ipvs: properly dereference pe in ip_vs_add_service

[ Upstream commit cbd070a4ae62f119058973f6d2c984e325bce6e7 ]

Use pe directly to resolve sparse warning:

  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression

Fixes: 39b972231536 ("ipvs: handle connections started by real-servers")
Signed-off-by: Chen Hanxiao <chenhx.fnst@fujitsu.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[ Resolve minor conflicts to fix CVE-2024-42322 ]
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 17a1b731a76b1d129bfc8edd9b5d701963d19b49..18e37b32a5d6101cc24afb105214857cac50a081 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1382,18 +1382,18 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,
                sched = NULL;
        }
 
-       /* Bind the ct retriever */
-       RCU_INIT_POINTER(svc->pe, pe);
-       pe = NULL;
-
        /* Update the virtual service counters */
        if (svc->port == FTPPORT)
                atomic_inc(&ipvs->ftpsvc_counter);
        else if (svc->port == 0)
                atomic_inc(&ipvs->nullsvc_counter);
-       if (svc->pe && svc->pe->conn_out)
+       if (pe && pe->conn_out)
                atomic_inc(&ipvs->conn_out_counter);
 
+       /* Bind the ct retriever */
+       RCU_INIT_POINTER(svc->pe, pe);
+       pe = NULL;
+
        ip_vs_start_estimator(ipvs, &svc->stats);
 
        /* Count only IPv4 services for old get/setsockopt interface */