cfg80211: fix rtnl leak in wiphy dump error cases

In two wiphy dump error cases, most often when the dump allocation
must be increased, the RTNL is leaked. This quickly results in a
complete system lockup. Release the RTNL correctly.

Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 398ce2c5968675f074cf0d0e54f8864a6892d285..e4028197b75dcc28af9b0011a5052e2adeeb702e 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1541,8 +1541,10 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                        int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
 
                        netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
-                       if (!netdev)
+                       if (!netdev) {
+                               rtnl_unlock();
                                return -ENODEV;
+                       }
                        if (netdev->ieee80211_ptr) {
                                dev = wiphy_to_dev(
                                        netdev->ieee80211_ptr->wiphy);
@@ -1586,6 +1588,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                                    !skb->len &&
                                    cb->min_dump_alloc < 4096) {
                                        cb->min_dump_alloc = 4096;
+                                       rtnl_unlock();
                                        return 1;
                                }
                                idx--;