Re: [Patch net, v2] net: xfrm: skip policies marked as dead while reinserting policies
From: Herbert Xu
Date: Tue Aug 15 2023 - 03:53:30 EST
On Tue, Aug 15, 2023 at 10:30:33AM +0300, Leon Romanovsky wrote:
>
> But policy has, and we are not interested in validity of it as first
> check in if (...) will be true for policy->walk.dead.
>
> So it is safe to call to dir = xfrm_policy_id2dir(policy->index) even
> for dead policy.
If you dereference policy->index on a walker object it will read memory
before the start of the walker object. That could do anything, perhaps
even triggering a page fault.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt