From 8660c6d6e5056e27d93d31eb730eb808a1d9f812 Mon Sep 17 00:00:00 2001
From: Sean Khan <datapronix@protonmail.com>
Date: Wed, 9 Apr 2025 14:17:25 -0400
Subject: [PATCH] nss-ecm: fix read/write UDP/TCP denied ports

In Linux kernel 6.6, the sysctl infrastructure changed
how it handles user/kernel memory boundaries.

The sysctl handlers now take a regular void *buffer instead
of void __user *buffer because the sysctl core now handles
the user-to-kernel copy/validation automatically.

Signed-off-by: Sean Khan <datapronix@protonmail.com>
---
 ...-fix-read-write-tcp-udp-denied-ports.patch | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 qca-nss-ecm/patches/0021-fix-read-write-tcp-udp-denied-ports.patch

diff --git a/qca-nss-ecm/patches/0021-fix-read-write-tcp-udp-denied-ports.patch b/qca-nss-ecm/patches/0021-fix-read-write-tcp-udp-denied-ports.patch
new file mode 100644
index 0000000..0997647
--- /dev/null
+++ b/qca-nss-ecm/patches/0021-fix-read-write-tcp-udp-denied-ports.patch
@@ -0,0 +1,79 @@
+--- a/frontends/ecm_front_end_common.c
++++ b/frontends/ecm_front_end_common.c
+@@ -860,7 +860,7 @@ uint64_t ecm_front_end_get_slow_packet_c
+  * ecm_front_end_ppe_fse_enable_limit_handler()
+  *	Sysctl to enable/disable FSE programming through PPE.
+  */
+-int ecm_front_end_ppe_fse_enable_handler(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
++int ecm_front_end_ppe_fse_enable_handler(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos)
+ {
+ 	int ret;
+ 
+@@ -895,7 +895,7 @@ int ecm_front_end_ppe_fse_enable_handler
+  * ecm_front_end_db_conn_limit_handler()
+  *	Database connection limit sysctl node handler.
+  */
+-int ecm_front_end_db_conn_limit_handler(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
++int ecm_front_end_db_conn_limit_handler(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos)
+ {
+ 	int ret;
+ 	int current_value;
+@@ -930,7 +930,7 @@ int ecm_front_end_db_conn_limit_handler(
+  * ecm_front_end_denied_ports_read()
+  *	Reads the denied ports from the denied ports array and prints.
+  */
+-static void ecm_front_end_denied_ports_read(void __user *buffer, size_t *lenp, loff_t *ppos, struct hlist_head *denied_ports)
++static void ecm_front_end_denied_ports_read(void *buffer, size_t *lenp, loff_t *ppos, struct hlist_head *denied_ports)
+ {
+ 	char *read_buf;
+ 	int i, len;
+@@ -966,7 +966,7 @@ static void ecm_front_end_denied_ports_r
+ 	len = scnprintf(read_buf + bytes, 4, "\n");
+ 	bytes += len;
+ 
+-	bytes = simple_read_from_buffer(buffer, *lenp, ppos, read_buf, bytes);
++	bytes = memory_read_from_buffer(buffer, *lenp, ppos, read_buf, bytes);
+ 	*lenp = bytes;
+ 	kfree(read_buf);
+ }
+@@ -993,7 +993,7 @@ static inline bool ecm_front_end_is_port
+  * ecm_front_end_denied_ports_handler()
+  *	Proc handler function for denied ports read/write operation.
+  */
+-static int ecm_front_end_denied_ports_handler(int write, void __user *buffer, size_t *lenp, loff_t *ppos, struct hlist_head *denied_ports, bool is_udp)
++static int ecm_front_end_denied_ports_handler(int write, void *buffer, size_t *lenp, loff_t *ppos, struct hlist_head *denied_ports, bool is_udp)
+ {
+ 
+ 	char *buf;
+@@ -1018,10 +1018,9 @@ static int ecm_front_end_denied_ports_ha
+ 		count = ECM_FRONT_END_DENIED_PORTS_HTABLE_SIZE * 8 * sizeof(char);
+ 	}
+ 
+-	if (copy_from_user(buf, buffer, count)) {
+-		kfree(pfree);
+-		return -EFAULT;
+-	}
++	memcpy(buf, buffer, count);
++	*lenp = count;
++	*ppos += count;
+ 
+ 	token = strsep(&buf, " ");
+ 	if (strlen(token) != 3) {
+@@ -1115,7 +1114,7 @@ static int ecm_front_end_denied_ports_ha
+  * ecm_front_end_udp_denied_ports_handler()
+  *	Proc handler function for UDP denied ports read/write operation.
+  */
+-static int ecm_front_end_udp_denied_ports_handler(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
++static int ecm_front_end_udp_denied_ports_handler(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos)
+ {
+ 	/*
+ 	 * Usage:
+@@ -1135,7 +1134,7 @@ static int ecm_front_end_udp_denied_port
+  * ecm_front_end_tcp_denied_ports_handler()
+  *	Proc handler function for TCP denied ports read/write operation.
+  */
+-static int ecm_front_end_tcp_denied_ports_handler(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
++static int ecm_front_end_tcp_denied_ports_handler(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos)
+ {
+ 	/*
+ 	 * Usage: