netfilter: nf_tables: add clone interface to expression operations

With the conversion of the counter expressions to make it percpu, we need to clone the percpu memory area, otherwise we crash when using counters from flow tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-11-10 13:39:42 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-11-10 23:47:32 +0100
commit: 086f332167d64b645d37405854f049b9ad7371ab (patch)
tree: 971692c02428ad47dcaa0b4a75751b3befc01658 /net/netfilter/nft_dynset.c
parent: aabc92bbe3cfe4c545f8ccdaaeeea012a46f0abf (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 513a8ef60a59..9dec3bd1b63c 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -50,8 +50,9 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr,
 	}
 
 	ext = nft_set_elem_ext(set, elem);
-	if (priv->expr != NULL)
-		nft_expr_clone(nft_set_ext_expr(ext), priv->expr);
+	if (priv->expr != NULL &&
+	    nft_expr_clone(nft_set_ext_expr(ext), priv->expr) < 0)
+		return NULL;
 
 	return elem;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-11-10 13:39:42 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-11-10 23:47:32 +0100
commit	086f332167d64b645d37405854f049b9ad7371ab (patch)
tree	971692c02428ad47dcaa0b4a75751b3befc01658 /net/netfilter/nft_dynset.c
parent	aabc92bbe3cfe4c545f8ccdaaeeea012a46f0abf (diff)