From patchwork Fri May 11 00:52:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10394407 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4C56C601A0 for ; Fri, 11 May 2018 14:40:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E4FD28E89 for ; Fri, 11 May 2018 14:40:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3C6FB28EB5; Fri, 11 May 2018 14:40:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.4 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from upbd19pa10.eemsg.mail.mil (upbd19pa10.eemsg.mail.mil [214.24.27.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1095D28E93 for ; Fri, 11 May 2018 14:40:20 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa10.eemsg.mail.mil with ESMTP; 11 May 2018 14:40:20 +0000 X-IronPort-AV: E=Sophos;i="5.49,389,1520899200"; d="scan'208";a="13190223" IronPort-PHdr: =?us-ascii?q?9a23=3Azzkizxx4HtOhSZ3XCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd1eoVLPad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vy?= =?us-ascii?q?i84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/RkfqPZYNgUW2?= =?us-ascii?q?xPUMhMXCBFG4+wcpcDA+8HMOlfrYbyvVsOrRy5BQW1He/i1jFFi37r0aEjz+?= =?us-ascii?q?gtDBzN0Ag+E94StXjZqsj+OqUPXuCv1KTG0zvDYfNV1znz5ofHfRIuru2DU7?= =?us-ascii?q?xtacrcy1QjGg3bgVWLsoHlIzGY2/4Rv2SH4edtV+SigHMnpQFrpTivw98hh5?= =?us-ascii?q?fTiYIO1F/F9ThyzpspKt24UkF7fNCkEJ9OuCGAKoB7Rd8tTHtzuCkkyrwLoo?= =?us-ascii?q?W7czQKyJs92h7fZfiHfJaS4h76SOmeOy10i25ieLK6nhu/91WrxO7kVsSszV?= =?us-ascii?q?pHoSVInsPMu3wQzRDf9MeKRuVn8ku8wTqC1gLe5vtZLU01kafXMZ8sz74qmp?= =?us-ascii?q?YNr0jOESn7k1jsgqCMbEUr4O2o5vziYrXhu5CTKZd5ihr7MqQygsy/Bvk4Mh?= =?us-ascii?q?QWU2ib5+u80Lrj8FXlQLpQlP02k7TZsIvAKcQHpq+2Hw9V0oE55xa5Ezimy8?= =?us-ascii?q?gXkWMCLFJEfBKLl4npO1fQL/DkFfqznluhnThxy/3GI7HtGIvBI3fdnLv7YL?= =?us-ascii?q?px80tcxxAyzdBb6ZJUELYBIPfrV0/qqtPYCh45Mwqpw+foEdlyzYQeWX+JAq?= =?us-ascii?q?CFLqzSqkSF5v4vIuaQZI8VvyzxK/4+5/H0l3M5llgdfbex0ZsNdH+4BuhmI1?= =?us-ascii?q?meYXf0gNcBFmEKsRAiTOzqklKCVyVeZ3S1X6I64zE0EpmmDZvdSYC3m7yNxi?= =?us-ascii?q?C7HodZZmpeEFCDDW/od5mYW/cLcC+SIM1hnSYYWriiUI8h0heutA7ky7d8IO?= =?us-ascii?q?rU/jAYtJ3429ho4e3TiQwy+SZzD8SH3GGHV3t0kX8QRz8qwKB/plRwyk+d3q?= =?us-ascii?q?djnfNYE91T5+9OUgohNJ7T0fJ1BM7oVgLGZNeJR06sQs+6DjEpUtIx39gObl?= =?us-ascii?q?5gFNWliBDD2TelDKERl7yKH5E76LzT32L2J8pnzHbGzqYhhUE8QsRTLW2mmr?= =?us-ascii?q?J/9w/LCoHUj0WWjbyqeL8A0y7K8WeM0XCBvFpEUAJqV6XKQ2wfbFPMrdvl/k?= =?us-ascii?q?PCU6OuCbM/PwRf0c6NMLFKatzyjVhdXPfsIs7eY2Oqm2eoARaH3K+DY5Twd2?= =?us-ascii?q?UaxiXdB1AOkxoP8naeKQg+GiChrnrfDDxoCVLgfUfs/vd7qHylUk801QGLYl?= =?us-ascii?q?Zm17qt5BEVg/mcROkS3rIAoyghrDp1EEy639LMBNqKvxBhc7lEYdMh/FdH0n?= =?us-ascii?q?rUtgx8P5ynKaBvnVsecwBus0Pv0RV7EINAntIwrHMpzQpyN7yX3ElHdzyGwZ?= =?us-ascii?q?D6IqfXJXXq/BCzd67W3UnT0diX+qcL7fQ3tU/jsRqnFkU87npn1MNV3GGE5p?= =?us-ascii?q?XQCwoSU4z+XVor9xRgoLHaeCY97ZvO1XJwKam0riPC29UxCesr0BavZdFfP7?= =?us-ascii?q?+FFA/pCMAaAtCuKO0zl1iyYBMEJ/pe9KkuP8Opb/GGwrKkPP58nDK6imRK+I?= =?us-ascii?q?N93ViP9yp7V+7FxJUFzOub3guASjfwllChstr4mYpcfzEdAnK/yTT4BI5Wfq?= =?us-ascii?q?B9Z5sECX2vI8Kp3NVznITiVGJd9FK5AFMGwsCpcwKIb1PhxQ1QyVgXoXu/lC?= =?us-ascii?q?Sk1TN0ly8mrrGD3C3OxOTvbwEHNXJKRGZ8i1fsPYm0gMoAUEiucQcpiAOv5V?= =?us-ascii?q?zmyKhDuKR/M27TTF9SfyfrMm5vSaSwtr+NYsJV7pMnrzlXWvymYV+GUr79vw?= =?us-ascii?q?ca0yT7EmtFyjA7bTaquo7lnxFhk2KdKnFzrXTcec5qwxfT/trcSuBN3jAeXi?= =?us-ascii?q?l3lSHXBkSgP9mu5diVmY3MsuSiV22/TJ1TajLmzZ2euyuh/mJqHBi/k+q0mt?= =?us-ascii?q?39HggwyTX72MVyVSXUsBb8ZZHm17q7Me17YkloA0X859BmFYF+lYswgp4Q1G?