From patchwork Fri Aug 24 22:41:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schaufler, Casey" X-Patchwork-Id: 10577095 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9020313B8 for ; Mon, 27 Aug 2018 13:11:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B69129AA1 for ; Mon, 27 Aug 2018 13:11:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 697D729B07; Mon, 27 Aug 2018 13:11:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFBE729AF9 for ; Mon, 27 Aug 2018 13:11:34 +0000 (UTC) X-EEMSG-check-008: 582336197|UCOL19PA10_EEMSG_MP8.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="582336197" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA10.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 27 Aug 2018 13:11:33 +0000 X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="17471509" IronPort-PHdr: 9a23:pfsTcR9yRT79K/9uRHKM819IXTAuvvDOBiVQ1KB61ekQIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsL4V7A0XSmp4bltRhHmlSwLMyc1/HzLhsB1iq9QvRCvqAFlw4PMYI+bKvRwcKDac9wYS2pPQ95RWi5cDo6yYIQAE+UPMvhDr4Tmu1sDrwGzCRW2Ce/z1DNFgGL9060g0+QmFAHLxBItEMgVsHvKrNT+KbocXvy1zKbS0DXDYfdW1inn6IPVdR0uveuDXalufsvR00UvDB/KjlWKpoz4MTOV0voCs3KA4uphU+Kvl3AoqwVrrjezwccsj5DEi4QIwV7H7SV02Js5KNK3RUJhYdOoDYFcuz+VOodoWM8uXnlktDs+x7AFo5K3YSoHxZQ9yxPbb/GLaYqF7xT+X+iLOzh4nmhqeLeniha39kiv1/PzW9Gv0FZPsipFit7Mtm0R1xDL6siIVP99/kC51DaTzQ/T8OBEIV0vlabBKp4hxLAwlp0IsUvdAiD6gln2ja+KeUUk/eik8eLnban9ppCALYN0jwD+MqA2lsy+B+Q3LBQOUnCG9emz27Dv5030TKhQgvEonaTVrorWKdkDqq68GQBV04Ij6xilDzeh1dQVhWIHI0xBeBKGiYjpJl7PLOnjAve4nlSslitkyO7dPrD6HpXMLmTMkLfmfbpn7U5c0xA8wcpQ55JTFLENOOjzVVPptNzEEh85NBS5w+TgCNV7zIweRWKPDbWfMK7Js1+I4eQvI+yWa48OpDbyNeIl5+X0gX8+g18dcrGj3YELZ3CgAvRmP0KZbGLugtcDC2gFogk+TPftiF2EUD5TeW2/X6w45jEmB4OpFprDRoaxgLycxiu7GYdWZm9eAFCWDXjob5mEW+sLaC+KOs9ujCcLWqanS48gyRGusxT3y7t5IeXK5CIUr5Xj1MJ65+fLjxE96SR0D9iB02GKV2x7g2QIRzkw3K9iv0N9zlaD3LNijPNGD9xT4OlFUgAgNZ7T1+Z6Ecz9WhrdfteVT1arWsipAS0rQdIr2NIBf0F9G9C+gR/ZxCqqH6UZl7qVC5wo6qjcxWT+J95hy3ba06ksl0cpQtNVOm28h65/7BPeB5bTnEWDlqaqbrwc3CrX+2if02WCpkZYUBR/Ua/dR3AQelPWrcjl5kPFV7KuCLInMhdfxs6GNKRKb8PmjUlcRPbjI9neZHqxlHm2BRaN3LyMbY7qdH4a3CTSEkQElBoT/XmePwgkGiihu37eDCBpFV/3bULs8O1+qHalQU8u1AyKYVNu2Key+h4Pn/OcU+kT3rUGuCg/tzp0AEyx39XMC9qPvwBhZrlTYcsh4Fdb0mLUrwJ9Poa6IKBkmlEech93sljr1xVvC4VMiNMqrX0xzAZoLqKYylxBfSuC3Z/sIr3XNnXy/Be3Zq7VwF7e09GW+roU5fQ7sVrjvwapFlc4/3VgydlV3GOW5o/WAwoKTZLxTkE3+gBgqL7HeCk95p3b1Wd3PKaurjDC3sglBOw/yhavZ91fKr+LFBfuE80GAMijMPAllEKtbh0aJ+BS6K41P8S9evudxKGrPfhvnDS6jWRG+o9xyESM+DRgSuTQxZYK3+mY3hebVzf7lFqhqN34lp1faDEdG2q+xjLoBIhPaa1uZYwLE3uhI9WrxtVigJ7gQ2VY9FC5B1MBw8+pZQGfb0f73Q1X20UXpGaomS2iwzxyjT4psrKV3DbSzOT6aBoHJmlLSXFsjFj2JYi0k84VXFKzbwUyihuq+1z6yLNGpKR6NWXTRl1IfyfuJWF4TqSwrqaCY9JI6J4wtyVXUeC8YVSERb7muBYVyT3sH3FZxDwhcDGqoJr5lQRgiG2BNHZzsGbZecZoyBfB5dzTWeJR3j0cRCVilTbXBl+8P9+m/diPk5fDs+a+WHi7Vp1UayXrypmAtCSj721wHRK/h+yzmsHgEQUi1S/71sJqVTnRoBbnfIbr06W6MeR6fkhnH1L88NJ6GoB4kosxmJ4QwmIWhpOL8nobiW3zK8lU2bribHoRQj4G28TV4A/h2E1nMH2J3Z72VnKTw8Z6fNm6f38Z2jkn48BNEqeU46ROnTFprVqgsQLRff99ky8eyfQw7n4amPoEuAkzwSWbGbASG1dXPTD2mxSP9dC+o71dZHyzfrioyEp+gdehAamaog5GRXb5foktHTdq4cV5LFLDzmfz55r5eNnLc90TrAaUnw3bj+hSNZIxjOYFijRpOWL6p30lxPA0gQZo3Z6koIiNM39t876hAh5EKj31YNse+i/rjalDhcuWwYavEYhhGjkRWpvnU+6oGioItfv7LwaODCE8qnCDFLrHBwCf9UNmomnTHJCqK3GWJGAVzdt4SxmbPkBfhxoUXDoilJ4jCg+q3NDhcFt+5j0J5V75qh9MxfxzOhn6VWffqgmoZSkoSJiDLBpW6QRC6FnPPcyY8O1zAzlS/oe9owyVNmybewNIAHkHWkOeAVDjIr6u5dzb/uiWGOWxMvzOYa+UpuxGTfeIwpCv3ZV68DaQLMmPOWNiD/Ij0EpZQX95A9jZmykISyEPmSLNddCUqwqn+iJtqMC/7PPrWBn06ISVF7RSNM9j+xesgaeML+SQnjp2KS5E1pMQwn/F0KMQ00UVhyFqdjmtCqgAtTXXQKLLhKBYEwQXazhtO8tM7qI82BRNOMHAh9zp1r94lOM1C0xfWV3vgM6pedcKI2a7NF/dA0aLLruGLyXRw87reaO8VaFQjOJMuhKruDabHEjjPjKYmjb0SR+gKuBMgzudPBBEv4G9aBltA3D5TN36ch27LMN3jTouzLIuiXPFL3AcPiZnfkNKtr2f8yVYgvBlFGxA6npqNu6EmimD4+nfMJYWvuNhAj5omOJC/HQ617xV4TlYRPxynSvetMRuo1ank+aRzDpoSwBOqjFVi4KIpkhtJaLZ9pxcVnne5xIN8X+cCxIUqNt5EtfvobxfysDTlKLvLzdP69DU/cscBsjML8KHNHshMQb3FzPPCQsFTCKrNXvBiEBHl/GS7HKVpIAgqpfwgJoOVqNbVFstG/McFEtqBtgCLYx0XjMjir6bkNQH5XylrBnSRcVWpJbHWeyOAf/3MjaWkaFEZwcUwbP/NYkTLJP021d8ZVZghoTFB0rQUMtWrS1gdA87vUJN8HZmTm0pxU3kahmh4HkNGv6ohhQ2kBdxYfwx9Dfw5Fc6PkfFqzEukEkwhNrlmiucfyTrLKeqWoFXBTH0uFYtPZPmWQZ1bBGynEx+ODfCWb1Rk6NqdXp3hw/EpZtPBflcQLVAYB8X3/GYefMo0FVbqii8yk9H4/bFBYFllAswfp6mt2hA1B57bN4pOazQI7JEzkNOiaKKvy+o0P0xwQAFKkkR92OSfTIHt1YTNrk6PSao+PJj6RCakTtZZGcMT+Yqou5t9k4lJuuP0yfg07lFKkCtKuCSNL2ZtHbalc6JQ1Iw0UUIm1ND/bdozccpa1CUWFw3zLuNCxQJMtLPKR1Ub8pX83jTYSaOsOXWzJ1oPoW8FvrnQvSUuKYSnE2kAB4jH54Q4cQZApmszEbYIN/9I74ByBUi+BrkK02ADPVJfhKLlzEHrNukwZBs3IlSPDcdDXxzMSWq/LrXoBElgOabVtcsfngaRpcENm4xWMCigCFWoXJAASKt3e0E1giN8SX8pj/KAznmb9tvfvCUZQljCNuu4zUw77C2iULL8pXZP2z6L9Jiut7T5uMaoJaHD+hUQ6FkvUnBgYdVW3ukXnXTHt6yIpj/d5MjbcfoCnqgVFywlS41Rd/rPNmxNqiInR3oRYFMvYaH3jAsL9OyGyoCFBd3o+ED4KN8ahMZY5onfxHnqwQ+O7a4IAeC3dWkW3ytJidOT/lD0eW6YKRazzA2Ye+gz3svVYo3z/Wt8UEXWpEFkBXexfelZ4lRVSjzG3NdewXTpSo3jWdhLOMyzv05wBzWrVkWKyqLe/BxaGxYo9E8AkufIHtsBmUkR1+cjI/D4g+20LAR5CZdnshb3vNbv3TkuZ/fej2sUrSxqZrJqyogccQmo6ppPIzmOMSGrpDekSLDTJnRtA2FXzW3FvRAldhWPC1YRP5ImXw4Nswdo4ZB71Q+VtsmLbxVFKYsvqyqaSZjDSMK1S8ZUIeA0yYYguay3LvakhmQfY8nMBwDt5VCmcUSXDJsYiMZv6+jTITWl2mLSmQRJwcT9wtM7hoaloBsZuDl/JbITJhUxjFMufJ0Ty3LGoNr91bgS2GWgFn4SOm6nOCz2wJd0u7s2MEBWBFjEUhd2/pWlkwwJbFrLKkQu5XHsiOUeUP/p23h0u2mK0dNycfMbV33EJLFtXbgUi0b4XAUR4hPx2/EGJsPjQV5c7gkpE9QII+4Z0ny/TokyJp1H7OgT8Ck204lrWoaRyetC9dBF/xpv0/WWDJ/Z5Cms4nqO5JXQmBM4pKdsEtZnF9rMyGn1ZpWM9tN7SIUXDhTvTWdu8O/SNVY2c9qFZADP8t/tmzmGKNDJZiRuWE5taLpyn/F4TAzqlO6yC+0G6+iQOJT53ceFRkxJ2SCtkkvCPMh/Xzc8l/Rrlx5/fpXC7aUgEptpzZ9G4xBCSxS1XC5NVhzSmdJs/lCIqTPb8NcW+UyZQOoOxEmD/4pwVGG/UFuknfleCFysgxa+z7DUAUqSSYVhariliMEpsGhJzAaV4pCbS89YCfdNwKbhSdXsQ5Da0FwRZ8WHMtK9qoG3YtQ4srCU1yjKT8EXBxlMgI3z+ZfmVREsEWCdiDXFRCoeurXsh1rYceRq9akLPHj8wdDjoPorvw497kZSHK8ggCtR87Rr5PnttKWrESObLn3P/e6YXDfUDjGlQqwiqs8D5nW4yjTNxJWK5tgxno+ZpjhEmrLMg5YJ68AIkpbSKR6aclHou9GZs9rYqAJ+bR3ChKAXBPvF5SlrONaIVbLWTTeMyKB//S9oY3J67zdR/LgZsuRyHnZWK93Io116T/gG7fty4Ne/FT52ut1/ENgVVfGKzyBrMjmJg4T68mia0rivpktHTzIBZd9i2fiyV9beMoWWSKq9o4UyJRD6Hb/Ueh4yFT8sPVO97l47ok6+7JpycaxJarJLPRVr09mDQaOBgVr8JUtD3JzR2ZPbe8NMP3RZ7gWjdjyq+DrEKwa8BuV++hCZNvGIUHBn9OzCjCaSRxKhgcOsyUaLheG1/6Yh6B0VdulpfLn1U435Fi+NBEGxqh35YiY4qqIuPPXbxzJwLgBXajqQN/zrrsytE6J4P0klaQBemprbA27HukdUdQdxmT7zawwyyIjDd/DFar6+PFfT3I5gi7gm5dlElUSAfMUGLqG8J9QnmgmhuPZMccWfbpammaVEh6kEKENxmK36yeNJ2llmB7O2QnqQWyv9F/2sTN4QSzUwtfik0taTKO4CltJUiqyJ0B4rC2AMxbyuNrwo6Q141k8Mnb4u9KViGuhJLRXEtXkK9ydOik1qkgYjJ8wRtyzwYAUA8e9INMK/X5iafvR9n2knDVco6ddgIre+Nua9u/QHXm6gK2Qs6+NyyxAyngkoVE/7citNunU6N2WX/uo12gQTyBluwvCRhK1saLUr1QVOUyNzUfKl5cHPslD0nkkyk7m5OYiQNUp9AVdDIrAZO0NpSr1ODTqxVaTedU3VjOR0zFPBFL6DUF4GLQg2GL3pM/Jmmnf+1s0Rol3cEzrggd3AJs8KUIs7lgX3yUCHBMJaR+FFrGpBV7qIZECVUcddRSNxKK6dbsv3U1v3rOv4/febep9B6URMfZdihSBnENBFpIXtq0eR6l8e0RG+a7SqQXjBJLrX//8lXo/Lfe1WNxV8dgFt3s+5QayXxWg5otY77YAkZyGa6FKb57NvMB68kdm6iUCdiNIgBdliRO2T/oQpOf54tjUqJCo8PqhVL4xR+UL8Bg5H2Z+j5zwgFAlu93Yy+dcSonIiYvi8QFNIniKuJ3Z0xl9MucONYOrfKh6+HUDOiceJmgCPdyIZPkg+yVtKinc50ReAsMQYtMVJMvNmR5OhU3vQ7xT8tfbFUKZC4d0bMAk9W33yCo68ZEkSObv9Ce2JYzD71FKJ/5DjjtjlNzMpOgR2vfTBjIY4X+HZBhp2C+CzYeCC+ro9+WW1N7UT08GHjIxU4pFKzqC/QunR+Srm5XtVgOZ8dTzgJU4dEKRWnO9hqIFvbhQEeRYkCX0wiBeFpzph/KSq9es7WpXtl5EEIZ09hDFGr9QPpZ8ORT+iMarQFJwBi3hd8HIbhAuovaZxv8Q4