netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace()
commit
bbb8c61f97e3a2dd91b30d3e57b7964a67569d11 upstream.
When a chain is updated, a counter can be attached. if so,
the nft_counters_enabled should be increased.
test commands:
%nft add table ip filter
%nft add chain ip filter input { type filter hook input priority 4\; }
%iptables-compat -Z input
%nft delete chain ip filter input
we can see below messages.
[ 286.443720] jump label: negative count!
[ 286.448278] WARNING: CPU: 0 PID: 1459 at kernel/jump_label.c:197 __static_key_slow_dec_cpuslocked+0x6f/0xf0
[ 286.449144] Modules linked in: nf_tables nfnetlink ip_tables x_tables
[ 286.449144] CPU: 0 PID: 1459 Comm: nft Tainted: G W 4.17.0-rc2+ #12
[ 286.449144] RIP: 0010:__static_key_slow_dec_cpuslocked+0x6f/0xf0
[ 286.449144] RSP: 0018:
ffff88010e5176f0 EFLAGS:
00010286
[ 286.449144] RAX:
000000000000001b RBX:
ffffffffc0179500 RCX:
ffffffffb8a82522
[ 286.449144] RDX:
0000000000000001 RSI:
0000000000000008 RDI:
ffff88011b7e5eac
[ 286.449144] RBP:
0000000000000000 R08:
ffffed00236fce5c R09:
ffffed00236fce5b
[ 286.449144] R10:
ffffffffc0179503 R11:
ffffed00236fce5c R12:
0000000000000000
[ 286.449144] R13:
ffff88011a28e448 R14:
ffff88011a28e470 R15:
dffffc0000000000
[ 286.449144] FS:
00007f0384328700(0000) GS:
ffff88011b600000(0000) knlGS:
0000000000000000
[ 286.449144] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 286.449144] CR2:
00007f038394bf10 CR3:
0000000104a86000 CR4:
00000000001006f0
[ 286.449144] Call Trace:
[ 286.449144] static_key_slow_dec+0x6a/0x70
[ 286.449144] nf_tables_chain_destroy+0x19d/0x210 [nf_tables]
[ 286.449144] nf_tables_commit+0x1891/0x1c50 [nf_tables]
[ 286.449144] nfnetlink_rcv+0x1148/0x13d0 [nfnetlink]
[ ... ]
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
projects / platform / kernel / linux-exynos.git / commit