netfilter: nft_inner: release local_lock before re-enabling softirqs

Quoting sashiko:
 In the error path, local_bh_enable() is called before
 local_unlock_nested_bh().

Fixes: ba36fada9ab4 ("netfilter: nft_inner: Use nested-BH locking for nft_pcpu_tun_ctx")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_inner.c b/net/netfilter/nft_inner.c
index 859aa38e333b8de673a41e2673a9dbfa0e9cd3e1..d14ca157910b5dcf1b587a20783672eebc9b02a0 100644 (file)
--- a/net/netfilter/nft_inner.c
+++ b/net/netfilter/nft_inner.c
@@ -246,8 +246,8 @@ static bool nft_inner_restore_tun_ctx(const struct nft_pktinfo *pkt,
        local_lock_nested_bh(&nft_pcpu_tun_ctx.bh_lock);
        this_cpu_tun_ctx = this_cpu_ptr(&nft_pcpu_tun_ctx.ctx);
        if (this_cpu_tun_ctx->cookie != (unsigned long)pkt->skb) {
-               local_bh_enable();
                local_unlock_nested_bh(&nft_pcpu_tun_ctx.bh_lock);
+               local_bh_enable();
                return false;
        }
        *tun_ctx = *this_cpu_tun_ctx;