diff options
author | Felix Fietkau <nbd@nbd.name> | 2022-02-14 13:58:38 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2022-02-14 13:59:14 +0100 |
commit | ebe0b2af65c27b96cd0db9533cb63feda5a581f6 (patch) | |
tree | 653deae7fd1cc2c3580da2057b9602a858dd0cfe /target | |
parent | 54e1a6fced535cc2a8ed5204072dbf8882761b00 (diff) | |
download | upstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.tar.gz upstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.tar.bz2 upstream-ebe0b2af65c27b96cd0db9533cb63feda5a581f6.zip |
kernel: fix a race condition leading to a crash in hw flow offloading
flowtable->net was initialized too late, and this could be triggered even
without hardware offload support on the device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target')
-rw-r--r-- | target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch index bda8d06b7c..23332534bb 100644 --- a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch +++ b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,656 @@ +@@ -0,0 +1,657 @@ +/* + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name> + * @@ -575,16 +575,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> + } + + table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)]; ++ ++ net = read_pnet(&table->ft.net); ++ if (!net) ++ write_pnet(&table->ft.net, xt_net(par)); ++ + if (flow_offload_add(&table->ft, flow) < 0) + goto err_flow_add; + + xt_flowoffload_check_device(table, devs[0]); + xt_flowoffload_check_device(table, devs[1]); + -+ net = read_pnet(&table->ft.net); -+ if (!net) -+ write_pnet(&table->ft.net, xt_net(par)); -+ + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + |