Change-Id: I2e9acd429da94eba8a783fcfa319670b399e4e28

Adapts the qt602240 touchscreen driver to the ICS multitouch protocol using
the LEGACY_TOUCHSCREEN method from
frameworks/base/services/input/InputReader.cpp.  That is, change
ABS_MT_TOUCH_MAJOR events to ABS_MT_PRESSURE, and add BTN_TOUCH events
before input_mt_sync()s.  Need to remove BOARD_USE_LEGACY_TOUCHSCREEN from
BoardConfig.mk.

…rent patch does not contain complete protocol update.

This reverts commit 6655a76

Adapts the qt602240 touchscreen driver to the ICS multitouch protocol
described in [1].  That is:

- Change ABS_MT_TOUCH_MAJOR events to ABS_MT_PRESSURE.
- Change ABS_MT_WIDTH_MAJOR events to ABS_MT_TOUCH_MAJOR.
- Add BTN_TOUCH events before input_mt_sync()s.

The BTN_TOUCH events are required as the qt602240 driver advertises
BTN_TOUCH capability for non-multitouch purposes, and, although not
mentioned in [1], is checked by TouchButtonAccumulator::isHovering().

Touch release events are not reported by empty sync reports since reporting
ABS_MT_PRESSURE = 0 has the same effect in the current implementation.
Inclusion of BTN_TOUCH makes this also compatible with the Linux MT
protocol [2].

[1] http://source.android.com/tech/input/touch-devices.html
[2] https://www.kernel.org/doc/Documentation/input/multi-touch-protocol.txt

Change-Id: I6bdd1e955762073829d4c2c4e1d979e97879d5de

Adapts the s3c-keypad keyboard driver to the ICS lid-switch protocol
implemented in frameworks/base/policy/src/com/android/internal/policy/impl/
PhoneWindowManager.java.  Here, the lid-switch sense is inverted from GB:

- SW_LID == 0 => LID_CLOSED. 
- SW_LID >  0 => LID_OPEN.
- SW_LID <  0 => LID_ABSENT.

Change-Id: Icca836c147507a72152d0a1043ffc8379dc25698

Userspace reverts to old protocol in I22a18547.

These changes were merged from https://github.com/cyanogen/galaxy-2636

netfilter: add xt_qtaguid matching module

This module allows tracking stats at the socket level for given UIDs.
It replaces xt_owner.
If the --uid-owner is not specified, it will just count stats based on
who the skb belongs to. This will even happen on incoming skbs as it
looks into the skb via xt_socket magic to see who owns it.
If an skb is lost, it will be assigned to uid=0.

To control what sockets of what UIDs are tagged by what, one uses:
  echo t $sock_fd $accounting_tag $the_billed_uid \
     > /proc/net/xt_qtaguid/ctrl
 So whenever an skb belongs to a sock_fd, it will be accounted against
   $the_billed_uid
  and matching stats will show up under the uid with the given
   $accounting_tag.

Because the number of allocations for the stats structs is not that big:
  ~500 apps * 32 per app
we'll just do it atomic. This avoids walking lists many times, and
the fancy worker thread handling. Slabs will grow when needed later.

It use netdevice and inetaddr notifications instead of hooks in the core dev
code to track when a device comes and goes. This removes the need for
exposed iface_stat.h.

Put procfs dirs in /proc/net/xt_qtaguid/
  ctrl
  stats
  iface_stat/<iface>/...
The uid stats are obtainable in ./stats.

Change-Id: I01af4fd91c8de651668d3decb76d9bdc1e343919
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

nf: qtaguid: workaround xt_socket_get_sk() returning bad SKs.

(This is a direct cherry pick from 2.6.39: Id2a9912b)

* xt_socket_get_sk() returns invalid sockets when the sk_state is TCP_TIME_WAIT.
Added detection of time-wait.
* Added more constrained usage: qtaguid insures that xt_socket_get*_sk() is
not invoked for unexpected hooks or protocols (but I have not seen those
active at the point where the returned sk is bad).

Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: Id2a9912bb451a3e59d012fc55bbbd40fbb90693f
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

nf: qtaguid: make procfs entry for ctrl return correct data.

(This is a direct cherry-pick from 2.6.39: I3b925802)

Fixed procreader for /proc/net/xt_qtaguid/ctrl: it would just
fill the output with the same entry.
Simplify the **start handling.

Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: I3b92580228f2b57795bb2d0d6197fc95ab6be552
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: qtaguid: fix bad-arg handling when tagging socket

When processing args passed to the procfs ctrl, if the tag was
invalid it would exit without releasing the spin_lock...
Bye bye scheduling.

Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: Ic1480ae9d37bba687586094cf6d0274db9c5b28a
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfitler: xt_qtaguid: add another missing spin_unlock.

This time the symptom is caused by tagging the same socket twice
without untagging it in between.
This would cause it to not unlock, and return.

Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: qtaguid: add tag delete command, expand stats output.

* Add a new ctrl command to delete stored data.
  d <acct_tag> [<uid>]
The uid will default to the running process's.
The accounting tag can be 0, in which case all counters and socket tags
associated with the uid will be cleared.

* Simplify the ctrl command handling at the expense of duplicate code.
This should make it easier to maintain.

* /proc/net/xt_qtaguid/stats now returns more stats
  idx iface acct_tag_hex uid_tag_int
  {rx,tx}_{bytes,packets}
  {rx,tx}_{tcp,udp,other}_{bytes,packets}
the {rx,tx}_{bytes,packets} are the totals.

* re-tagging will now allow changing the uid.

Change-Id: I9594621543cefeab557caa3d68a22a3eb320466d
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access

* uid handling
 - Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT.
   This affects socket tagging, and data removal.
 - Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS.
   This affects stats lookup.

* allow pacifying the module
  Setting passive to Y/y will make the module return immediately on
  external stimulus.
  No more stats and silent success on ctrl writes.
  Mainly used when one suspects this module of misbehaving.

Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: qtaguid: disable #define DEBUG

This would cause log spam to the point of slowing down the system.

Change-Id: I5655f0207935004b0198f43ad0d3c9ea25466e4e
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: add counter sets and matching control

* Added support for sets of counters.
By default set 0 is active.
Userspace can control which set is active for a given UID by
writing to .../ctrl
   s <set_num> <uid>
Changing the active set is only permitted for processes in the
 AID_NET_BW_ACCT group.

The active set tracking is reset when the uid tag is deleted with
the .../ctrl command
  d 0 <uid>

* New output format for the proc .../stats
 - Now has cnt_set in the list.
  """
  idx iface acct_tag_hex uid_tag_int cnt_set rx_bytes rx_packets tx_bytes tx_packets rx_tcp_packets rx_tcp_bytes rx_udp_packets rx_udp_bytes rx_other_packets rx_other_bytes tx_tcp_packets tx_tcp_bytes tx_udp_packets tx_udp_bytes tx_other_packets tx_other_bytes
  ...
  2 rmnet0 0x0 1000 0 27729 29 1477 27 27501 26 228 3 0 0 1249 24 228 3 0 0
  2 rmnet0 0x0 1000 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  3 rmnet0 0x0 10005 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  3 rmnet0 0x0 10005 1 46407 57 8008 64 46407 57 0 0 0 0 8008 64 0 0 0 0
  ...
  6 rmnet0 0x7fff000100000000 10005 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  6 rmnet0 0x7fff000100000000 10005 1 27493 24 1564 22 27493 24 0 0 0 0 1564 22 0 0 0 0
  """

* Refactored for proc stats output code.
* Silenced some of the per packet debug output.
* Reworded some of the debug messages.
* Replaced all the spin_lock_irqsave/irqrestore with *_bh():
   netfilter handling is done in softirq.

Change-Id: Ibe89f9d754579fd97335617186c614b43333cfd3
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: recognize IPV6 interfaces. root is procfs privileged.

* Allow tracking interfaces that only have an ipv6 address.
  Deal with ipv6 notifier chains that do NETDEV_UP without the rtnl_lock()
* Allow root all access to procfs ctrl/stats.
  To disable all checks:
    echo 0 > /sys/module/xt_qtaguid/parameters/ctrl_write_gid
    echo 0 > /sys/module/xt_qtaguid/parameters/stats_readall_gid
* Add CDEBUG define to enable pr_debug output specific to
    procfs ctrl/stats access.

Change-Id: I9a469511d92fe42734daff6ea2326701312a161b
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: Fix socket refcounts when tagging

* Don't hold the sockets after tagging.
  sockfd_lookup() does a get() on the associated file.
  There was no matching put() so a closed socket could never be
  freed.
* Don't rely on struct member order for tag_node
  The structs that had a struct tag_node member would work with
  the *_tree_* routines only because tag_node was 1st.
* Improve debug messages
  Provide info on who the caller is. Use unsigned int for uid.
* Only process NETDEV_UP events.
* Pacifier: disable netfilter matching. Leave .../stats header.

