kernel: fix a race condition leading to a crash in hw flow offloading

flowtable->net was initialized too late, and this could be triggered even without hardware offload support on the device Signed-off-by: Felix Fietkau <nbd@nbd.name>

kernel: fix a race condition leading to a crash in hw flow offloading
ebe0b2af · Felix Fietkau · 54e1a6fc · ebe0b2af
Commit ebe0b2af authored 3 years ago by Felix Fietkau
--- a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,656 @@
+@@ -0,0 +1,657 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -575,16 +575,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	}
 +
 +	table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)];
+
+	net = read_pnet(&table->ft.net);
+	if (!net)
+		write_pnet(&table->ft.net, xt_net(par));
+
 +	if (flow_offload_add(&table->ft, flow) < 0)
 +		goto err_flow_add;
 +
 +	xt_flowoffload_check_device(table, devs[0]);
 +	xt_flowoffload_check_device(table, devs[1]);
 +
-+	net = read_pnet(&table->ft.net);
-+	if (!net)
-+		write_pnet(&table->ft.net, xt_net(par));
-+
 +	dst_release(route.tuple[dir].dst);
 +	dst_release(route.tuple[!dir].dst);
 +