= =?us-ascii?q?MehpWU+3oIi33zMdJB1aL5dnoNSiYBw8TJ7wj9xE1jMnWJypr9VnWc2cthe8?= =?us-ascii?q?C2YngI1SI57sBKDrqU7bNfkCtuulq4rATRYflhkTcG0/cu7mAVg/0Rsgo30i?= =?us-ascii?q?qdGqwSHVVfPSH0jRSI6NS+rKFJa2a1bbew00R/kMu6DLGfvg5cQ2z1epA4HS?= =?us-ascii?q?9/9s9/Kk7D0GXv6oH4f9ndddETuQOSkxfblOVVK4w+lvwRhSphJ239oWcpy+?= =?us-ascii?q?khjRxhxZu6ppSIK31x/KKlBR5VLiX1aNkO+jHpk6lehtyZ34azHpp/ADUGR4?= =?us-ascii?q?boTem2HzIIrvTrLR2OEDohqneBBbXQAwGf6EB8r3LADZ+nLXeXK2cFzd96Xh?= =?us-ascii?q?mSOFRfgBwIXDU9hpM5CAaqy9H6fUdn4DAe+174pgFKyu12Kxn1Sn3fqxuwaj?= =?us-ascii?q?coVJifKwJb7hlY6EfINcyT9f58HyBE/pyhtQCNJHaUZwJSAWEOQEyECEjpPq?= =?us-ascii?q?Oy6tnY7+iYGu2+IuPNYbSOrexRSeyFxZeo0oto8TaDKNmPPmViD/0830pMQ2?= =?us-ascii?q?p1G8LHlDUTUyYXjT7Cb9aHpBeg/S16ts6//+7tWALz4ouPDqBfMdtx9B+rhq?= =?us-ascii?q?eDLfSfhD5jKTZf1JMD22PHyKQF0F4VkSFueCGnEa4cui7VUKLQhqhXAgYGZC?= =?us-ascii?q?xvMctI6KQ83hVQNcPAlNP6yKR4jv80CldCU1ztgMepatIWI2ulLlPIGF6LNK?= =?us-ascii?q?iaJT3M28z3b7m8RqNNg+VPrRKwvyqbE0j4PjmYjTbmSxWvPftLjCGBMxxUoJ?= =?us-ascii?q?u9fQp1CWj/UNLmbQW2MNltjTIs2b00nmjHNWAdMThmaENNsrOQ7SJegvplHW?= =?us-ascii?q?xO8ntlIvOAmyqD6OnYMJkWu+NxAitoj+Ja/Gg6y7xN4S5fX/N5ny/Srt91o1?= =?us-ascii?q?G6iemD0CFnXwRSpTpRn4KEo0FiOaTf9pldVnfJ5w4C7GWKCxQXvNtpENPutL?= =?us-ascii?q?pMytjUk6LzLi1O89XO/csTH8LUMt6IMGI9MRr1Hz7ZFA0FTT+vNWHbmUNdi+?= =?us-ascii?q?qf+WeLoZggrZjggp0OSqVUVFYtDPMVFlxlHMAeIJdwRj4rir+bjMEP5Xq4tx?= =?us-ascii?q?TeWdtVsYvGVv2IB/XjMjGZjaNLZxEQ27P3MZwTNpHn20xlclR1hovKFFDOXd?= =?us-ascii?q?9TuSBhaRc0r1tL8Hh7VGIz2kblZRiq4H4cD/K0mQQ2igRma+Q36Djs+0s3Jk?= =?us-ascii?q?bNpCYojEkxntDljSqLcD72Laa/Q4dWBDHut0g2LJz7QB14YhG1nUxhKDjLXa?= =?us-ascii?q?lRj6d6eWBtlgDcpYNFGeRAQq1cfB8Q2faXau0q0VRcqiSn3UhH5e/ECZt+ig?= =?us-ascii?q?Qnapusr3Nc2wJ5ctE5P6vQJLBGzlJInKKBojeo1vwtwA8ZP0sN9n2ddzQMuE?= =?us-ascii?q?ETNbkmIDGo/vB25gyEgDtDe2kMW+Asov106kM3I/6AwD74075fNkCxMPSSL7?= =?us-ascii?q?mHtGjbi8GHWEkw2V8Il0Re5rd20N0jfFeTV0Ah1LuRDQoGNMrYJQFTccVS6G?= =?us-ascii?q?DZfTySvuXV3ZJ1I4K9G/j1QuCUqqYUg1+rHB0yEosW9MQBBJ6s0U/DLcj5ML?= =?us-ascii?q?EF1A8t5AX3JFSFFvhJfgyEkCsfqcGl0JB3xZVdJi0aAWhlNSW34azXqREsgP?= =?us-ascii?q?uCW9c7eXgaXo0ZNn4sX826gSFZtWxaDDaryuIZ1BSC7zjkqyTLEjb8a9tjZP?= =?us-ascii?q?GJZRJjE9y55TI/862qhlHN6ZXeO3v2NdJ8td/T8ekavYqIC+tITblhtEfRg5?= =?us-ascii?q?VYR32vU27IDd61J5jxZpIxYtz1Cne1SEewhygzT8jvINanNrKIjh3wRYZIrI?= =?us-ascii?q?mb2yguOtW5FjEfBxh/ufkM5Kd8ZA0FZJo7ZwTnuh8lOKy+OgiY1MyiQ2iwKT?= =?us-ascii?q?dMSflQ0/m6baRNzyUwdu+61GcgTpYiwuas70ENQooHgQvDyva9eYZeSzPzFW?= =?us-ascii?q?ZHewTPvyY5kHJhNukqyOcl3BzIqUUcMyyMdOFxcmxEudA8Ck+SIXVxDmo4XE?= =?us-ascii?q?eSg5Pe7AC2w70c+DBQkMpT0e1ArHfxpITfYC62VKytt5rVrzIqbcI6rK1pLY?= =?us-ascii?q?zjPsyGuYvCkTzdVpbfrhaIXzK9F/penthQITxXQONUmW47JcMGuZBN6U0rVs?= =?us-ascii?q?cxP7ZPErUjpqi2aTp4Ci4f1TUZWJma3DwFmeixwKfalg2Kf5Q8LhMEtJRCgt?= =?us-ascii?q?0SUy5yYyMeq6+jV5nYl2CeUGgLJR0f7QJS6wIcjoVwZPzq4JLUTJ9QzD5bu/?= =?us-ascii?q?x1XjHXGZlo9lv7T2CWjkL7SPi6kuymwxxdw+z23tkcQh5/BlBXx/xKmUswNL?= =?us-ascii?q?F3N64Qs5bPsjCSb0P6v3ziyPenJFlXxs3ZbFP5A5DDtWXgVi0c/mAUSpJUyH?= =?us-ascii?q?3FE5QdjRZ5Yr4xpFpQOICmZlr+5zs8yoRxGLm4Udqkx0wrrHYBQyeqHcFMC+?= =?us-ascii?q?RhsFLQQz1qfYykqI/iO5VJWW9Q+Zudq1hDnEVqKS65xoJWK9tR7T4UQDhPvT?= =?us-ascii?q?KdscOoR81ZxM92CYUAItRktnf8GaNEOYSRrGYstrzp1HDZ5yg2sE2myzWrB6?= =?us-ascii?q?+4U+VZ8nUCGgUuImSTsVUvA/cp8mjJ6FzNtE57//tDDLiVkUpxuCp9HoxJBj?= =?us-ascii?q?tR1XCqNU5zQ2NCs+pHM6nabtJTQ+EqZRCxPxwxC+Qm01aO/UFuknfzezZyuR?= =?us-ascii?q?dC+yDBQwk0UjEYgrXqmTIAscyoJCEVS4lWYjU7cyfKNR+UlTpRvBlBd0FgQ4?