Change-Id: Iccb8ae3cca9608210c417597287a2391010dff2c
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: Fix sockfd_put() call within spinlock

sockfd_put() risks sleeping.
So when doing a delete ctrl command, defer the sockfd_put() and
kfree() to outside of the spinlock.

Change-Id: I5f8ab51d05888d885b2fbb035f61efa5b7abb88a
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: add some tagging/matching stats

/proc/net/xt_qtaguid/ctrl will now show:
  active tagged sockets: lines of "sock=%p tag=0x%llx (uid=%u)"
  sockets_tagged, : the number of sockets successfully tagged.
  sockets_untagged: the number of sockets successfully untagged.
  counter_set_changes: ctrl counter set change requests.
  delete_cmds: ctrl delete commands completed.
  iface_events: number of NETDEV_* events handled.
  match_found_sk: sk found in skbuff without ct assist.
  match_found_sk_in_ct: the number of times the connection tracker found
    a socket for us. This happens when the skbuff didn't have info.
  match_found_sk_none: the number of times no sk could be determined
    successfully looked up. This indicates we don't know who the
    data actually belongs to. This could be unsolicited traffic.

Change-Id: I3a65613bb24852e1eea768ab0320a6a7073ab9be
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: fix dev_stats for missing NETDEV_UNREGISTER

Turns out that some devices don't call the notifier chains
with NETDEV_UNREGISTER.
So now we only track up/down as the points for tracking
active/inactive transitions and saving the get_dev_stats().

Change-Id: I948755962b4c64150b4d04f294fb4889f151e42b
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: qtaguid: fix proc/.../stats uid filtered output

"cat /proc/net/xt_qtaguid/stats"
for a non-priviledged UID would output multiple twice its own stats.
The fix tweaks the way lines are counted.

Non-root:
  idx iface acct_tag_hex uid_tag_int cnt_set ...
  2 wlan0 0x0 10022 0 ...
  3 wlan0 0x0 10022 1 ...
  4 wlan0 0x3010000000000000 10022 0 ...
  5 wlan0 0x3010000000000000 10022 1 ...

Root:
  idx iface acct_tag_hex uid_tag_int cnt_set
  2 wlan0 0x0 0 0 ...
  3 wlan0 0x0 0 1 ...
  4 wlan0 0x0 1000 0 ...
  ...
  12 wlan0 0x0 10022 0 ...
  13 wlan0 0x0 10022 1 ...
  ...
  18 wlan0 0x3010000000000000 10022 0 ...
  19 wlan0 0x3010000000000000 10022 1 ...

Change-Id: I3cae1f4fee616bc897831350374656b0c718c45b
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: 1st pass at tracking tag based data resources

* Added global resource tracking based on tags.
 - Can be put into passive mode via
    /sys/modules/xt_qtaguid/params/tag_tracking_passive
 - The number of socket tags per UID is now limited
 - Adding /dev/xt_qtaguid that each process should open before starting
to tag sockets. A later change will make it a "must".
 - A process should not create new tags unless it has the dev open.
  A later change will make it a must.
 - On qtaguid_resources release, the process' matching socket tag info
  is deleted.
* Support run-time debug mask via /sys/modules parameter "debug_mask".
* split module into prettyprinting code, includes, main.
* Removed ptrdiff_t usage which didn't work in all cases.

Change-Id: I4a21d3bea55d23c1c3747253904e2a79f7d555d9
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: warn only once for missing proc qtaguid data

When a process doesn't have /dev/xt_qtaguid open, only warn once
instead of for every ctrl access.

Change-Id: I98a462a8731254ddc3bf6d2fefeef9823659b1f0
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: work around devices that reset their stats

Most net devs will not reset their stats when just going down/up,
unless a NETDEV_UNREGISTER was notified.
But some devs will not send out a NETDEV_UNREGISTER but still
reset their stats just before a NETDEV_UP.
Now we just track the dev stats during NETDEV_DOWN... just in case.
Then on NETDEV_UP we check the stats: if the device didn't do a
NETDEV_UNREGISTER and a prior NETDEV_DOWN captured stats, then we treat
it as an UNREGISTER and save the totals from the stashed values.

Added extra netdev event debugging.

