tun: fix mismatch in mutex lock-unlock in tun_get_user()

There is a single error path where tfile->napi_mutex is left unlocked.
It can lead to a deadlock.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/net/tun.c | 4 ++++
 1 file changed, 4 insertions(+)

On Fri, Feb 16, 2018 at 2:11 PM, Alexey Khoroshilov
<khoroshilov@ispras.ru> wrote:
> There is a single error path where tfile->napi_mutex is left unlocked.
> It can lead to a deadlock.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
> ---
>  drivers/net/tun.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index 81e6cc951e7f..0072a9832532 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -1879,6 +1879,10 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
>                         default:
>                                 this_cpu_inc(tun->pcpu_stats->rx_dropped);
>                                 kfree_skb(skb);
> +                               if (frags) {
> +                                       tfile->napi.skb = NULL;
> +                                       mutex_unlock(&tfile->napi_mutex);
> +                               }
>                                 return -EINVAL;


I do not believe this can happen for IFF_TUN

IFF_NAPI_FRAGS can only be set for IFF_TAP

From: Alexey Khoroshilov <khoroshilov@ispras.ru>
Date: Sat, 17 Feb 2018 01:11:55 +0300

> There is a single error path where tfile->napi_mutex is left unlocked.
> It can lead to a deadlock.
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>

As Eric explained, tun_napi_frags_enabled() (and therefore 'frags')
will never be true for TUN devices, which is the type handled by this
code path.