= =?us-ascii?q?oZDcpd+7EHwYtU+dLPSVqxJi4YXRxtLAY43OFDmk5EtUWXZTrSDRG0dfrVtB?= =?us-ascii?q?14Y9uRptazLPvl5AdHlp/nsOcg+qoYSX2phRGhTNLDo4LyrdCFqkyOdKLkPO?= =?us-ascii?q?Kmen/BUCLAjRauirc4F5PK5TTcMBJHK5lmznopeYLhBnDWMhRGPa0bO1FWVa?= =?us-ascii?q?R9adVYvO9WedNreKEU9qBzHB6HQA3gGJC3pvlcMlnTXSjeLzmG8uGnuYLT9q?= =?us-ascii?q?DdRvL9acyQ3HvHWKV3Popg6TbnBbjq15Ne+lDs1fdp7E96TkLGMy+ZptT7Og?= =?us-ascii?q?wL/NWidlflvpAxATPWGol/n2TwyUxbasoXRzGq8I4Cx5NH6XbwTuZ43VbvsO?= =?us-ascii?q?FI8Llk84Y36ahzycioPafSNehasUh/DxiRHApq8pEtD3ZjR2BNeOAeMuzcfa?= =?us-ascii?q?IHgsDysOD4C7YY6AWL9OBDb9vIOV3BkNGlCj6AURxEgBsBqTkCIwuezfGFga?= =?us-ascii?q?h0Sd2hpefjxEIg+F2+LgMCzLBx5IeL5quIq/XRbxvK17QEXbLqRszrpLQ2p0?= =?us-ascii?q?yS/eEklKIJemFtYQ2oCu4dVsAHxmfn0K8l0zkhE9/ZELLm4/5DUGg1njT+lJ?= =?us-ascii?q?BhB18WAO8bHaKX/YRCmWc1g+PZNsAXcqBGnmaACxukH6QfxnG18CSXIXNqgh?= =?us-ascii?q?fU3xH3W2Oz40f8rTVkTivU09fjjk1VW6G1BUdTWiqkIkp4vy2PPQX2rtr3uK?= =?us-ascii?q?I17E4sPmziqt2NiHOrOKlLEM3nONycPS40qUoRjJ01XdGv2IYbGd+nLNcQ9n?= =?us-ascii?q?F+YOHe5Hmwky9duadHmpbR4t2I+vXNA3aslaqaq6+CxDpA0Hg3oUk/6sy8Nv?= =?us-ascii?q?HJ/9CKRvOo12ANTydwpQTMRBu1qr3BoFASJ0OLzEnKmIsQPtFaxnk0zEfm6/?= =?us-ascii?q?Y/QNgr7gVRCp7AZ+8epTD0IDb0xU2fY9c3WySF3TtYAE/6EV5iGKcmwGLwps?= =?us-ascii?q?XJlXXO9FI0Wol8bUvnhQZ4D48gM0Ii9EAXwjYfEQgKcR2bDbCpCl7/IoQYTk?= =?us-ascii?q?UDcgqI3KSkdagrx0Fzxamv5ODLZ+xmG6UNLupdjhKJnFVDAZ0WsLYeQbxmdF?= =?us-ascii?q?9f9a7XuhDiBJL6X/jijnc/Kfq1Td1E/s8Dqnsi+AG/RwC65ptZ6LYbkp+IfL?= =?us-ascii?q?ZeYZfQpMB881tn5TkXeyxVmhd/kw+2UeASpeDk+Njbs4Ok6v2wW6YpRuUX8Q?= =?us-ascii?q?U0Bmtlgpvoml8jvc3Y1+dSS43Sk4T/8xpBI32Ut4bA1RlzN+4OJ5isfLZ6+H?= =?us-ascii?q?UNPzIeKG4WPdqKd/k85DdgMDrJ6FxYHMwMedMYMdHJmQBVlk3mRrFT+dDGGl?= =?us-ascii?q?+DEYtzcd4n73bvwjAv7ZQ8Svrg6COxJZ3H4FFCIfVDjDlrlNLFo+QV2uTdCC?= =?us-ascii?q?wW4Xmfdhh0zTiPy52TBPbq/eSD0svYV1UYES4qS41dPiaN+RS7Ruqpk5XkSg?= =?us-ascii?q?WU6s7vj5I5cEKfXGexkL4EsqZLFu5AkT770yNbFo36iPOZqd2s6HFYtldfCo?= =?us-ascii?q?Z88QXFGLlDPpV8IRn4mdWkRlNnBifmZc/aeRwguOuQxucR7ORzLET+ZYoBLR?= =?us-ascii?q?IC1b32831VThFhSLTupFaWQfoRZMd6SPPDtn1V64VgK68JPFSHuJPqrjNIqE?= =?us-ascii?q?0rDw4oab8wqCdadkrPnABORab0uaAAhREYUdFkuE9AA2SwN3wi5zDfT6RakL?= =?us-ascii?q?GRCOAJ8jWUVqEOUltoPTl4Qx6u3JVuZqamnfFAsmNdhC99p+Iq0zN+ThumpS?= =?us-ascii?q?Lsv74N2S4n+LygtjUOp3JFTuuakyrTB1RM1vIKgrkAC3r471yzfmUDZpPo4L?= =?us-ascii?q?Z7PcTg6ZUh43MnbBUsey0GWuqhBD/0j6OMGYGPq9VchBiMuMrSd7OzKzYdNq?= =?us-ascii?q?glwxL5W3d9yhTenApv8GYTRzWg7dwkJIa6Ocs+xCqnA2vbdFEK4qxXtsv9r1?= =?us-ascii?q?gLQ/UqaVl52mVsztCHRjERRMzIA2s6lRYraWNYcJ9Y8h8aE64ogiqUvqlY4A?= =?us-ascii?q?4bfS3YEoO/+onfhc3Iw2UyTc92xmLKoa2Inp0q32Nhm9N19i6Bpm8fdu3ZU8?= =?us-ascii?q?9pB3j8yJ1fyejgaPm3teAHUoRmwqy7UPAeKsmj5Xe22JJyV06r3rQeBVu5P/?= =?us-ascii?q?MdybrAVielSHGYWf6VfGSWmDY5KEHy7wGyLlIrcMdKs1M9Muzai55bkw3uT6?= =?us-ascii?q?h5Rj2UpVDB12wjLeIaeB4quIe9ZQMFUvQdZ+6CKugy2Pc+EkcDb2fVHStqDO?= =?us-ascii?q?+7qVqtnIl9O3V97kT2eODt8gH9MNuOARkJCo/aoYR3+fy9XG6BPmVgzBJqNk?= =?us-ascii?q?lu6+jfD0gxtvNbc5uJmNjfnch00e4Ed/drNi0wocATmoNl6YaK1MeKcBfRzo?= =?us-ascii?q?v9JN3PpfiYGfLfxVwwem5GSroZfR/154IiM947QbLTHrxZsg8HCKgnRpwhK2?= =?us-ascii?q?fx9KZpLAN8cg7ReK64gs/0qeKXfpFUvWPZ7kosLCfAvB0O0ue0TQJ+b5+2hn?= =?us-ascii?q?j/I4s9RixfoN13CxtnHYxPG8UaowqhHZGUhPLzt9jk33hf87sOsKztGrXR2d?= =?us-ascii?q?+kxYRtTt1f4kCWODv5GqZmmAJmg/60j/OG1YP+X4eqXfAgcaAvRm/Dd6+DHY?= =?us-ascii?q?ilLD+KEtzzdlQA8LOG1r99FBKLa3a9F5KPqSnsEfJj+0hznpRxYe771DUw6/?= =?us-ascii?q?Te39zoaidQoSL16TayKJZH7FHMTdfbVhZQROvNpH1pBoULfID086EIKtVkz9?= =?us-ascii?q?+CtU071xkK9MqDPrjp+lTB3kN9aILzMFri2yF/X5IDZhu4Lx1oySXij132Ij?