netfilter: nft_counter: Synchronize nft_counter_reset() against reader.

nft_counter_reset() resets the counter by subtracting the previously
retrieved value from the counter. This is a write operation on the
counter and as such it requires to be performed with a write sequence of
nft_counter_seq to serialize against its possible reader.

Update the packets/ bytes within write-sequence of nft_counter_seq.

Fixes: d84701ecbcd6a ("netfilter: nft_counter: rework atomic dump and reset")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index 16f40b5..eab0dc6 100644 (file)
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -107,11 +107,16 @@ static void nft_counter_reset(struct nft_counter_percpu_priv *priv,
                              struct nft_counter *total)
 {
        struct nft_counter *this_cpu;
+       seqcount_t *myseq;
 
        local_bh_disable();
        this_cpu = this_cpu_ptr(priv->counter);
+       myseq = this_cpu_ptr(&nft_counter_seq);
+
+       write_seqcount_begin(myseq);
        this_cpu->packets -= total->packets;
        this_cpu->bytes -= total->bytes;
+       write_seqcount_end(myseq);
        local_bh_enable();
 }