WSL2-Linux-Kernel/net/sctp
Xin Long 60473d7034 sctp: not allow transport timeout value less than HZ/5 for hb_timer
[ Upstream commit 1d88ba1ebb ]

syzbot reported a rcu_sched self-detected stall on CPU which is caused
by too small value set on rto_min with SCTP_RTOINFO sockopt. With this
value, hb_timer will get stuck there, as in its timer handler it starts
this timer again with this value, then goes to the timer handler again.

This problem is there since very beginning, and thanks to Eric for the
reproducer shared from a syzbot mail.

This patch fixes it by not allowing sctp_transport_timeout to return a
smaller value than HZ/5 for hb_timer, which is based on TCP's min rto.

Note that it doesn't fix this issue by limiting rto_min, as some users
are still using small rto and no proper value was found for it yet.

Reported-by: syzbot+3dcd59a1f907245f891f@syzkaller.appspotmail.com
Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-11 22:49:20 +02:00
..
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
associola.c sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-19 10:20:25 +02:00
auth.c sctp: remove the typedef sctp_hmac_algo_param_t 2017-07-16 20:52:14 -07:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c sctp: remove the typedef sctp_auth_chunk_t 2017-08-03 09:45:47 -07:00
debug.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
endpointola.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
input.c sctp: do not pr_err for the duplicated node in transport rhlist 2018-03-08 22:41:14 -08:00
inqueue.c sctp: fix the issue that the cookie-ack with auth can't get processed 2018-05-19 10:20:25 +02:00
ipv6.c sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr 2018-05-19 10:20:25 +02:00
objcnt.c sctp: remove the typedef sctp_dbg_objcnt_entry_t 2017-08-11 10:02:43 -07:00
offload.c gso: validate gso_type in GSO handlers 2018-01-31 14:03:47 +01:00
output.c sctp: remove the typedef sctp_xmit_t 2017-08-06 21:33:42 -07:00
outqueue.c sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune 2018-02-25 11:07:57 +01:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
probe.c sctp: remove the typedef sctp_disposition_t 2017-08-11 10:02:44 -07:00
proc.c net: convert sock.sk_wmem_alloc from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
protocol.c sctp: fix dst refcnt leak in sctp_v4_get_dst 2018-03-08 22:41:11 -08:00
sctp_diag.c sctp: Fix a big endian bug in sctp_diag_dump() 2017-09-26 21:16:29 -07:00
sm_make_chunk.c sctp: verify size of a new chunk in _sctp_make_chunk() 2018-03-08 22:41:10 -08:00
sm_sideeffect.c sctp: fix some type cast warnings introduced since very beginning 2017-10-29 18:03:24 +09:00
sm_statefuns.c sctp: use the old asoc when making the cookie-ack chunk in dupcook_d 2018-05-19 10:20:25 +02:00
sm_statetable.c sctp: remove the typedef sctp_sm_table_entry_t 2017-08-11 10:02:44 -07:00
socket.c sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 2018-04-12 12:32:24 +02:00
stream.c sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1 2018-02-03 17:39:04 +01:00
sysctl.c sctp: remove the typedef sctp_scope_policy_t 2017-08-06 21:33:41 -07:00
transport.c sctp: not allow transport timeout value less than HZ/5 for hb_timer 2018-06-11 22:49:20 +02:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 2018-05-19 10:20:25 +02:00
ulpqueue.c sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege 2018-03-03 10:24:24 +01:00