From 516e18f3d272e2695e727d1f49ddc7e6e7b96f02 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@kernel.org>
Date: Wed, 23 Sep 2015 11:41:42 -0700
Subject: [PATCH 01/16] USB: whiteheat: fix potential null-deref at probe

commit cbb4be652d374f64661137756b8f357a1827d6a4 upstream.

Fix potential null-pointer dereference at probe by making sure that the
required endpoints are present.

The whiteheat driver assumes there are at least five pairs of bulk
endpoints, of which the final pair is used for the "command port". An
attempt to bind to an interface with fewer bulk endpoints would
currently lead to an oops.

Fixes CVE-2015-5257.

Reported-by: Moein Ghasemzadeh <moein@istuary.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Change-Id: Ib2b005674463119d8f6ebcaa1184cba668b1400e
Signed-off-by: Junghoon Kim <jhoon20.kim@samsung.com>
---
 drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
index 5e3dd9f..ae79c22 100644
--- a/drivers/usb/serial/whiteheat.c
+++ b/drivers/usb/serial/whiteheat.c
@@ -81,6 +81,8 @@ static int  whiteheat_firmware_download(struct usb_serial *serial,
 static int  whiteheat_firmware_attach(struct usb_serial *serial);
 
 /* function prototypes for the Connect Tech WhiteHEAT serial converter */
+static int whiteheat_probe(struct usb_serial *serial,
+				const struct usb_device_id *id);
 static int  whiteheat_attach(struct usb_serial *serial);
 static void whiteheat_release(struct usb_serial *serial);
 static int  whiteheat_port_probe(struct usb_serial_port *port);
@@ -117,6 +119,7 @@ static struct usb_serial_driver whiteheat_device = {
 	.description =		"Connect Tech - WhiteHEAT",
 	.id_table =		id_table_std,
 	.num_ports =		4,
+	.probe =		whiteheat_probe,
 	.attach =		whiteheat_attach,
 	.release =		whiteheat_release,
 	.port_probe =		whiteheat_port_probe,
@@ -218,6 +221,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
 /*****************************************************************************
  * Connect Tech's White Heat serial driver functions
  *****************************************************************************/
+
+static int whiteheat_probe(struct usb_serial *serial,
+				const struct usb_device_id *id)
+{
+	struct usb_host_interface *iface_desc;
+	struct usb_endpoint_descriptor *endpoint;
+	size_t num_bulk_in = 0;
+	size_t num_bulk_out = 0;
+	size_t min_num_bulk;
+	unsigned int i;
+
+	iface_desc = serial->interface->cur_altsetting;
+
+	for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
+		endpoint = &iface_desc->endpoint[i].desc;
+		if (usb_endpoint_is_bulk_in(endpoint))
+			++num_bulk_in;
+		if (usb_endpoint_is_bulk_out(endpoint))
+			++num_bulk_out;
+	}
+
+	min_num_bulk = COMMAND_PORT + 1;
+	if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
+		return -ENODEV;
+
+	return 0;
+}
+
 static int whiteheat_attach(struct usb_serial *serial)
 {
 	struct usb_serial_port *command_port;
-- 
2.7.4


From 69e4e4e9a186ec3236320a2d9cb0d140d12d70bd Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 1 Nov 2015 16:21:24 +0000
Subject: [PATCH 02/16] isdn_ppp: Add checks for allocation failure in
 isdn_ppp_open()

[ Upstream commit 0baa57d8dc32db78369d8b5176ef56c5e2e18ab3 ]

Compile-tested only.

Change-Id: I32e9c951314f1ce66338c560aaa299b4536e4b93
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Junghoon Kim <jhoon20.kim@samsung.com>
---
 drivers/isdn/i4l/isdn_ppp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 38ceac5..12bcce1 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -301,6 +301,8 @@ isdn_ppp_open(int min, struct file *file)
 	is->compflags = 0;
 
 	is->reset = isdn_ppp_ccp_reset_alloc(is);
+	if (!is->reset)
+		return -ENOMEM;
 
 	is->lp = NULL;
 	is->mp_seqno = 0;       /* MP sequence number */
@@ -320,6 +322,10 @@ isdn_ppp_open(int min, struct file *file)
 	 * VJ header compression init
 	 */
 	is->slcomp = slhc_init(16, 16);	/* not necessary for 2. link in bundle */
+	if (!is->slcomp) {
+		isdn_ppp_ccp_reset_free(is);
+		return -ENOMEM;
+	}
 #endif
 #ifdef CONFIG_IPPP_FILTER
 	is->pass_filter = NULL;
-- 
2.7.4


From 644c6f3c5d12cc0ce07ac01c257d017475451832 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 1 Nov 2015 16:22:53 +0000
Subject: [PATCH 03/16] ppp, slip: Validate VJ compression slot parameters
 completely
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

[ Upstream commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae ]

Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).

Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL.  Change the callers accordingly.

Compile-tested only.

Change-Id: I4bd504aa497919117fec9d5ba97365fcca266b4c
Reported-by: é­æ°¸å <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Junghoon Kim <jhoon20.kim@samsung.com>
---
 drivers/isdn/i4l/isdn_ppp.c   | 10 ++++------
 drivers/net/ppp/ppp_generic.c |  6 ++----
 drivers/net/slip/slhc.c       | 12 ++++++++----
 drivers/net/slip/slip.c       |  2 +-
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 12bcce1..0ed6731 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -322,9 +322,9 @@ isdn_ppp_open(int min, struct file *file)
 	 * VJ header compression init
 	 */
 	is->slcomp = slhc_init(16, 16);	/* not necessary for 2. link in bundle */
-	if (!is->slcomp) {
+	if (IS_ERR(is->slcomp)) {
 		isdn_ppp_ccp_reset_free(is);
-		return -ENOMEM;
+		return PTR_ERR(is->slcomp);
 	}
 #endif
 #ifdef CONFIG_IPPP_FILTER
@@ -574,10 +574,8 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
 			is->maxcid = val;
 #ifdef CONFIG_ISDN_PPP_VJ
 			sltmp = slhc_init(16, val);
-			if (!sltmp) {
-				printk(KERN_ERR "ippp, can't realloc slhc struct\n");
-				return -ENOMEM;
-			}
+			if (IS_ERR(sltmp))
+				return PTR_ERR(sltmp);
 			if (is->slcomp)
 				slhc_free(is->slcomp);
 			is->slcomp = sltmp;
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 5a1897d..a2d7d5f 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -716,10 +716,8 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 			val &= 0xffff;
 		}
 		vj = slhc_init(val2+1, val+1);
-		if (!vj) {
-			netdev_err(ppp->dev,
-				   "PPP: no memory (VJ compressor)\n");
-			err = -ENOMEM;
+		if (IS_ERR(vj)) {
+			err = PTR_ERR(vj);
 			break;
 		}
 		ppp_lock(ppp);
diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
index 1252d9c..b52eabc 100644
--- a/drivers/net/slip/slhc.c
+++ b/drivers/net/slip/slhc.c
@@ -84,8 +84,9 @@ static long decode(unsigned char **cpp);
 static unsigned char * put16(unsigned char *cp, unsigned short x);
 static unsigned short pull16(unsigned char **cpp);
 
-/* Initialize compression data structure
+/* Allocate compression data structure
  *	slots must be in range 0 to 255 (zero meaning no compression)
+ * Returns pointer to structure or ERR_PTR() on error.
  */
 struct slcompress *
 slhc_init(int rslots, int tslots)
@@ -94,11 +95,14 @@ slhc_init(int rslots, int tslots)
 	register struct cstate *ts;
 	struct slcompress *comp;
 
