{"id":2230902,"url":"http://patchwork.ozlabs.org/api/patches/2230902/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260430074420.26697-5-ja@ssi.bg/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430074420.26697-5-ja@ssi.bg>","list_archive_url":null,"date":"2026-04-30T07:44:16","name":"[PATCHv3,nf,4/8] ipvs: do not leak dest after get from dest trash","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e1eb8b740227d9e712b08820ffefd42e5d5dba3e","submitter":{"id":2825,"url":"http://patchwork.ozlabs.org/api/people/2825/?format=json","name":"Julian Anastasov","email":"ja@ssi.bg"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260430074420.26697-5-ja@ssi.bg/mbox/","series":[{"id":502227,"url":"http://patchwork.ozlabs.org/api/series/502227/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502227","date":"2026-04-30T07:44:12","name":"IPVS fixes for nf","version":1,"mbox":"http://patchwork.ozlabs.org/series/502227/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2230902/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2230902/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (4096-bit key;\n unprotected) header.d=ssi.bg header.i=@ssi.bg header.a=rsa-sha256\n header.s=ssi header.b=oWIIzpra;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12324-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=\"oWIIzpra\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=193.238.174.39","smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=ssi.bg"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5mZ56Wdpz1yGq\n\tfor ; Thu, 30 Apr 2026 17:50:53 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 835423013D44\n\tfor ; Thu, 30 Apr 2026 07:48:06 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7BFE43FA5F5;\n\tThu, 30 Apr 2026 07:48:05 +0000 (UTC)","from mx.ssi.bg (mx.ssi.bg [193.238.174.39])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id D341135836B;\n\tThu, 30 Apr 2026 07:48:02 +0000 (UTC)","from mx.ssi.bg (localhost [127.0.0.1])\n\tby mx.ssi.bg (Potsfix) with ESMTP id 31A3A22930;\n\tThu, 30 Apr 2026 10:47:55 +0300 (EEST)","from box.ssi.bg (box.ssi.bg [193.238.174.46])\n\tby mx.ssi.bg (Potsfix) with ESMTPS;\n\tThu, 30 Apr 2026 10:47:53 +0300 (EEST)","from ja.ssi.bg (unknown [213.16.62.126])\n\tby box.ssi.bg (Potsfix) with ESMTPSA id EECF562B23;\n\tThu, 30 Apr 2026 10:47:52 +0300 (EEST)","from ja.home.ssi.bg (localhost.localdomain [127.0.0.1])\n\tby ja.ssi.bg (8.18.1/8.18.1) with ESMTP id 63U7iwgu027465;\n\tThu, 30 Apr 2026 10:44:58 +0300","(from root@localhost)\n\tby ja.home.ssi.bg (8.18.1/8.18.1/Submit) id 63U7iwCP027464;\n\tThu, 30 Apr 2026 10:44:58 +0300"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777535284; cv=none;\n b=RV3dK1M5ySviE7853+Os/CRXiy9Hfg5Utj2yEqhaziiufU3n9CbJPbdH2YUK5bgKhck1/a631kfVhY1b6ZsrXu9pCk45rxnstviHbeFuRqX0hc4bPbM68iFBt3bUdJmLwGUmIrfZFCnHVvz/uTyYYr04FlH8FBb53tlyt1jbEi8=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777535284; c=relaxed/simple;\n\tbh=dTo9HHruW8QVv/6+G5t8xN35S3zWzyhJt4phdhyCqTE=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=VZPOOGmhcCocYqUydV3Bpwf7MOa7L/Wvbd1dwLhwExy77RVuwDsxO2v5qhh6FOB2HmYRETcuJ31WRbhnr/Eba10Z+Ef3oh1FM5qNFL1FEPPljMFnbvInLvsdZir6WYz4FFaslEk70GE1U4esNzQcRgT9hNzKguJRUWGr0FxmHjI=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg;\n spf=pass smtp.mailfrom=ssi.bg;\n dkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=oWIIzpra;\n arc=none smtp.client-ip=193.238.174.39","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssi.bg; h=cc:cc\n\t:content-transfer-encoding:date:from:from:in-reply-to:message-id\n\t:mime-version:references:reply-to:subject:subject:to:to; s=ssi;\n\t