diff mbox series

[v3] net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule

Message ID 20210415231742.12952-1-ducheng2@gmail.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [v3] net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Guessed tree name to be net-next
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cc_maintainers warning 2 maintainers not CCed: davem@davemloft.net kuba@kernel.org
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes success Link
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 10 lines checked
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/header_inline success Link

Commit Message

Du Cheng April 15, 2021, 11:17 p.m. UTC 
There is a reproducible sequence from the userland that will trigger a WARN_ON()
condition in taprio_get_start_time, which causes kernel to panic if configured
as "panic_on_warn". Catch this during initialisation in parse_taprio_schedule to
prevent this condition.

Reported as bug on syzkaller:
https://syzkaller.appspot.com/bug?extid=d50710fd0873a9c6b40c

Reported-by: syzbot+d50710fd0873a9c6b40c@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
---
changelog
v1: Discussion https://lore.kernel.org/netdev/YHfwUmFODUHx8G5W@carbon/T/

v2: fix typo https://lore.kernel.org/netdev/20210415075953.83508-2-ducheng2@gmail.com/T/

v3: catch the condition in parse_taprio_schedule instead

 net/sched/sch_taprio.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Cong Wang April 16, 2021, 5:14 p.m. UTC | #1 
On Thu, Apr 15, 2021 at 4:17 PM Du Cheng <ducheng2@gmail.com> wrote:
> diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
> index 8287894541e3..abd6b176383c 100644
> --- a/net/sched/sch_taprio.c
> +++ b/net/sched/sch_taprio.c
> @@ -901,6 +901,10 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb,
>
>                 list_for_each_entry(entry, &new->entries, list)
>                         cycle = ktime_add_ns(cycle, entry->interval);
> +
> +               if (!cycle)
> +                       return -EINVAL;

Just a nit: please add an extack to explain why we return EINVAL here.

Thanks.
Du Cheng April 16, 2021, 11:31 p.m. UTC | #2 
Le Fri, Apr 16, 2021 at 10:14:52AM -0700, Cong Wang a écrit :
> On Thu, Apr 15, 2021 at 4:17 PM Du Cheng <ducheng2@gmail.com> wrote:
> > diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
> > index 8287894541e3..abd6b176383c 100644
> > --- a/net/sched/sch_taprio.c
> > +++ b/net/sched/sch_taprio.c
> > @@ -901,6 +901,10 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb,
> >
> >                 list_for_each_entry(entry, &new->entries, list)
> >                         cycle = ktime_add_ns(cycle, entry->interval);
> > +
> > +               if (!cycle)
> > +                       return -EINVAL;
> 
> Just a nit: please add an extack to explain why we return EINVAL here.
> 
> Thanks.

Hi Cong,

Thanks!

I added extack and submitted v4. Please help me review.

Regards,
Du Cheng
diff mbox series

Patch

diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index 8287894541e3..abd6b176383c 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -901,6 +901,10 @@  static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb,
 
 		list_for_each_entry(entry, &new->entries, list)
 			cycle = ktime_add_ns(cycle, entry->interval);
+
+		if (!cycle)
+			return -EINVAL;
+
 		new->cycle_time = cycle;
 	}