diff options
Diffstat (limited to 'target/linux')
19 files changed, 151 insertions, 150 deletions
diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 130fad7d8f..a8991e3607 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5153,10 +5141,9 @@ static int nf_tables_commit(struct net * +@@ -5156,10 +5144,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5293,10 +5280,9 @@ static int nf_tables_abort(struct net *n +@@ -5296,10 +5283,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5399,7 +5385,7 @@ int nft_chain_validate_hooks(const struc +@@ -5402,7 +5388,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5881,8 +5867,7 @@ int __nft_release_basechain(struct nft_c +@@ -5884,8 +5870,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5911,8 +5896,7 @@ static void __nft_release_afinfo(struct +@@ -5914,8 +5899,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index ff8aafb255..39aadb507b 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4853,6 +4897,605 @@ static void nf_tables_obj_notify(const s +@@ -4856,6 +4900,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4883,6 +5526,49 @@ nla_put_failure: +@@ -4886,6 +5529,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -5035,6 +5721,21 @@ static const struct nfnl_callback nf_tab +@@ -5038,6 +5724,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5083,6 +5784,9 @@ static void nf_tables_commit_release(str +@@ -5086,6 +5787,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5202,6 +5906,21 @@ static int nf_tables_commit(struct net * +@@ -5205,6 +5909,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5239,6 +5958,9 @@ static void nf_tables_abort_release(stru +@@ -5242,6 +5961,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5330,6 +6052,17 @@ static int nf_tables_abort(struct net *n +@@ -5333,6 +6055,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5880,6 +6613,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5883,6 +6616,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5893,6 +6627,9 @@ static void __nft_release_afinfo(struct +@@ -5896,6 +6630,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5903,6 +6640,11 @@ static void __nft_release_afinfo(struct +@@ -5906,6 +6643,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5946,6 +6688,8 @@ static int __init nf_tables_module_init( +@@ -5949,6 +6691,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5960,6 +6704,7 @@ static void __exit nf_tables_module_exit +@@ -5963,6 +6707,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index b055bac498..632acc8a79 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -5005,7 +5002,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -5008,7 +5005,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 734ab526ca..d4551f2946 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5429,7 +5429,7 @@ static int nf_tables_getflowtable(struct +@@ -5432,7 +5432,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index f2ece780b4..925a4739ed 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5810,7 +5803,6 @@ static int nf_tables_commit(struct net * +@@ -5813,7 +5806,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5974,7 +5966,6 @@ static int nf_tables_abort(struct net *n +@@ -5977,7 +5969,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 6bb5cbba4a..6d9880d098 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5348,8 +5348,10 @@ static int nf_tables_dump_flowtable_done +@@ -5351,8 +5351,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index e6f2058ada..6f85402c5d 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3218,11 +3206,12 @@ static int nf_tables_newset(struct net * +@@ -3221,11 +3209,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3491,12 +3480,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3494,12 +3483,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3601,7 +3590,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3604,7 +3593,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3613,21 +3601,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3616,21 +3604,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3647,7 +3633,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3650,7 +3636,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3749,7 +3735,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3752,7 +3738,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3993,7 +3979,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3996,7 +3982,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4545,7 +4531,8 @@ static int nf_tables_newobj(struct net * +@@ -4548,7 +4534,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4563,7 +4550,7 @@ static int nf_tables_newobj(struct net * +@@ -4566,7 +4553,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4640,7 +4627,6 @@ struct nft_obj_filter { +@@ -4643,7 +4630,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4655,38 +4641,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4658,38 +4644,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4773,7 +4758,8 @@ static int nf_tables_getobj(struct net * +@@ -4776,7 +4761,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4833,7 +4819,8 @@ static int nf_tables_delobj(struct net * +@@ -4836,7 +4822,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4844,7 +4831,7 @@ static int nf_tables_delobj(struct net * +@@ -4847,7 +4834,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4882,7 +4869,7 @@ static void nf_tables_obj_notify(const s +@@ -4885,7 +4872,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -5072,7 +5059,7 @@ void nft_flow_table_iterate(struct net * +@@ -5075,7 +5062,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5120,7 +5107,8 @@ static int nf_tables_newflowtable(struct +@@ -5123,7 +5110,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5137,7 +5125,7 @@ static int nf_tables_newflowtable(struct +@@ -5140,7 +5128,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5218,7 +5206,8 @@ static int nf_tables_delflowtable(struct +@@ -5221,7 +5209,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5229,7 +5218,7 @@ static int nf_tables_delflowtable(struct +@@ -5232,7 +5221,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5298,40 +5287,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5301,40 +5290,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5416,7 +5402,8 @@ static int nf_tables_getflowtable(struct +@@ -5419,7 +5405,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5459,7 +5446,7 @@ static void nf_tables_flowtable_notify(s +@@ -5462,7 +5449,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5537,17 +5524,14 @@ static int nf_tables_flowtable_event(str +@@ -5540,17 +5527,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6573,6 +6557,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6576,6 +6560,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6609,10 +6594,10 @@ static void __nft_release_afinfo(struct +@@ -6612,10 +6597,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index d331593496..8d0d62b1ec 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6563,6 +6563,12 @@ static int __net_init nf_tables_init_net +@@ -6566,6 +6566,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6640,6 +6646,7 @@ static void __nft_release_afinfo(struct +@@ -6643,6 +6649,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index f30c3425f8..9e1783ebd6 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -5054,15 +5052,12 @@ void nft_flow_table_iterate(struct net * +@@ -5057,15 +5055,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6554,21 +6549,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6557,21 +6552,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6589,8 +6569,7 @@ int __nft_release_basechain(struct nft_c +@@ -6592,8 +6572,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6600,10 +6579,11 @@ static void __nft_release_afinfo(struct +@@ -6603,10 +6582,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6644,6 +6624,21 @@ static void __nft_release_afinfo(struct +@@ -6647,6 +6627,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 278340c9be..a2a9d478dd 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3200,16 +3075,12 @@ static int nf_tables_newset(struct net * +@@ -3203,16 +3078,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3471,19 +3342,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3474,19 +3345,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3601,7 +3468,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3604,7 +3471,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3631,7 +3498,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3634,7 +3501,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4513,7 +4380,6 @@ static int nf_tables_newobj(struct net * +@@ -4516,7 +4383,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4525,11 +4391,7 @@ static int nf_tables_newobj(struct net * +@@ -4528,11 +4394,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4548,7 +4410,7 @@ static int nf_tables_newobj(struct net * +@@ -4551,7 +4413,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4640,7 +4502,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4643,7 +4505,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4663,7 +4525,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4666,7 +4528,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4721,7 +4583,6 @@ static int nf_tables_getobj(struct net * +@@ -4724,7 +4586,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4752,11 +4613,7 @@ static int nf_tables_getobj(struct net * +@@ -4755,11 +4616,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4803,7 +4660,6 @@ static int nf_tables_delobj(struct net * +@@ -4806,7 +4663,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4813,11 +4669,7 @@ static int nf_tables_delobj(struct net * +@@ -4816,11 +4672,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4829,7 +4681,7 @@ static int nf_tables_delobj(struct net * +@@ -4832,7 +4684,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -5014,33 +4866,31 @@ err1: +@@ -5017,33 +4869,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5088,7 +4938,6 @@ static int nf_tables_newflowtable(struct +@@ -5091,7 +4941,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5098,12 +4947,8 @@ static int nf_tables_newflowtable(struct +@@ -5101,12 +4950,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5120,7 +4965,7 @@ static int nf_tables_newflowtable(struct +@@ -5123,7 +4968,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5133,7 +4978,7 @@ static int nf_tables_newflowtable(struct +@@ -5136,7 +4981,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5193,16 +5038,11 @@ static int nf_tables_delflowtable(struct +@@ -5196,16 +5041,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5213,7 +5053,7 @@ static int nf_tables_delflowtable(struct +@@ -5216,7 +5056,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5291,7 +5131,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5307,7 +5147,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5310,7 +5150,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5367,7 +5207,6 @@ static int nf_tables_getflowtable(struct +@@ -5370,7 +5210,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5393,12 +5232,8 @@ static int nf_tables_getflowtable(struct +@@ -5396,12 +5235,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6569,7 +6404,7 @@ int __nft_release_basechain(struct nft_c +@@ -6572,7 +6407,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6582,7 +6417,7 @@ static void __nft_release_afinfo(struct +@@ -6585,7 +6420,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6634,7 +6469,7 @@ static int __net_init nf_tables_init_net +@@ -6637,7 +6472,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 7a3571609a..7a67f07318 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4904,13 +4904,13 @@ void nft_flow_table_iterate(struct net * +@@ -4907,13 +4907,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index d75aa4de03..6335641224 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5289,17 +5289,12 @@ err: +@@ -5292,17 +5292,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index a2544aeaf0..6daa6cbf7e 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3146,6 +3214,7 @@ static int nf_tables_newset(struct net * +@@ -3149,6 +3217,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3205,7 +3274,10 @@ static int nf_tables_delset(struct net * +@@ -3208,7 +3277,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4268,6 +4340,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4271,6 +4343,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4275,6 +4362,7 @@ static const struct nla_policy nft_obj_p +@@ -4278,6 +4365,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4422,6 +4510,8 @@ static int nf_tables_newobj(struct net * +@@ -4425,6 +4513,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4468,7 +4558,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4471,7 +4561,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4666,7 +4758,7 @@ static int nf_tables_delobj(struct net * +@@ -4669,7 +4761,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4675,7 +4767,12 @@ static int nf_tables_delobj(struct net * +@@ -4678,7 +4770,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4747,6 +4844,7 @@ static const struct nla_policy nft_flowt +@@ -4750,6 +4847,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4764,6 +4862,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4767,6 +4865,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4972,6 +5084,8 @@ static int nf_tables_newflowtable(struct +@@ -4975,6 +5087,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5046,8 +5160,14 @@ static int nf_tables_delflowtable(struct +@@ -5049,8 +5163,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5080,7 +5200,9 @@ static int nf_tables_fill_flowtable_info +@@ -5083,7 +5203,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 7113c5d9c4..b15a01e062 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5099,40 +5099,38 @@ static int nf_tables_newflowtable(struct +@@ -5102,40 +5102,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5413,10 +5411,8 @@ err: +@@ -5416,10 +5414,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index 818498b1e7..2e68aef421 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4965,7 +4965,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4968,7 +4968,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 01ee106a4c..1ab1342b5b 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5009,23 +5009,6 @@ static const struct nf_flowtable_type *n +@@ -5012,23 +5012,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 93432f1bfd..9634d3c27a 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4952,6 +4952,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4955,6 +4955,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5082,10 +5090,19 @@ static int nf_tables_newflowtable(struct +@@ -5085,10 +5093,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5183,7 +5200,8 @@ static int nf_tables_fill_flowtable_info +@@ -5186,7 +5203,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch b/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch index db1a18fc18..60d0c889e5 100644 --- a/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch @@ -131,7 +131,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> }; /** -@@ -495,13 +545,20 @@ static void esdhc_clock_enable(struct sd +@@ -500,13 +550,20 @@ static void esdhc_clock_enable(struct sd } } @@ -152,7 +152,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> u32 temp; host->mmc->actual_clock = 0; -@@ -515,27 +572,14 @@ static void esdhc_of_set_clock(struct sd +@@ -520,27 +577,14 @@ static void esdhc_of_set_clock(struct sd if (esdhc->vendor_ver < VENDOR_V_23) pre_div = 2; @@ -187,7 +187,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> temp = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); temp &= ~(ESDHC_CLOCK_SDCLKEN | ESDHC_CLOCK_IPGEN | ESDHC_CLOCK_HCKEN | -@@ -548,9 +592,30 @@ static void esdhc_of_set_clock(struct sd +@@ -553,9 +597,30 @@ static void esdhc_of_set_clock(struct sd while (host->max_clk / pre_div / div > clock && div < 16) div++; @@ -218,7 +218,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> pre_div >>= 1; div--; -@@ -560,6 +625,29 @@ static void esdhc_of_set_clock(struct sd +@@ -565,6 +630,29 @@ static void esdhc_of_set_clock(struct sd | (pre_div << ESDHC_PREDIV_SHIFT)); sdhci_writel(host, temp, ESDHC_SYSTEM_CONTROL); @@ -248,7 +248,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> /* Wait max 20 ms */ timeout = ktime_add_ms(ktime_get(), 20); while (1) { -@@ -575,6 +663,7 @@ static void esdhc_of_set_clock(struct sd +@@ -580,6 +668,7 @@ static void esdhc_of_set_clock(struct sd udelay(10); } @@ -256,7 +256,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> temp |= ESDHC_CLOCK_SDCLKEN; sdhci_writel(host, temp, ESDHC_SYSTEM_CONTROL); } -@@ -603,6 +692,8 @@ static void esdhc_pltfm_set_bus_width(st +@@ -608,6 +697,8 @@ static void esdhc_pltfm_set_bus_width(st static void esdhc_reset(struct sdhci_host *host, u8 mask) { @@ -265,7 +265,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> u32 val; sdhci_reset(host, mask); -@@ -617,6 +708,12 @@ static void esdhc_reset(struct sdhci_hos +@@ -622,6 +713,12 @@ static void esdhc_reset(struct sdhci_hos val = sdhci_readl(host, ESDHC_TBCTL); val &= ~ESDHC_TB_EN; sdhci_writel(host, val, ESDHC_TBCTL); @@ -278,7 +278,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> } } -@@ -628,6 +725,7 @@ static void esdhc_reset(struct sdhci_hos +@@ -633,6 +730,7 @@ static void esdhc_reset(struct sdhci_hos static const struct of_device_id scfg_device_ids[] = { { .compatible = "fsl,t1040-scfg", }, { .compatible = "fsl,ls1012a-scfg", }, @@ -286,7 +286,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> { .compatible = "fsl,ls1046a-scfg", }, {} }; -@@ -690,23 +788,91 @@ static int esdhc_signal_voltage_switch(s +@@ -695,23 +793,91 @@ static int esdhc_signal_voltage_switch(s } } @@ -383,7 +383,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> } #ifdef CONFIG_PM_SLEEP -@@ -755,7 +921,7 @@ static const struct sdhci_ops sdhci_esdh +@@ -760,7 +926,7 @@ static const struct sdhci_ops sdhci_esdh .adma_workaround = esdhc_of_adma_workaround, .set_bus_width = esdhc_pltfm_set_bus_width, .reset = esdhc_reset, @@ -392,7 +392,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> }; static const struct sdhci_ops sdhci_esdhc_le_ops = { -@@ -772,7 +938,7 @@ static const struct sdhci_ops sdhci_esdh +@@ -777,7 +943,7 @@ static const struct sdhci_ops sdhci_esdh .adma_workaround = esdhc_of_adma_workaround, .set_bus_width = esdhc_pltfm_set_bus_width, .reset = esdhc_reset, @@ -401,7 +401,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> }; static const struct sdhci_pltfm_data sdhci_esdhc_be_pdata = { -@@ -798,8 +964,20 @@ static struct soc_device_attribute soc_i +@@ -803,8 +969,20 @@ static struct soc_device_attribute soc_i { }, }; @@ -422,7 +422,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> struct sdhci_pltfm_host *pltfm_host; struct sdhci_esdhc *esdhc; struct device_node *np; -@@ -819,6 +997,24 @@ static void esdhc_init(struct platform_d +@@ -824,6 +1002,24 @@ static void esdhc_init(struct platform_d else esdhc->quirk_incorrect_hostver = false; @@ -447,7 +447,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> np = pdev->dev.of_node; clk = of_clk_get(np, 0); if (!IS_ERR(clk)) { -@@ -846,6 +1042,12 @@ static void esdhc_init(struct platform_d +@@ -851,6 +1047,12 @@ static void esdhc_init(struct platform_d } } @@ -460,7 +460,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> static int sdhci_esdhc_probe(struct platform_device *pdev) { struct sdhci_host *host; -@@ -869,6 +1071,7 @@ static int sdhci_esdhc_probe(struct plat +@@ -874,6 +1076,7 @@ static int sdhci_esdhc_probe(struct plat host->mmc_host_ops.start_signal_voltage_switch = esdhc_signal_voltage_switch; host->mmc_host_ops.execute_tuning = esdhc_execute_tuning; @@ -468,7 +468,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> host->tuning_delay = 1; esdhc_init(pdev, host); -@@ -877,6 +1080,11 @@ static int sdhci_esdhc_probe(struct plat +@@ -882,6 +1085,11 @@ static int sdhci_esdhc_probe(struct plat pltfm_host = sdhci_priv(host); esdhc = sdhci_pltfm_priv(pltfm_host); @@ -480,7 +480,7 @@ Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com> if (esdhc->vendor_ver == VENDOR_V_22) host->quirks2 |= SDHCI_QUIRK2_HOST_NO_CMD23; -@@ -923,14 +1131,6 @@ static int sdhci_esdhc_probe(struct plat +@@ -928,14 +1136,6 @@ static int sdhci_esdhc_probe(struct plat return ret; } diff --git a/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch b/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch index 137486ffc6..9632b32d56 100644 --- a/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch @@ -2641,7 +2641,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Skip assoc data */ append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); -@@ -456,29 +489,29 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_decap); +@@ -456,30 +489,29 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_decap); * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed * with OP_ALG_AAI_CBC or OP_ALG_AAI_CTR_MOD128. @@ -2649,12 +2649,12 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> - * split key is to be used, the size of the split key itself is - * specified. Valid algorithm values - one of OP_ALG_ALGSEL_{MD5, SHA1, - * SHA224, SHA256, SHA384, SHA512} ANDed with OP_ALG_AAI_HMAC_PRECOMP. +- * @ivsize: initialization vector size + * @adata: pointer to authentication transform definitions. + * A split key is required for SEC Era < 6; the size of the split key + * is specified in this case. Valid algorithm values - one of + * OP_ALG_ALGSEL_{MD5, SHA1, SHA224, SHA256, SHA384, SHA512} ANDed -+ * with OP_ALG_AAI_HMAC_PRECOMP. - * @ivsize: initialization vector size ++ * with OP_ALG_AAI_HMAC_PRECOMP. * @ivsize: initialization vector size * @icvsize: integrity check value (ICV) size (truncated or full) * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @nonce: pointer to rfc3686 nonce @@ -2672,6 +2672,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> + const bool is_qi, int era) { u32 geniv, moveiv; + u32 *wait_cmd; /* Note: Context registers are saved. */ - init_sh_desc_key_aead(desc, cdata, adata, is_rfc3686, nonce); @@ -2679,7 +2680,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> if (is_qi) { u32 *wait_load_cmd; -@@ -528,8 +561,13 @@ copy_iv: +@@ -529,8 +561,13 @@ copy_iv: OP_ALG_ENCRYPT); /* Read and write assoclen bytes */ @@ -2695,7 +2696,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Skip assoc data */ append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); -@@ -583,14 +621,431 @@ copy_iv: +@@ -592,14 +629,431 @@ copy_iv: EXPORT_SYMBOL(cnstr_shdsc_aead_givencap); /** @@ -3128,7 +3129,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd, *zero_payload_jump_cmd, *zero_assoc_jump_cmd1, *zero_assoc_jump_cmd2; -@@ -612,11 +1067,35 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -621,11 +1075,35 @@ void cnstr_shdsc_gcm_encap(u32 * const d append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3165,7 +3166,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* if assoclen is ZERO, skip reading the assoc data */ append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ); zero_assoc_jump_cmd1 = append_jump(desc, JUMP_TEST_ALL | -@@ -648,8 +1127,11 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -657,8 +1135,11 @@ void cnstr_shdsc_gcm_encap(u32 * const d append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_MSG | FIFOLD_TYPE_LAST1); @@ -3179,7 +3180,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* zero-payload commands */ set_jump_tgt_here(desc, zero_payload_jump_cmd); -@@ -657,10 +1139,18 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -666,10 +1147,18 @@ void cnstr_shdsc_gcm_encap(u32 * const d /* read assoc data */ append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_AAD | FIFOLD_TYPE_LAST1); @@ -3198,7 +3199,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* write ICV */ append_seq_store(desc, icvsize, LDST_CLASS_1_CCB | LDST_SRCDST_BYTE_CONTEXT); -@@ -677,10 +1167,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_encap); +@@ -686,10 +1175,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_encap); * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3213,7 +3214,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd, *zero_payload_jump_cmd, *zero_assoc_jump_cmd1; -@@ -701,6 +1194,24 @@ void cnstr_shdsc_gcm_decap(u32 * const d +@@ -710,6 +1202,24 @@ void cnstr_shdsc_gcm_decap(u32 * const d append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3238,7 +3239,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* if assoclen is ZERO, skip reading the assoc data */ append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ); zero_assoc_jump_cmd1 = append_jump(desc, JUMP_TEST_ALL | -@@ -753,10 +1264,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); +@@ -762,10 +1272,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3253,7 +3254,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd; -@@ -777,7 +1291,29 @@ void cnstr_shdsc_rfc4106_encap(u32 * con +@@ -786,7 +1299,29 @@ void cnstr_shdsc_rfc4106_encap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3284,7 +3285,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); /* Read assoc