From: Du Cheng <ducheng2@gmail.com>
Date: Fri, 16 Apr 2021 23:30:46 +0000 (+0800)
Subject: net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
X-Git-Tag: v5.4.120~103
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=9f6e107aab1477b499c3940f61212df441b0d220;p=users%2Fdwmw2%2Flinux.git

net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule

[ Upstream commit ed8157f1ebf1ae81a8fa2653e3f20d2076fad1c9 ]

There is a reproducible sequence from the userland that will trigger a WARN_ON()
condition in taprio_get_start_time, which causes kernel to panic if configured
as "panic_on_warn". Catch this condition in parse_taprio_schedule to
prevent this condition.

Reported as bug on syzkaller:
https://syzkaller.appspot.com/bug?extid=d50710fd0873a9c6b40c

Reported-by: syzbot+d50710fd0873a9c6b40c@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Acked-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index 09116be995113..a4de4853c79de 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -900,6 +900,12 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb,
 
 		list_for_each_entry(entry, &new->entries, list)
 			cycle = ktime_add_ns(cycle, entry->interval);
+
+		if (!cycle) {
+			NL_SET_ERR_MSG(extack, "'cycle_time' can never be 0");
+			return -EINVAL;
+		}
+
 		new->cycle_time = cycle;
 	}