_len); out_unlock: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); out: return rc; @@ -1491,7 +1491,7 @@ static int security_context_to_sid_core(struct selinux_state *state, if (!str) goto out; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; rc = string_to_context_struct(policydb, sidtab, scontext2, @@ -1505,7 +1505,7 @@ static int security_context_to_sid_core(struct selinux_state *state, rc = sidtab_context_to_sid(sidtab, &context, sid); context_destroy(&context); out_unlock: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); out: kfree(scontext2); kfree(str); @@ -1666,7 +1666,7 @@ static int security_compute_sid(struct selinux_state *state, context_init(&newcontext); - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); if (kern) { tclass = unmap_class(&state->ss->active_set->map, orig_tclass); @@ -1806,7 +1806,7 @@ static int security_compute_sid(struct selinux_state *state, /* Obtain the sid for the context. */ rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid); out_unlock: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); context_destroy(&newcontext); out: return rc; @@ -2166,14 +2166,14 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) if (rc) goto pdcerr; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); old_set = state->ss->active_set; rc = policydb_copy(&old_set->policydb, pdc, &storage, size); /* save seq */ seqno = state->ss->latest_granting; - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); policydb_flattened_free(storage); @@ -2232,16 +2232,18 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) goto maperr; } + next_set->map.mapping = newmap.mapping; next_set->map.size = newmap.size; /* Install the new policydb and SID table. */ - write_lock_irq(&state->ss->policy_rwlock); - if (seqno == state->ss->latest_granting) { + spin_lock_irq(&state->ss->policy_lock); + if (likely(seqno == state->ss->latest_granting)) { security_load_policycaps(state, &next_set->policydb); seqno = ++state->ss->latest_granting; state->ss->active_set = next_set; - write_unlock_irq(&state->ss->policy_rwlock); + spin_unlock_irq(&state->ss->policy_lock); + synchronize_rcu(); avc_ss_reset(state->avc, seqno); selnl_notify_policyload(seqno); @@ -2260,7 +2262,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) rc = 0; goto out; } else { - write_unlock_irq(&state->ss->policy_rwlock); + spin_unlock_irq(&state->ss->policy_lock); rc = -EAGAIN; } maperr: @@ -2285,9 +2287,9 @@ size_t security_policydb_len(struct selinux_state *state) struct policydb *p = &state->ss->active_set->policydb; size_t len; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); len = p->len; - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return len; } @@ -2306,7 +2308,7 @@ int security_port_sid(struct selinux_state *state, struct ocontext *c; int rc = 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2334,7 +2336,7 @@ int security_port_sid(struct selinux_state *state, } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2352,7 +2354,7 @@ int security_ib_pkey_sid(struct selinux_state *state, struct ocontext *c; int rc = 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2380,7 +2382,7 @@ int security_ib_pkey_sid(struct selinux_state *state, *out_sid = SECINITSID_UNLABELED; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2398,7 +2400,7 @@ int security_ib_endport_sid(struct selinux_state *state, struct ocontext *c; int rc = 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2427,7 +2429,7 @@ int security_ib_endport_sid(struct selinux_state *state, *out_sid = SECINITSID_UNLABELED; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2444,7 +2446,7 @@ int security_netif_sid(struct selinux_state *state, int rc = 0; struct ocontext *c; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2474,7 +2476,7 @@ int security_netif_sid(struct selinux_state *state, *if_sid = SECINITSID_NETIF; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2509,7 +2511,7 @@ int security_node_sid(struct selinux_state *state, int rc; struct ocontext *c; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2567,7 +2569,7 @@ int security_node_sid(struct selinux_state *state, rc = 0; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2609,7 +2611,7 @@ int security_get_user_sids(struct selinux_state *state, if (!state->initialized) goto out; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2663,7 +2665,7 @@ int security_get_user_sids(struct selinux_state *state, } rc = 0; out_unlock: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); if (rc || !mynel) { kfree(mysids); goto out; @@ -2705,7 +2707,7 @@ int security_get_user_sids(struct selinux_state *state, * cannot support xattr or use a fixed labeling behavior like * transition SIDs or task SIDs. * - * The caller must acquire the policy_rwlock before calling this function. + * The caller must acquire the policy_lock before calling this function. */ static inline int __security_genfs_sid(struct selinux_state *state, const char *fstype, @@ -2767,7 +2769,7 @@ static inline int __security_genfs_sid(struct selinux_state *state, * @sclass: file security class * @sid: SID for path * - * Acquire policy_rwlock before calling __security_genfs_sid() and release + * Acquire policy_lock before calling __security_genfs_sid() and release * it afterward. */ int security_genfs_sid(struct selinux_state *state, @@ -2778,9 +2780,9 @@ int security_genfs_sid(struct selinux_state *state, { int retval; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); retval = __security_genfs_sid(state, fstype, path, orig_sclass, sid); - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return retval; } @@ -2797,7 +2799,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb) struct superblock_security_struct *sbsec = sb->s_security; const char *fstype = sb->s_type->name; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; sidtab = state->ss->active_set->sidtab; @@ -2830,7 +2832,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb) } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -2847,7 +2849,7 @@ int security_get_bools(struct selinux_state *state, return 0; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; @@ -2880,7 +2882,7 @@ int security_get_bools(struct selinux_state *state, } rc = 0; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; err: if (*names) { @@ -2914,13 +2916,14 @@ int security_set_bools(struct selinux_state *state, int len, int *values) goto errout; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); old_set = state->ss->active_set; seqno = state->ss->latest_granting; memcpy(next_set, old_set, sizeof(struct selinux_ruleset)); rc = policydb_copy(&old_set->policydb, &next_set->policydb, &storage, size); - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); + if (rc) goto out; @@ -2956,12 +2959,13 @@ int security_set_bools(struct selinux_state *state, int len, int *values) rc = 0; out: if (!rc) { - write_lock_irq(&state->ss->policy_rwlock); + spin_lock_irq(&state->ss->policy_lock); if (seqno == state->ss->latest_granting) { seqno = ++state->ss->latest_granting; state->ss->active_set = next_set; rc = 0; - write_unlock_irq(&state->ss->policy_rwlock); + spin_unlock_irq(&state->ss->policy_lock); + synchronize_rcu(); avc_ss_reset(state->avc, seqno); selnl_notify_policyload(seqno); selinux_status_update_policyload(state, seqno); @@ -2970,7 +2974,7 @@ int security_set_bools(struct selinux_state *state, int len, int *values) kfree(old_set); } else { rc = -ENOMEM; - write_unlock_irq(&state->ss->policy_rwlock); + spin_unlock_irq(&state->ss->policy_lock); printk(KERN_ERR "SELinux: %s failed in seqno %d\n", __func__, rc); policydb_destroy(&next_set->policydb); @@ -2994,7 +2998,7 @@ int security_get_bool_value(struct selinux_state *state, int rc; int len; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); policydb = &state->ss->active_set->policydb; @@ -3005,7 +3009,7 @@ int security_get_bool_value(struct selinux_state *state, rc = policydb->bool_val_to_struct[index]->state; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -3065,7 +3069,7 @@ int security_sid_mls_copy(struct selinux_state *state, context_init(&newcon); - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = -EINVAL; context1 = sidtab_search(sidtab, sid); @@ -3108,7 +3112,7 @@ int security_sid_mls_copy(struct selinux_state *state, rc = sidtab_context_to_sid(sidtab, &newcon, new_sid); out_unlock: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); context_destroy(&newcon); out: return rc; @@ -3170,7 +3174,7 @@ int security_net_peersid_resolve(struct selinux_state *state, if (!policydb->mls_enabled) return 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = -EINVAL; nlbl_ctx = sidtab_search(sidtab, nlbl_sid); @@ -3197,7 +3201,7 @@ int security_net_peersid_resolve(struct selinux_state *state, * expressive */ *peer_sid = xfrm_sid; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -3226,7 +3230,7 @@ int security_get_classes(struct selinux_state *state, return 0; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = -ENOMEM; *nclasses = policydb->p_classes.nprim; @@ -3244,7 +3248,7 @@ int security_get_classes(struct selinux_state *state, } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -3268,7 +3272,7 @@ int security_get_permissions(struct selinux_state *state, int rc, i; struct class_datum *match; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = -EINVAL; match = hashtab_search(policydb->p_classes.table, class); @@ -3297,11 +3301,11 @@ int security_get_permissions(struct selinux_state *state, goto err; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; err: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); for (i = 0; i < *nperms; i++) kfree((*perms)[i]); kfree(*perms); @@ -3334,9 +3338,9 @@ int security_policycap_supported(struct selinux_state *state, struct policydb *policydb = &state->ss->active_set->policydb; int rc; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = ebitmap_get_bit(&policydb->policycaps, req_cap); - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -3402,7 +3406,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) context_init(&tmprule->au_ctxt); - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); tmprule->au_seqno = state->ss->latest_granting; @@ -3443,7 +3447,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) } rc = 0; out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); if (rc) { selinux_audit_rule_free(tmprule); @@ -3494,7 +3498,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, return -ENOENT; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); if (rule->au_seqno < state->ss->latest_granting) { match = -ESTALE; @@ -3585,7 +3589,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, } out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return match; } @@ -3674,7 +3678,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, return 0; } - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; @@ -3710,12 +3714,12 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, } else *sid = SECSID_NULL; - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return 0; out_free: ebitmap_destroy(&ctx_new.range.level[0].cat); out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } @@ -3739,7 +3743,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (!state->initialized) return 0; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = -ENOENT; ctx = sidtab_search(state->ss->active_set->sidtab, sid); @@ -3757,7 +3761,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); out: - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); return rc; } #endif /* CONFIG_NETLABEL */ @@ -3787,9 +3791,9 @@ int security_read_policy(struct selinux_state *state, fp.data = *data; fp.len = *len; - read_lock(&state->ss->policy_rwlock); + rcu_read_lock(); rc = policydb_write(policydb, &fp); - read_unlock(&state->ss->policy_rwlock); + rcu_read_unlock(); if (rc) return rc; diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 9219649c70ed..84cbcf226551 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -33,7 +33,7 @@ struct selinux_ruleset { }; struct selinux_ss { struct selinux_ruleset *active_set; /* rcu pointer */ - rwlock_t policy_rwlock; + spinlock_t policy_lock; u32 latest_granting; struct page *status_page; struct mutex status_lock;