cfg80211: fix rtnl leak in wiphy dump error cases In two wiphy dump error cases, most often when the dump allocation must be increased, the RTNL is leaked. This quickly results in a complete system lockup. Release the RTNL correctly. Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

commit: 940d0ac9dbe3fb9d4806e96f006286c2e476deed [log] [tgz]
author: Johannes Berg <johannes.berg@intel.com> Tue Jun 11 16:51:03 2013 +0200
committer: Johannes Berg <johannes.berg@intel.com> Tue Jun 11 16:52:39 2013 +0200
tree: 3fea9c0940ebc98eb60e1459ed80ae48440d241b
parent: ea141b75ae29636b5c9e9d2e2e77b3dd1ab4c934 [diff] [blame]
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 398ce2c..e402819 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c

@@ -1541,8 +1541,10 @@
 			int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
 
 			netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
-			if (!netdev)
+			if (!netdev) {
+				rtnl_unlock();
 				return -ENODEV;
+			}
 			if (netdev->ieee80211_ptr) {
 				dev = wiphy_to_dev(
 					netdev->ieee80211_ptr->wiphy);
@@ -1586,6 +1588,7 @@
 				    !skb->len &&
 				    cb->min_dump_alloc < 4096) {
 					cb->min_dump_alloc = 4096;
+					rtnl_unlock();
 					return 1;
 				}
 				idx--;
commit	940d0ac9dbe3fb9d4806e96f006286c2e476deed	[log] [tgz]
author	Johannes Berg <johannes.berg@intel.com>	Tue Jun 11 16:51:03 2013 +0200
committer	Johannes Berg <johannes.berg@intel.com>	Tue Jun 11 16:52:39 2013 +0200
tree	3fea9c0940ebc98eb60e1459ed80ae48440d241b
parent	ea141b75ae29636b5c9e9d2e2e77b3dd1ab4c934 [diff] [blame]