qca-nss-ecm: bump latest 12.5 and fix fortify_memcpy_chk

Signed-off-by: Sean Khan <datapronix@protonmail.com>
2025-12-16 16:21:53 +00:00 · 2024-07-02 20:18:13 -04:00 · 2024-07-02 20:18:13 -04:00 · 2dbb426a29
commit 2dbb426a29
parent 1ae543092a
5 changed files with 68 additions and 15 deletions
--- a/qca-nss-ecm/Makefile
+++ b/qca-nss-ecm/Makefile
@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=qca-nss-ecm
-PKG_RELEASE:=3
+PKG_RELEASE:=1

 PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-nss-ecm.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2024-06-17
-PKG_SOURCE_VERSION:=937d47c
-PKG_MIRROR_HASH:=f8d71d61e991e70b1dc52d625f7f441c3d6dee329d34a3ddae0ba12ed78ef99d
+PKG_SOURCE_DATE:=2024-06-20
+PKG_SOURCE_VERSION:=92c7fa1
+PKG_MIRROR_HASH:=d69d09fe8e3d6339085854de4f5a44dbfdc9648f5d5f9001a874ac177e2bf16b
 QSDK_VERSION:=12.5
 PKG_VERSION:=$(QSDK_VERSION).$(subst -,.,$(PKG_SOURCE_DATE))~$(PKG_SOURCE_VERSION)

--- a/qca-nss-ecm/patches/0001-treewide-componentize-the-module-even-more.patch
+++ b/qca-nss-ecm/patches/0001-treewide-componentize-the-module-even-more.patch
@ -252,7 +252,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 
 --- a/ecm_interface.c
 +++ b/ecm_interface.c
-@@ -1508,6 +1508,7 @@ struct neighbour *ecm_interface_ipv6_nei
+@@ -1525,6 +1525,7 @@ struct neighbour *ecm_interface_ipv6_nei
  */
 bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out)
 {
@ -260,7 +260,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	struct net_device *in;
 
 	/*
-@@ -1532,6 +1533,7 @@ bool ecm_interface_is_pptp(struct sk_buf
+@@ -1549,6 +1550,7 @@ bool ecm_interface_is_pptp(struct sk_buf
 	}
 
 	dev_put(in);
@ -268,7 +268,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	return false;
 }
 
-@@ -1544,6 +1546,7 @@ bool ecm_interface_is_pptp(struct sk_buf
+@@ -1561,6 +1563,7 @@ bool ecm_interface_is_pptp(struct sk_buf
  */
 bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct net_device *out, int ver)
 {
@ -276,7 +276,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	uint32_t flag = 0;
 	struct net_device *in;
 
-@@ -1576,6 +1579,7 @@ bool ecm_interface_is_l2tp_packet_by_ver
+@@ -1593,6 +1596,7 @@ bool ecm_interface_is_l2tp_packet_by_ver
 	}
 
 	dev_put(in);
@ -284,7 +284,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	return false;
 }
 
-@@ -1588,6 +1592,7 @@ bool ecm_interface_is_l2tp_packet_by_ver
+@@ -1605,6 +1609,7 @@ bool ecm_interface_is_l2tp_packet_by_ver
  */
 bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *out)
 {
@ -292,7 +292,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	struct net_device *in;
 
 	/*
-@@ -1610,6 +1615,7 @@ bool ecm_interface_is_l2tp_pptp(struct s
+@@ -1627,6 +1632,7 @@ bool ecm_interface_is_l2tp_pptp(struct s
 	}
 
 	dev_put(in);
@ -300,7 +300,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	return false;
 }
 
-@@ -7165,6 +7171,7 @@ static void ecm_interface_regenerate_con
+@@ -7182,6 +7188,7 @@ static void ecm_interface_regenerate_con
 		return;
 	}
 
@ -308,7 +308,7 @@ Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
 	for (dir = 0; dir < ECM_DB_OBJ_DIR_MAX; dir++) {
 		/*
 		 * Re-generate all connections associated with this interface
-@@ -7180,6 +7187,7 @@ static void ecm_interface_regenerate_con
+@@ -7197,6 +7204,7 @@ static void ecm_interface_regenerate_con
 			ci[dir] = cin;
 		}
 	}
--- a/qca-nss-ecm/patches/0010-ecm_interface-fix-ppp-generic-function-calls-for-5.15.patch
+++ b/qca-nss-ecm/patches/0010-ecm_interface-fix-ppp-generic-function-calls-for-5.15.patch
@ -1,6 +1,6 @@
 --- a/ecm_interface.c
 +++ b/ecm_interface.c
-@@ -3623,7 +3623,7 @@ identifier_update:
+@@ -3640,7 +3640,7 @@ identifier_update:
 		if (skb && (skb->skb_iif == dev->ifindex)) {
 			struct pppol2tp_common_addr info;
 
