kernel: fix a race condition leading to a crash in hw flow offloading

flowtable->net was initialized too late, and this could be triggered even
without hardware offload support on the device

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index bda8d06b7caf49584206bbf4f6a747309f481847..23332534bbe106f8bc57027c10fff6ae6137ca7c 100644 (file)
--- a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,656 @@
+@@ -0,0 +1,657 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -575,16 +575,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      }
 +
 +      table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)];
++
++      net = read_pnet(&table->ft.net);
++      if (!net)
++              write_pnet(&table->ft.net, xt_net(par));
++
 +      if (flow_offload_add(&table->ft, flow) < 0)
 +              goto err_flow_add;
 +
 +      xt_flowoffload_check_device(table, devs[0]);
 +      xt_flowoffload_check_device(table, devs[1]);
 +
-+      net = read_pnet(&table->ft.net);
-+      if (!net)
-+              write_pnet(&table->ft.net, xt_net(par));
-+
 +      dst_release(route.tuple[dir].dst);
 +      dst_release(route.tuple[!dir].dst);
 +