ipvs: properly dereference pe in ip_vs_add_service

PlaidCat · PlaidCat · commit a037f40ab886 · 2025-06-06T13:31:52.000-04:00
jira LE-3201 cve CVE-2024-42322 Rebuild_History Non-Buildable kernel-rt-4.18.0-553.22.1.rt7.363.el8_10 commit-author Chen Hanxiao <chenhx.fnst@fujitsu.com> commit cbd070a Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/cbd070a4.failed Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Fixes: 39b9722 ("ipvs: handle connections started by real-servers") Signed-off-by: Chen Hanxiao <chenhx.fnst@fujitsu.com> Acked-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms@kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit cbd070a) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # net/netfilter/ipvs/ip_vs_ctl.c
diff --git a/ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/cbd070a4.failed b/ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/cbd070a4.failed
@@ -0,0 +1,63 @@
+ipvs: properly dereference pe in ip_vs_add_service
+
+jira LE-3201
+cve CVE-2024-42322
+Rebuild_History Non-Buildable kernel-rt-4.18.0-553.22.1.rt7.363.el8_10
+commit-author Chen Hanxiao <chenhx.fnst@fujitsu.com>
+commit cbd070a4ae62f119058973f6d2c984e325bce6e7
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/cbd070a4.failed
+
+Use pe directly to resolve sparse warning:
+
+  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
+
+Fixes: 39b972231536 ("ipvs: handle connections started by real-servers")
+	Signed-off-by: Chen Hanxiao <chenhx.fnst@fujitsu.com>
+	Acked-by: Julian Anastasov <ja@ssi.bg>
+	Acked-by: Simon Horman <horms@kernel.org>
+	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit cbd070a4ae62f119058973f6d2c984e325bce6e7)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	net/netfilter/ipvs/ip_vs_ctl.c
+diff --cc net/netfilter/ipvs/ip_vs_ctl.c
+index 2d211237ec4a,706c2b52a1ac..000000000000
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@@ -1303,19 -1455,21 +1303,31 @@@ ip_vs_add_service(struct netns_ipvs *ip
+  		sched = NULL;
+  	}
+  
+++<<<<<<< HEAD
+ +	/* Bind the ct retriever */
+ +	RCU_INIT_POINTER(svc->pe, pe);
+ +	pe = NULL;
+++=======
++ 	ret = ip_vs_start_estimator(ipvs, &svc->stats);
++ 	if (ret < 0)
++ 		goto out_err;
+++>>>>>>> cbd070a4ae62 (ipvs: properly dereference pe in ip_vs_add_service)
+  
+  	/* Update the virtual service counters */
+  	if (svc->port == FTPPORT)
+  		atomic_inc(&ipvs->ftpsvc_counter);
+  	else if (svc->port == 0)
+  		atomic_inc(&ipvs->nullsvc_counter);
+- 	if (svc->pe && svc->pe->conn_out)
++ 	if (pe && pe->conn_out)
+  		atomic_inc(&ipvs->conn_out_counter);
+  
+++<<<<<<< HEAD
+ +	ip_vs_start_estimator(ipvs, &svc->stats);
+++=======
++ 	/* Bind the ct retriever */
++ 	RCU_INIT_POINTER(svc->pe, pe);
++ 	pe = NULL;
+++>>>>>>> cbd070a4ae62 (ipvs: properly dereference pe in ip_vs_add_service)
+  
+  	/* Count only IPv4 services for old get/setsockopt interface */
+  	if (svc->af == AF_INET)
+* Unmerged path net/netfilter/ipvs/ip_vs_ctl.c
