1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Sat, 17 Jul 2021 10:10:29 +0200
3 Subject: [PATCH] netfilter: flowtable: avoid possible false sharing
5 The flowtable follows the same timeout approach as conntrack, use the
6 same idiom as in cc16921351d8 ("netfilter: conntrack: avoid same-timeout
7 update") but also include the fix provided by e37542ba111f ("netfilter:
8 conntrack: avoid possible false sharing").
10 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
13 --- a/net/netfilter/nf_flow_table_core.c
14 +++ b/net/netfilter/nf_flow_table_core.c
15 @@ -331,7 +331,11 @@ EXPORT_SYMBOL_GPL(flow_offload_add);
16 void flow_offload_refresh(struct nf_flowtable *flow_table,
17 struct flow_offload *flow)
19 - flow->timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
22 + timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
23 + if (READ_ONCE(flow->timeout) != timeout)
24 + WRITE_ONCE(flow->timeout, timeout);
26 if (likely(!nf_flowtable_hw_offload(flow_table)))