+	if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
+		return ERR_PTR(-EINVAL);
+
 	comp = kzalloc(sizeof(struct slcompress), GFP_KERNEL);
 	if (! comp)
 		goto out_fail;
 
-	if ( rslots > 0  &&  rslots < 256 ) {
+	if (rslots > 0) {
 		size_t rsize = rslots * sizeof(struct cstate);
 		comp->rstate = kzalloc(rsize, GFP_KERNEL);
 		if (! comp->rstate)
@@ -106,7 +110,7 @@ slhc_init(int rslots, int tslots)
 		comp->rslot_limit = rslots - 1;
 	}
 
-	if ( tslots > 0  &&  tslots < 256 ) {
+	if (tslots > 0) {
 		size_t tsize = tslots * sizeof(struct cstate);
 		comp->tstate = kzalloc(tsize, GFP_KERNEL);
 		if (! comp->tstate)
@@ -141,7 +145,7 @@ out_free2:
 out_free:
 	kfree(comp);
 out_fail:
-	return NULL;
+	return ERR_PTR(-ENOMEM);
 }
 
 
diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
index a34d6bf..ca3e737 100644
--- a/drivers/net/slip/slip.c
+++ b/drivers/net/slip/slip.c
@@ -163,7 +163,7 @@ static int sl_alloc_bufs(struct slip *sl, int mtu)
 	if (cbuff == NULL)
 		goto err_exit;
 	slcomp = slhc_init(16, 16);
-	if (slcomp == NULL)
+	if (IS_ERR(slcomp))
 		goto err_exit;
 #endif
 	spin_lock_bh(&sl->lock);
-- 
2.7.4


From 2ac39fc04e2f43c9a531eddd235080556ed58188 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Thu, 4 Aug 2016 09:35:23 +0900
Subject: [PATCH 04/16] packaging: exclude build except target TM1

This patch excludes build except target TM1.

Change-Id: I21fd72c705af10bb61b7b99a4bb8b3d60babaee3
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
 packaging/linux-3.10-sc7730.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packaging/linux-3.10-sc7730.spec b/packaging/linux-3.10-sc7730.spec
index 0e9dd80..510df84 100644
--- a/packaging/linux-3.10-sc7730.spec
+++ b/packaging/linux-3.10-sc7730.spec
@@ -25,6 +25,10 @@ BuildRequires:	system-tools
 BuildRequires:	bc
 ExclusiveArch:  %arm
 
+%if "%{?tizen_target_name}" != "TM1"
+ExcludeArch: %{arm}
+%endif
+
 %description
 The Linux Kernel, the operating system core itself
 
-- 
2.7.4


From 1d693164c998065673204a172d009ac888a6af12 Mon Sep 17 00:00:00 2001
From: hyunuktak <hyunuk.tak@samsung.com>
Date: Fri, 29 Jul 2016 10:42:41 +0900
Subject: [PATCH 05/16] wlan_cfg80211: Set the hidden ssid scan properly.

"vif->cfg80211.hidden_ssid_scan" value is always setting as true although "ssid[i].ssid_len" value is zero.
If there are no ssids passed from celler, then unable to do ssid scan.
So it is needed to properly set it.

Change-Id: Id4064ab1b65b29a375c276c16c095309ca4a92b1
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
---
 drivers/net/wireless/sc2331/wlan_cfg80211.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/sc2331/wlan_cfg80211.c b/drivers/net/wireless/sc2331/wlan_cfg80211.c
index 90e27ce..a4a4a20 100644
--- a/drivers/net/wireless/sc2331/wlan_cfg80211.c
+++ b/drivers/net/wireless/sc2331/wlan_cfg80211.c
@@ -846,11 +846,14 @@ static int wlan_cfg80211_scan(struct wiphy *wiphy,
 					   + sizeof(scan_ssids->len));
 			scan_ssids = (struct wlan_cmd_scan_ssid *)
 			    (data + scan_ssids_len);
-		}
 
-		vif->cfg80211.hidden_ssid_scan = true;
+			if (vif->cfg80211.hidden_ssid_scan == false)
+				vif->cfg80211.hidden_ssid_scan = true;
+		}
 	}
 
+	printkd("hidden ssid scanning: %d\n", vif->cfg80211.hidden_ssid_scan);
+
 	n = min(request->n_channels, 14);
 	if (n > 15)
 		n = 15;
-- 
2.7.4


From 72cfe31711caf034d6db05bcc7c29ab0dfbbe242 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Tue, 2 Aug 2016 18:00:56 +0900
Subject: [PATCH 06/16] wlan_cfg80211: Add SOFTAP WPS type to support WPS in
 tethering

The tethering and soft AP should offer features of general APs.
The WPS is one of security types and standard to create a secure wireless home network.

This patch makes 80211 packets(beacon, probe response and associate response) include WPS ies.

Change-Id: I89f60d5ee7a797c48b80b9f3dbfa2eca6825b5f2
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
---
 drivers/net/wireless/sc2331/wlan_cfg80211.c | 53 +++++++++++++++++++++++++++++
 drivers/net/wireless/sc2331/wlan_cfg80211.h |  5 ++-
 2 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/sc2331/wlan_cfg80211.c b/drivers/net/wireless/sc2331/wlan_cfg80211.c
index a4a4a20..70d051d 100644
--- a/drivers/net/wireless/sc2331/wlan_cfg80211.c
+++ b/drivers/net/wireless/sc2331/wlan_cfg80211.c
@@ -2314,6 +2314,59 @@ static int wlan_change_beacon(wlan_vif_t *vif,
 	unsigned char vif_id = vif->id;
 
 	printkd("%s enter\n", __func__);
+
+	if (vif->id == NETIF_0_ID) {
+		/* send beacon extra ies */
+		if (beacon->beacon_ies != NULL) {
+			printkd("begin send beacon extra ies\n");
+
+			ret = wlan_cmd_set_wps_ie(vif_id,
+					SOFTAP_WPS_BEACON_IE,
+					beacon->beacon_ies,
+					beacon->beacon_ies_len);
+			if (ret) {
+				printkd("wlan_cmd_set_wps_ie failed with %d\n", ret);
+				return ret;
+			} else {
+				printkd("send beacon extra ies successfully\n");
+			}
+		}
+
+		/* send probe response ies */
+		if (beacon->proberesp_ies != NULL) {
+			printkd("begin send probe response extra ies\n");
+
+			ret = wlan_cmd_set_wps_ie(vif_id,
+					SOFTAP_WPS_PROBERESP_IE,
+					beacon->proberesp_ies,
+					beacon->proberesp_ies_len);
+			if (ret) {
+				printkd("wlan_cmd_set_wps_ie failed with %d\n", ret);
+				return ret;
+			} else {
+				printkd("send proberesp_ies successfully\n");
+			}
+		}
+
+		/* send associate response ies */
+		if (beacon->assocresp_ies != NULL) {
+			printkd("begin send associate response extra ies\n");
+
+			ret = wlan_cmd_set_wps_ie(vif_id,
+					SOFTAP_WPS_ASSOCRESP_IE,
+					beacon->assocresp_ies,
+					beacon->assocresp_ies_len);
+			if (ret) {
+				printkd("wlan_cmd_set_wps_ie failed with %d\n", ret);
+				return ret;
+			} else {
+				printkd("send assocresp_iessuccessfully\n");
+			}
+		}
+
+		return ret;
+	}
+
 #ifdef WIFI_DIRECT_SUPPORT
 	/* send beacon extra ies */
 	if (beacon->head != NULL) {
diff --git a/drivers/net/wireless/sc2331/wlan_cfg80211.h b/drivers/net/wireless/sc2331/wlan_cfg80211.h
index 832b37d..c15fc3c 100644
--- a/drivers/net/wireless/sc2331/wlan_cfg80211.h
+++ b/drivers/net/wireless/sc2331/wlan_cfg80211.h
@@ -80,7 +80,10 @@ enum WPS_TYPE {
 	P2P_PROBERESP_IE,
 	P2P_ASSOCRESP_IE,
 	P2P_BEACON_IE_HEAD,
-	P2P_BEACON_IE_TAIL
+	P2P_BEACON_IE_TAIL,
+	SOFTAP_WPS_PROBERESP_IE = 11,
+	SOFTAP_WPS_BEACON_IE,
+	SOFTAP_WPS_ASSOCRESP_IE,
 };
 
 enum wlan_state {
-- 
2.7.4


From 9e8b134ebac4f24697a52e57ae804698a6a4c307 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Thu, 11 Aug 2016 15:02:52 +0900
Subject: [PATCH 07/16] packaging: fix not to provide kernel-headers