+ViMEvzfZQULQwCy7Lm8ndVVQ9uSLnqvlaFQ+IeesZpROnDrnBP5oJqM7UPM0SFpJz2sjdIr0g7AAE3Z780rzxablfBkRZUWqb1vb4AjxUTUcR9uUBSA26wP3g+5zXfX6RPkKaREOAV8imUTqEWXURoKjl+QxKp15pwYLapmPFHsn9cnixjuvQq1CZmRBSksy32u60NwS4g+K2/tDgZvnxFSvuRnjzQCVVH1vsKlrscC3f+5lygenkMcpX97KNhJcv+6Ykr+24/bgk7fy0aQeSgDDn9j6eJAoyJrdJdiweBuMHPbb+oMSgSLa8wyRP5SHh71QjShhFo8HEEQj+49t8rOJ29Odo5xiqvAWXbcUwD7b9JsMvws14LS/A7aU1gwGVlzMeHQiwNRMrSG2c6lAQkbn9EcJ1b4x8AC6YomiqIvrVB/gwMYjfbCIel+o7LksrTxHk9S8tqxmLRpq2YiZMq0GFll8ly7iGQpHQYb/bYXNN0AnjvyodfzvTzZ/eosuAAUotm0rWhUOQZP8ml42S23YtlWk6/yrQZBVq5P/cJxq3HXCe9VW2YReOLfnCXnzY3N079+RilI14sZcdUsUA9KOrCh59blw3nS790QDufpUOIhFAkZOAXbQQ7vMKnchYGQegQYee0Iek13OZ4D0MBaWDAGS8wAOiz9RapnY5mKzBj7F/8bODF7A/rKp2RFwMCHIqcqYR+vbS+R2ScKTp7wRZvJkho5qLaEFgssuJ0bZmch57Tis593OpDcO1idWUmt9oSnJ9zwZWF28eNNxfKx9D9Is+R6vORGPDOiV8hemhHXL4Ueyv04Zk3OpgyXLiXVbdQoxlaBaE8W5EnH2b36Kxwagh0d0qZaLmyj8Ts4P7NapxfpFfX6E49KGHXvBhHgv+uTBdnYpaCg3T0PYB2RzRdotkrARxjWMNGAcEJqSKjApiJiOe6jcO8/wVxvOpZn7D3D6Xh3c+0zs1KVJhT+EKPMSyZUKJimUl0yP+5gv7d3J38E+vjf88JUK5wRWuTOeyOJZm2Nj/bYpG0QEVB6bPJleshXw== X-IPAS-Result: A2CPAQBJ94Nb/wHyM5BbHQEBBQELAYUzFhKMAV+jeBSBXxIYFIgINBgBAgEBAQEBAQIBbCiCNSSCXwMDAQI3FCAOAwkBAUAICAMBLRURBwcLBRgEgwCCAqQpimGHD4QfP4N2hHkBEgGFdwKNWzCNIQcCggQEjVwLF45Jk0mBQThhcU0jUIJpgiUXjjdPfYlfgjsBAQ Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 27 Aug 2018 13:11:32 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7RDBPY1027258; Mon, 27 Aug 2018 09:11:30 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w7OMfpdF010449 for ; Fri, 24 Aug 2018 18:41:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7OMfnDM009522 for ; Fri, 24 Aug 2018 18:41:51 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwOBCVFXBxKDIYICpFiKZ4ZZgkeBWD+DdosEAo4GjR0HAoIEBI1cCxeOQ5NEgUE3gVNNI4M5giUXjjdPj1kBAQ X-IPAS-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwOBCVFXBxKDIYICpFiKZ4ZZgkeBWD+DdosEAo4GjR0HAoIEBI1cCxeOQ5NEgUE3gVNNI4M5giUXjjdPj1kBAQ X-IronPort-AV: E=Sophos;i="5.53,284,1531800000"; d="scan'208";a="354308" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 24 Aug 2018 18:41:39 -0400 IronPort-PHdr: 