bh=+5l6HjIa6pEN1i6IQbOcoo3u2ww0YtZrxpJ29skJSz0=; b=oWIIzprak8go\n\t09LmI5ewAZXaG/X9IwBWluzPXz5nLnuHGq6JB5YnipnnVa8tfiBM+oCRgJe6zpgG\n\tEKca977K4ufN+XsiHPYQ+8RRwXTuiBtcoLVwzQYip3TC5wIZuYAJ0bW9/FSckduT\n\tgGC08zcppk70s4gbGe0URevMZsdEFSqAeyFwKdyUudxmwGSxY3k0neYq5FH0Hi1l\n\tRkUAazTBOLp9tAf2n/a+eRGwxOcyHtTWOJ731vcHszpOlrHpkoKpltMG3pgx+7vz\n\th5F4g3334qmtu8OIH9/KnpfaZC/sOwBAu0w7oqlilOCJyyP3XrVjs+rHJTjcWOeS\n\tculQffY3+0zAoGsl7edip5+vPF4eu8059o5sNUSs3lKoece0NY1S6CFmK7jC/Ktk\n\to9cpQzNG1EQEqA+NxLvcifTmkVkKw8DMcujr6Iq9JBPGKirpnx4JHnyDa8fSUxAk\n\t53klIjANQR37aGoNh+rP13OzppAGhbWm3H8EuX8Qzf40XbI1DTQeB2HMzyEm30k3\n\tNwv+D/o4S/GsPSWsC3gNAamR5u0SkYMyOhFACFfIKy5D/ZAV1PkjmKbY2jMXn6g+\n\tO66miYrSkSvBCnCACGpUvoeZc9+cToQyGqZHAWTByO6bMXYIYKi2jvEzcQtsIVFw\n\tQ2yFtoXNuhjQBmpckoKXkxspPPmkxVQ=","From":"Julian Anastasov ","To":"Simon Horman ","Cc":"Pablo Neira Ayuso , Florian Westphal ,\n Waiman Long , lvs-devel@vger.kernel.org,\n netfilter-devel@vger.kernel.org","Subject":"[PATCHv3 nf 4/8] ipvs: do not leak dest after get from dest trash","Date":"Thu, 30 Apr 2026 10:44:16 +0300","Message-ID":"<20260430074420.26697-5-ja@ssi.bg>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260430074420.26697-1-ja@ssi.bg>","References":"<20260430074420.26697-1-ja@ssi.bg>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Sashiko warns about leaked dest if ip_vs_start_estimator()\nfails in ip_vs_add_dest(). Add ip_vs_trash_put_dest() to\nput back the dest into dest trash.\n\nLink: https://sashiko.dev/#/patchset/20260428175725.72050-1-ja%40ssi.bg\nFixes: 705dd3444081 (\"ipvs: use kthreads for stats estimation\")\nSigned-off-by: Julian Anastasov \n---\n net/netfilter/ipvs/ip_vs_ctl.c | 37 ++++++++++++++++++++++------------\n 1 file changed, 24 insertions(+), 13 deletions(-)","diff":"diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex caec516856e9..d81077c2457a 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -1102,6 +1102,24 @@ ip_vs_trash_get_dest(struct ip_vs_service *svc, int dest_af,\n \treturn dest;\n }\n \n+/* Put destination in trash */\n+static void ip_vs_trash_put_dest(struct netns_ipvs *ipvs,\n+\t\t\t\t struct ip_vs_dest *dest, unsigned long istart,\n+\t\t\t\t bool cleanup)\n+{\n+\tspin_lock_bh(&ipvs->dest_trash_lock);\n+\tIP_VS_DBG_BUF(3, \"Moving dest %s:%u into trash, dest->refcnt=%d\\n\",\n+\t\t IP_VS_DBG_ADDR(dest->af, &dest->addr), ntohs(dest->port),\n+\t\t refcount_read(&dest->refcnt));\n+\tif (list_empty(&ipvs->dest_trash) && !cleanup)\n+\t\tmod_timer(&ipvs->dest_trash_timer,\n+\t\t\t jiffies + (IP_VS_DEST_TRASH_PERIOD >> 1));\n+\t/* dest lives in trash with reference */\n+\tlist_add(&dest->t_list, &ipvs->dest_trash);\n+\tdest->idle_start = istart;\n+\tspin_unlock_bh(&ipvs->dest_trash_lock);\n+}\n+\n static void ip_vs_dest_rcu_free(struct rcu_head *head)\n {\n \tstruct ip_vs_dest *dest;\n@@ -1461,9 +1479,12 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)\n \t\t\t ntohs(dest->vport));\n \n \t\tret = ip_vs_start_estimator(svc->ipvs, &dest->stats);\n+\t\t/* On error put back dest into the trash */\n \t\tif (ret < 0)\n-\t\t\treturn ret;\n-\t\t__ip_vs_update_dest(svc, dest, udest, 1);\n+\t\t\tip_vs_trash_put_dest(svc->ipvs, dest, dest->idle_start,\n+\t\t\t\t\t false);\n+\t\telse\n+\t\t\t__ip_vs_update_dest(svc, dest, udest, 1);\n \t} else {\n \t\t/*\n \t\t * Allocate and initialize the dest structure\n@@ -1533,17 +1554,7 @@ static void __ip_vs_del_dest(struct netns_ipvs *ipvs, struct ip_vs_dest *dest,\n \t */\n \tip_vs_rs_unhash(dest);\n \n-\tspin_lock_bh(&ipvs->dest_trash_lock);\n-\tIP_VS_DBG_BUF(3, \"Moving dest %s:%u into trash, dest->refcnt=%d\\n\",\n-\t\t IP_VS_DBG_ADDR(dest->af, &dest->addr), ntohs(dest->port),\n-\t\t refcount_read(&dest->refcnt));\n-\tif (list_empty(&ipvs->dest_trash) && !cleanup)\n-\t\tmod_timer(&ipvs->dest_trash_timer,\n-\t\t\t jiffies + (IP_VS_DEST_TRASH_PERIOD >> 1));\n-\t/* dest lives in trash with reference */\n-\tlist_add(&dest->t_list, &ipvs->dest_trash);\n-\tdest->idle_start = 0;\n-\tspin_unlock_bh(&ipvs->dest_trash_lock);\n+\tip_vs_trash_put_dest(ipvs, dest, 0, cleanup);\n \n \t/* Queue up delayed work to expire all no destination connections.\n \t * No-op when CONFIG_SYSCTL is disabled.\n","prefixes":["PATCHv3","nf","4/8"]}