From patchwork Wed Aug 15 23:53:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schaufler, Casey" X-Patchwork-Id: 10567509 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AF15314BD for ; Thu, 16 Aug 2018 13:47:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C0F92B279 for ; Thu, 16 Aug 2018 13:47:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8FAE22B291; Thu, 16 Aug 2018 13:47:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from USFB19PA12.eemsg.mail.mil (uphb19pa09.eemsg.mail.mil [214.24.26.83]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B21BA2B279 for ; Thu, 16 Aug 2018 13:47:47 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA12.eemsg.mail.mil with ESMTP; 16 Aug 2018 13:47:45 +0000 X-IronPort-AV: E=Sophos;i="5.53,247,1531785600"; d="scan'208";a="14907597" IronPort-PHdr: 9a23:mT+ymhSWYalWkdKnJ+b5qRs7o9psv+yvbD5Q0YIujvd0So/mwa6/YhKBt8tkgFKBZ4jH8fUM07OQ7/i+HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9zIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KhlUh/ojDoMOSA//m/Zl8d8iLtXrA+9qxB6xYPffYObO+dkfq7Ffd0UW2RPUMVWWSNDDIOycpMPAugcMetWoIbyu1QAogWlBQS3GOPiyCVFimPs0KEmzegsFxzN0gw6H9IJtXTZtMv4O70JUe+rzKjD0CjNYO9W2Tjn9YjIfBQhru+WXbltdsfe1VMgFxjbgVSQs4DlJC+a1uQXvGiG4epgUfygi3Q8pgFwpDiv2tkjio3Tio0JzVDE8Dx0zYAoLtO7UE52ecOoHZRfui2AN4Z6X9kuT39ntSok0LEKpIa3cDUOxZkk3RLTdv6KfoiS7h/nUOudOzl1iXJjdbminRi961Kgxff5VsSs1VZKqTdKncfUu3AW0hzT9tCHSvxg/ke9wTqP1x7c6uVDIU0siarUMYQhwr8tlpoIq0jDHyn2mEvxjK+NaEor5vKk6/jnY7r6pp+cMJV4igfiPaQ1hsOzG+E4MgkKX2SD+OS80qPs/VHhTblXgfA7nbPVvZDHKcgBuKK0DBFZ3pw+5xqnCjepytUYnX0JLFJffxKHipDkO0rQL/D8DPe/hUmskThyy//dOb3hH5PNIWTdn7f6Zrt9905dxxYzzdBY/Z5UDKoBL+jpVk/+s9zYEAc1MxaozOb/FNV9yoQeVHqNAq+eNqPdq0OI5uI1LOmKf4IVujH9K/4g5/H0ln85hUESfbOy3ZcNb3C4BPtmKV2DYXXwmtcBDXsKvg0mQezoil2NSyJcZ3WpX6I74DE7CZymAJzNRoCpnbyA0zy0HoBQZmBaF1CAC3Dod5+LW/0UciKdPtdhkiAYVbimU4IhzQ+huxTkxLphL+rU5ioYuIni1Ndr+eLciws+9TtuD8SSy2uNVX17nnsURz8q26ByuVFyylCF0ah+nvNXC9hT5/JSXwggK5Hc1et6B8r1WgLbcdeDUEymTcm+ATEtUtIxxMcDbFthG9q4lBDOxDalA7gQl7OXHpM06b7c02L3J8lj13bMzLMhgEU+QstTKW2mgbZy+BbLB4HTiUWZlr2qeL8E3CHX7meDzHGOvFlcUAFqTarKQ2oTZkzMrdT2/knCVaOhCaw7Mgtdzs6PMqpKatv1jVpYQPfsJtHebHytm2eqBReF3bSMbJL0dGUb2SXSEkkEkwQI8naBOgkyHCCho3jRDDZ2D1Lgf1vs8fViqHO8VkI1wQCKb0lk17Wr