The kernel-headers pakcage is provided for common kernel headers
from linux-glibc-devel pacakge but currently, it is also provided
from tm1 kernel. So this patch fixes not to provide kernel-headers.

Change-Id: Idcf7b8c6f605eea0bc7f8a0f70d9443f9dfe2c39
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
 packaging/linux-3.10-sc7730.spec | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packaging/linux-3.10-sc7730.spec b/packaging/linux-3.10-sc7730.spec
index 510df84..41f2ece 100644
--- a/packaging/linux-3.10-sc7730.spec
+++ b/packaging/linux-3.10-sc7730.spec
@@ -71,8 +71,7 @@ end }
 License:        GPL-2.0
 Summary:        Linux support headers for userspace development
 Group:          System/Kernel
-Provides:       kernel-headers, kernel-headers-tizen-dev
-Obsoletes:      kernel-headers
+Provides:       kernel-headers-tizen-dev
 
 %description -n kernel-headers-3.10-sc7730
 This package provides userspaces headers from the Linux kernel.  These
-- 
2.7.4


From d606127f461117847f91d88498a55cb0d072158d Mon Sep 17 00:00:00 2001
From: Joonyoung Shim <jy0922.shim@samsung.com>
Date: Thu, 18 Aug 2016 17:52:44 +0900
Subject: [PATCH 08/16] scripts: add sprd_dtbtool.sh

sprd_dtbtool.sh is script file to make to one merged-dtb binary from
multi dtb binaries for TM1. This will substitute dtbtool binary of
system-tools.

Change-Id: I69b73426ee43e0a5de3d6b4f5a28ec8965da5c6d
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
---
 scripts/sprd_dtbtool.sh | 152 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100755 scripts/sprd_dtbtool.sh

diff --git a/scripts/sprd_dtbtool.sh b/scripts/sprd_dtbtool.sh
new file mode 100755
index 0000000..14a1f36
--- /dev/null
+++ b/scripts/sprd_dtbtool.sh
@@ -0,0 +1,152 @@
+#!/bin/bash
+
+
+## Functions
+function write_to_4bytes_binary()
+{
+	HEX=`echo "obase=16; $1" | bc`
+
+	NUM=$((8-${#HEX}))
+
+	ZERO="00000000"
+	SUB=${ZERO:0:$NUM}
+
+	HEX=$SUB$HEX
+
+	for str in $(echo $HEX | sed 's/../& /g' | rev); do
+		str=$(echo -en $str | rev)
+		echo -en "\x$str"
+	done > $2
+}
+
+function write_to_padding_binary()
+{
+	rm -f padding
+
+	PAD_SIZE=$(($(($PAD - $(($1 % $PAD)))) % $PAD))
+	if [ $PAD_SIZE -gt 0 ]; then
+		dd if=/dev/zero of=./padding bs=1 count=$PAD_SIZE 2>/dev/zero
+	else
+		touch padding
+	fi
+
+	echo -en " | PAD: $PAD_SIZE[B]\n"
+}
+
+function get_dtb_size()
+{
+	SIZE=`du -b $1 | awk '{print $1}'`
+	PAD_SIZE=$(($(($PAD - $(($SIZE % $PAD)))) % $PAD))
+	DTB_SIZE=$(($SIZE + $PAD_SIZE))
+}
+
+
+## Defines
+OUT="merged-dtb"
+OUT_TMP="multi.tmp"
+
+OUT_DIR="./arch/arm/boot"
+DTS_DIR="./arch/arm/boot/dts"
+
+SPRD_MAGIC="SPRD"
+SPRD_VERSION=1
+
+DTB=(
+"sprd-scx35-tizen_z3-r00.dtb"
+"sprd-scx35-tizen_z3-r01.dtb"
+"sprd-scx35-tizen_z3-r02.dtb"
+"sprd-scx35-tizen_z3-r03.dtb"
+)
+DTB_CNT=4
+
+CHIPSET=8830
+PLATFORM=0
+REV=131072
+DTB_OFFSET=2048
+
+ENDOFHEADER=0
+
+PAD=2048
+
+
+## Header
+rm -f $OUT
+rm -f $OUT_TMP
+touch $OUT_TMP
+
+HEADER_SIZE=$((12 + 20 * $DTB_CNT + 4))
+
+echo -en " *HEADER "
+echo -en "$HEADER_SIZE[B]\n"
+
+echo -en $SPRD_MAGIC > $OUT
+cat $OUT >> $OUT_TMP
+write_to_4bytes_binary $SPRD_VERSION $OUT
+cat $OUT >> $OUT_TMP
+write_to_4bytes_binary $DTB_CNT $OUT
+cat $OUT >> $OUT_TMP
+
+for i in ${DTB[*]}; do
+	FILE="$DTS_DIR/$i"
+	if [ -e $FILE ]; then
+		write_to_4bytes_binary $CHIPSET $OUT
+		cat $OUT >> $OUT_TMP
+
+		write_to_4bytes_binary $PLATFORM $OUT
+		cat $OUT >> $OUT_TMP
+		PLATFORM=$(($PLATFORM + 1))
+
+		write_to_4bytes_binary $REV $OUT
+		cat $OUT >> $OUT_TMP
+
+		write_to_4bytes_binary $DTB_OFFSET $OUT
+		cat $OUT >> $OUT_TMP
+
+		get_dtb_size $FILE
+		write_to_4bytes_binary $DTB_SIZE $OUT
+		cat $OUT >> $OUT_TMP
+
+		DTB_OFFSET=$(($DTB_OFFSET + $DTB_SIZE))
+	else
+		echo -en "$i not found.\nexit\n"
+		exit -1
+	fi
+done
+
+write_to_4bytes_binary $ENDOFHEADER $OUT
+cat $OUT >> $OUT_TMP
+
+write_to_padding_binary $HEADER_SIZE
+cat $OUT_TMP padding > $OUT
+
+
+## DTB
+for i in ${DTB[*]}; do
+	FILE="$DTS_DIR/$i"
+	if [ -e $FILE ]; then
+		NAME=`echo $i`
+		echo -en " *$NAME "
+
+		cat $OUT $FILE > $OUT_TMP
+
+		SIZE=`du -b $FILE | awk '{print $1}'`
+		echo -en "$SIZE[B]\n"
+
+		write_to_padding_binary $SIZE
+		cat $OUT_TMP padding > $OUT
+	else
+		echo -en "$i not found.\nexit\n"
+		exit -1
+	fi
+done
+
+
+## End
+rm -f $OUT_TMP
+rm -f padding
+rm -f $OUT_DIR/$OUT
+mv -f $OUT $OUT_DIR/
+
+S=`du -b $OUT_DIR/$OUT | awk '{print $1}'`
+S_K=$(($S/1024))
+echo -en "## OUT: $OUT size: $S[B]; $S_K[K]\n"
-- 
2.7.4


From 0d8633643c69d06d2e5a04552138ab6a22dafe85 Mon Sep 17 00:00:00 2001
From: Joonyoung Shim <jy0922.shim@samsung.com>
Date: Mon, 22 Aug 2016 11:24:57 +0900
Subject: [PATCH 09/16] scripts: add sprd_mkdzimage.sh

sprd_mkdzimage.sh is script file to make dzImage binary that is TM1
specific kernel binary from zImage and merged-dtb binary. This will
substitute mkdzimage binary of system-tools.

Change-Id: Idb78c73eb5b195b7122c9cc5a033ae136769cf79
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
---
 scripts/sprd_mkdzimage.sh | 141 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100755 scripts/sprd_mkdzimage.sh

diff --git a/scripts/sprd_mkdzimage.sh b/scripts/sprd_mkdzimage.sh
new file mode 100755
index 0000000..f6ea777
--- /dev/null
+++ b/scripts/sprd_mkdzimage.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+
+## Functions
+function write_to_4bytes_binary()
+{
+	HEX=`echo "obase=16; $1" | bc`
+
+	NUM=$((8-${#HEX}))
+
+	ZERO="00000000"
+	SUB=${ZERO:0:$NUM}
+
+	HEX=$SUB$HEX
+
+	for str in $(echo $HEX | sed 's/../& /g' | rev); do
+		str=$(echo -en $str | rev)
+		echo -en "\x$str"
+	done > $2
+}
+
+function write_to_padding_binary()
+{
+	rm -f padding
+
+	PAD_SIZE=$(($(($PAD - $(($1 % $PAD)))) % $PAD))
+	if [ $PAD_SIZE -gt 0 ]; then
+		dd if=/dev/zero of=./padding bs=1 count=$PAD_SIZE 2>/dev/zero
+	else
+		touch padding
+	fi
+
+	echo -en " | PAD: $PAD_SIZE[B]\n"
+}
+
+
+## Defines
+OUT="dzImage"
+OUT_TMP="dzImage.tmp"
+
+OUT_DIR="./arch/arm/boot"
+BOOT_DIR="./arch/arm/boot"
+
+MAGIC="NZIT"		# 0x54495A4E
+KERNEL_ADDR=32768	# 0x00008000
+ATAGS_ADDR=31457280	# 0x01e00000
+
+PAD=2048
+
+
+## Header
+rm -f $OUT
+rm -f $OUT_TMP
+touch $OUT_TMP
+
+HEADER_SIZE=28
+
+echo -en " *HEADER "
+echo -en "$HEADER_SIZE[B]\n"
+
+echo -en $MAGIC > $OUT
+cat $OUT >> $OUT_TMP
+write_to_4bytes_binary $KERNEL_ADDR $OUT
+cat $OUT >> $OUT_TMP
+
+FILE="$BOOT_DIR/zImage"
+if [ -e $FILE ]; then
+	SIZE=`du -b $FILE | awk '{print $1}'`
+	write_to_4bytes_binary $SIZE $OUT
+	cat $OUT >> $OUT_TMP
+else
+	echo -en "$FILE not found.\nexit\n"
+	exit -1
+fi
+
+DTB_ADDR=$(($KERNEL_ADDR + $SIZE))
+write_to_4bytes_binary $DTB_ADDR $OUT
+cat $OUT >> $OUT_TMP
+
+FILE="$BOOT_DIR/merged-dtb"
+if [ -e $FILE ]; then
+	SIZE=`du -b $FILE | awk '{print $1}'`
+	write_to_4bytes_binary $SIZE $OUT
+	cat $OUT >> $OUT_TMP
+else
+	echo -en "$FILE not found.\nexit\n"
+	exit -1
+fi
+
+write_to_4bytes_binary $ATAGS_ADDR $OUT
+cat $OUT >> $OUT_TMP
+write_to_4bytes_binary $PAD $OUT
+cat $OUT >> $OUT_TMP
+
+write_to_padding_binary $HEADER_SIZE
+cat $OUT_TMP padding > $OUT
+
+
+## Kernel Binary
+FILE="$BOOT_DIR/zImage"
+if [ -e $FILE ]; then
+	echo -en " *zImage "
+	cat $OUT $FILE > $OUT_TMP
+
+	SIZE=`du -b $FILE | awk '{print $1}'`
+	echo -en "$SIZE[B]\n"
+
+	write_to_padding_binary $SIZE
+	cat $OUT_TMP padding > $OUT
+else
+	echo -en "zImage not found.\nexit\n"
+	exit -1
+fi
+
+
+## merged-dtb Binary
+FILE="$BOOT_DIR/merged-dtb"
+if [ -e $FILE ]; then
+	echo -en " *merged-dtb "
+	cat $OUT $FILE > $OUT_TMP
+
+	SIZE=`du -b $FILE | awk '{print $1}'`
+	echo -en "$SIZE[B]\n"
+
+	write_to_padding_binary $SIZE
+	cat $OUT_TMP padding > $OUT
+else
+	echo -en "merged-dtb not found.\nexit\n"
+	exit -1
+fi
+
+
+## END
+rm -f $OUT_TMP
+rm -f padding
+rm -f $OUT_DIR/$OUT
+mv -f $OUT $OUT_DIR/
+
+S=`du -b $OUT_DIR/$OUT | awk '{print $1}'`
+S_K=$(($S/1024))
+echo -en "## OUT: $OUT size: $S[B]; $S_K[K]\n"
-- 
2.7.4


From e6cfc390b12fc1bc1d4f2bc765abbe2de2e22c83 Mon Sep 17 00:00:00 2001
From: Joonyoung Shim <jy0922.shim@samsung.com>
Date: Mon, 22 Aug 2016 16:13:08 +0900
Subject: [PATCH 10/16] build: use scripts to make kernel binary

Use our scripts to make kernel binary instead of binaries of
system-tools package, then we can remove dependency with system-tools
package.

Change-Id: I86a2de0af8743eaa22d1de5fa7dc68debadfc43c
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
---
 release.sh     | 4 ++--
 release_obs.sh | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/release.sh b/release.sh
index 7fa20f1..b947192 100755
--- a/release.sh
+++ b/release.sh
@@ -47,13 +47,13 @@ if [ "$?" != "0" ]; then
 	exit 1
 fi
 
-dtbtool -o ${BOOT_PATH}/merged-dtb -p ${DTC_PATH} -v ${BOOT_PATH}/dts/
+./scripts/sprd_dtbtool.sh
 if [ "$?" != "0" ]; then
 	echo "Failed to make merged-dtb"
 	exit 1
 fi
 
-mkdzimage -o ${BOOT_PATH}/${DZIMAGE} -k ${BOOT_PATH}/zImage -d ${BOOT_PATH}/merged-dtb
+./scripts/sprd_mkdzimage.sh
 if [ "$?" != "0" ]; then
 	echo "Failed to make mkdzImage"
 	exit 1
diff --git a/release_obs.sh b/release_obs.sh
index 27e46d9..6e5b05b 100755
--- a/release_obs.sh
+++ b/release_obs.sh
@@ -91,13 +91,13 @@ if [ "$?" != "0" ]; then
         exit 1
 fi
 
-dtbtool -o $BOOT_PATH/merged-dtb -p $DTC_PATH -v $BOOT_PATH/dts/
+./scripts/sprd_dtbtool.sh
 if [ "$?" != "0" ]; then
 	echo "Failed to make merged-dtb"
 	exit 1
 fi
 
-mkdzimage -o $BOOT_PATH/$DZIMAGE -k $BOOT_PATH/zImage -d $BOOT_PATH/merged-dtb
+./scripts/sprd_mkdzimage.sh
 if [ "$?" != "0" ]; then
 	echo "Failed to make mkdzImage"
 	exit 1
-- 
2.7.4


From c3989cbee87ad6010f6c94894c1ec674146a43e2 Mon Sep 17 00:00:00 2001
From: Joonyoung Shim <jy0922.shim@samsung.com>
Date: Mon, 22 Aug 2016 16:13:17 +0900
Subject: [PATCH 11/16] packaging: remove BuildRequires for system-tools

TM1 kernel doesn't need system-tools package anymore, so remove
BuildRequires for system-tools.

