Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies

From: Leon Romanovsky
Date: Tue Aug 15 2023 - 04:07:01 EST

Next message: Heiko Carstens: "Re: [PATCH v2] s390/mm: Make virt_to_pfn() a static inline"
Previous message: Linus Walleij: "Re: [PATCH 2/2] gpio: sim: simplify code with cleanup helpers"
In reply to: Herbert Xu: "Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies"
Next in thread: Leon Romanovsky: "Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 15, 2023 at 03:51:44PM +0800, Herbert Xu wrote:
> On Tue, Aug 15, 2023 at 10:30:33AM +0300, Leon Romanovsky wrote:
> >
> > But policy has, and we are not interested in validity of it as first
> > check in if (...) will be true for policy->walk.dead.
> >
> > So it is safe to call to dir = xfrm_policy_id2dir(policy->index) even
> > for dead policy.
>
> If you dereference policy->index on a walker object it will read memory
> before the start of the walker object. That could do anything, perhaps
> even triggering a page fault.

Where do you see walker object? xfrm_policy_id2dir() is called on policy
object, which is defined as "struct xfrm_policy".

Thanks

>
> Cheers,
> --
> Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Heiko Carstens: "Re: [PATCH v2] s390/mm: Make virt_to_pfn() a static inline"
Previous message: Linus Walleij: "Re: [PATCH 2/2] gpio: sim: simplify code with cleanup helpers"
In reply to: Herbert Xu: "Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies"
Next in thread: Leon Romanovsky: "Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]