Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2218433/?format=api
{ "id": 2218433, "url": "http://patchwork.ozlabs.org/api/patches/2218433/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260401075800.3344266-2-bestswngs@gmail.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260401075800.3344266-2-bestswngs@gmail.com>", "list_archive_url": null, "date": "2026-04-01T07:58:01", "name": "[net,v2] ipvs: fix NULL deref in ip_vs_add_service error path", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "e8d77e2cf26d3f62922c3967088fc7a15fc6eda1", "submitter": { "id": 92941, "url": "http://patchwork.ozlabs.org/api/people/92941/?format=api", "name": "Weiming Shi", "email": "bestswngs@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260401075800.3344266-2-bestswngs@gmail.com/mbox/", "series": [ { "id": 498291, "url": "http://patchwork.ozlabs.org/api/series/498291/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=498291", "date": "2026-04-01T07:58:01", "name": "[net,v2] ipvs: fix NULL deref in ip_vs_add_service error path", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/498291/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2218433/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2218433/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <netfilter-devel+bounces-11539-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=HnlDtbNi;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11539-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"HnlDtbNi\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.215.170", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4flyS53kc8z1yCp\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 01 Apr 2026 19:13:57 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id B108D312C9B6\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 1 Apr 2026 08:00:51 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id A05B339A7EA;\n\tWed, 1 Apr 2026 08:00:48 +0000 (UTC)", "from mail-pg1-f170.google.com (mail-pg1-f170.google.com\n [209.85.215.170])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id CAEA2386C3E\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 1 Apr 2026 08:00:46 +0000 (UTC)", "by mail-pg1-f170.google.com with SMTP id\n 41be03b00d2f7-c74244dc0b3so3942755a12.2\n for <netfilter-devel@vger.kernel.org>;\n Wed, 01 Apr 2026 01:00:46 -0700 (PDT)", "from SLSGDTSWING002.tail0ac356.ts.net ([129.126.109.177])\n by smtp.gmail.com with ESMTPSA id\n d2e1a72fcca58-82ca846e08dsm12865913b3a.24.2026.04.01.01.00.42\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 01 Apr 2026 01:00:45 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775030448; cv=none;\n b=Srr9MyFIQpeFInJlbJ2fbkH7yEMkk/eh8NAbi8izuR/r5TGDOTWFU9qgJ2xUhnKM/ZIW8IR+Auc0OR3un4NtPCPCNqoJbMApX1Q5A+sFZVDlBcP137hZeczLSvYB2liyqMq/YmecyNfQSEB06b8+32R6VrWhHm+XDZZCl2n++WE=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775030448; c=relaxed/simple;\n\tbh=IPr2oYPn/26eQSmWxcSleR1D2ek6vWmOS678MnORj2o=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=GgUx+m8ghMctwF716N0aUdju0lQSwvZ7y0teMS0/31rhzt4winIMBud9ispcHMbgXyGUd45tSVVXlGbxCuHCkTIbyMZSjQH8mngjM1XM62aIiSGvC0+ub417m8oW2hc5FVHfJZ49fYa3xp7B2coWPYIhxlHAgod261Yz1g/mJuo=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=HnlDtbNi; arc=none smtp.client-ip=209.85.215.170", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775030446; x=1775635246;\n darn=vger.kernel.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=2y8dUPGFi+UBO55SBUip5Hfz6jHTFtt4ylYjmLjQEmw=;\n b=HnlDtbNiLMneGLpWqFnifSQaPv14PcjRdIP6OuLaTJvhit+92zAPvm5zwqbtO26tub\n zMEWYmhjaJX0lxSMph241x1sJVwJTNgpKrhlwbs4w4kD0J1+JggpTaknNKWswBOpyuoE\n 58Q4acqJXuJaio+Q4xObL2vVC7zzD8d55YsOLGA5+HtnKPdbJevveFsKWtqjgLvzN8ZK\n 7Dn8wtHseyeJymCBbbMvAADrvGifMvI8Vj/1wsiR1CA1p3YPr/ZkihAefaD7g3LnjExa\n KwcuJGZQY/Bl4EXCrAzdg4oNaWbhjx1ruCJ/wEsoEyLhbIkKgkGFf/LVEAsUlWizCkhe\n ZBWQ==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775030446; x=1775635246;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=2y8dUPGFi+UBO55SBUip5Hfz6jHTFtt4ylYjmLjQEmw=;\n b=Yqo3w7fyYbXtYbDrRFmXWij8hU1GZcv239+8Vawsv9yypv43tQa1TKgeOj7plQhQHy\n Yl8egSJzqxWYAQmYjXwkxAliPp7CO7ctQPdEvooiCh587SoJgIbLL+8MhxOmSYSvgzgk\n