On Tue, Jun 05, 2018 at 12:16:58PM +0800, Xin Long wrote: > syzbot reported a rcu_sched self-detected stall on CPU which is caused > by too small value set on rto_min with SCTP_RTOINFO sockopt. With this > value, hb_timer will get stuck there, as in its timer handler it starts > this timer again with this value, then goes to the timer handler again. > > This problem is there since very beginning, and thanks to Eric for the > reproducer shared from a syzbot mail. > > This patch fixes it by not allowing sctp_transport_timeout to return a > smaller value than HZ/5 for hb_timer, which is based on TCP's min rto. > > Note that it doesn't fix this issue by limiting rto_min, as some users > are still using small rto and no proper value was found for it yet. > > Reported-by: syzbot+3dcd59a1f907245f891f@xxxxxxxxxxxxxxxxxxxxxxxxx > Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx> > --- > net/sctp/transport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sctp/transport.c b/net/sctp/transport.c > index 47f82bd..03fc2c4 100644 > --- a/net/sctp/transport.c > +++ b/net/sctp/transport.c > @@ -634,7 +634,7 @@ unsigned long sctp_transport_timeout(struct sctp_transport *trans) > trans->state != SCTP_PF) > timeout += trans->hbinterval; > > - return timeout; > + return max_t(unsigned long, timeout, HZ / 5); > } > > /* Reset transport variables to their initial values */ > -- > 2.1.0 > > Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
