cfg80211: fix rtnl leak in wiphy dump error cases
authorJohannes Berg <johannes.berg@intel.com>
Tue, 11 Jun 2013 14:51:03 +0000 (16:51 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Tue, 11 Jun 2013 14:52:39 +0000 (16:52 +0200)
In two wiphy dump error cases, most often when the dump allocation
must be increased, the RTNL is leaked. This quickly results in a
complete system lockup. Release the RTNL correctly.

Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/nl80211.c

index 398ce2c5968675f074cf0d0e54f8864a6892d285..e4028197b75dcc28af9b0011a5052e2adeeb702e 100644 (file)
@@ -1541,8 +1541,10 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                        int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
 
                        netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
-                       if (!netdev)
+                       if (!netdev) {
+                               rtnl_unlock();
                                return -ENODEV;
+                       }
                        if (netdev->ieee80211_ptr) {
                                dev = wiphy_to_dev(
                                        netdev->ieee80211_ptr->wiphy);
@@ -1586,6 +1588,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                                    !skb->len &&
                                    cb->min_dump_alloc < 4096) {
                                        cb->min_dump_alloc = 4096;
+                                       rtnl_unlock();
                                        return 1;
                                }
                                idx--;