Change-Id: Iec79e74bfd40269aa3e5892f161be71e09de6946
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: provide an iface_stat_all proc entry

There is a
  /proc/net/xt_qtaguid/iface/<iface>/{rx_bytes,rx_packets,tx_bytes,...}
but for better convenience and to avoid getting overly stale net/dev stats
we now have
  /proc/net/xt_qtaguid/iface_stat_all
which outputs lines of:
  iface_name active rx_bytes rx_packets tx_bytes tx_packets
    net_dev_rx_bytes net_dev_rx_packets net_dev_tx_bytes net_dev_tx_packets

Change-Id: I12cc10d2d123b86b56d4eb489b1d77b2ce72ebcf
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: change WARN_ONCE into pr_warn_once

Make the warning less scary.

Change-Id: I0276c5413e37ec991f24db57aeb90333fb1b5a65
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: fix crash after using delete ctrl command

* Crash fix
The delete command would delete a socket tag entry without removing it
from the proc_qtu_data { ..., sock_tag_list, }.
This in turn would cause an exiting process to crash while cleaning up
its matching proc_qtu_data.

* Added more aggressive tracking/cleanup of proc_qtu_data
This should allow one process to cleanup qtu_tag_data{} left around from
processes that didn't use resource tracking via /dev/xt_qtaguid.

* Debug printing tweaks
Better code inclusion/exclusion handling,
and extra debug out of full state.

Change-Id: I735965af2962ffcd7f3021cdc0068b3ab21245c2
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: add missing tracking for no filp case

In cases where the skb would have an sk_socket but no file, that skb
would not be counted at all. Assigning to uid 0 now.

Adding extra counters to track skb counts.

Change-Id: If049b4b525e1fbd5afc9c72b4a174c0a435f2ca7
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: Fix the stats info display order

Change-Id: I3bf165c31f35a6c7dc212f23df5eefaeb8129d0d
Signed-off-by: Ashish Sharma <ashishsharma@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_qtaguid: fix crash on ctrl delete command

Because for now the xt_qtaguid module allows procs to use tags without
having /dev/xt_qtaguid open, there was a case where it would try
to delete a resources from a list that was proc specific.
But that resource was never added to that list which is only
used when /dev/xt_qtaguid has been opened by the proc.

Once our userspace is fully updated, we won't need those exceptions.

Change-Id: Idd4bfea926627190c74645142916e10832eb2504
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

net: percpu net_device refcount

We tried very hard to remove all possible dev_hold()/dev_put() pairs in
network stack, using RCU conversions.

There is still an unavoidable device refcount change for every dst we
create/destroy, and this can slow down some workloads (routers or some
app servers, mmap af_packet)

We can switch to a percpu refcount implementation, now dynamic per_cpu
infrastructure is mature. On a 64 cpus machine, this consumes 256 bytes
per device.

On x86, dev_hold(dev) code :

before
        lock    incl 0x280(%ebx)
after:
        movl    0x260(%ebx),%eax
        incl    fs:(%eax)

Stress bench :

(Sending 160.000.000 UDP frames,
IP route cache disabled, dual E5540 @2.53GHz,
32bit kernel, FIB_TRIE)

Before:

real    1m1.662s
user    0m14.373s
sys     12m55.960s

After:

real    0m51.179s
user    0m15.329s
sys     10m15.942s

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: use NFPROTO_IPV4 instead of AF_INET

The field family of xt_target should be NFPROTO_IPV4, though
NFPROTO_IPV4 and AF_INET are the same.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

tproxy: kick out TIME_WAIT sockets in case a new connection comes in with the same tuple

Without tproxy redirections an incoming SYN kicks out conflicting
TIME_WAIT sockets, in order to handle clients that reuse ports
within the TIME_WAIT period.

The same mechanism didn't work in case TProxy is involved in finding
the proper socket, as the time_wait processing code looked up the
listening socket assuming that the listener addr/port matches those
of the established connection.

This is not the case with TProxy as the listener addr/port is possibly
changed with the tproxy rule.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

tproxy: added IPv6 support to the socket match

The ICMP extraction bits were contributed by Harry Mason.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

tproxy: added IPv6 support to the TPROXY target

This requires a new revision as the old target structure was
IPv4 specific.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

tproxy: use the interface primary IP address as a default value for --on-ip

The REDIRECT target and the older TProxy versions used the primary address
of the incoming interface as the default value of the --on-ip parameter.
This was unintentionally changed during the initial TProxy submission and
caused confusion among users.

Since IPv6 has no notion of primary address, we just select the first address
on the list: this way the socket lookup finds wildcard bound sockets
properly and we cannot really do better without the user telling us the
IPv6 address of the proxy.