Fj9ovXsqzMSPjbGBCdwwtqAuDOq1XpNvYWJ2mfjDvL87nIPGOD93uaC/jgvrR83O7Qqz\n 8yL0V/0misyXBQr0/ZtGmkQnKL30Iv/YnSoVwV/7cTxkSkWS2NCQPYE/f8pxoLiet61K\n Qe58G5Fj2MscJ7MoLkMw9fIiUA1Gxkhph7AuOB7q1o1fMd1t9Wpri6VwtC0y0smyG6Iz\n pUWQ==", "X-Forwarded-Encrypted": "i=1;\n AJvYcCWcQ34mHerCihbjRWL6Me24i/T+y89cOKILmGAfiteH+LYDXeEr1Y57fi2xoDY6nqL3yt4inA//0mYi1RUKrnI=@vger.kernel.org", "X-Gm-Message-State": "AOJu0YxoRkajfqF1lYqbbFo3bV4guEgtIyXxY1GxQ85r1uwS3xFVwXPg\n\tCGvA0eR6+onFp+qcbATIDcPeXOww39tZkCKp46Iv6panU5KWNHTWGyEk", "X-Gm-Gg": "ATEYQzzjKhq9Rwi2rThDc4At3OLQrq9nGnr/jSCELgV0NZesvGOoKp8inHoxhWcOs2G\n\tz6AMEcKV/k5yW0n6zkzQUF6nKlbl8nRq8LUrpXUjgSEAx7XPHrF7b1J13jNUkmt2i1IstBlFRqX\n\tLDBIKA0cAno2YBClzIHaHDeYY4xQg+ejMtPo2GPhXjigNMZaEnPX7zRUEHNh5JVRy/Oohieogtu\n\th0m2Bb3urDj07RBDyrotvYOfg3Z2gPxt1ji/rhDhm/N6LB8xlEj1t8aaWrpOULw6VuaKy/OapqV\n\tncDGPPKHxFxSylC/i5AgMwHG9mZM7u/VqOUPG7Ox4IBpZs9o4JGAqQ0NZdkKyyvZnGkd/DQoQNu\n\tdFc+hri8SnbWVMVSzQITbwJ/wN9bL8pUxq9xuezRqv2VWeMbtV+vacdMvVU48hpX52AWWxNJOda\n\tVFNN31STWEnPPFQXP0eYqe+rPngGx6toSyrCtpAZMESjiot/UgoLcx6vczN7Ne3raG11s1WR0m3\n\ttLzX4d+IUHE", "X-Received": "by 2002:a05:6a20:2592:b0:394:5513:ce5 with SMTP id\n adf61e73a8af0-39ef774ffadmr2721870637.51.1775030446152;\n Wed, 01 Apr 2026 01:00:46 -0700 (PDT)", "From": "Weiming Shi <bestswngs@gmail.com>", "To": "Simon Horman <horms@verge.net.au>,\n\tJulian Anastasov <ja@ssi.bg>,\n\tPablo Neira Ayuso <pablo@netfilter.org>,\n\tFlorian Westphal <fw@strlen.de>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>,\n\tPaolo Abeni <pabeni@redhat.com>", "Cc": "Phil Sutter <phil@nwl.cc>,\n\tnetdev@vger.kernel.org,\n\tlvs-devel@vger.kernel.org,\n\tnetfilter-devel@vger.kernel.org,\n\tcoreteam@netfilter.org,\n\tXiang Mei <xmei5@asu.edu>,\n\tWeiming Shi <bestswngs@gmail.com>", "Subject": "[PATCH net v2] ipvs: fix NULL deref in ip_vs_add_service error path", "Date": "Wed, 1 Apr 2026 15:58:01 +0800", "Message-ID": "<20260401075800.3344266-2-bestswngs@gmail.com>", "X-Mailer": "git-send-email 2.43.0", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "When ip_vs_bind_scheduler() succeeds in ip_vs_add_service(), the local\nvariable sched is set to NULL. If ip_vs_start_estimator() subsequently\nfails, the out_err cleanup calls ip_vs_unbind_scheduler(svc, sched)\nwith sched == NULL. ip_vs_unbind_scheduler() passes the cur_sched NULL\ncheck (because svc->scheduler was set by the successful bind) but then\ndereferences the NULL sched parameter at sched->done_service, causing a\nkernel panic at offset 0x30 from NULL.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n RIP: 0010:ip_vs_unbind_scheduler (net/netfilter/ipvs/ip_vs_sched.c:69)\n Call Trace:\n <TASK>\n ip_vs_add_service.isra.0 (net/netfilter/ipvs/ip_vs_ctl.c:1500)\n do_ip_vs_set_ctl (net/netfilter/ipvs/ip_vs_ctl.c:2809)\n nf_setsockopt (net/netfilter/nf_sockopt.c:102)\n ip_setsockopt (net/ipv4/ip_sockglue.c:1427)\n raw_setsockopt (net/ipv4/raw.c:850)\n do_sock_setsockopt (net/socket.c:2322)\n __sys_setsockopt (net/socket.c:2339)\n __x64_sys_setsockopt (net/socket.c:2350)\n do_syscall_64 (arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n </TASK>\n\nFix by simply not clearing the local sched variable after a successful\nbind. ip_vs_unbind_scheduler() already detects whether a scheduler is\ninstalled via svc->scheduler, and keeping sched non-NULL ensures the\nerror path passes the correct pointer to both ip_vs_unbind_scheduler()\nand ip_vs_scheduler_put().\n\nFixes: 05f00505a89a (\"ipvs: fix crash if scheduler is changed\")\nReported-by: Xiang Mei <xmei5@asu.edu>\nSigned-off-by: Weiming Shi <bestswngs@gmail.com>\n---\nv2: Remove \"sched = NULL\" instead of recovering it in out_err (Julian)\n\n net/netfilter/ipvs/ip_vs_ctl.c | 1 -\n 1 file changed, 1 deletion(-)", "diff": "diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex 35642de2a0fee..2aaf50f52c8e8 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -1452,7 +1452,6 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,\n \t\tret = ip_vs_bind_scheduler(svc, sched);\n \t\tif (ret)\n \t\t\tgoto out_err;\n-\t\tsched = NULL;\n \t}\n \n \tret = ip_vs_start_estimator(ipvs, &svc->stats);\n", "prefixes": [ "net", "v2" ] }