netfilter: nf_tables: restore chain change atomicity
authorPatrick McHardy <kaber@trash.net>
Thu, 9 Jan 2014 18:42:32 +0000 (18:42 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 9 Jan 2014 19:17:13 +0000 (20:17 +0100)
commit4401a862009bca28f02dcea4241191c27328816c
tree3b701a4a2ff9d600e1591f4539b87c9a1b9c5c13
parent57de2a0cd9d7e4cfc6479ecbebfcd36dbc61d5ed
netfilter: nf_tables: restore chain change atomicity

Chain counter validation is performed after the chain policy has
potentially been changed. Move counter validation/setting before
changing of the chain policy to fix this.

Additionally fix a memory leak if chain counter allocation fails
for new chains, remove an unnecessary free_percpu() and move
counter allocation for new chains

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c