9a23:kObHWBVmbMpQHAfeK2mZ8yp32h7V8LGtZVwlr6E/grcLSJyIuqrYbRyBt8tkgFKBZ4jH8fUM07OQ7/i/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9wIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/XlMJ+kaxVrhGmqRN9zY7Ze52ZOOZkc6/BZ94WWXZNU8BMXCJBGIO8aI4PAvIfMOlCtInyuVsPpgajCwawBOPg0CJIhnHy3aIkyeQqDAbL0xA6ENIVrnvVrM/5NLwOXuC11qbI0DvDb/dI1jfn84XIcxYhoe2SUrJ0a8be1U4vFwbcg1iWtIfrPCuV2/wQv2Wf7OdsT/+jhmwnpg1rpjWiwt0gh4fJi44N11zJ8SZ0zJwoKdC6SEN3e9qpHZ9KuyyYMYZ9X9ksTHtyuCkgz70LoZ67czYOyJQg3xPfZfmHc5ON4hLsTumdPSt0iGx8dLK+mxm97VKsyuP5VsWu0VZKqDZFncfItnwXyxPT7c2HRuN8/kenxzmPyxje5vxALE03j6bXNpwsz74qmpcXtUnPBCH7lUXugK+TbEok++yo6+r9YrXho5+RL5N7hRvlMqswms2zG/84PRQOX2eB5OS82rnj8lPjQLhRj/02lLXZv47eJcgBuqG5BApV3p456xmjFzemzMgYnX4fIVJeZh2Hi4npO1fTIPH3Fvq/n1Stnytrx/DBJLHhBI7NIWLZnLfuerZ99R0U9A1mzt1F4Z9QT7EIOv7+XE73u/TcDwQlKEqz2+vhF9x50sUVXmfLSquYNr7C9FyF/OQiJ8GSa4IP/jXwMf4o47jpl3B90Vsce7S5mIAaY22iH+h3ZkCebWfoj/8fHmoQ+AkzVurnjBuFSzEXL22/W6M6+yETFJOtDYCFQJukxrOGwmPzFZRNa3EAEVuMGGrmc4iec/YKdC+WZMRml3hMWbG/Rskh3Be1uQnSyrx7I+6S8Sod8drv2d546uuViVc+8jd3J8Wbz2yJCWpzmydARCU3x7xyp2R5y1Gewe55heBVEZpY4PYNGg4gN5fa5+h7Dc3iHAPHYtqNDl2hR4aIGzY0G/k42NIfK312G9y/gBTOxWL+CLYOmq3NH5c0+7/S23XrD8d713vCkqImig91EYN0KWS6i/snpEDoDInTnhDBmg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDgQlRVwcSgyGCAqRYimeGWYJHgVg/g3aLBAKOBo0dBwKCBASNXAsXjkOTRIFBN4FUTSODOYIlF443T49ZAQE X-IPAS-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDgQlRVwcSgyGCAqRYimeGWYJHgVg/g3aLBAKOBo0dBwKCBASNXAsXjkOTRIFBN4FUTSODOYIlF443T49ZAQE X-IronPort-AV: E=Sophos;i="5.53,284,1531785600"; d="scan'208";a="7625032" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 22:41:38 +0000 Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7]) by fmsmga002-icc.fm.intel.com with ESMTP; 24 Aug 2018 15:41:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; d="scan'208";a="84307211" Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.2.129]) by fmsmga001.fm.intel.com with ESMTP; 24 Aug 2018 15:41:18 -0700 From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Fri, 24 Aug 2018 15:41:13 -0700 Message-Id: <20180824224117.3356-2-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180824224117.3356-1-casey.schaufler@intel.com> References: <20180824224117.3356-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Mon, 27 Aug 2018 09:03:59 -0400 Subject: [PATCH v4 1/5] LSM: Introduce a hook for side-channel danger X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP There may be cases where the data maintained for security controls is more sensitive than general process information and that may be subjected to side-channel attacks. An LSM hook is provided so that this can be check for where the system would take action should the current task have potential access to the passed task. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 7 +++++++ include/linux/security.h | 1 + security/security.c | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a08bc2587b96..fd2a7e6beb01 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -698,6 +698,11 @@ * security attributes, e.g. for /proc/pid inodes. * @p contains the task_struct for the task. * @inode contains the inode structure for the inode. + * @task_safe_sidechannel: + * Check if a side channel attack is harmless for the current task and @p. + * The caller may have determined that no attack is possible, in which + * case this hook won't get called. + * @p contains the task_struct for the task. * * Security hooks for Netlink messaging. * @@ -1611,6 +1616,7 @@ union security_list_options { int (*task_prctl)(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void (*task_to_inode)(struct task_struct *p, struct inode *inode); + int (*task_safe_sidechannel)(struct task_struct *p); int (*ipc_permission)(struct kern_ipc_perm *ipcp, short flag); void (*ipc_getsecid)(struct kern_ipc_perm *ipcp, u32 *secid); @@ -1897,6 +1903,7 @@ struct security_hook_heads { struct hlist_head task_kill; struct hlist_head task_prctl; struct hlist_head task_to_inode; + struct hlist_head task_safe_sidechannel; struct hlist_head ipc_permission; struct hlist_head ipc_getsecid; struct hlist_head msg_msg_alloc_security; diff --git a/include/linux/security.h b/include/linux/security.h index 3410acfe139c..69a5526f789f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -366,6 +366,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); +int security_task_safe_sidechannel(struct task_struct *p); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); int security_msg_msg_alloc(struct msg_msg *msg); diff --git a/security/security.c b/security/security.c index 4927e7cc7d96..353b711e635a 100644 --- a/security/security.c +++ b/security/security.c @@ -1165,6 +1165,11 @@ void security_task_to_inode(struct task_struct *p, struct inode *inode) call_void_hook(task_to_inode, p, inode); } +int security_task_safe_sidechannel(struct task_struct *p) +{ + return call_int_hook(task_safe_sidechannel, 0, p); +} + int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) { return call_int_hook(ipc_permission, 0, ipcp, flag);