This is a note to let you know that I've just added the patch titled batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: batman-adv-return-directly-after-a-failed-batadv_dat.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 8be77f80682c2a81fad3ba80e7c28b9a49ace237 Author: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> Date: Tue Jan 2 07:27:45 2024 +0100 batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() [ Upstream commit ffc15626c861f811f9778914be004fcf43810a91 ] The kfree() function was called in one case by the batadv_dat_forward_data() function during error handling even if the passed variable contained a null pointer. This issue was detected by using the Coccinelle software. * Thus return directly after a batadv_dat_select_candidates() call failed at the beginning. * Delete the label “out” which became unnecessary with this refactoring. Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> Acked-by: Sven Eckelmann <sven@xxxxxxxxxxxxx> Signed-off-by: Simon Wunderlich <sw@xxxxxxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index ddd3b4c70a516..b1cb6ecffceb9 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -687,7 +687,7 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv, cand = batadv_dat_select_candidates(bat_priv, ip, vid); if (!cand) - goto out; + return ret; batadv_dbg(BATADV_DBG_DAT, bat_priv, "DHT_SEND for %pI4\n", &ip); @@ -731,7 +731,6 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv, batadv_orig_node_put(cand[i].orig_node); } -out: kfree(cand); return ret; }