netlink: Fix potential skb memleak in netlink_ack

[ Upstream commit e69761483361f3df455bc493c99af0ef1744a14f ]

Fix coverity issue 'Resource leak'.

We should clean the skb resource if nlmsg_put/append failed.

Fixes: 738136a0e375 ("netlink: split up copies in the ack construction")
Signed-off-by: Tao Chen <chentao.kernel@linux.alibaba.com>
Link: https://lore.kernel.org/r/bff442d62c87de6299817fe1897cc5a5694ba9cc.1667638204.git.chentao.kernel@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: d0f95894fda7 ("netlink: annotate data-races around sk->sk_err")
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 4ddb2ed..845ac56 100644 (file)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2444,7 +2444,7 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err,
 
        skb = nlmsg_new(payload + tlvlen, GFP_KERNEL);
        if (!skb)
-               goto err_bad_put;
+               goto err_skb;
 
        rep = nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
                        NLMSG_ERROR, sizeof(*errmsg), flags);
@@ -2472,6 +2472,8 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err,
        return;
 
 err_bad_put:
+       nlmsg_free(skb);
+err_skb:
        NETLINK_CB(in_skb).sk->sk_err = ENOBUFS;
        sk_error_report(NETLINK_CB(in_skb).sk);
 }