Change-Id: I906a32f81f0b3c28518d7a1b610c01ddbc48c407
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
---
 packaging/linux-3.10-sc7730.spec | 1 -
 1 file changed, 1 deletion(-)

diff --git a/packaging/linux-3.10-sc7730.spec b/packaging/linux-3.10-sc7730.spec
index 41f2ece..21ae0a8 100644
--- a/packaging/linux-3.10-sc7730.spec
+++ b/packaging/linux-3.10-sc7730.spec
@@ -21,7 +21,6 @@ BuildRequires:  module-init-tools
 BuildRequires:	python
 BuildRequires:	gcc
 BuildRequires:	bash
-BuildRequires:	system-tools
 BuildRequires:	bc
 ExclusiveArch:  %arm
 
-- 
2.7.4


From 624da3bf8b24ef974c0e7386f3ed8dc572511ab9 Mon Sep 17 00:00:00 2001
From: Nagaraj D R <nagaraj.dr@samsung.com>
Date: Thu, 5 May 2016 14:23:06 +0530
Subject: [PATCH 12/16] bluetooth: Increase the manufacturer data type size

To support tizen specific manufacturer data, data length needs to be increased.

Change-Id: I2c7d5d01348074d09684b52fac4b106609327ab0
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
---
 include/net/bluetooth/hci_core.h   | 6 +++++-
 include/net/bluetooth/mgmt_tizen.h | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 9a5791e..d1f3691 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -170,6 +170,10 @@ struct amp_assoc {
 
 #define HCI_MAX_PAGES	3
 
+#ifdef CONFIG_TIZEN_WIP
+#define HCI_MAX_EIR_MANUFACTURER_DATA_LENGTH	100
+#endif
+
 #define NUM_REASSEMBLY 4
 struct hci_dev {
 	struct list_head list;
@@ -372,7 +376,7 @@ struct hci_dev {
 	__u8			adv_type;
 
 	__u8			manufacturer_len;
-	__u8			manufacturer_data[HCI_MAX_AD_LENGTH - 3];
+	__u8			manufacturer_data[HCI_MAX_EIR_MANUFACTURER_DATA_LENGTH];
 #endif
 
 	int (*open)(struct hci_dev *hdev);
diff --git a/include/net/bluetooth/mgmt_tizen.h b/include/net/bluetooth/mgmt_tizen.h
index 3bf6fa6..54e753b 100644
--- a/include/net/bluetooth/mgmt_tizen.h
+++ b/include/net/bluetooth/mgmt_tizen.h
@@ -136,10 +136,10 @@ struct mgmt_cp_le_conn_update {
 } __packed;
 
 #define MGMT_OP_SET_MANUFACTURER_DATA		(TIZEN_OP_CODE_BASE + 0x0e)
+#define MGMT_SET_MANUFACTURER_DATA_SIZE		100
 struct mgmt_cp_set_manufacturer_data {
-	__u8 data[28];
+	__u8 data[MGMT_SET_MANUFACTURER_DATA_SIZE];
 } __packed;
-#define MGMT_SET_MANUFACTURER_DATA_SIZE		28
 
 #define MGMT_OP_LE_SET_SCAN_PARAMS		(TIZEN_OP_CODE_BASE + 0x0f)
 struct mgmt_cp_le_set_scan_params {
-- 
2.7.4


From d587ffac0e6b0849334d575bca4e9e1caa48f891 Mon Sep 17 00:00:00 2001
From: Casey Schaufler <casey@schaufler-ca.com>
Date: Tue, 26 Apr 2016 16:28:27 +0900
Subject: [PATCH 13/16] Smack: secmark support for netfilter

Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.

As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.

The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.

All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[jooseong.lee: Backported from mainline]
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Change-Id: Ia4cf70850795c50ab9f2d58f4d1b42cca7411c21
---
 security/smack/Kconfig           | 12 +++++
 security/smack/Makefile          |  1 +
 security/smack/smack.h           |  1 +
 security/smack/smack_lsm.c       | 94 +++++++++++++++++++++++++++++++++++----
 security/smack/smack_netfilter.c | 96 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 196 insertions(+), 8 deletions(-)
 create mode 100644 security/smack/smack_netfilter.c

diff --git a/security/smack/Kconfig b/security/smack/Kconfig
index b065f97..271adae 100644
--- a/security/smack/Kconfig
+++ b/security/smack/Kconfig
@@ -28,3 +28,15 @@ config SECURITY_SMACK_BRINGUP
 	  access rule set once the behavior is well understood.
 	  This is a superior mechanism to the oft abused
 	  "permissive" mode of other systems.
+	  If you are unsure how to answer this question, answer N.
+
+config SECURITY_SMACK_NETFILTER
+	bool "Packet marking using secmarks for netfilter"
+	depends on SECURITY_SMACK
+	depends on NETWORK_SECMARK
+	depends on NETFILTER
+	default n
+	help
+	  This enables security marking of network packets using
+	  Smack labels.
+	  If you are unsure how to answer this question, answer N.
diff --git a/security/smack/Makefile b/security/smack/Makefile
index 67a63aa..616cf93 100644
--- a/security/smack/Makefile
+++ b/security/smack/Makefile
@@ -5,3 +5,4 @@
 obj-$(CONFIG_SECURITY_SMACK) := smack.o
 
 smack-y := smack_lsm.o smack_access.o smackfs.o
+smack-$(CONFIG_NETFILTER) += smack_netfilter.o
diff --git a/security/smack/smack.h b/security/smack/smack.h
index a03cf4a..c29a59d 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -267,6 +267,7 @@ void smk_destroy_label_list(struct list_head *list);
 /*
  * Shared data.
  */
+extern int smack_enabled;
 extern int smack_cipso_direct;
 extern int smack_cipso_mapped;
 extern struct smack_known *smack_net_ambient;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7e800c6..d2a13f9 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -52,8 +52,11 @@
 #define SMK_RECEIVING	1
 #define SMK_SENDING	2
 
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 LIST_HEAD(smk_ipv6_port_list);
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 static struct kmem_cache *smack_inode_cache;
+int smack_enabled;
 
 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 
@@ -2297,6 +2300,7 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
 	return smack_netlabel(sk, sk_lbl);
 }
 
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 /**
  * smk_ipv6_port_label - Smack port access table management
  * @sock: socket
@@ -2446,6 +2450,7 @@ auditout:
 	rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
 	return rc;
 }
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 
 /**
  * smack_inode_setsecurity - set smack xattrs
@@ -2506,8 +2511,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
 	} else
 		return -EOPNOTSUPP;
 