This is implemented for both IPv4 and IPv6.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY

One of the previous tproxy related patches split IPv6 defragmentation and
connection tracking, but did not correctly add Kconfig stanzas to handle the
new dependencies correctly. This patch fixes that by making the config options
mirror the setup we have for IPv4: a distinct config option for defragmentation
that is automatically selected by both connection tracking and
xt_TPROXY/xt_socket.

The patch also changes the #ifdefs enclosing IPv6 specific code in xt_socket
and xt_TPROXY: we only compile these in case we have ip6tables support enabled.

Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: xt_socket: Make tproto signed in socket_mt6_v1().

Otherwise error indications from ipv6_find_hdr() won't be noticed.

This required making the protocol argument to extract_icmp6_fields()
signed too.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

tproxy: add lookup type checks for UDP in nf_tproxy_get_sock_v4()

Also, inline this function as the lookup_type is always a literal
and inlining removes branches performed at runtime.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: tproxy: do not assign timewait sockets to skb->sk

Assigning a socket in timewait state to skb->sk can trigger
kernel oops, e.g. in nfnetlink_log, which does:

if (skb->sk) {
        read_lock_bh(&skb->sk->sk_callback_lock);
        if (skb->sk->sk_socket && skb->sk->sk_socket->file) ...

in the timewait case, accessing sk->sk_callback_lock and sk->sk_socket
is invalid.

Either all of these spots will need to add a test for sk->sk_state != TCP_TIME_WAIT,
or xt_TPROXY must not assign a timewait socket to skb->sk.

This does the latter.

If a TW socket is found, assign the tproxy nfmark, but skip the skb->sk assignment,
thus mimicking behaviour of a '-m socket .. -j MARK/ACCEPT' re-routing rule.

The 'SYN to TW socket' case is left unchanged -- we try to redirect to the
listener socket.

Cc: Balazs Scheidler <bazsi@balabit.hu>
Cc: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: add more values to enum ip_conntrack_info

Following error is raised (and other similar ones) :

net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’:
net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’
not in enumerated type ‘enum ip_conntrack_info’

gcc barfs on adding two enum values and getting a not enumerated
result :

case IP_CT_RELATED+IP_CT_IS_REPLY:

Add missing enum values

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: David Miller <davem@davemloft.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

nf: xt_socket: export the fancy sock finder code

The socket matching function has some nifty logic to get the struct sock
from the skb or from the connection tracker.
We export this so other xt_* can use it, similarly to ho how
xt_socket uses nf_tproxy_get_sock.

Change-Id: I11c58f59087e7f7ae09e4abd4b937cd3370fa2fd
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

nf: xt_qtaguid: 2.6.36 compat

Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: adding the original quota2 from xtables-addons

The original xt_quota in the kernel is plain broken:
  - counts quota at a per CPU level
    (was written back when ubiquitous SMP was just a dream)
  - provides no way to count across IPV4/IPV6.

This patch is the original unaltered code from:
  http://sourceforge.net/projects/xtables-addons

  at commit e84391ce665cef046967f796dd91026851d6bbf3

Change-Id: I19d49858840effee9ecf6cff03c23b45a97efdeb
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfitler: fixup the quota2, and enable.

The xt_quota2 came from
  http://sourceforge.net/projects/xtables-addons/develop

It needed tweaking for it to compile within the kernel tree.
Fixed kmalloc() and create_proc_entry() invocations within
 a non-interruptible context.
Removed useless copying of current quota back to the iptable's
struct matchinfo:
  - those are per CPU: they will change randomly based on which
    cpu gets to update the value.
  - they prevent matching a rule: e.g.
      -A chain -m quota2 --name q1 --quota 123
     can't be followed by
      -D chain -m quota2 --name q1 --quota 123
    as the 123 will be compared to the struct matchinfo's quota member.

Change-Id: I021d3b743db3b22158cc49acb5c94d905b501492
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

netfilter: quota2: add support to log quota limit reached.

This uses the NETLINK NETLINK_NFLOG family to log a single message
when the quota limit is reached.
It uses the same packet type as ipt_ULOG, but
 - never copies skb data,
 - uses 112 as the event number (ULOG's +1)

It doesn't log if the module param "event_num" is 0.

Change-Id: I6f31736b568bb31a4ff0b9ac2ee58380e6b675ca
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Timothy Lusk <darkcube@gmail.com>

Fixed a compile issue with the netfilter merge.

Updated kernel config to include xt_qtaguid for data statistics.

Added xt_quota and a few other things to the defconfig.

