From 1d8baafc438d9beff25e04550b1f894aab771bfe Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 20 Mar 2023 18:06:23 +0100
Subject: [PATCH] kernel: move mediatek flow offload refcount fix and fix a
 logic error

Move it to pending, since it wasn't actually accepted upstream yet.
Fixes potential issues when doing offload between multiple MACs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 ...k_eth_soc-fix-flow_offload-related-re.patch} | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)
 rename target/linux/generic/{backport-5.15/730-11-v6.3-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch => pending-5.15/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch} (76%)

diff --git a/target/linux/generic/backport-5.15/730-11-v6.3-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch b/target/linux/generic/pending-5.15/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch
similarity index 76%
rename from target/linux/generic/backport-5.15/730-11-v6.3-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch
rename to target/linux/generic/pending-5.15/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch
index 54e48df444..acbdec2159 100644
--- a/target/linux/generic/backport-5.15/730-11-v6.3-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch
+++ b/target/linux/generic/pending-5.15/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch
@@ -1,11 +1,12 @@
 From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 17 Nov 2022 11:58:21 +0100
+Date: Mon, 20 Mar 2023 15:49:15 +0100
 Subject: [PATCH] net: ethernet: mtk_eth_soc: fix flow_offload related refcount
  bug
 
 Since we call flow_block_cb_decref on FLOW_BLOCK_UNBIND, we need to call
 flow_block_cb_incref unconditionally, even for a newly allocated cb.
-Fixes a use-after-free bug
+Fixes a use-after-free bug. Also fix the accidentally inverted refcount
+check on unbind.
 
 Fixes: 502e84e2382d ("net: ethernet: mtk_eth_soc: add flow offloading support")
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
@@ -13,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/drivers/net/ethernet/mediatek/mtk_ppe_offload.c
 +++ b/drivers/net/ethernet/mediatek/mtk_ppe_offload.c
-@@ -554,6 +554,7 @@ mtk_eth_setup_tc_block(struct net_device
+@@ -561,6 +561,7 @@ mtk_eth_setup_tc_block(struct net_device
  	struct mtk_eth *eth = mac->hw;
  	static LIST_HEAD(block_cb_list);
  	struct flow_block_cb *block_cb;
@@ -21,7 +22,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	flow_setup_cb_t *cb;
  
  	if (!eth->soc->offload_version)
-@@ -568,16 +569,20 @@ mtk_eth_setup_tc_block(struct net_device
+@@ -575,23 +576,27 @@ mtk_eth_setup_tc_block(struct net_device
  	switch (f->command) {
  	case FLOW_BLOCK_BIND:
  		block_cb = flow_block_cb_lookup(f->block, cb, dev);
@@ -50,3 +51,11 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		return 0;
  	case FLOW_BLOCK_UNBIND:
  		block_cb = flow_block_cb_lookup(f->block, cb, dev);
+ 		if (!block_cb)
+ 			return -ENOENT;
+ 
+-		if (flow_block_cb_decref(block_cb)) {
++		if (!flow_block_cb_decref(block_cb)) {
+ 			flow_block_cb_remove(block_cb, f);
+ 			list_del(&block_cb->driver_list);
+ 		}
-- 
2.30.2