Commit ed8157f1 authored by Du Cheng's avatar Du Cheng Committed by David S. Miller
Browse files

net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule 

There is a reproducible sequence from the userland that will trigger a WARN_ON()
condition in taprio_get_start_time, which causes kernel to panic if configured
as "panic_on_warn". Catch this condition in parse_taprio_schedule to
prevent this condition.

Reported as bug on syzkaller:
https://syzkaller.appspot.com/bug?extid=d50710fd0873a9c6b40c



Reported-by: default avatar <syzbot+d50710fd0873a9c6b40c@syzkaller.appspotmail.com>
Signed-off-by: default avatarDu Cheng <ducheng2@gmail.com>
Acked-by: default avatarCong Wang <cong.wang@bytedance.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e16edc99

net/sched/sch_taprio.c

+6 −0
Original line number Diff line number Diff line
@@ -901,6 +901,12 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb, 


		list_for_each_entry(entry, &new->entries, list)

			cycle = ktime_add_ns(cycle, entry->interval);



		if (!cycle) {

			NL_SET_ERR_MSG(extack, "'cycle_time' can never be 0");

			return -EINVAL;

		}



		new->cycle_time = cycle;

	}