There is a reproducible sequence from the userland that will trigger a WARN_ON() condition in taprio_get_start_time, which causes kernel to panic if configured as "panic_on_warn". Catch this condition in parse_taprio_schedule to prevent this condition.
Reported as bug on syzkaller: https://syzkaller.appspot.com/bug?extid=d50710fd0873a9c6b40c Reported-by: syzbot+d50710fd0873a9c6b...@syzkaller.appspotmail.com Signed-off-by: Du Cheng <duche...@gmail.com> --- changelog v1: Discussion https://lore.kernel.org/netdev/YHfwUmFODUHx8G5W@carbon/T/ v2: fix typo https://lore.kernel.org/netdev/20210415075953.83508-2-duche...@gmail.com/T/ v3: catch the condition in parse_taprio_schedule instead https://lore.kernel.org/netdev/CAM_iQpWs3Z55=y0-=pjt6xzmv+hw9jgplfxmbr+35+70day...@mail.gmail.com/T/ v4: add extack net/sched/sch_taprio.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index 8287894541e3..909c798b7403 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -901,6 +901,12 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb, list_for_each_entry(entry, &new->entries, list) cycle = ktime_add_ns(cycle, entry->interval); + + if (!cycle) { + NL_SET_ERR_MSG(extack, "'cycle_time' can never be 0"); + return -EINVAL; + } + new->cycle_time = cycle; } -- 2.30.2
