From: Johannes Berg Date: Tue, 11 Jun 2013 14:51:03 +0000 (+0200) Subject: cfg80211: fix rtnl leak in wiphy dump error cases X-Git-Tag: firefly_0821_release~176^2~5751^2~78^2^2~24^2~21 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=940d0ac9dbe3fb9d4806e96f006286c2e476deed;p=firefly-linux-kernel-4.4.55.git cfg80211: fix rtnl leak in wiphy dump error cases In two wiphy dump error cases, most often when the dump allocation must be increased, the RTNL is leaked. This quickly results in a complete system lockup. Release the RTNL correctly. Reported-by: Emmanuel Grumbach Signed-off-by: Johannes Berg --- diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 398ce2c59686..e4028197b75d 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -1541,8 +1541,10 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); netdev = dev_get_by_index(sock_net(skb->sk), ifidx); - if (!netdev) + if (!netdev) { + rtnl_unlock(); return -ENODEV; + } if (netdev->ieee80211_ptr) { dev = wiphy_to_dev( netdev->ieee80211_ptr->wiphy); @@ -1586,6 +1588,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) !skb->len && cb->min_dump_alloc < 4096) { cb->min_dump_alloc = 4096; + rtnl_unlock(); return 1; } idx--;