Patch "batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 10 Apr 2024 12:02:50 -0400

This is a note to let you know that I've just added the patch titled

    batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     batman-adv-return-directly-after-a-failed-batadv_dat.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f765804dc16e11c3dc4fe975801a4b0cea1b7c16
Author: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date:   Tue Jan 2 07:27:45 2024 +0100

    batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
    
    [ Upstream commit ffc15626c861f811f9778914be004fcf43810a91 ]
    
    The kfree() function was called in one case by
    the batadv_dat_forward_data() function during error handling
    even if the passed variable contained a null pointer.
    This issue was detected by using the Coccinelle software.
    
    * Thus return directly after a batadv_dat_select_candidates() call failed
      at the beginning.
    
    * Delete the label “out” which became unnecessary with this refactoring.
    
    Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
    Acked-by: Sven Eckelmann <sven@xxxxxxxxxxxxx>
    Signed-off-by: Simon Wunderlich <sw@xxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 28a939d560906..4c7e855343245 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -684,7 +684,7 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv,
 
 	cand = batadv_dat_select_candidates(bat_priv, ip, vid);
 	if (!cand)
-		goto out;
+		return ret;
 
 	batadv_dbg(BATADV_DBG_DAT, bat_priv, "DHT_SEND for %pI4\n", &ip);
 
@@ -728,7 +728,6 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv,
 		batadv_orig_node_put(cand[i].orig_node);
 	}
 
-out:
 	kfree(cand);
 	return ret;
 }







