On 24.11, Florian Westphal wrote: > diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c > index 29a6ca9..dabf5ed 100644 > --- a/net/netfilter/nf_tables_core.c > +++ b/net/netfilter/nf_tables_core.c > @@ -138,7 +144,8 @@ next_rule: > if (unlikely(rule->genmask & (1 << gencursor))) > continue; > > - rulenum++; > + if (static_key_false(&nft_trace_enabled)) > + rulenum++; This API is deprecated, see Documentation/static-keys.txt. I'm also wondering if this introduces a race condition on architectures that don't support jump labels. static_key_slow_inc() simply increases the ->enabled counter without further synchronization, so this might happen while we're executing this function and some of the increments might be skipped. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
