diff options
| author | Sebastian Andrzej Siewior <bigeasy@linutronix.de> | 2024-08-20 09:54:31 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-08-20 12:26:36 +0200 |
| commit | a0b39e2dc7017ac667b70bdeee5293e410fab2fb (patch) | |
| tree | a31be42759da3a3f1c68753878205615a448617f | |
| parent | 1eacdd71b3436b54d5fc8218c4bb0187d92a6892 (diff) | |
| download | linux-a0b39e2dc7017ac667b70bdeee5293e410fab2fb.tar.gz linux-a0b39e2dc7017ac667b70bdeee5293e410fab2fb.tar.bz2 linux-a0b39e2dc7017ac667b70bdeee5293e410fab2fb.zip | |
netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
nft_counter_reset() resets the counter by subtracting the previously
retrieved value from the counter. This is a write operation on the
counter and as such it requires to be performed with a write sequence of
nft_counter_seq to serialize against its possible reader.
Update the packets/ bytes within write-sequence of nft_counter_seq.
Fixes: d84701ecbcd6a ("netfilter: nft_counter: rework atomic dump and reset")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nft_counter.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c index 16f40b503d37..eab0dc66bee6 100644 --- a/net/netfilter/nft_counter.c +++ b/net/netfilter/nft_counter.c @@ -107,11 +107,16 @@ static void nft_counter_reset(struct nft_counter_percpu_priv *priv, struct nft_counter *total) { struct nft_counter *this_cpu; + seqcount_t *myseq; local_bh_disable(); this_cpu = this_cpu_ptr(priv->counter); + myseq = this_cpu_ptr(&nft_counter_seq); + + write_seqcount_begin(myseq); this_cpu->packets -= total->packets; this_cpu->bytes -= total->bytes; + write_seqcount_end(myseq); local_bh_enable(); } |