4B4YnvKcRO0O0bIDoicusS10HEy639LUFdWPuxZhcL9bYdMn71dNzXjZuBBlPpy8M6BigUYTcwptv0z00RV4FoRAkdMxoXMv1ApyKLuU0EhPdjODx5zwPafXKmbq9hC1d6HWwk3e0MqR+qoX6/Q3sVbjvAa0Fkc58HVoydpV03yB5pnQCwoSS53xWF4t9xdmv7HafjU954TM2HJ2LKa0qD7C1MwzBOY+0BmvY9JfPLmDFA/oHM0QH9KuJ/Aym1i1chIEO/hf+7IuMMOiafSGw7KrPeZnnD+9lmRI/IF93VyK9ypgS+7HxYwJw/eG0QubTz38lkuustjrmYBYYjEfBnC/xjX5C4NKaa1yeIkKBX2oI8Kp2tV0n4TtVGJA9F6/G1MG39ekeQGcb1zn2g1QzlgXrGe8mSu+yDx1nTQpobCZ3CDUxeTtagYHMHZRRGZ+lVfsPZS0j9cCUUmmdQcpkAel6ljgx6hAv6l/MXfcQV1TcCjrKmFuSKywtqCNY8RX8pMnrT1XUPigYVCdUrP9pRoa0yfnH2RA3zA2bCultYvjnxx9km6dK2xzrHXBc8Fq2Rjf/MDcReJW3jceWil4iCXYBkS7P9mz59mbi5fDsue4V2KuTZBTdSjrzYWauyuh4m1mGxq/n+q8mtf/Cwg1zTf718V2VSXPtBv8Zojr17+mMe5+ZUlnGlv868t8GoFjnYo9n4oQ2WAbhpWT/HoIjXzzPc9d2a3gcHoHXSQLzMLN4Aj5xE1jKWqEx5j+VnWZxstuecO6bX8R2iMz9M1KE7qU46BfnSdvpVq4tw3Ra+BnnjgB0fsu9GIag+YRtQou0CqdBKsSEFJbPSPykRSI9Na+o7tLZGq1driwzkV+l8i7DL6eugFcRGr5epA6EC9o9Mp/LVbM32Pr6o7+ftnQccwctgePnhfdlOhaNogxluEQiSp8PmL9oGclxPIlghxg2pG6poeHJHt38KK/HBFYKiX/Z9kP9TH1kaZegsGW0pixHpVnBzoGR4XoTfS1HzISr/jnMRiBECEkoHeBBbXfBROf6Fthr3/XC5CkLWyXJH0CwNp+RRmdOExejBkaXDogmJ41DAeqxNbucE1h/DAe+kb4qgdQyuJvLxT/UWfepAO2ZTovTZifKxRW7g9c6EfJLcye7uVzHyRG8ZG7qgyCNHCbbRxSDW4VQkyEG0zjPr626NnO6eeYAPa+L/zLYbiVp+xRSeqHxZW10oR85zaMLMKPPnt8APInxkpPR3d5G97Wmz8XUSwYizrNb9KHpBe74iB3oNq//+r2VwL0/4SPDadSMdJ0+x2tm6iMK+uQiDx+KTZC2ZMG3WXIx6QH3F4OlyFucCGgHq8buiLKSKLQm7RXDwIAay9pL8tH8b4z0hNWOcHFjtP117h4juM6ClpeSVPgmtupZdERI22nOlLIHlqLNK+BJT3N2c33Zrm8SbJIhuVOqxKwoSqbE1PkPjmbjDbpVh+vMeZKjCyAIRNRppqychd3BmjlVt7mbQe7MNBvhz0s3bI0nm/KNXIbMTVkaUxNoaef7T1GjfhkHGxB9mRqLe+BmymD7unYLo0ZsfxkAyhukOJa+ns6waNP7C5YXPx1hDfSrtl2rlG6lemPzyBrUABJqjdKmo2Lu15tOb/e9pZeWnbJ5w4C7WKVCxsWvdRlEcHvt7pWytfRiKL5MC1C/M7M/csAG8jUL9qKMHghMRvpAD7UCw8FTT+3NW7BnEFdlfCS9mGPrpcksJTsn4AOSrBDXlwvCvwaElhlHMAFIJpvWDMrj6SUjMoT6Hq9qxnRX9lasYrBVvKJAvXvKSyVjb9aaBsU2bn4N5gcNpXn20x+bVl3hJ7KFFTLXd9TuCJhdBM7oEVW/XdlT20zwV/qagSj4H8LD/67gB43hhF4Yesz6Dfm+003KUbSpCssjEkxns3oji2Lfz7vLae/QJpWBjHuuEgrKJP7RAh0bRaskkN4KTfEXbNRj6dgdGxxjg/Tp4dPE+ZGTaJYeB8Q2e2XZ/Iw3FRYrSWn31FI5e3ECJtljwYqfpisr29a1wJkdt41KrTaJLBVwVhImqKOoiio2/gqwAAAI0YN8WWSeDMHuUETKrYmIC+o8fB25gyZhztPYm4MWOQ2ovhy7EMyJ/yAzz78075EMk2+KvCQL6aeu2jGic6EX0g91l0WmElf/Lh30MAjc0yOW0Ap0rSRCwwDNdDeJgFNc8pS6H/TcD6