= =?us-ascii?q?FQL9OvNNJ2qNKUFQD2oREo32Y3aSQJTlHNbPyyfGQawMmjfxai8ANQE81Fx7?= =?us-ascii?q?fxflQ34On6a+5oPN1nnuWjsq4Kl549KSbPQo5YOCHZKqR7OBJaB+PIolkjax?= =?us-ascii?q?pCuL8wDMN9RpWDOwssN0CDgXfxwAbZ2krzdPSn1LyOJScL9zNA1b2TlXBwqh?= =?us-ascii?q?WipPHRosTlXLmROIn7WvHPMSxgVTyAQzk2OUfs/VC6trwftfmFO25ZpF1SYD?= =?us-ascii?q?rETEYxr6VitpD1CXXJmPYrKJ8Pg+qAWjvYTiR9mat0ATxE4xOiWf0GQCLfdH?= =?us-ascii?q?LwyFFXuAW/KPtB5zqxZLSDy7t9QOcWC5ZCdvCDBtDRP/tZImF7xX0iJO+gco?= =?us-ascii?q?iE/P4C2VXSQD5cQvGSrg+XUVKWT/qAxjniQYQSuc0utzE1/s7LwX4lLo/vG+?= =?us-ascii?q?20nxf3q8i1gSODtqvbX2gpJUk0hLFnYiGNwxhFfXkNEMpd+FrsTaiJe1tW2T?= =?us-ascii?q?o3hPhv1R4BdEU7UnBn3nBM2vfoMtxQSVkTymipRfA=3D?= X-IPAS-Result: =?us-ascii?q?A2B8BwDMqvVa/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYNAA?= =?us-ascii?q?4FcKINyiGKMEYFYIYEPgUCSCYFWMRMBhQeCQyE4FAECAQEBAQEBAgFrHAyCN?= =?us-ascii?q?SSCTwEDAwECIAQZAQE4AgMJAQEbAwECAwIREQQCAgMBQQoIBgEMBgIBAQGDH?= =?us-ascii?q?oFpAxUDoUeKGG2BaTOCbwEBBYECAQFegjQDgTWCQAgXcoR4giSCE4EPIwyCL?= =?us-ascii?q?oRcgQSCQYJUhzqEXmOLOAmOS2SHE4R4izWGSjMhgVJNIxU7gkOCFAwXg0WKH?= =?us-ascii?q?AFVT3oBAZAVAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 May 2018 14:40:18 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4BEeHf0003313; Fri, 11 May 2018 10:40:17 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w4B0qT7d007093 for ; Thu, 10 May 2018 20:52:29 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4B0qaBV001505 for ; Thu, 10 May 2018 20:52:36 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1B4AwCA6PRaly0YGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNAgV8og3GIYIwQgVghgQ+BQJIHgWSEdwJFgjshOBQBAgEBAQEBAQIUAQEBAQE?= =?us-ascii?q?GGAZLhTQBAwMjBBkBATgPHAMBAgMCERUCAkUKCAYBDAYCAQGDH4FpAxUDoGiKG?= =?us-ascii?q?G2BaTOCbwEBBYECAQFegjoDgTWCQAgXcoR4giSCE4EPIwyCLoRcgQSCQYJUhzi?= =?us-ascii?q?EXmOLNgmOSWSHEoR1giuJB4ZJM4FzTSMVO4JDghQMDgmDRYocAVVPkDsBAQ?= X-IPAS-Result: =?us-ascii?q?A1B4AwCA6PRaly0YGNZcHAEBAQQBAQoBAYNAgV8og3GIYIw?= =?us-ascii?q?QgVghgQ+BQJIHgWSEdwJFgjshOBQBAgEBAQEBAQIUAQEBAQEGGAZLhTQBAwMjB?= =?us-ascii?q?BkBATgPHAMBAgMCERUCAkUKCAYBDAYCAQGDH4FpAxUDoGiKGG2BaTOCbwEBBYE?= =?us-ascii?q?CAQFegjoDgTWCQAgXcoR4giSCE4EPIwyCLoRcgQSCQYJUhziEXmOLNgmOSWSHE?= =?us-ascii?q?oR1giuJB4ZJM4FzTSMVO4JDghQMDgmDRYocAVVPkDsBAQ?= X-IronPort-AV: E=Sophos;i="5.49,387,1520913600"; d="scan'208";a="274376" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 10 May 2018 20:52:35 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Ab5Y9FBOUFTupqsbH5t8l6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0K/76o8bcNUDSrc9gkEXOFd2Cra4c0KyO6+jJYi8p2d65qncMcZhBBV?= =?us-ascii?q?cuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx?= =?us-ascii?q?7xKRR6JvjvGo7Vks+7y/2+94fcbglUijexe69+IAmrpgjNq8cahpdvJLwswR?= =?us-ascii?q?XTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3?= =?us-ascii?q?sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qi?= =?us-ascii?q?qp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzcaTfctwARW?= =?us-ascii?q?pBWcFRWzVYDo6gYYYCDvcNMf9Eo4XgulACqQWyCRWpCO7p1zRGhGL53bci3u?= =?us-ascii?q?o8Dw/G0gwuEdEAvnvao9r6NrsdX++uwanUzzjOde9a1Svz5YXKdB0qvPGCXa?= =?us-ascii?q?h3ccrU0UQiCRnKjk6Opo3lIjiby/gCs2iB4Op9W+Kvj3AoqxtsqTWo2sgjkJ?= =?us-ascii?q?LJiZwVy13f7iV23IY1KselSE51Zd6rDoFQuziGOIRsWM8tX2ZouCMjx7AApJ?= =?us-ascii?q?W1fzAKxYw5yxLCZPGLaZaE7x35WOqPLjp0nn1odbKnixuz80Ws0PDwW8iw3V?= =?us-ascii?q?pQrydIksPAum4T2xHc7MWMV+Fz8V272TmV0gDe8uFELl4wlarcM5MuzKA9mI?