When devlink_nl_reload_doit() is asked to change network namespace
(via DEVLINK_ATTR_NETNS_*) but the reload action is not
DEVLINK_RELOAD_ACTION_DRIVER_REINIT, it calls devlink_netns_get()
which acquires a reference on the destination net namespace. Then,
after detecting that namespace change is only supported for reinit
action, it returns -EOPNOTSUPP without releasing the reference, thus
leaking the net namespace.

Fix the leak by releasing the reference with put_net() before
returning the error, for example by adding it directly on that error
path. A cleaner alternative is to introduce a common cleanup label
that performs the put_net() if the pointer is non-NULL.

Cc: stable@vger.kernel.org
Fixes: 2edd92570441 ("devlink: don't allow to change net namespace for FW_ACTIVATE reload action")
Signed-off-by: WenTao Liang <vulab@iscas.ac.cn>
---
 net/devlink/dev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/devlink/dev.c b/net/devlink/dev.c
index 57b2b8f03543..fd5633fa88ec 100644
--- a/net/devlink/dev.c
+++ b/net/devlink/dev.c
@@ -578,6 +578,7 @@ int devlink_nl_reload_doit(struct sk_buff *skb, struct genl_info *info)
 		    action != DEVLINK_RELOAD_ACTION_DRIVER_REINIT) {
 			NL_SET_ERR_MSG_MOD(info->extack,
 					   "Changing namespace is only supported for reinit action");
+			put_net(dest_net);
 			return -EOPNOTSUPP;
 		}
 	}
-- 
2.50.1 (Apple Git-155)