Xin Long
unread,Jun 2, 2021, 5:39:12 PM6/2/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzbot, core...@netfilter.org, davem, Florian Westphal, Simon Horman, Julian Anastasov, kad...@netfilter.org, Jakub Kicinski, LKML, lvs-...@vger.kernel.org, network dev, netfilt...@vger.kernel.org, Pablo Neira Ayuso, syzkaller-bugs
do_ip_vs_set_ctl() allows users to add svc with the flags field set.
when IP_VS_SVC_F_HASHED is used, and in ip_vs_svc_hash()
called ip_vs_add_service() will trigger the err msg:
IPVS: ip_vs_svc_hash(): request for already hashed, called from
do_ip_vs_set_ctl+0x810/0xa40
and the svc allocated will leak.
so fix it by mask the flags with ~IP_VS_SVC_F_HASHED in
ip_vs_copy_usvc_compat(), while at it also remove the unnecessary
flag IP_VS_SVC_F_HASHED set in ip_vs_edit_service().
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index d45dbcba8b49..f09a443c9ec0 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1497,7 +1497,6 @@ ip_vs_edit_service(struct ip_vs_service *svc,
struct ip_vs_service_user_kern *u)
/*
* Set the flags and timeout value
*/
- svc->flags = u->flags | IP_VS_SVC_F_HASHED;
svc->timeout = u->timeout * HZ;
svc->netmask = u->netmask;
@@ -2430,7 +2429,7 @@ static void ip_vs_copy_usvc_compat(struct
ip_vs_service_user_kern *usvc,
/* Deep copy of sched_name is not needed here */
usvc->sched_name = usvc_compat->sched_name;
- usvc->flags = usvc_compat->flags;
+ usvc->flags = usvc_compat->flags & ~IP_VS_SVC_F_HASHED;
usvc->timeout = usvc_compat->timeout;
usvc->netmask = usvc_compat->netmask;