From 53fc6e9edeae7364847bd1a7a81a331feeb56172 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 6 May 2022 15:49:58 +0200
Subject: kernel: fix flow offload issues with pppoe

sync xt_FLOWOFFLOAD code with latest version of nft_flow_offload

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 726ef8ba2dbe4d4a693c4d9300bc69e234e6d67d)
---
 ...er-flowtable-avoid-possible-false-sharing.patch | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 target/linux/generic/backport-5.10/610-v5.15-58-netfilter-flowtable-avoid-possible-false-sharing.patch

(limited to 'target/linux/generic/backport-5.10/610-v5.15-58-netfilter-flowtable-avoid-possible-false-sharing.patch')

diff --git a/target/linux/generic/backport-5.10/610-v5.15-58-netfilter-flowtable-avoid-possible-false-sharing.patch b/target/linux/generic/backport-5.10/610-v5.15-58-netfilter-flowtable-avoid-possible-false-sharing.patch
new file mode 100644
index 0000000000..69c06c51d8
--- /dev/null
+++ b/target/linux/generic/backport-5.10/610-v5.15-58-netfilter-flowtable-avoid-possible-false-sharing.patch
@@ -0,0 +1,27 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 17 Jul 2021 10:10:29 +0200
+Subject: [PATCH] netfilter: flowtable: avoid possible false sharing
+
+The flowtable follows the same timeout approach as conntrack, use the
+same idiom as in cc16921351d8 ("netfilter: conntrack: avoid same-timeout
+update") but also include the fix provided by e37542ba111f ("netfilter:
+conntrack: avoid possible false sharing").
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+
+--- a/net/netfilter/nf_flow_table_core.c
++++ b/net/netfilter/nf_flow_table_core.c
+@@ -328,7 +328,11 @@ EXPORT_SYMBOL_GPL(flow_offload_add);
+ void flow_offload_refresh(struct nf_flowtable *flow_table,
+ 			  struct flow_offload *flow)
+ {
+-	flow->timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
++	u32 timeout;
++
++	timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
++	if (READ_ONCE(flow->timeout) != timeout)
++		WRITE_ONCE(flow->timeout, timeout);
+ 
+ 	if (likely(!nf_flowtable_hw_offload(flow_table)))
+ 		return;
-- 
cgit v1.2.3