On Tuesday 17 December 2013 16:35:13 Simon Wunderlich wrote:
> If there is no best neighbor, don't dereference the NULL pointer.
> 
> Introduced by 9bb33b8d88e318c4879d37d06ad28e3e018b9036 ("batman-adv:
> split tq information in neigh_node struct")
> 
> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
> ---
>  originator.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/originator.c b/originator.c
> index 2243003..9fcde58 100644
> --- a/originator.c
> +++ b/originator.c
> @@ -789,7 +789,7 @@ batadv_find_best_neighbor(struct batadv_priv *bat_priv,
>  					best, if_outgoing) <= 0))
>  			best = neigh;
> 
> -	if (!atomic_inc_not_zero(&best->refcount))
> +	if (best && !atomic_inc_not_zero(&best->refcount))
>  		best = NULL;
>  	rcu_read_unlock();

Although this is a valid fix the approach could be improved. The for-loop 
should check whether the counter can be increased. Otherwise we might select a 
best-neighbor that is being purged and end up with no best despite having 
alternatives.

Cheers,
Marek