@ -9,7 +9,7 @@
 				DEBUG_TRACE("%px: Net device: %px is MULTILINK PPP - Unknown to the ECM\n", feci, dev);
 				type_info.unknown.os_specific_ident = dev_interface_num;
 
-@@ -3633,7 +3633,7 @@ identifier_update:
+@@ -3650,7 +3650,7 @@ identifier_update:
 				ii = ecm_interface_unknown_interface_establish(&type_info.unknown, dev_name, dev_interface_num, ae_interface_num, dev_mtu);
 				return ii;
 			}
--- a/qca-nss-ecm/patches/0016-ecm-conditionally-check-mlo-device.patch
+++ b/qca-nss-ecm/patches/0016-ecm-conditionally-check-mlo-device.patch
@ -1,6 +1,6 @@
 --- a/ecm_interface.c
 +++ b/ecm_interface.c
-@@ -4040,7 +4040,11 @@ static uint32_t ecm_interface_multicast_
+@@ -4057,7 +4057,11 @@ static uint32_t ecm_interface_multicast_
 				 * For MLO bond netdevice, destination for multicast is bond netdevice itself
 				 * Therefore, slave lookup is not needed.
 				 */
--- a/qca-nss-ecm/patches/0017-ecm-interface-fix-fortify_memcpy_chk.patch
+++ b/qca-nss-ecm/patches/0017-ecm-interface-fix-fortify_memcpy_chk.patch
@ -0,0 +1,53 @@
+--- a/ecm_interface.c
+++ b/ecm_interface.c
+@@ -8009,7 +8009,7 @@ static int ecm_interface_wifi_event_iwev
+ 		/*
+ 		 * Copy the base data structure to get iwe->len
+ 		 */
+-		memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+		memcpy(&iwe_buf, pos, min_t(size_t, IW_EV_LCP_LEN, (size_t)(end - pos)));
+ 
+ 		/*
+ 		 * Check that len is valid and that we have that much in the buffer.
+@@ -8026,10 +8026,10 @@ static int ecm_interface_wifi_event_iwev
+ 			dpos = (char *)&iwe_buf.u.data.length;
+ 			dlen = dpos - (char *)&iwe_buf;
+ 
+-			memcpy(dpos, pos + IW_EV_LCP_LEN, sizeof(struct iw_event) - dlen);
+			memcpy(dpos, pos + IW_EV_LCP_LEN, min_t(size_t, sizeof(struct iw_event) - dlen, (size_t)(end - pos - IW_EV_LCP_LEN)));
+ 
+ 			if (custom + iwe->u.data.length > end) {
+-				DEBUG_WARN("Invalid buffer length received in the event iwe->u.data.length %d\n", iwe->u.data.length);
+				DEBUG_WARN("Invalid buffer length received in the event iwe->u.data.length %d\n", (int)iwe->u.data.length);
+ 				return -1;
+ 			}
+ 
+@@ -8037,7 +8037,7 @@ static int ecm_interface_wifi_event_iwev
+ 			 * Check the flags of iw event if it indicates the IW authorized signal.
+ 			 */
+ 			if (iwe->u.data.flags == ECM_INTERFACE_WIFI_EVENT_NODE_AUTH) {
+-				dbuf = kzalloc((iwe->u.data.length + 1), GFP_KERNEL);
+				dbuf = kzalloc(iwe->u.data.length, GFP_KERNEL);
+ 				if (!dbuf) {
+ 					DEBUG_WARN("Failed to allocated a buffer to process the custom event");
+ 					return -1;
+@@ -8060,16 +8060,16 @@ static int ecm_interface_wifi_event_iwev
+ 			return 0;
+ 		}
+ 
+-		if ((iwe->len > sizeof(struct iw_event)) || (iwe->len + pos) > end) {
+		if ((iwe->len > sizeof(struct iw_event)) || (iwe->len + pos > end)) {
+ 			return -1;
+ 		}
+ 
+ 		/*
+ 		 * Do the copy again with the full length.
+ 		 */
+-		memcpy(&iwe_buf, pos, iwe->len);
+		memcpy(&iwe_buf, pos, min_t(size_t, iwe->len, (size_t)(end - pos)));
+ 
+-		if (iwe->cmd == IWEVEXPIRED) {
+		if (iwe->cmd == IWEVEXPIRED && iwe->len >= sizeof(struct iw_event)) {
+ 			DEBUG_INFO("STA %pM leaving\n", (uint8_t *)iwe->u.addr.sa_data);
+ 			ecm_interface_node_connections_defunct((uint8_t *)iwe->u.addr.sa_data, ECM_DB_IP_VERSION_IGNORE);
+ 		} else {