SseXMxJJ1OJm9FuDoTOKVqakUg0KlExwyEIgW6MQOAIWs2lnCLcj7NL4F1Qkt5APzKVqfCPRJeQ6EnykfrMG6zJ53245dJjcHDmhmKiq356zYpgkzjPqNQdc6eHEaUZUYNnguQs21hzZZv2hcDDmwyu8W0xaN7znnqyvKETb8ccRsZO2PZRx2EtG3+S8z86+siV7Y6p/ePX31Ncx+ut/T7uMXv4yHC/VVTbZhs0fcnI1YR2eyXWDWDNC7PYT9ZY43YNPoDXa6V0CwhCguT8ftJtqtKLaHgR3wT4ZOrIabxCwjNdO6FjwGBxhwpfsM675naAIfZJo7ZRrotwUgOKylPAeXzMmhQ2a3JTtRVflfwv2wZ6ZLwCo0cu+61HwgQ4kgz+at604NQ4oFgwrCxfa5fYZeTzb8GnhcewXJqio5k2lhNukywucjzhPHq0McMzWReOxvdmNEo8k2BUmOLnVuFmo4W1icgJLN4wK2w78S/ypdn9NV0eJfs3jzpZ7fbyyyV6O1s5nVtDAgbdc+qa1rLYPjOteGtI/ZnjHHSZnfqBeFUC2kGPpGm9hQJi1YTeJGmG4/P8wJpY5B6U0sVsgjPLxDEq8sqa62aTB8Fy4d0TcZV5+c3DwFmuq8w7zalhOKf5Q4Ph0Et5FCgtUGXi5zZSMeo7SjWJvKmG+eTWgLOxwT7QVK5AIPjINwefrl4IXQRp9W1zFWu+50UjfMFpRw7VT7UHyWgV7iRPWiiOGp3ANSzPPw0tYAQhJ/D1ZSx/pOnEsyNL53M7UQvpLNsjKQaUP6u2ftxfC6JFVNzM3bbEf0DIzbumrgSicc42EbRZdTyHHDEpQfiwh5aKE1q1hXPY+pZF3+6CI+x4R1Aba3SNqnx1A7onYaXy2qCcZOC/l6sFLLXz1oe4yrp4j4NJVTWGBQ/IaQpEtekEVoLyG204FcK91X7j4KQjdPvS2XvMGuR81bxc92E5gML89nu3fmBKNLIoWeo2Ett7z0zX/Z5io8v0ukyzW1B6+4VfhW/2kEFgUuPWSepVElD/Ew/WfK7lDNrld08v9ACbiBkUp9vDRwEo1ACztSyX+lKFFzQ2VcvOVBNKTZacpcTOcuZRW3IRwxCeYm31CV/UFzhXr5eTJ9uRZa+y/HQwk5Ti0VgrDzmTIAtM2oJTgaRI9WYjk7aSfKNR6bkzhNvBlDc0FqR4wZAtFd9rEHx4tb4NTNRlu3JCEYWBxiKhg43uBBlU5Ct0WYfT7SDRayefbIqB13ct+brNS1I/Th4AdHloTnvfg996oZQ32mnROiQczCr4DmrNKHrU2Oe7nkM+2nfXDOViDMgg6qibciEZbK4zDZMBBHJJli1XokfZ/hBHbJPRtcPaIbIFFbVaRgZtVYue1aYtJkeKIV+a9sGh2HRwngGIq0rPVcKVbTXzveJT2b8uOjuYLT8aDdSe/4a8yO3XnHRax3Po196TbmBbjnypNe9VDw2vd28UN2U17GPD6drN75PAME+NGidlf+vp0uBT7WD4pwkHvpxkFEacUXRjan/4kGx5xC6Xb/U+R43lL0sO1I+Llu8ZM37KxxyceoOafSLuxXsU1mAhiRHQhq84siAWhhSGBLY+8RLvjRcb4fjc/wt+D9D7YX5wGN++xFddvHIFnMms+7CjyHSBxEmgIBpSQbLgua2f6FgbV7Sd25pejjx0Ii/0S+LgMczL9z/4uE/bCIpODPZRvL0bcEQrTqRt/0rrk0vkOS4vsklKIBemNreACnFekdWdQbxmj+0aArwyUsE9nAH7L74vJDUWw2ni74kZBnA1oWAu8UHaaM/YlGmmc4gOnZO90Nf6BMhGmACBmkEqUYxn6z8SuXJ2tljQ/S3BHsW2+z60X2rSBgSyvW09jjilZVVqWwBUpKXiqoOFV3vymTMwfzr9r4p7g1418qPWD+s9KNjmShMqtNH8LjPNycPTU0pFUPgZIqR9yvwo4aFsC/INcQ7HF+duHR636vkyJav6hHgJfR7d+P9fXKB3mgiLeapK+XyDBf0Hg4skk16sq8OfHW+92KX/Oo2n4JTyhlpwvOQx61q7Lcr1AOOkyHyVzLl5IOPtFY23k4y07n6fM7QN0p6AVRCobAZv0FpTDpOzv421WfbMwtVimYzTRXGkj5EV5iGKgzwGjwpt7GlW/M+100QYl9b0PnigJxD4UkLkIt718bwjEdHggJaBCbCqyoBEv+IIsAS0cDcxSG06Kgdqcxw0Jz3qul5PXPYuxkG6oNKvFdgxaInFhaBp0WtqkeT6hne1NH9a7XoQ/iC5P8X/X9kHo9OvK0Ttpd8cADuHso+hy/SAa46Zdf87Ybj4iFdqFYbpjXp8Bw9lpp6zEJeCxMhhh/khy4XPsTpODm+NfbtoSn5vypVKY3SOUd7wI0CHhmj5vsnFAjpsna1+VbSo3Vj4Tz6hxCI36OuIbHzhZ9KOsOK4SwfLZj9nUKPDYeJ3MQPdWMb/kz/i5tPC/V51NcHsMGfckYM9bVmQBIlk3pX6le9svFGlCCDYd+bMQo73fqxzA09ps8Sfzs6DisJZDQ91tNJe9MjD1wlNLeo+gY2fjSBzYZ4XmXbxh42S2DxIOLC/nu4eWA0tfUWE0aHiQuSYdSOCKC+RC7RuqyjJjpXQeU6sj9gZ0gcEKQQme8nL8CsqZKEO5Plj/33j5AGYDpn/iVqcaj6HNLtl1bF4Z+9RjFGKRcPpV4PhT1jcurSVJ/Biv4fsHbaBwutPCQxugS/+V0L1H+apMDIhIY17L67mJYQRBwR77wolaURvkRZN9hSPPYsnBV95xvJLIVMFiavpzqoS9CqEoqDw8xdL8wsjtae1HAnAJLX6b0uaYAhRUHXN94uE9MHGewN3wk5zrDS6tZlq6RCOYa8j+LVKwBT11oMj9iQxOywJhvdaOpnepGsmxagCxwu/0q0z16RBumpyLgvaUN2Sgv+LugrjUOpWRFTvmCkyfPEVhDy/AKgrkHBnb67VyzemIDbJfz4LZ7OcTg75cu7GolbRUlYSIGQfyqCzvsgKOQHoyPrNVciQaJuMXPa7+zMCcTOq05yRLiXHh9zhPekQ1p8GQRRDWg68UoJIKnOcYq3iCoA3TUdE4Q4qNVt8v8rVsLQ/EqZlNhwWVj1M+HSzYTRMzOHWY6kAwkaWRCcJJe5h4WDa4ogiyHvqNe5AEbfC/UEpi5+onXhcrI22MyTdRtxm3NvaCFm5Uq0GFlm9Nz8y6Ot3QSd/DCX89qHHfzyp9VyfbiaPW1ruAHVIxmxayjUP8HNcmj43G22JRxWkK+wLQRBV+5P/ECxrvBVCelU2KYU/yRc2eQhzY5LlLy5R6wI10sZsdKqlMyP+rBi5NHiQ3uT6l0RiSRpF/cymwvK+UaeBwquNTvRwtfT+MLYeWYYOgn2vEzDloKYFfNHDBqEKmxqVOrg4F/PzNr5kC+KeDs9B32ddifAB8JFabEoZNrv/+3XGSMPTln1hI2dE118frPUk88vfJGcoqA2N3Xi8l/3MYbePp3dy4woNgensRk84bQmNyHdRDX04baOcDeov/eBebWiUstZCUSaZ8wSiCw64QhNcMiQJXXHKBFplJEXO49WpNlf2z476xlahh4cgfMarC5mOHroP6GYt1foHqSpl45MiqauxQF0fGyZQ19c52uwX71JdR4Sj9HotBrTAcgEIxEGOsBqRaqB9ifn6T/w9yr+lhmtukitav2F+CM1dKl0oE3VJ9foQSCJjTYAoFvg0J4nqKzhOvN1t/6DsaxV8kDUb1QS3XIe/f9FYW2NzyKN9i0L0VP6LONlqlyUhyMaiT0RYKHsjGpMLNv5kBtmd8wR/ba0DF4t+KT49D1fWwO4377oA== X-IPAS-Result: A2AMBAAogHVb/wHyM5BcHQEBBQELAYUfEhYSjFeNSJYVFIFaFxgUiCM2FgECAQEBAQEBAgFsKII1JIJfAwMBAiQTFCAOAwkBAR8hCAgDAS0VEQcHCwUYBIMBggKpdTODfgGGYopwP4hvARIBhXcCjUIwjHsHAoF/jVELFY4ukyGBSAIvYXFNI1CCaYIlF41hVk99ixmCOgEB Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 16 Aug 2018 13:47:40 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7GDlZl0024161; Thu, 16 Aug 2018 09:47:36 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w7FNsUl8004969 for ; Wed, 15 Aug 2018 19:54:30 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7FNsSho004257 for ; Wed, 15 Aug 2018 19:54:29 