mirror of https://github.com/torvalds/linux.git
134121bfd9
On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp
before connections with valid cp->app pointers are flushed, leading to a
use-after-free.
Fix this by introducing a global `exiting_module` flag, set to true in
ip_vs_ftp_exit() before unregistering the pernet subsystem. In
__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns
cleanup (when exiting_module is false) and defer it to
__ip_vs_cleanup_batch(), which unregisters all apps after all connections
are flushed. If called during module exit, unregister ip_vs_ftp
immediately.
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| ip_vs_app.c | ||
| ip_vs_conn.c | ||
| ip_vs_core.c | ||
| ip_vs_ctl.c | ||
| ip_vs_dh.c | ||
| ip_vs_est.c | ||
| ip_vs_fo.c | ||
| ip_vs_ftp.c | ||
| ip_vs_lblc.c | ||
| ip_vs_lblcr.c | ||
| ip_vs_lc.c | ||
| ip_vs_mh.c | ||
| ip_vs_nfct.c | ||
| ip_vs_nq.c | ||
| ip_vs_ovf.c | ||
| ip_vs_pe.c | ||
| ip_vs_pe_sip.c | ||
| ip_vs_proto.c | ||
| ip_vs_proto_ah_esp.c | ||
| ip_vs_proto_sctp.c | ||
| ip_vs_proto_tcp.c | ||
| ip_vs_proto_udp.c | ||
| ip_vs_rr.c | ||
| ip_vs_sched.c | ||
| ip_vs_sed.c | ||
| ip_vs_sh.c | ||
| ip_vs_sync.c | ||
| ip_vs_twos.c | ||
| ip_vs_wlc.c | ||
| ip_vs_wrr.c | ||
| ip_vs_xmit.c | ||