From: Ido Schimmel <ido...@idosch.org> Date: Thu, 4 Jul 2019 19:26:38 +0300
> Both ip_neigh_gw4() and ip_neigh_gw6() can return either a valid pointer > or an error pointer, but the code currently checks that the pointer is > not NULL. ... > @@ -447,7 +447,7 @@ static struct neighbour *ipv4_neigh_lookup(const struct > dst_entry *dst, > n = ip_neigh_gw4(dev, pkey); > } > > - if (n && !refcount_inc_not_zero(&n->refcnt)) > + if (!IS_ERR(n) && !refcount_inc_not_zero(&n->refcnt)) > n = NULL; > > rcu_read_unlock_bh(); Don't the callers expect only non-error pointers? All of this stuff is so confusing and fragile...