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 	if (sock->sk->sk_family == PF_INET6)
 		smk_ipv6_port_label(sock, NULL);
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 
 	return 0;
 }
@@ -2547,6 +2554,7 @@ static int smack_socket_post_create(struct socket *sock, int family,
 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
 }
 
+#ifndef CONFIG_SECURITY_SMACK_NETFILTER
 /**
  * smack_socket_bind - record port binding information.
  * @sock: the socket
@@ -2560,11 +2568,14 @@ static int smack_socket_post_create(struct socket *sock, int family,
 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
 				int addrlen)
 {
+#if IS_ENABLED(CONFIG_IPV6)
 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
 		smk_ipv6_port_label(sock, address);
+#endif
 
 	return 0;
 }
+#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */
 
 /**
  * smack_socket_connect - connect access check
@@ -2593,8 +2604,10 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
 	case PF_INET6:
 		if (addrlen < sizeof(struct sockaddr_in6))
 			return -EINVAL;
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 		rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
 						SMK_CONNECTING);
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 		break;
 	}
 	return rc;
@@ -3493,7 +3506,9 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
 				int size)
 {
 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 	int rc = 0;
 
 	/*
@@ -3507,7 +3522,9 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
 		rc = smack_netlabel_send(sock->sk, sip);
 		break;
 	case AF_INET6:
+#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
+#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
 		break;
 	}
 	return rc;
@@ -3598,6 +3615,7 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
 	return smack_net_ambient;
 }
 
+#if IS_ENABLED(CONFIG_IPV6)
 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
 {
 	u8 nexthdr;
@@ -3644,6 +3662,7 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
 	}
 	return proto;
 }
+#endif /* CONFIG_IPV6 */
 
 /**
  * smack_socket_sock_rcv_skb - Smack packet delivery access check
@@ -3656,15 +3675,30 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
 	struct netlbl_lsm_secattr secattr;
 	struct socket_smack *ssp = sk->sk_security;
-	struct smack_known *skp;
-	struct sockaddr_in6 sadd;
+	struct smack_known *skp = NULL;
 	int rc = 0;
 	struct smk_audit_info ad;
 #ifdef CONFIG_AUDIT
 	struct lsm_network_audit net;
 #endif
+#if IS_ENABLED(CONFIG_IPV6)
+	struct sockaddr_in6 sadd;
+	int proto;
+#endif /* CONFIG_IPV6 */
+
 	switch (sk->sk_family) {
 	case PF_INET:
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+		/*
+		 * If there is a secmark use it rather than the CIPSO label.
+		 * If there is no secmark fall back to CIPSO.
+		 * The secmark is assumed to reflect policy better.
+		 */
+		if (skb && skb->secmark != 0) {
+			skp = smack_from_secid(skb->secmark);
+			goto access_check;
+		}
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
 		/*
 		 * Translate what netlabel gave us.
 		 */
@@ -3678,6 +3712,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 
 		netlbl_secattr_destroy(&secattr);
 
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+access_check:
+#endif
 #ifdef CONFIG_AUDIT
 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
 		ad.a.u.net->family = sk->sk_family;
@@ -3698,14 +3735,32 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		if (rc != 0)
 			netlbl_skbuff_err(skb, rc, 0);
 		break;
+#if IS_ENABLED(CONFIG_IPV6)
 	case PF_INET6:
-		rc = smk_skb_to_addr_ipv6(skb, &sadd);
-		if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
-			rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
+		proto = smk_skb_to_addr_ipv6(skb, &sadd);
+		if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
+			break;
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+		if (skb && skb->secmark != 0)
+			skp = smack_from_secid(skb->secmark);
 		else
-			rc = 0;
+			skp = smack_net_ambient;
+#ifdef CONFIG_AUDIT
+		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
+		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->netif = skb->skb_iif;
+		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
+#endif /* CONFIG_AUDIT */
+		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
+		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
+					MAY_WRITE, rc);
+#else /* CONFIG_SECURITY_SMACK_NETFILTER */
+		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
 		break;
+#endif /* CONFIG_IPV6 */
 	}
+
 	return rc;
 }
 
@@ -3767,16 +3822,25 @@ static int smack_socket_getpeersec_dgram(struct socket *sock,
 	if (skb != NULL) {
 		if (skb->protocol == htons(ETH_P_IP))
 			family = PF_INET;
+#if IS_ENABLED(CONFIG_IPV6)
 		else if (skb->protocol == htons(ETH_P_IPV6))
 			family = PF_INET6;
+#endif /* CONFIG_IPV6 */
 	}
 	if (family == PF_UNSPEC && sock != NULL)
 		family = sock->sk->sk_family;
 
-	if (family == PF_UNIX) {
+	switch (family) {
+	case PF_UNIX:
 		ssp = sock->sk->sk_security;
 		s = ssp->smk_out->smk_secid;
-	} else if (family == PF_INET || family == PF_INET6) {
+		break;
+	case PF_INET:
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+		s = skb->secmark;
+		if (s != 0)
+			break;
+#endif
 		/*
 		 * Translate what netlabel gave us.
 		 */
@@ -3789,6 +3853,14 @@ static int smack_socket_getpeersec_dgram(struct socket *sock,
 			s = skp->smk_secid;
 		}
 		netlbl_secattr_destroy(&secattr);
+		break;
+#if IS_ENABLED(CONFIG_IPV6)
+	case PF_INET6:
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+		s = skb->secmark;
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
+		break;
+#endif /* CONFIG_IPV6 */
 	}
 	*secid = s;
 	if (s == 0)
@@ -3844,6 +3916,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 	struct lsm_network_audit net;
 #endif
 
+#if IS_ENABLED(CONFIG_IPV6)
 	if (family == PF_INET6) {
 		/*
 		 * Handle mapped IPv4 packets arriving
@@ -3855,6 +3928,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 		else
 			return 0;
 	}
+#endif /* CONFIG_IPV6 */
 
 	netlbl_secattr_init(&secattr);
 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
@@ -4293,7 +4367,9 @@ struct security_operations smack_ops = {
 	.unix_may_send = 		smack_unix_may_send,
 
 	.socket_post_create = 		smack_socket_post_create,
+#ifndef CONFIG_SECURITY_SMACK_NETFILTER
 	.socket_bind =			smack_socket_bind,
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
 	.socket_connect =		smack_socket_connect,
 	.socket_sendmsg =		smack_socket_sendmsg,
 	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
@@ -4377,6 +4453,8 @@ static __init int smack_init(void)
 	if (!security_module_enable(&smack_ops))
 		return 0;
 
+	smack_enabled = 1;
+
 	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
 	if (!smack_rule_cache)
 		return -ENOMEM;
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
new file mode 100644
index 0000000..29d0411
--- /dev/null
+++ b/security/smack/smack_netfilter.c
@@ -0,0 +1,96 @@
+/*
+ *  Simplified MAC Kernel (smack) security module
+ *
+ *  This file contains the Smack netfilter implementation
+ *
+ *  Author:
+ *	Casey Schaufler <casey@schaufler-ca.com>
+ *
+ *  Copyright (C) 2014 Casey Schaufler <casey@schaufler-ca.com>
+ *  Copyright (C) 2014 Intel Corporation.
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License version 2,
+ *	as published by the Free Software Foundation.
+ */
+
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv6.h>
+#include <linux/netdevice.h>
+#include "smack.h"
+
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+
+static unsigned int smack_ipv6_output(unsigned int hooknum,
+					struct sk_buff *skb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn)(struct sk_buff *))
+{
+	struct socket_smack *ssp;
+	struct smack_known *skp;
+
+	if (skb && skb->sk && skb->sk->sk_security) {
+		ssp = skb->sk->sk_security;
+		skp = ssp->smk_out;
+		skb->secmark = skp->smk_secid;
+	}
+
+	return NF_ACCEPT;
+}
+#endif	/* IPV6 */
+
+static unsigned int smack_ipv4_output(unsigned int hooknum,
+					struct sk_buff *skb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn)(struct sk_buff *))
+{
+	struct socket_smack *ssp;
+	struct smack_known *skp;
+
+	if (skb && skb->sk && skb->sk->sk_security) {
+		ssp = skb->sk->sk_security;
+		skp = ssp->smk_out;
+		skb->secmark = skp->smk_secid;
+	}
+
+	return NF_ACCEPT;
+}
+
+static struct nf_hook_ops smack_nf_ops[] = {
+	{
+		.hook =		smack_ipv4_output,
+		.owner =	THIS_MODULE,
+		.pf =		NFPROTO_IPV4,
+		.hooknum =	NF_INET_LOCAL_OUT,
+		.priority =	NF_IP_PRI_SELINUX_FIRST,
+	},
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	{
+		.hook =		smack_ipv6_output,
+		.owner =	THIS_MODULE,
+		.pf =		NFPROTO_IPV6,
+		.hooknum =	NF_INET_LOCAL_OUT,
+		.priority =	NF_IP6_PRI_SELINUX_FIRST,
+	},
+#endif	/* IPV6 */
+};
+
+static int __init smack_nf_ip_init(void)
+{
+	int err;
+
+	if (smack_enabled == 0)
+		return 0;
+
+	printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
+
+	err = nf_register_hooks(smack_nf_ops, ARRAY_SIZE(smack_nf_ops));
+	if (err)
+		pr_info("Smack: nf_register_hooks: error %d\n", err);
+
+	return 0;
+}
+
+__initcall(smack_nf_ip_init);
-- 
2.7.4


From e7098669769a16082ef79f85afefd1bb65f00e52 Mon Sep 17 00:00:00 2001
From: Casey Schaufler <casey@schaufler-ca.com>
Date: Tue, 26 Apr 2016 16:36:31 +0900
Subject: [PATCH 14/16] Smack: Repair netfilter dependency
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

On 1/23/2015 8:20 AM, Jim Davis wrote:
> Building with the attached random configuration file,
>
> security/smack/smack_netfilter.c: In function âsmack_ipv4_outputâ:
> security/smack/smack_netfilter.c:55:6: error: âstruct sk_buffâ has no
> member named âsecmarkâ
>    skb->secmark = skp->smk_secid;
>       ^
> make[2]: *** [security/smack/smack_netfilter.o] Error 1

The existing Makefile used the wrong configuration option to
determine if smack_netfilter should be built. This sets it right.

Change-Id: Iba5ff1e171a49d9750884503d9a20d06463b5a2c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/smack/Makefile b/security/smack/Makefile
index 616cf93..ee2ebd5 100644
--- a/security/smack/Makefile
+++ b/security/smack/Makefile
@@ -5,4 +5,4 @@
 obj-$(CONFIG_SECURITY_SMACK) := smack.o
 
 smack-y := smack_lsm.o smack_access.o smackfs.o
-smack-$(CONFIG_NETFILTER) += smack_netfilter.o
+smack-$(CONFIG_SECURITY_SMACK_NETFILTER) += smack_netfilter.o
-- 
2.7.4


From c112e2a0501cbb181ae482c7d4659734bd651f0e Mon Sep 17 00:00:00 2001
From: Casey Schaufler <casey@schaufler-ca.com>
Date: Tue, 26 Apr 2016 16:40:01 +0900
Subject: [PATCH 15/16] Smack: secmark connections

If the secmark is available us it on connection as
well as packet delivery.

Change-Id: I570e750dc3753908f361b894c470784ec00a468e
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack_lsm.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d2a13f9..a7f2b5b 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3930,6 +3930,18 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 	}
 #endif /* CONFIG_IPV6 */
 
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+	/*
+	 * If there is a secmark use it rather than the CIPSO label.
+	 * If there is no secmark fall back to CIPSO.
+	 * The secmark is assumed to reflect policy better.
+	 */
+	if (skb && skb->secmark != 0) {
+		skp = smack_from_secid(skb->secmark);
+		goto access_check;
+	}
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
+
 	netlbl_secattr_init(&secattr);
 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
 	if (rc == 0)
@@ -3938,6 +3950,10 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 		skp = &smack_known_huh;
 	netlbl_secattr_destroy(&secattr);
 
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+access_check:
+#endif
+
 #ifdef CONFIG_AUDIT
 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
 	ad.a.u.net->family = family;
-- 
2.7.4


From 930a2d023b079a6abe7cdd1b91f3f47fd8882800 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 7 Aug 2013 18:13:20 +0200
Subject: [PATCH 16/16] netfilter: nfnetlink_queue: allow to attach
 expectations to conntracks

This patch adds the capability to attach expectations via nfnetlink_queue.
This is required by conntrack helpers that trigger expectations based on
the first packet seen like the TFTP and the DHCPv6 user-space helpers.

Change-Id: I1944cc4c4660b41d4eeafd44e3038bd2749ae655
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
---
 include/linux/netfilter.h                      |  2 +
 include/net/netfilter/nfnetlink_queue.h        |  8 +++
 include/uapi/linux/netfilter/nfnetlink_queue.h |  1 +
 net/netfilter/nf_conntrack_netlink.c           | 95 ++++++++++++++++++++++----
 net/netfilter/nfnetlink_queue_core.c           | 10 ++-
 net/netfilter/nfnetlink_queue_ct.c             | 15 ++++
 6 files changed, 114 insertions(+), 17 deletions(-)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 0060fde..64511db 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -325,6 +325,8 @@ struct nfq_ct_hook {
 	size_t (*build_size)(const struct nf_conn *ct);
 	int (*build)(struct sk_buff *skb, struct nf_conn *ct);
 	int (*parse)(const struct nlattr *attr, struct nf_conn *ct);
+	int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,
+			     u32 portid, u32 report);
 };
 extern struct nfq_ct_hook __rcu *nfq_ct_hook;
 
diff --git a/include/net/netfilter/nfnetlink_queue.h b/include/net/netfilter/nfnetlink_queue.h
index 86267a5..aff88ba 100644
--- a/include/net/netfilter/nfnetlink_queue.h
+++ b/include/net/netfilter/nfnetlink_queue.h
@@ -15,6 +15,8 @@ int nfqnl_ct_put(struct sk_buff *skb, struct nf_conn *ct,
 		 enum ip_conntrack_info ctinfo);
 void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
 			 enum ip_conntrack_info ctinfo, int diff);
+int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+			u32 portid, u32 report);
 #else
 inline struct nf_conn *
 nfqnl_ct_get(struct sk_buff *entskb, size_t *size, enum ip_conntrack_info *ctinfo)
@@ -39,5 +41,11 @@ inline void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
 				enum ip_conntrack_info ctinfo, int diff)
 {
 }
+
+inline int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+			       u32 portid, u32 report)
+{
+	return 0;
+}
 #endif /* NF_CONNTRACK */
 #endif
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index a2308ae..0ee94e6 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -46,6 +46,7 @@ enum nfqnl_attr_type {
 	NFQA_CT_INFO,			/* enum ip_conntrack_info */
 	NFQA_CAP_LEN,			/* __u32 length of captured packet */
 	NFQA_SKB_INFO,			/* __u32 skb meta information */
+	NFQA_EXP,			/* nf_conntrack_netlink.h */
 
 	__NFQA_MAX
 };
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ecf065f..0375caa 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1987,6 +1987,27 @@ out:
 	return err == -EAGAIN ? -ENOBUFS : err;
 }
 