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1D7AQDsvHRbfSNjr8ZdHgEGDIUxFhKYLIINlhOBeguEbAKDNCE0GAECAQEBAQEBAhQBARY6hWcDAydiIDFXBxKDIoICrDgzg34BhmCJFIFYP4N2iwICjXKMeQcCgX+NUQsVjiyTIYFBN4FTTSODOYIlF41hVh8wjkEBAQ X-IPAS-Result: A1D7AQDsvHRbfSNjr8ZdHgEGDIUxFhKYLIINlhOBeguEbAKDNCE0GAECAQEBAQEBAhQBARY6hWcDAydiIDFXBxKDIoICrDgzg34BhmCJFIFYP4N2iwICjXKMeQcCgX+NUQsVjiyTIYFBN4FTTSODOYIlF41hVh8wjkEBAQ X-IronPort-AV: E=Sophos;i="5.53,245,1531800000"; d="scan'208";a="347544" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 15 Aug 2018 19:54:22 -0400 IronPort-PHdr: 9a23:K5NzeBUVoH+EcKV+qRLvyLnwwNjV8LGtZVwlr6E/grcLSJyIuqrYbRyPt8tkgFKBZ4jH8fUM07OQ7/i+HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9zIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/XlMJ+kaxVrhGmqRN9zY7Ze52ZOOZkc6/BZ94WWXZNU8BMXCJBGIO8aI4PAvIfMOlCtInyuVsPpgajCwawBOPg0CJIhnHy3aIkyeQqDAbL0xA6ENIVrnvVrM/5NLwOXuC11qbI0DvDb/dI1jfn84XIcxYhoe2SUrJ0a8be1U4vFwbcg1iWtIfrPCuV2/wQv2Wf7OdsT/+jhmwnpg1rpjWiwt0gh4fJi48T11vK7z92wJwvKt29UEN7YcCrEJ9XtyyCOYt2R9giQ2RnuCkg1rEKpYC3cDELyJs72xHTcfKHc42S7hLiUuaRPSl3hHZ/dL2jgBay9FCsyuz6VsaqzFZHtjdJn93Pu3wXyhDe6MiKRuF580qlwzqC2QDe5vlBIU8ulKrbL5AhwqQ3lpoWqUnMAjX5mF7og66WbEkk4fSn6+T9bbX7qJ+cM5F7ihvlP6QvnMy/Hfo3MgwUU2eH/uS80aXv/VflT7VSkv02jq7ZvYjBJcsFoq65AglV0pss6hukEzen0MgXnXkALF5ffhKHlJLmN0vBIPD/E/fsy2irxTRm3fbLOvjhC4/BI37ClrjJebdm91UazxI+y89W45YSAbYEZLr3W0nspJnbAwU/Pgic3enqEpN+25kYVGbJBbWWdOvWsFmV9qc0LuKRfo4JqXP4LPQ44/PGk3A0gxkecLOv0J9Rb2q3Wrx9LkGYZ2f8qssQGmcN+AwlRarlj0PGGQV2Tl2RGq49/TomE5mOCYbYWpvr2OXH2z20WtVdb3tLGxaXGnfhaouAVu0kaSSOL8snmTsBEfCtQpEskxGnshT3zZJmKPbZ/msTspennNR44eDek1cuszBzBMe10meRQmUylWQNA3c1xqFkvUF74lOC17Voxf1eCdFXofhOV0NyPITexupSD9H0RxKHf9GVRVLgSdKjUh8rSddk6NYVblc1IN6ihw3N2yewS+senqeGFdov+aLVwnb1KtxVynDa2a1nhF4jFJgcfVa6j7JyolCAT7XClF+Uwv6n X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0HwAQDsvHRbfSNjr8ZdHgEGDIUxFhKYLYINlhOBeguEbAKDNSE0GAECAQEBAQEBAgEBAhABARY6L4I1IoJiAwMnYiAxVwcSgyKCAqw4M4N+AYZgiRSBWD+DdosCAo1yjHkHAoF/jVELFY4skyGBQTeBVE0jgzmCJReNYVYfMI5BAQE X-IPAS-Result: A0HwAQDsvHRbfSNjr8ZdHgEGDIUxFhKYLYINlhOBeguEbAKDNSE0GAECAQEBAQEBAgEBAhABARY6L4I1IoJiAwMnYiAxVwcSgyKCAqw4M4N+AYZgiRSBWD+DdosCAo1yjHkHAoF/jVELFY4skyGBQTeBVE0jgzmCJReNYVYfMI5BAQE X-IronPort-AV: E=Sophos;i="5.53,245,1531785600"; d="scan'208";a="7618548" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Aug 2018 23:54:03 +0000 Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga002-icc.fm.intel.com with ESMTP; 15 Aug 2018 16:53:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,245,1531810800"; d="scan'208";a="75694064" Received: from cschaufl-mobl.amr.corp.intel.com ([10.252.130.105]) by orsmga003.jf.intel.com with ESMTP; 15 Aug 2018 16:53:57 -0700 From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, SMACK-discuss@lists.01.org, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Wed, 15 Aug 2018 16:53:52 -0700 Message-Id: <20180815235355.14908-3-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180815235355.14908-1-casey.schaufler@intel.com> References: <20180815235355.14908-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Thu, 16 Aug 2018 09:42:40 -0400 Subject: [PATCH RFC 2/5] X86: Support LSM determination of side-channel vulnerability X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Casey Schaufler When switching between tasks it may be necessary to set an indirect branch prediction barrier if the tasks are potentially vulnerable to side-channel attacks. This adds a call to security_task_safe_sidechannel so that security modules can weigh in on the decision. Signed-off-by: Casey Schaufler --- arch/x86/mm/tlb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 6eb1f34c3c85..8714d4af06aa 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include @@ -270,11 +271,14 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, * threads. It will also not flush if we switch to idle * thread and back to the same process. It will flush if we * switch to a different non-dumpable process. + * If a security module thinks that the transition + * is unsafe do the flush. */ - if (tsk && tsk->mm && - tsk->mm->context.ctx_id != last_ctx_id && - get_dumpable(tsk->mm) != SUID_DUMP_USER) - indirect_branch_prediction_barrier(); + if (tsk && tsk->mm && tsk->mm->context.ctx_id != last_ctx_id) { + if (get_dumpable(tsk->mm) != SUID_DUMP_USER || + security_task_safe_sidechannel(tsk) != 0) + indirect_branch_prediction_barrier(); + } if (IS_ENABLED(CONFIG_VMAP_STACK)) { /*