netfilter: ipset: fix order of kfree_rcu() and rcu_assign_pointer()

Sashiko pointed out that kfree_rcu() was called before
rcu_assign_pointer() in handling the comment extension.
Fix the order so that rcu_assign_pointer() called first.

Fixes: b57b2d1fa53f ("netfilter: ipset: Prepare the ipset core to use RCU at set level")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 3706b4a85a0f1faf2d6d6ad88bfabe2d7d0867c0..a531b654b8d9640cb2466d1a12cf3e6fa2c801d0 100644 (file)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -351,8 +351,8 @@ ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
 
        if (unlikely(c)) {
                set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
-               kfree_rcu(c, rcu);
                rcu_assign_pointer(comment->c, NULL);
+               kfree_rcu(c, rcu);
        }
        if (!len)
                return;
@@ -393,8 +393,8 @@ ip_set_comment_free(struct ip_set *set, void *ptr)
        if (unlikely(!c))
                return;
        set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
-       kfree_rcu(c, rcu);
        rcu_assign_pointer(comment->c, NULL);
+       kfree_rcu(c, rcu);
 }
 
 typedef void (*destroyer)(struct ip_set *, void *);