Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp1418879imm; Thu, 5 Jul 2018 23:03:38 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcLp1tu00Avv14mIdm5QDPHhgL6atyvmNT3WAn8h2xy7uCb6zNrQfAv0r7qU1EPwPjFhi1O X-Received: by 2002:a63:1e08:: with SMTP id e8-v6mr2314116pge.281.1530857018899; Thu, 05 Jul 2018 23:03:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530857018; cv=none; d=google.com; s=arc-20160816; b=TfkuNrK+fctoXRmme+hgm/yYYthhHnTnlndlX/NFhPSkHypStGBrUEPPJnsNRAb5uW 9rE/UvhusY0YUxAOg/ctpyvO+wJ+bC9bWW5mU0yvIRDINS0eelhy0qaKqS1+Fspk/dO3 s4il83zsMRHQsOfGykW/LOqeLZtXBiLKEi9dkRIPTBn1Fgv013To5lCM/QAotcaWvVCA 9vfRCqPDhvMbTi8KdpFqWNxG9foWalQcofbqQBPe17YF/zM8Pfi7vScIhIhZX9sDYD54 PJQOK5x2YNR6BNtVZ3OYxx9jzb+vi3CIGuahqIU14hcpTD9ttyJtrodK+22vIEbUPmm1 8iOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Li1Vp+ZazuqhnkqKr2zUjq6kGcJmZTpaX6+nX+cn/lU=; b=yA3HarVgajvJRIPrnQRUr1QTUkB3SQUM2AK+qs52ZeJjtk0FRVwkGdpQm7dTVYy+K6 4LTBHvd6QlWlbNZ4V7PcC6RZmRIrzgwyYyN2/b5VcrpNivzZyRBfgoNF+Wns/6ryZ++x 3vAhykV38K4QWdPt37z/7JNZ7Oi38JVRvkeJdHWTSJpYgw7/A2oDsfy/5OOaoy4IOpc7 o+3z/ZBBXmvEHoDG/mRJkFavnekxeevGignZR4+PMRTTgjrSSEiv/VqKomeCJ+XyJYTG 5SmHsf4lXJ5EBTd2GgaZeVEia4adZ9cCRLdoRUxXGAyUf7ikI3kOisp/W8x8LYoOlZcp xJBQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k6-v6si7019358pgk.256.2018.07.05.23.03.00; Thu, 05 Jul 2018 23:03:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934015AbeGFFuv (ORCPT + 99 others); Fri, 6 Jul 2018 01:50:51 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:33038 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933976AbeGFFup (ORCPT ); Fri, 6 Jul 2018 01:50:45 -0400 Received: from localhost (D57D388D.static.ziggozakelijk.nl [213.125.56.141]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 5A2EFC8D; Fri, 6 Jul 2018 05:50:44 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Florian Westphal , Pablo Neira Ayuso Subject: [PATCH 4.14 26/61] netfilter: nf_tables: dont assume chain stats are set when jumplabel is set Date: Fri, 6 Jul 2018 07:46:50 +0200 Message-Id: <20180706054713.338228961@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180706054712.332416244@linuxfoundation.org> References: <20180706054712.332416244@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Florian Westphal commit 009240940e84c1c089af88b454f7e804a4c5bd1b upstream. nft_chain_stats_replace() and all other spots assume ->stats can be NULL, but nft_update_chain_stats does not. It must do this check, just because the jump label is set doesn't mean all basechains have stats assigned. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nf_tables_core.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c @@ -119,15 +119,22 @@ DEFINE_STATIC_KEY_FALSE(nft_counters_ena static noinline void nft_update_chain_stats(const struct nft_chain *chain, const struct nft_pktinfo *pkt) { + struct nft_base_chain *base_chain; struct nft_stats *stats; - local_bh_disable(); - stats = this_cpu_ptr(rcu_dereference(nft_base_chain(chain)->stats)); - u64_stats_update_begin(&stats->syncp); - stats->pkts++; - stats->bytes += pkt->skb->len; - u64_stats_update_end(&stats->syncp); - local_bh_enable(); + base_chain = nft_base_chain(chain); + if (!base_chain->stats) + return; + + stats = this_cpu_ptr(rcu_dereference(base_chain->stats)); + if (stats) { + local_bh_disable(); + u64_stats_update_begin(&stats->syncp); + stats->pkts++; + stats->bytes += pkt->skb->len; + u64_stats_update_end(&stats->syncp); + local_bh_enable(); + } } struct nft_jumpstack {