Function nal_reserve() will return NULL if the tailroom of skb is insufficient, so the return value shall be checked against NULL before used. But in function reset_per_cpu_data(), the return value of nla_reserve() (called at net/core/drop_monitor.c:90)is used without NULL check.
The related code snippets are as following.
87 data->skb = genlmsg_new(al, GFP_KERNEL);
88 genlmsg_put(data->skb, 0, 0, &net_drop_monitor_family,
89 0, NET_DM_CMD_ALERT);
90 nla = nla_reserve(data->skb, NLA_UNSPEC, sizeof(struct net_dm_alert_msg));
91 msg = nla_data(nla);
From looking up the source code of genlmsg_put(), whether will nla_reserve() return a NULL pointer depends on value of net_drop_mointor_family.hard_size. So I am not sure whether the missing check of variable nla against NULL is a real bug or is the author's purpose to avoid wasting time because in this context nla_reserve() will never return a NULL pointer.
I am sorry to trouble, but I want to make sure whether this a real bug or a false positive.
If this doesn't return a NULL pointer ever why check for it?
I don't think this is a bug and would close it.