Commit 12d7242b authored Aug 20, 2024 by Chen Hanxiao Committed by Zhengchao Shao Aug 20, 2024

ipvs: properly dereference pe in ip_vs_add_service

mainline inclusion
from mainline-v6.11-rc1
commit cbd070a4ae62f119058973f6d2c984e325bce6e7
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ7N
CVE: CVE-2024-42322

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbd070a4ae62f119058973f6d2c984e325bce6e7



-------------------------------------------

Use pe directly to resolve sparse warning:

  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression

Fixes: 39b97223 ("ipvs: handle connections started by real-servers")
Signed-off-by: Chen Hanxiao <chenhx.fnst@fujitsu.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Conflicts:
	net/netfilter/ipvs/ip_vs_ctl.c
[The conflict occurs because the commit 705dd344("ipvs: use kthreads
for stats estimation") is not merged]
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>

parent 6b96457d

net/netfilter/ipvs/ip_vs_ctl.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -1384,18 +1384,18 @@ ip_vs_add_service(struct netns_ipvs ipvs, struct ip_vs_service_user_kern u,
		sched = NULL;
		}

		/* Bind the ct retriever */
		RCU_INIT_POINTER(svc->pe, pe);
		pe = NULL;

		/* Update the virtual service counters */
		if (svc->port == FTPPORT)
		atomic_inc(&ipvs->ftpsvc_counter);
		else if (svc->port == 0)
		atomic_inc(&ipvs->nullsvc_counter);
		if (svc->pe && svc->pe->conn_out)
		if (pe && pe->conn_out)
		atomic_inc(&ipvs->conn_out_counter);

		/* Bind the ct retriever */
		RCU_INIT_POINTER(svc->pe, pe);
		pe = NULL;

		ip_vs_start_estimator(ipvs, &svc->stats);

		/* Count only IPv4 services for old get/setsockopt interface */