netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()

[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]

When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.

Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 7e2c8dd01408f6b165d65c6e3aa4715b42824ed5..2cce4033a70a6c7390488da0279b4b16c4d0c84f 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -290,6 +290,7 @@ replay:
                        nfnl_lock(subsys_id);
                        if (nfnl_dereference_protected(subsys_id) != ss ||
                            nfnetlink_find_client(type, ss) != nc) {
+                               nfnl_unlock(subsys_id);
                                err = -EAGAIN;
                                break;
                        }