data */ -@@ -785,7 +1321,7 @@ void cnstr_shdsc_rfc4106_encap(u32 * con +@@ -794,7 +1329,7 @@ void cnstr_shdsc_rfc4106_encap(u32 * con FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); /* Skip IV */ @@ -3293,7 +3294,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Will read cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -824,10 +1360,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_encap) +@@ -833,10 +1368,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_encap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3308,7 +3309,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd; -@@ -849,7 +1388,29 @@ void cnstr_shdsc_rfc4106_decap(u32 * con +@@ -858,7 +1396,29 @@ void cnstr_shdsc_rfc4106_decap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3339,7 +3340,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); /* Read assoc data */ -@@ -857,7 +1418,7 @@ void cnstr_shdsc_rfc4106_decap(u32 * con +@@ -866,7 +1426,7 @@ void cnstr_shdsc_rfc4106_decap(u32 * con FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); /* Skip IV */ @@ -3348,7 +3349,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Will read cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQOUTLEN, REG3, CAAM_CMD_SZ); -@@ -896,10 +1457,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_decap) +@@ -905,10 +1465,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_decap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3363,7 +3364,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd, *read_move_cmd, *write_move_cmd; -@@ -920,6 +1484,18 @@ void cnstr_shdsc_rfc4543_encap(u32 * con +@@ -929,6 +1492,18 @@ void cnstr_shdsc_rfc4543_encap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3382,7 +3383,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* assoclen + cryptlen = seqinlen */ append_math_sub(desc, REG3, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -931,7 +1507,7 @@ void cnstr_shdsc_rfc4543_encap(u32 * con +@@ -940,7 +1515,7 @@ void cnstr_shdsc_rfc4543_encap(u32 * con read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | @@ -3391,7 +3392,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -966,10 +1542,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4543_encap) +@@ -975,10 +1550,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4543_encap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3406,7 +3407,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> { u32 *key_jump_cmd, *read_move_cmd, *write_move_cmd; -@@ -990,6 +1569,18 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -999,6 +1577,18 @@ void cnstr_shdsc_rfc4543_decap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3425,7 +3426,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* assoclen + cryptlen = seqoutlen */ append_math_sub(desc, REG3, SEQOUTLEN, REG0, CAAM_CMD_SZ); -@@ -1001,7 +1592,7 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -1010,7 +1600,7 @@ void cnstr_shdsc_rfc4543_decap(u32 * con read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | @@ -3434,7 +3435,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQOUTLEN, REG0, CAAM_CMD_SZ); -@@ -1035,6 +1626,138 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -1044,6 +1634,138 @@ void cnstr_shdsc_rfc4543_decap(u32 * con } EXPORT_SYMBOL(cnstr_shdsc_rfc4543_decap); @@ -3573,7 +3574,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> /* * For ablkcipher encrypt and decrypt, read from req->src and * write to req->dst -@@ -1053,7 +1776,8 @@ static inline void ablkcipher_append_src +@@ -1062,7 +1784,8 @@ static inline void ablkcipher_append_src * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed @@ -3583,7 +3584,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> * @ivsize: initialization vector size * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @ctx1_iv_off: IV offset in CONTEXT1 register -@@ -1075,7 +1799,7 @@ void cnstr_shdsc_ablkcipher_encap(u32 * +@@ -1084,7 +1807,7 @@ void cnstr_shdsc_ablkcipher_encap(u32 * /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -3592,7 +3593,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> append_load_as_imm(desc, nonce, CTR_RFC3686_NONCE_SIZE, LDST_CLASS_IND_CCB | -@@ -1118,7 +1842,8 @@ EXPORT_SYMBOL(cnstr_shdsc_ablkcipher_enc +@@ -1127,7 +1850,8 @@ EXPORT_SYMBOL(cnstr_shdsc_ablkcipher_enc * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed @@ -3602,7 +3603,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> * @ivsize: initialization vector size * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @ctx1_iv_off: IV offset in CONTEXT1 register -@@ -1140,7 +1865,7 @@ void cnstr_shdsc_ablkcipher_decap(u32 * +@@ -1149,7 +1873,7 @@ void cnstr_shdsc_ablkcipher_decap(u32 * /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -3611,7 +3612,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> append_load_as_imm(desc, nonce, CTR_RFC3686_NONCE_SIZE, LDST_CLASS_IND_CCB | -@@ -1209,7 +1934,7 @@ void cnstr_shdsc_ablkcipher_givencap(u32 +@@ -1218,7 +1942,7 @@ void cnstr_shdsc_ablkcipher_givencap(u32 /* Load Nonce into CONTEXT1 reg */ if (is_rfc3686) { |