From adbbcb0c41962de24763c62e0b189abb1b3f134c Mon Sep 17 00:00:00 2001 From: Sean Khan Date: Thu, 10 Jul 2025 22:12:00 -0400 Subject: [PATCH] treewide: Refresh patches Signed-off-by: Sean Khan --- ...5-nss-clients-add-kernel-6.6-support.patch | 2 +- .../0034-ipsecmgr-backport-12.5.patch | 131 ++++++++---------- ...-nss-drv-add-support-for-kernel-6.12.patch | 2 +- ...-nss-drv-add-support-for-kernel-6.12.patch | 2 +- 4 files changed, 58 insertions(+), 79 deletions(-) diff --git a/qca-nss-clients/patches-11.4/0025-nss-clients-add-kernel-6.6-support.patch b/qca-nss-clients/patches-11.4/0025-nss-clients-add-kernel-6.6-support.patch index e6b8682..f24f9fc 100644 --- a/qca-nss-clients/patches-11.4/0025-nss-clients-add-kernel-6.6-support.patch +++ b/qca-nss-clients/patches-11.4/0025-nss-clients-add-kernel-6.6-support.patch @@ -260,7 +260,7 @@ return -EFAULT; --- a/netlink/nss_nl.c +++ b/netlink/nss_nl.c -@@ -463,7 +463,11 @@ struct nss_nlcmn *nss_nl_get_msg(struct +@@ -462,7 +462,11 @@ struct nss_nlcmn *nss_nl_get_msg(struct /* * validate the common message header version & magic */ diff --git a/qca-nss-clients/patches-11.4/0034-ipsecmgr-backport-12.5.patch b/qca-nss-clients/patches-11.4/0034-ipsecmgr-backport-12.5.patch index e3b7a9f..cb2b4ee 100644 --- a/qca-nss-clients/patches-11.4/0034-ipsecmgr-backport-12.5.patch +++ b/qca-nss-clients/patches-11.4/0034-ipsecmgr-backport-12.5.patch @@ -64,7 +64,23 @@ sock_put(tun->sk); --- a/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm.c +++ b/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm.c -@@ -1222,6 +1222,7 @@ drop: +@@ -1,5 +1,6 @@ + /* Copyright (c) 2021, The Linux Foundation. All rights reserved. + * ++ * Copyright (c) 2022, Qualcomm Innovation Center, Inc. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. +@@ -254,7 +255,7 @@ static void nss_ipsec_xfrm_flush_flow_by + + for (count = NSS_IPSEC_XFRM_FLOW_DB_MAX; count--; db_head++) { + list_for_each_entry_safe(flow, tmp, db_head, list_entry) { +- if (flow->sa == sa) { ++ if (READ_ONCE(flow->sa) == sa) { + list_del_init(&flow->list_entry); + list_add(&flow->list_entry, &free_head); + } +@@ -1222,6 +1223,7 @@ drop: return -EINVAL; } @@ -72,7 +88,7 @@ /* * nss_ipsec_xfrm_v4_output_finish() * This is called for non-offloaded transformations after the NF_POST routing hooks -@@ -1243,9 +1244,8 @@ static int nss_ipsec_xfrm_v4_output_fini +@@ -1243,9 +1245,8 @@ static int nss_ipsec_xfrm_v4_output_fini */ static int nss_ipsec_xfrm_v4_extract_input(struct xfrm_state *x, struct sk_buff *skb) { @@ -83,7 +99,7 @@ return drv->xsa.v4->extract_input(x, skb); } -@@ -1257,11 +1257,12 @@ static int nss_ipsec_xfrm_v4_extract_inp +@@ -1257,11 +1258,12 @@ static int nss_ipsec_xfrm_v4_extract_inp */ static int nss_ipsec_xfrm_v4_extract_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -97,7 +113,7 @@ /* * nss_ipsec_xfrm_v4_transport_finish() -@@ -1360,14 +1361,14 @@ fallback: +@@ -1360,14 +1362,14 @@ fallback: * nss_ipsec_xfrm_esp_init_state() * Initialize IPsec xfrm state of type ESP. */ @@ -114,7 +130,7 @@ bool new_tun = 0; size_t ip_addr_len; -@@ -1375,7 +1376,7 @@ static int nss_ipsec_xfrm_esp_init_state +@@ -1375,7 +1377,7 @@ static int nss_ipsec_xfrm_esp_init_state local_dev = ip_dev_find(&init_net, x->id.daddr.a4); ip_addr_len = sizeof(local.a4); } else { @@ -123,7 +139,7 @@ ip_addr_len = sizeof(local.a6); } -@@ -1716,6 +1717,7 @@ drop: +@@ -1716,6 +1718,7 @@ drop: return -EINVAL; } @@ -131,7 +147,7 @@ /* * nss_ipsec_xfrm_v6_output_finish() * This is called for non-offloaded transformations after the NF_POST routing hooks -@@ -1737,9 +1739,9 @@ static int nss_ipsec_xfrm_v6_output_fini +@@ -1737,9 +1740,9 @@ static int nss_ipsec_xfrm_v6_output_fini */ static int nss_ipsec_xfrm_v6_extract_input(struct xfrm_state *x, struct sk_buff *skb) { @@ -142,7 +158,7 @@ return drv->xsa.v6->extract_input(x, skb); } -@@ -1751,11 +1753,11 @@ static int nss_ipsec_xfrm_v6_extract_inp +@@ -1751,11 +1754,11 @@ static int nss_ipsec_xfrm_v6_extract_inp */ static int nss_ipsec_xfrm_v6_extract_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -156,7 +172,7 @@ /* * nss_ipsec_xfrm_v6_transport_finish() -@@ -1783,22 +1785,25 @@ void nss_ipsec_xfrm_v6_local_error(struc +@@ -1783,22 +1786,25 @@ void nss_ipsec_xfrm_v6_local_error(struc return drv->xsa.v6->local_error(skb, mtu); } @@ -189,7 +205,7 @@ /* * nss_ipsec_xfrm_esp6_rcv() -@@ -1949,7 +1954,6 @@ static void nss_ipsec_xfrm_state_delete( +@@ -1949,7 +1955,6 @@ static void nss_ipsec_xfrm_state_delete( nss_ipsec_xfrm_del_tun(drv, tun); } @@ -197,7 +213,7 @@ } /* -@@ -2018,9 +2022,11 @@ static struct xfrm_state_afinfo xfrm_v4_ +@@ -2018,9 +2023,11 @@ static struct xfrm_state_afinfo xfrm_v4_ .init_temprop = nss_ipsec_xfrm_v4_init_param, #endif .output = nss_ipsec_xfrm_v4_output, @@ -209,7 +225,7 @@ .transport_finish = nss_ipsec_xfrm_v4_transport_finish, .local_error = nss_ipsec_xfrm_v4_local_error, }; -@@ -2065,7 +2071,6 @@ struct xfrm_mode xfrm_v6_mode_map[XFRM_M +@@ -2065,7 +2072,6 @@ struct xfrm_mode xfrm_v6_mode_map[XFRM_M * IPv4 xfrm_type ESP object. */ static const struct xfrm_type xfrm_v4_type = { @@ -217,7 +233,7 @@ .owner = THIS_MODULE, .proto = IPPROTO_ESP, .flags = XFRM_TYPE_REPLAY_PROT, -@@ -2101,9 +2106,11 @@ static struct xfrm_state_afinfo xfrm_v6_ +@@ -2101,9 +2107,11 @@ static struct xfrm_state_afinfo xfrm_v6_ .state_sort = nss_ipsec_xfrm_v6_sort_state, #endif .output = nss_ipsec_xfrm_v6_output, @@ -229,7 +245,7 @@ .transport_finish = nss_ipsec_xfrm_v6_transport_finish, .local_error = nss_ipsec_xfrm_v6_local_error, }; -@@ -2112,7 +2119,6 @@ static struct xfrm_state_afinfo xfrm_v6_ +@@ -2112,7 +2120,6 @@ static struct xfrm_state_afinfo xfrm_v6_ * IPv6 xfrm_type ESP object. */ static const struct xfrm_type xfrm_v6_type = { @@ -237,7 +253,7 @@ .owner = THIS_MODULE, .proto = IPPROTO_ESP, .flags = XFRM_TYPE_REPLAY_PROT, -@@ -2121,7 +2127,9 @@ static const struct xfrm_type xfrm_v6_ty +@@ -2121,7 +2128,9 @@ static const struct xfrm_type xfrm_v6_ty .get_mtu = nss_ipsec_xfrm_esp_get_mtu, .input = nss_ipsec_xfrm_esp_input, .output = nss_ipsec_xfrm_esp_output, @@ -247,7 +263,7 @@ }; /* -@@ -2207,7 +2215,6 @@ static void nss_ipsec_xfrm_restore_afinf +@@ -2207,7 +2216,6 @@ static void nss_ipsec_xfrm_restore_afinf } xfrm_unregister_type(base, family); @@ -255,7 +271,7 @@ xfrm_state_update_afinfo(family, afinfo); } -@@ -2292,14 +2299,10 @@ static void nss_ipsec_xfrm_override_afin +@@ -2292,14 +2300,10 @@ static void nss_ipsec_xfrm_override_afin */ int __init nss_ipsec_xfrm_init_module(void) { @@ -270,7 +286,7 @@ net_get_random_once(&g_ipsec_xfrm.hash_nonce, sizeof(g_ipsec_xfrm.hash_nonce)); /* -@@ -2327,7 +2330,6 @@ int __init nss_ipsec_xfrm_init_module(vo +@@ -2327,7 +2331,6 @@ int __init nss_ipsec_xfrm_init_module(vo nss_ipsec_xfrm_override_afinfo(&g_ipsec_xfrm, AF_INET6); ecm_interface_ipsec_register_callbacks(&xfrm_ecm_ipsec_cb); @@ -278,7 +294,7 @@ #if defined(NSS_L2TPV2_ENABLED) l2tpmgr_register_ipsecmgr_callback_by_ipaddr(&xfrm_l2tp); -@@ -2336,6 +2338,7 @@ int __init nss_ipsec_xfrm_init_module(vo +@@ -2336,6 +2339,7 @@ int __init nss_ipsec_xfrm_init_module(vo /* * Register for xfrm events */ @@ -286,7 +302,7 @@ xfrm_register_km(&nss_ipsec_xfrm_mgr); /* -@@ -2346,6 +2349,7 @@ int __init nss_ipsec_xfrm_init_module(vo +@@ -2346,6 +2350,7 @@ int __init nss_ipsec_xfrm_init_module(vo return 0; unreg_v4_handler: @@ -296,7 +312,24 @@ } --- a/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_sa.c +++ b/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_sa.c -@@ -181,7 +181,7 @@ static bool nss_ipsec_xfrm_sa_init_crypt +@@ -55,13 +55,15 @@ struct nss_ipsec_xfrm_algo { + static struct nss_ipsec_xfrm_algo xfrm_algo[] = { + {.cipher_name = "cbc(aes)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_SHA1_HMAC}, + {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_SHA1_HMAC}, ++#ifndef NSS_IPSEC_XFRM_IPQ50XX + {.cipher_name = "cbc(aes)", .auth_name = "hmac(md5)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_MD5_HMAC}, + {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(md5)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_MD5_HMAC}, + {.cipher_name = "rfc4106(gcm(aes))", .auth_name = "rfc4106(gcm(aes))", .algo = NSS_IPSECMGR_ALGO_AES_GCM_GMAC_RFC4106}, + {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA1_HMAC}, ++ {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA256_HMAC}, ++#endif + {.cipher_name = "cbc(aes)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_SHA256_HMAC}, + {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_SHA256_HMAC}, +- {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA256_HMAC}, + }; + + /* +@@ -181,7 +183,7 @@ static bool nss_ipsec_xfrm_sa_init_crypt */ static void nss_ipsec_xfrm_sa_init_tuple(struct nss_ipsec_xfrm_sa *sa, struct xfrm_state *x) { @@ -305,7 +338,7 @@ sa->type = NSS_IPSECMGR_SA_TYPE_ENCAP; sa->tuple.spi_index = ntohl(x->id.spi); -@@ -215,7 +215,7 @@ static void nss_ipsec_xfrm_sa_init_tuple +@@ -215,7 +217,7 @@ static void nss_ipsec_xfrm_sa_init_tuple sa->tuple.dest_ip[2] = ntohl(x->id.daddr.a6[2]); sa->tuple.dest_ip[3] = ntohl(x->id.daddr.a6[3]); @@ -332,23 +365,6 @@ } /* -From 2b32003b2e6225802361bc3bab12fcb3510f0327 Mon Sep 17 00:00:00 2001 -From: Suhas N Bhargav -Date: Thu, 30 Sep 2021 16:32:12 +0530 -Subject: [PATCH] [qca-nss-clients] Fix to avoid contention b/w write locks in - ipsecmgr - -This fix is needed to avoid contention of locks between two -entities which are in process & interrupt context - -Change-Id: I9986606b99d7642cca1c105bdf05e0ed67b66374 -Signed-off-by: Suhas N Bhargav ---- - ipsecmgr/v2.0/nss_ipsecmgr.c | 6 +++--- - ipsecmgr/v2.0/nss_ipsecmgr_flow.c | 8 ++++---- - ipsecmgr/v2.0/nss_ipsecmgr_tunnel.c | 10 +++++----- - 3 files changed, 12 insertions(+), 12 deletions(-) - --- a/ipsecmgr/v2.0/nss_ipsecmgr.c +++ b/ipsecmgr/v2.0/nss_ipsecmgr.c @@ -1,6 +1,6 @@ @@ -445,24 +461,6 @@ Signed-off-by: Suhas N Bhargav nss_ipsecmgr_tunnel_mtu(dev, skb_dev ? skb_dev->mtu : dev->mtu); ---- a/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm.c -+++ b/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm.c -@@ -1,5 +1,6 @@ - /* Copyright (c) 2021, The Linux Foundation. All rights reserved. - * -+ * Copyright (c) 2022, Qualcomm Innovation Center, Inc. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. -@@ -254,7 +255,7 @@ static void nss_ipsec_xfrm_flush_flow_by - - for (count = NSS_IPSEC_XFRM_FLOW_DB_MAX; count--; db_head++) { - list_for_each_entry_safe(flow, tmp, db_head, list_entry) { -- if (flow->sa == sa) { -+ if (READ_ONCE(flow->sa) == sa) { - list_del_init(&flow->list_entry); - list_add(&flow->list_entry, &free_head); - } --- a/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_flow.c +++ b/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_flow.c @@ -1,4 +1,5 @@ @@ -540,22 +538,3 @@ Signed-off-by: Suhas N Bhargav +ifeq ($(SoC),$(filter $(SoC),ipq50xx ipq50xx_64)) +ccflags-y += -DNSS_IPSEC_XFRM_IPQ50XX +endif ---- a/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_sa.c -+++ b/ipsecmgr/v2.0/plugins/xfrm/nss_ipsec_xfrm_sa.c -@@ -55,13 +55,15 @@ struct nss_ipsec_xfrm_algo { - static struct nss_ipsec_xfrm_algo xfrm_algo[] = { - {.cipher_name = "cbc(aes)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_SHA1_HMAC}, - {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_SHA1_HMAC}, -+#ifndef NSS_IPSEC_XFRM_IPQ50XX - {.cipher_name = "cbc(aes)", .auth_name = "hmac(md5)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_MD5_HMAC}, - {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(md5)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_MD5_HMAC}, - {.cipher_name = "rfc4106(gcm(aes))", .auth_name = "rfc4106(gcm(aes))", .algo = NSS_IPSECMGR_ALGO_AES_GCM_GMAC_RFC4106}, - {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha1)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA1_HMAC}, -+ {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA256_HMAC}, -+#endif - {.cipher_name = "cbc(aes)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_AES_CBC_SHA256_HMAC}, - {.cipher_name = "cbc(des3_ede)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_3DES_CBC_SHA256_HMAC}, -- {.cipher_name = "ecb(cipher_null)", .auth_name = "hmac(sha256)", .algo = NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA256_HMAC}, - }; - - /* diff --git a/qca-nss-drv/patches-11.4/0026-nss-drv-add-support-for-kernel-6.12.patch b/qca-nss-drv/patches-11.4/0026-nss-drv-add-support-for-kernel-6.12.patch index ab2eebb..2225817 100644 --- a/qca-nss-drv/patches-11.4/0026-nss-drv-add-support-for-kernel-6.12.patch +++ b/qca-nss-drv/patches-11.4/0026-nss-drv-add-support-for-kernel-6.12.patch @@ -40,7 +40,7 @@ static int max_ipv4_conn = NSS_DEFAULT_NUM_CONN; --- a/Makefile +++ b/Makefile -@@ -579,6 +581,8 @@ qca-nss-drv-objs += \ +@@ -579,6 +579,8 @@ qca-nss-drv-objs += \ ccflags-y += -DNSS_FREQ_SCALE_SUPPORT=1 endif diff --git a/qca-nss-drv/patches/0026-nss-drv-add-support-for-kernel-6.12.patch b/qca-nss-drv/patches/0026-nss-drv-add-support-for-kernel-6.12.patch index 7e85f35..1098172 100644 --- a/qca-nss-drv/patches/0026-nss-drv-add-support-for-kernel-6.12.patch +++ b/qca-nss-drv/patches/0026-nss-drv-add-support-for-kernel-6.12.patch @@ -39,7 +39,7 @@ static int max_ipv4_conn = NSS_DEFAULT_NUM_CONN; --- a/Makefile +++ b/Makefile -@@ -630,6 +632,8 @@ qca-nss-drv-objs += \ +@@ -630,6 +630,8 @@ qca-nss-drv-objs += \ ccflags-y += -DNSS_FREQ_SCALE_SUPPORT=1 endif