aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2022-02-14 13:58:38 +0100
committerFelix Fietkau <nbd@nbd.name>2022-02-14 13:59:14 +0100
commitebe0b2af65c27b96cd0db9533cb63feda5a581f6 (patch)
tree653deae7fd1cc2c3580da2057b9602a858dd0cfe
parent54e1a6fced535cc2a8ed5204072dbf8882761b00 (diff)
downloadupstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.tar.gz
upstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.tar.bz2
upstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.zip
kernel: fix a race condition leading to a crash in hw flow offloading
flowtable->net was initialized too late, and this could be triggered even without hardware offload support on the device Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r--target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch11
1 files changed, 6 insertions, 5 deletions
diff --git a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index bda8d06b7c..23332534bb 100644
--- a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,656 @@
+@@ -0,0 +1,657 @@
+/*
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
+ *
@@ -575,16 +575,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ }
+
+ table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)];
++
++ net = read_pnet(&table->ft.net);
++ if (!net)
++ write_pnet(&table->ft.net, xt_net(par));
++
+ if (flow_offload_add(&table->ft, flow) < 0)
+ goto err_flow_add;
+
+ xt_flowoffload_check_device(table, devs[0]);
+ xt_flowoffload_check_device(table, devs[1]);
+
-+ net = read_pnet(&table->ft.net);
-+ if (!net)
-+ write_pnet(&table->ft.net, xt_net(par));
-+
+ dst_release(route.tuple[dir].dst);
+ dst_release(route.tuple[!dir].dst);
+