Commit 963bfa57 authored Aug 20, 2024 by Sebastian Andrzej Siewior Committed by Greg Kroah-Hartman Sep 04, 2024

netfilter: nft_counter: Synchronize nft_counter_reset() against reader.



[ Upstream commit a0b39e2dc7017ac667b70bdeee5293e410fab2fb ]

nft_counter_reset() resets the counter by subtracting the previously
retrieved value from the counter. This is a write operation on the
counter and as such it requires to be performed with a write sequence of
nft_counter_seq to serialize against its possible reader.

Update the packets/ bytes within write-sequence of nft_counter_seq.

Fixes: d84701ec ("netfilter: nft_counter: rework atomic dump and reset")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 6633b178

net/netfilter/nft_counter.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -105,11 +105,16 @@ static void nft_counter_reset(struct nft_counter_percpu_priv *priv,
		struct nft_counter *total)
		{
		struct nft_counter *this_cpu;
		seqcount_t *myseq;

		local_bh_disable();
		this_cpu = this_cpu_ptr(priv->counter);
		myseq = this_cpu_ptr(&nft_counter_seq);

		write_seqcount_begin(myseq);
		this_cpu->packets -= total->packets;
		this_cpu->bytes -= total->bytes;
		write_seqcount_end(myseq);
		local_bh_enable();
		}