batman-adv: fix kernel crash due to missing NULL checks (354136bc) · Commits · e / devices / android_kernel_fairphone_FP5

net/batman-adv/soft-interface.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -479,6 +479,9 @@ void batadv_interface_rx(struct net_device *soft_iface,
		*/
		void batadv_softif_vlan_free_ref(struct batadv_softif_vlan *vlan)
		{
		if (!vlan)
		return;

		if (atomic_dec_and_test(&vlan->refcount)) {
		spin_lock_bh(&vlan->bat_priv->softif_vlan_list_lock);
		hlist_del_rcu(&vlan->list);

+14 −4

Original line number	Diff line number	Diff line
		@@ -594,6 +594,9 @@ bool batadv_tt_local_add(struct net_device soft_iface, const uint8_t addr,

		/* increase the refcounter of the related vlan */
		vlan = batadv_softif_vlan_get(bat_priv, vid);
		if (WARN(!vlan, "adding TT local entry %pM to non-existent VLAN %d",
		addr, BATADV_PRINT_VID(vid)))
		goto out;

		batadv_dbg(BATADV_DBG_TT, bat_priv,
		"Creating new local tt entry: %pM (vid: %d, ttvn: %d)\n",
		@@ -1066,6 +1069,9 @@ uint16_t batadv_tt_local_remove(struct batadv_priv *bat_priv,

		/* decrease the reference held for this vlan */
		vlan = batadv_softif_vlan_get(bat_priv, vid);
		if (!vlan)
		goto out;

		batadv_softif_vlan_free_ref(vlan);
		batadv_softif_vlan_free_ref(vlan);

		@@ -1166,8 +1172,10 @@ static void batadv_tt_local_table_free(struct batadv_priv *bat_priv)
		/* decrease the reference held for this vlan */
		vlan = batadv_softif_vlan_get(bat_priv,
		tt_common_entry->vid);
		if (vlan) {
		batadv_softif_vlan_free_ref(vlan);
		batadv_softif_vlan_free_ref(vlan);
		}

		batadv_tt_local_entry_free_ref(tt_local);
		}
		@@ -3207,8 +3215,10 @@ static void batadv_tt_local_purge_pending_clients(struct batadv_priv *bat_priv)

		/* decrease the reference held for this vlan */
		vlan = batadv_softif_vlan_get(bat_priv, tt_common->vid);
		if (vlan) {
		batadv_softif_vlan_free_ref(vlan);
		batadv_softif_vlan_free_ref(vlan);
		}

		batadv_tt_local_entry_free_ref(tt_local);
		}