= =?us-ascii?q?MVv0nNACL4gln7gLOUe0k+5Oen9eHnYq7pppOGMo97kAD+MqA0lsy6AOQ4Nh?= =?us-ascii?q?ACX2md+euiyL3u5VP1TKhFg/EsjKXUv4rWKdoUq6KjDAJY0p4v6xOlADen1N?= =?us-ascii?q?QYk2MHLFVAeB+fk4fmIUrOL+74DPqkmFSjjDdryOrbPr3vBpXCMGLDnK79cr?= =?us-ascii?q?ln8UJT1A0zzdVH65JOFr4BOO7zWlP2tNHAFR82LQi0w+fhCNVg2YITQn6PA6?= =?us-ascii?q?+FP6PStl+E/OQvI/KWa4MPtzb9LOYltLbSiiodonpVKa2o24YHLWu1Fel8Il?= =?us-ascii?q?mIJH/rjsoFHE8UsQckCu/nkluPVXhUfXnkG+oYxRUeQNaiDIHeVsWujaaH0S?= =?us-ascii?q?OTAJJbfCZFB0qKHHOucJ+LDbNEUCuPJodElTseWPD1U4Y80Tm2vRL+jr9gKf?= =?us-ascii?q?DZvCYfsMSnnONp6vXTmBd6zjl9C8CQwinZVG1vtn8ZTD8xmqZkqApyzUnVle?= =?us-ascii?q?BDrrR8FNpO97sdSQo+NJjB38RmGtvyXUTHZd7PR1G4FJHuSwoUZ/kShtMPeE?= =?us-ascii?q?1gAM6KihHYwzHsW+ZTkKaETtRgyYf19Fu0K8dmwGvdz4EljkI6WY0XbCuhnK?= =?us-ascii?q?Eps0DxAI7P22eel6+sbqkalHrP82eFi2iJvEheSwN2ea7MW3cZZ0DfqZLy4U?= =?us-ascii?q?aUC/eNBLk8eiBGzs3KfqhHZ8biilJFbPzjItPbYn+03WCqCkDMjo+BcJH3fC?= =?us-ascii?q?091SPRAQBQiw0V8muHM009Cz2nrmb2DXlqEkziJVjl8vRkoTW9Qwk211fOJ2?= =?us-ascii?q?9o0reusjsSn+adULtH3LcDoj0gsB1yFVOw3pTREdXW9CR7e6AJStom7UYP7m?= =?us-ascii?q?nZvhFzOpG6Z/Rpj0UTYixstEPnyhtzB58FmsFsp3QvmlkhYZmE2U9MImvLla?= =?us-ascii?q?v7PafafyyipEr1OafLxlHT1sqX8a4T6fM+7k/upxytClF9rCda+P5xiFCkz8?= =?us-ascii?q?yTSgcfVIn+FEM+9hw8orDeMWEx5ILRgGVlKrL88iTD1NQgGPY/x16+cs1ePq?= =?us-ascii?q?KJGE66E8ATC8W0bu1/s0mgbhUDeutV8aM=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A1AwC66PRaly0YGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNAgV8og3GIYIwQgVghgQ+BQJIHgWSEdwJFgjshOBQBAgEBAQEBAQIBEwE?= =?us-ascii?q?BAQEBBhgGSwyCNSSCTwEDAyMEGQEBOA8cAwECAwIRFQICRQoIBgEMBgIBAYM?= =?us-ascii?q?fgWkDFQOgaIoYbYFpM4JvAQEFgQIBAV6COgOBNYJACBdyhHiCJIITgQ8jDII?= =?us-ascii?q?uhFyBBIJBglSHOIReY4s2CY5JZIcShHWCK4kHhkkzgXNNIxU7gkOCFAwOCYN?= =?us-ascii?q?FihwBVU+QOwEB?= X-IPAS-Result: =?us-ascii?q?A0A1AwC66PRaly0YGNZcHAEBAQQBAQoBAYNAgV8og3GIY?= =?us-ascii?q?IwQgVghgQ+BQJIHgWSEdwJFgjshOBQBAgEBAQEBAQIBEwEBAQEBBhgGSwyCN?= =?us-ascii?q?SSCTwEDAyMEGQEBOA8cAwECAwIRFQICRQoIBgEMBgIBAYMfgWkDFQOgaIoYb?= =?us-ascii?q?YFpM4JvAQEFgQIBAV6COgOBNYJACBdyhHiCJIITgQ8jDIIuhFyBBIJBglSHO?= =?us-ascii?q?IReY4s2CY5JZIcShHWCK4kHhkkzgXNNIxU7gkOCFAwOCYNFihwBVU+QOwEB?= X-IronPort-AV: E=Sophos;i="5.49,387,1520899200"; d="scan'208";a="13170954" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 May 2018 00:52:35 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;51df164b-e512-4834-96f3-5fd56f8ae357 Authentication-Results: UCOL3CPA11.eemsg.mail.mil; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 31151133|UCOL3CPA11_EEMSG_MP26.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.189.90 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BDAgBN5/Rah1q9o0JcHAEBAQQBAQoBAYUfKINxiGCNaCGBD4FAkgeBZIR3AkWCOyE4FAECAQEBAQEBAhQBAQEKCwkIKCMMhSgBAwMjBBkBATgPHAMBAgMCERUCAkUKCAYBDAYCAQGDH4FpAxWgbooYbYFpM4JvAQEFgQIBAV6COgOBNYJACBdyhHiEN4EPIwyCLoRcgQSCQYJUhziEXmOLNgmOSWSHEoR1izKGSTOBc00jFTuCQ4IUDA4Jg0WKHAFVHzCQOwEB X-IPAS-Result: A0BDAgBN5/Rah1q9o0JcHAEBAQQBAQoBAYUfKINxiGCNaCGBD4FAkgeBZIR3AkWCOyE4FAECAQEBAQEBAhQBAQEKCwkIKCMMhSgBAwMjBBkBATgPHAMBAgMCERUCAkUKCAYBDAYCAQGDH4FpAxWgbooYbYFpM4JvAQEFgQIBAV6COgOBNYJACBdyhHiEN4EPIwyCLoRcgQSCQYJUhziEXmOLNgmOSWSHEoR1izKGSTOBc00jFTuCQ4IUDA4Jg0WKHAFVHzCQOwEB Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]) by UCOL3CPA11.eemsg.mail.mil with ESMTP; 11 May 2018 00:52:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1525999953; bh=Na6ae++RJ4iS+ICzPf0jjQ/g+3Ol//hEl/Z7VteuwD4=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=SURHigup5U9Q3Rk7KrqKkkaSqeKjtJTwdXnzvsftebeRStkDxBBOBdx95xqWxRpscyrUb16ohqxkWBfRP5hNVebrLoxmjyS06RCoFslrPX2DahW/StFh2Gpi4h+MTdnolDJ3+sjND8EIdKmB1FuE/QpAsHaGaoBGS6n1lEANivpy5GA7hk707CMgYQReJ/dBHNfmqHm5n5LaY324pLUtmNO15c7VDkN8vvAyb3NjrEP/mIKsEYGjmfSqyNYSUT5VKMR5fNMU3Gjtt46O/ZpANT3yQrjqlZu5niDSnLJfrVGMVfHATrBlAKQiwQkAfkVm85u7v4UCN1/9NpB+Y27G6g== X-YMail-OSG: eKOSvScVM1mSA1986Je3dwWNmBps759mbFVt0nLTnUE_xRE2qL4fEVBqO9tgVPk DCld5OgoyMp2HVKbVlrYBnuTlXkLS4IQQEI64ych6xlmz1DnV9AHVpEM8ksOPpv4nuBaBrjqm8pl GpV8jEoaX22QtQ2snq8t079oV4VNnOaeafQcXL5L_0A0jIOJS_1NLxJnx1NE0loFFKD163k10VMv eQH4avqXCSsbGTU3_YX0PHJ95Rcjx_NQ56AZ7BXgb_SyepSbP08fsej8Dq_RcZd9Rr2h_9Hlm78g u3Ju0nY5TQArsgIR24mENdxB2C7F1J.MXKXfS8K4T_TyWzeSEjmbXwpiet6Kqa78wK731.7eqLL9 ggKZlUehpNZTpw_qIjeZ7BTJP.iQlq_Fm7ov_S9bxKulJ0.TLYwMyEIfb7GlItDVFzw1HBUNBWAm 98VS8X2I0gxXHIin220fu9z69FyIwuWjfCNUkAUSK3ReQz.MyEc3qvlduqxea.DYej6EarLqrkNF RYHw1DME3abgvOAumd1uZSCf8FmMxpHimFxrG5U2tfLJH_FxR1Mri1FHm1ye2xtED97xTjEpjX_o R9Vx9Fn1tDjU0IlbVrKDdSBJ8qc9f1c82TLdDNK61ivNWDTwdemVFKjeOh2SbfcT56j9uVmF04jQ jYdI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Fri, 11 May 2018 00:52:33 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp431.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID e122c2d715d00e82bbc67fd94b605625; Fri, 11 May 2018 00:52:29 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <8e198147-b5a5-7087-beed-900983a34d35@schaufler-ca.com> Date: Thu, 10 May 2018 17:52:26 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Fri, 11 May 2018 10:37:07 -0400 Subject: [PATCH 02/23] Smack: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Casey Schaufler Date: Thu, 10 May 2018 13:44:35 -0700 Subject: [PATCH 02/23] Smack: Abstract use of cred security blob Don't use the cred->security poiter directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 14 ++++++++--- security/smack/smack_access.c | 4 +-- security/smack/smack_lsm.c | 57 +++++++++++++++++++++---------------------- security/smack/smackfs.c | 18 +++++++------- 4 files changed, 50 insertions(+), 43 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..0b55d6a55b26 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security; +} + /* * Is the directory transmuting? */ @@ -382,13 +387,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + cred = __task_cred(t); rcu_read_unlock(); + skp = smk_of_task(smack_cred(cred)); return skp; } @@ -405,7 +413,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9a4c0ad46518..489d49a20b47 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -275,7 +275,7 @@ int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, int smk_curacc(struct smack_known *obj_known, u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_tskacc(tsp, obj_known, mode, a); } @@ -635,7 +635,7 @@ DEFINE_MUTEX(smack_onlycap_lock); */ bool smack_privileged_cred(int cap, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *skp = tsp->smk_task; struct smack_known_list_elem *sklep; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0b414836bebd..d9307a172ab7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -121,7 +121,7 @@ static int smk_bu_note(char *note, struct smack_known *sskp, static int smk_bu_current(char *note, struct smack_known *oskp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (rc <= 0) @@ -142,7 +142,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_task(struct task_struct *otp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *smk_task = smk_of_task_struct(otp); char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -164,7 +164,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_inode(struct inode *inode, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -194,7 +194,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_file(struct file *file, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -224,7 +224,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) static int smk_bu_credfile(const struct cred *cred, struct file *file, int mode, int rc) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -428,7 +428,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tsp = smack_cred(__task_cred(tracer)); tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -495,7 +495,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - skp = smk_of_task(current_security()); + skp = smk_of_task(smack_cred(current_cred())); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); return rc; @@ -912,7 +912,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_bprm_set_creds(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); - struct task_smack *bsp = bprm->cred->security; + struct task_smack *bsp = smack_cred(bprm->cred); struct inode_smack *isp; struct superblock_smack *sbsp; int rc; @@ -1743,7 +1743,7 @@ static int smack_mmap_file(struct file *file, return -EACCES; mkp = isp->smk_mmap; - tsp = current_security(); + tsp = smack_cred(current_cred()); skp = smk_of_current(); rc = 0; @@ -1839,7 +1839,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct smack_known *skp; - struct smack_known *tkp = smk_of_task(tsk->cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct file *file; int rc; struct smk_audit_info ad; @@ -1887,7 +1887,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); ssp = sock->sk->sk_security; - tsp = current_security(); + tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't @@ -1929,7 +1929,7 @@ static int smack_file_receive(struct file *file) */ static int smack_file_open(struct file *file, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc; @@ -1976,7 +1976,7 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void smack_cred_free(struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct list_head *l; struct list_head *n; @@ -2006,7 +2006,7 @@ static void smack_cred_free(struct cred *cred) static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct task_smack *old_tsp = old->security; + struct task_smack *old_tsp = smack_cred(old); struct task_smack *new_tsp; int rc; @@ -2037,15 +2037,14 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, */ static void smack_cred_transfer(struct cred *new, const struct cred *old) { - struct task_smack *old_tsp = old->security; - struct task_smack *new_tsp = new->security; + struct task_smack *old_tsp = smack_cred(old); + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = old_tsp->smk_task; new_tsp->smk_forked = old_tsp->smk_task; mutex_init(&new_tsp->smk_rules_lock); INIT_LIST_HEAD(&new_tsp->smk_rules); - /* cbs copy rule list */ } @@ -2056,12 +2055,12 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) * * Sets the secid to contain a u32 version of the smack label. */ -static void smack_cred_getsecid(const struct cred *c, u32 *secid) +static void smack_cred_getsecid(const struct cred *cred, u32 *secid) { struct smack_known *skp; rcu_read_lock(); - skp = smk_of_task(c->security); + skp = smk_of_task(smack_cred(cred)); *secid = skp->smk_secid; rcu_read_unlock(); } @@ -2075,7 +2074,7 @@ static void smack_cred_getsecid(const struct cred *c, u32 *secid) */ static int smack_kernel_act_as(struct cred *new, u32 secid) { - struct task_smack *new_tsp = new->security; + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = smack_from_secid(secid); return 0; @@ -2093,7 +2092,7 @@ static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_smack *isp = inode->i_security; - struct task_smack *tsp = new->security; + struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; tsp->smk_task = tsp->smk_forked; @@ -2277,7 +2276,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smk_of_task(cred->security); + skp = smk_of_task(smack_cred(cred)); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; @@ -3582,7 +3581,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) */ static int smack_setprocattr(const char *name, void *value, size_t size) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; struct smack_known *skp; struct smack_known_list_elem *sklep; @@ -3623,7 +3622,7 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (new == NULL) return -ENOMEM; - tsp = new->security; + tsp = smack_cred(new); tsp->smk_task = skp; /* * process can change its label only once @@ -4259,7 +4258,7 @@ static void smack_inet_csk_clone(struct sock *sk, static int smack_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) { - struct smack_known *skp = smk_of_task(cred->security); + struct smack_known *skp = smk_of_task(smack_cred(cred)); key->security = skp; return 0; @@ -4290,7 +4289,7 @@ static int smack_key_permission(key_ref_t key_ref, { struct key *keyp; struct smk_audit_info ad; - struct smack_known *tkp = smk_of_task(cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(cred)); int request = 0; int rc; @@ -4561,7 +4560,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return -ENOMEM; } - tsp = new_creds->security; + tsp = smack_cred(new_creds); /* * Get label from overlay inode and set it in create_sid @@ -4589,8 +4588,8 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, const struct cred *old, struct cred *new) { - struct task_smack *otsp = old->security; - struct task_smack *ntsp = new->security; + struct task_smack *otsp = smack_cred(old); + struct task_smack *ntsp = smack_cred(new); struct inode_smack *isp; int may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..9d2dde608298 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2208,14 +2208,14 @@ static const struct file_operations smk_logging_ops = { static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2262,7 +2262,7 @@ static int smk_open_load_self(struct inode *inode, struct file *file) static ssize_t smk_write_load_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_FIXED24_FMT); @@ -2414,14 +2414,14 @@ static const struct file_operations smk_load2_ops = { static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2467,7 +2467,7 @@ static int smk_open_load_self2(struct inode *inode, struct file *file) static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_LONG_FMT); @@ -2681,14 +2681,14 @@ static const struct file_operations smk_syslog_ops = { static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_relabel); } static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_relabel); } @@ -2736,7 +2736,7 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file) static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char *data; int rc; LIST_HEAD(list_tmp);