Change-Id: Ie7805da1b43e23bbb52c2442d4aa6169adb6b538

Change-Id: I4d3157efe2647ee59043c037d79b2a1199f21e89

…ly built zImage, enables rapid and safe kernel testing.

Change-Id: Ia843d437764bc0d7d7c5eec545a1007dee9711a8

…der.

Conflicts:

	Kernel/arch/arm/configs/cyanogenmod_epicmtd_defconfig

Adapted from code by xcaliburninhand for use with
Galaxy Dock Sound Redirector:
https://market.android.com/details?id=net.muteheadlight.dockredir

To make framedrop in camera HAL layer, FIMC should support
v4l2 standard

Signed-off-by: Song Youngmok <ym.song@samsung.com>

(Re-added for video recording fix)

Change-Id: I02ce266cc555062f3036617293ed99b6f40f12fe

…onsuming cpu and kills performance+battery

Change-Id: I90e76b48c214be7f832469baa01bd2d57aa5ccd4

commit 8429f6d07214c283511d9ac57050279d16b46026
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Wed Nov 3 12:03:21 2010 -0400

    ext4: initialize the percpu counters before replaying the journal

    We now initialize the percpu counters before replaying the journal,
    but after the journal, we recalculate the global counters, to deal
    with the possibility of the per-blockgroup counts getting updated by
    the journal replay.

    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

commit e38b5ee9f7ff3856acb24200613ef0009c8571bb
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Tue Feb 8 18:13:37 2011 -0500

    jbd2: debug printk if jbd2_journal_commit_txn is called w/o a txn

    This prints some additional debugging information if a J_ASSERT
    would trigger.

    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

commit 3128bc4337f6cb435f09be207a9b108836132161
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Sun May 1 18:16:26 2011 -0400

    jbd2: fix fsync() tid wraparound bug

    If an application program does not make any changes to the indirect
    blocks or extent tree, i_datasync_tid will not get updated.  If there
    are enough commits (i.e., 2**31) such that tid_geq()'s calculations
    wrap, and there isn't a currently active transaction at the time of
    the fdatasync() call, this can end up triggering a BUG_ON in
    Kernel/fs/jbd2/commit.c:

    	J_ASSERT(journal->j_running_transaction != NULL);

    It's pretty rare that this can happen, since it requires the use of
    fdatasync() plus *very* frequent and excessive use of fsync().  But
    with the right workload, it can.

    We fix this by replacing the use of tid_geq() with an equality test,
    since there's only one valid transaction id that we is valid for us to
    wait until it is commited: namely, the currently running transaction
    (if it exists).

    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

Change-Id: Id8c60ff299547082fc1f7def5c8af0a6aefffb46

…crazy consuming cpu and kills performance+battery" into ics

Pretend to be a crespo4g for gain purposes.

Adds a new gadget mode, adb_rndis, that's a clone of adb mode with the acm
interface replaced with rndis (i.e., rndis, mass_storage, adb).  This mode
is entered when both adbd is running (open on /dev/android_adb_enable) and
rndis is enabled (echo 1 > /sys/devices/virtual/usb_composite/rndis/enable).
When either adb or rndis is disabled from this mode, it falls back to
rndis-only or regular adb mode as appropriate.

This new mode allows rndis to be used simultaneously with adb and
mass_storage, specifically on Linux USB hosts.  Unfortunately rndis doesn't
work in adb_rndis mode in Windows as it doesn't match the hard-coded
Samsung USB gadget driver profile.  That said, this mode shouldn't be
harmful and retain the previous adb + mass_storage capability.

In addition, synchronization is added to the gadget's android_enable_function
so that userspace activation of these modes need not be synchronized.  The
CDC RNDIS descriptor configuration is also modified so that master and
slave interface values are hardcoded to 0 and 1 respectively, to fix rndis
support in Linux which performs strict checking of CDC descriptor values.

Change-Id: Ia9cfd8ba13226537dd2f16e0776525392288ccc4

Options selected to match crespo 3.0.8 kernel.  Particularly important to
successfully enable bandwidth control, so that "Data usage" monitors may be
modified, so that the persistent "Data usage warning" notification may be
eliminated.  Fixes issue #15.

Change-Id: I994560cb1ae4cec6b8671c4937debda9c05aac6e

…sung_victory into ics

Conflicts:
	Kernel/drivers/usb/gadget/f_rndis.c

- Never report BTN_TOUCH=0.  Results in a bug where, when two fingers are
  down and one is lifted while the other remains stationary, both are
  reported as lifted.

- Don't report ABS_MT events on finger up, as this results in hovering.

…sung_victory into ics