+static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
+	[CTA_EXPECT_MASTER]	= { .type = NLA_NESTED },
+	[CTA_EXPECT_TUPLE]	= { .type = NLA_NESTED },
+	[CTA_EXPECT_MASK]	= { .type = NLA_NESTED },
+	[CTA_EXPECT_TIMEOUT]	= { .type = NLA_U32 },
+	[CTA_EXPECT_ID]		= { .type = NLA_U32 },
+	[CTA_EXPECT_HELP_NAME]	= { .type = NLA_NUL_STRING,
+				    .len = NF_CT_HELPER_NAME_LEN - 1 },
+	[CTA_EXPECT_ZONE]	= { .type = NLA_U16 },
+	[CTA_EXPECT_FLAGS]	= { .type = NLA_U32 },
+	[CTA_EXPECT_CLASS]	= { .type = NLA_U32 },
+	[CTA_EXPECT_NAT]	= { .type = NLA_NESTED },
+	[CTA_EXPECT_FN]		= { .type = NLA_NUL_STRING },
+};
+
+static struct nf_conntrack_expect *
+ctnetlink_alloc_expect(const struct nlattr *const cda[], struct nf_conn *ct,
+		       struct nf_conntrack_helper *helper,
+		       struct nf_conntrack_tuple *tuple,
+		       struct nf_conntrack_tuple *mask);
+
 #ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
 static size_t
 ctnetlink_nfqueue_build_size(const struct nf_conn *ct)
@@ -2125,10 +2146,69 @@ ctnetlink_nfqueue_parse(const struct nlattr *attr, struct nf_conn *ct)
 	return ret;
 }
 
+static int ctnetlink_nfqueue_exp_parse(const struct nlattr * const *cda,
+				       const struct nf_conn *ct,
+				       struct nf_conntrack_tuple *tuple,
+				       struct nf_conntrack_tuple *mask)
+{
+	int err;
+
+	err = ctnetlink_parse_tuple(cda, tuple, CTA_EXPECT_TUPLE,
+				    nf_ct_l3num(ct));
+	if (err < 0)
+		return err;
+
+	return ctnetlink_parse_tuple(cda, mask, CTA_EXPECT_MASK,
+				     nf_ct_l3num(ct));
+}
+
+static int
+ctnetlink_nfqueue_attach_expect(const struct nlattr *attr, struct nf_conn *ct,
+				u32 portid, u32 report)
+{
+	struct nlattr *cda[CTA_EXPECT_MAX+1];
+	struct nf_conntrack_tuple tuple, mask;
+	struct nf_conntrack_helper *helper;
+	struct nf_conntrack_expect *exp;
+	int err;
+
+	err = nla_parse_nested(cda, CTA_EXPECT_MAX, attr, exp_nla_policy);
+	if (err < 0)
+		return err;
+
+	err = ctnetlink_nfqueue_exp_parse((const struct nlattr * const *)cda,
+					  ct, &tuple, &mask);
+	if (err < 0)
+		return err;
+
+	if (cda[CTA_EXPECT_HELP_NAME]) {
+		const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
+
+		helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
+						    nf_ct_protonum(ct));
+		if (helper == NULL)
+			return -EOPNOTSUPP;
+	}
+
+	exp = ctnetlink_alloc_expect((const struct nlattr * const *)cda, ct,
+				     helper, &tuple, &mask);
+	if (IS_ERR(exp))
+		return PTR_ERR(exp);
+
+	err = nf_ct_expect_related_report(exp, portid, report);
+	if (err < 0) {
+		nf_ct_expect_put(exp);
+		return err;
+	}
+
+	return 0;
+}
+
 static struct nfq_ct_hook ctnetlink_nfqueue_hook = {
 	.build_size	= ctnetlink_nfqueue_build_size,
 	.build		= ctnetlink_nfqueue_build,
 	.parse		= ctnetlink_nfqueue_parse,
+	.attach_expect	= ctnetlink_nfqueue_attach_expect,
 };
 #endif /* CONFIG_NETFILTER_NETLINK_QUEUE_CT */
 
@@ -2496,21 +2576,6 @@ static int ctnetlink_dump_exp_ct(struct sock *ctnl, struct sk_buff *skb,
 	return err;
 }
 
-static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
-	[CTA_EXPECT_MASTER]	= { .type = NLA_NESTED },
-	[CTA_EXPECT_TUPLE]	= { .type = NLA_NESTED },
-	[CTA_EXPECT_MASK]	= { .type = NLA_NESTED },
-	[CTA_EXPECT_TIMEOUT]	= { .type = NLA_U32 },
-	[CTA_EXPECT_ID]		= { .type = NLA_U32 },
-	[CTA_EXPECT_HELP_NAME]	= { .type = NLA_NUL_STRING,
-				    .len = NF_CT_HELPER_NAME_LEN - 1 },
-	[CTA_EXPECT_ZONE]	= { .type = NLA_U16 },
-	[CTA_EXPECT_FLAGS]	= { .type = NLA_U32 },
-	[CTA_EXPECT_CLASS]	= { .type = NLA_U32 },
-	[CTA_EXPECT_NAT]	= { .type = NLA_NESTED },
-	[CTA_EXPECT_FN]		= { .type = NLA_NUL_STRING },
-};
-
 static int
 ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
 		     const struct nlmsghdr *nlh,
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 2b8199f..f5c4a08 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -861,6 +861,7 @@ static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
 	[NFQA_MARK]		= { .type = NLA_U32 },
 	[NFQA_PAYLOAD]		= { .type = NLA_UNSPEC },
 	[NFQA_CT]		= { .type = NLA_UNSPEC },
+	[NFQA_EXP]		= { .type = NLA_UNSPEC },
 };
 
 static const struct nla_policy nfqa_verdict_batch_policy[NFQA_MAX+1] = {
@@ -989,9 +990,14 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
 	if (entry == NULL)
 		return -ENOENT;
 
-	rcu_read_lock();
-	if (nfqa[NFQA_CT] && (queue->flags & NFQA_CFG_F_CONNTRACK))
+	if (nfqa[NFQA_CT]) {
 		ct = nfqnl_ct_parse(entry->skb, nfqa[NFQA_CT], &ctinfo);
+		if (ct && nfqa[NFQA_EXP]) {
+			nfqnl_attach_expect(ct, nfqa[NFQA_EXP],
+					    NETLINK_CB(skb).portid,
+					    nlmsg_report(nlh));
+		}
+	}
 
 	if (nfqa[NFQA_PAYLOAD]) {
 		u16 payload_len = nla_len(nfqa[NFQA_PAYLOAD]);
diff --git a/net/netfilter/nfnetlink_queue_ct.c b/net/netfilter/nfnetlink_queue_ct.c
index ab61d66..be89303 100644
--- a/net/netfilter/nfnetlink_queue_ct.c
+++ b/net/netfilter/nfnetlink_queue_ct.c
@@ -96,3 +96,18 @@ void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
 	if ((ct->status & IPS_NAT_MASK) && diff)
 		nfq_nat_ct->seq_adjust(skb, ct, ctinfo, diff);
 }
+
+int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+			u32 portid, u32 report)
+{
+	struct nfq_ct_hook *nfq_ct;
+
+	if (nf_ct_is_untracked(ct))
+		return 0;
+
+	nfq_ct = rcu_dereference(nfq_ct_hook);
+	if (nfq_ct == NULL)
+		return -EOPNOTSUPP;
+
+	return nfq_ct->attach_expect(attr, ct, portid, report);
+}
-- 
2.7.4