On 11/02/14 18:22, Andrew Lunn wrote:
>> +static struct batadv_orig_node *
>> +batadv_v_ogm_orig_get(struct batadv_priv *bat_priv, const uint8_t *addr)
>> +{
>> +	struct batadv_orig_node *orig_node;
>> +	int hash_added;
>> +
>> +	orig_node = batadv_orig_hash_find(bat_priv, addr);
>> +	if (orig_node)
>> +		return orig_node;
>> +
>> +	orig_node = batadv_orig_node_new(bat_priv, addr);
> 
> Can this fail and return NULL?

Yes it can. Better to check.

> 
>> +
>> +	hash_added = batadv_hash_add(bat_priv->orig_hash, batadv_compare_orig,
>> +				     batadv_choose_orig, orig_node,
>> +				     &orig_node->hash_entry);
>> +	if (hash_added != 0) {
>> +		batadv_orig_node_free_ref(orig_node);
>> +		batadv_orig_node_free_ref(orig_node);
> 
> Looks odd. If it is correct, it should have a comment why it is
> correct.

We have a similar problem in the current (B.A.T.M.A.N. IV) code too.
The point is that orig_node->refcounter is initialised to 2, therefore
if we want to free the object in this early phase we need to invoke the
free_ref() twice.

By the way...I was just thinking that we could invoke kfree() directly
here (the orig_node is not referenced in any other context since it has
been just allocated).

Cheers,


-- 
Antonio Quartulli