ipvs: Fix use-after-free in ip_vs_in

hulk inclusion
category: bugfix
bugzilla: 15741
CVE: NA

-------------------------------------------------

while unregistering ipvs module, ops_free_list calls
nf_unregister_net_hooks to do cleanup ipvs resource,
it need a RCU period. Howerver ip_vs_in is still hooked
the LOCALOUT chain, which dereference freed ipvs pointer
triggers use-after-free.
Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
Reviewed-by: NMao Wenan <maowenan@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

net/netfilter/ipvs/ip_vs_core.c

@@ -2288,6 +2288,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
 	ip_vs_control_net_cleanup(ipvs);
 	ip_vs_estimator_net_cleanup(ipvs);
 	IP_VS_DBG(2, "ipvs netns %d released\n", ipvs->gen);
+	rcu_barrier();
 	net->ipvs = NULL;
 }