batman-adv: Increase orig_node refcount before releasing rcu read lock

When unicast_send_skb() is increasing the orig_node's refcount another
thread might have been freeing this orig_node already. We need to
increase the refcount in the rcu read lock protected area to avoid that.

Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>

net/batman-adv/gateway_client.c

@@ -54,6 +54,9 @@ void *gw_get_selected(struct bat_priv *bat_priv)
 
 	orig_node = curr_gateway_tmp->orig_node;
 
+	if (orig_node)
+		kref_get(&orig_node->refcount);
+
 out:
 	rcu_read_unlock();
 	return orig_node;

net/batman-adv/unicast.c

@@ -293,10 +293,9 @@ int unicast_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv)
 	spin_lock_bh(&bat_priv->orig_hash_lock);
 
 	/* get routing information */
-	if (is_multicast_ether_addr(ethhdr->h_dest))
+	if (is_multicast_ether_addr(ethhdr->h_dest)) {
 		orig_node = (struct orig_node *)gw_get_selected(bat_priv);
-		if (orig_node) {
-			kref_get(&orig_node->refcount);
+		if (orig_node)
 			goto find_router;
 	}