On Wed, 22 Feb 2023 12:07:21 -0500 Xin Long wrote:
> With this refcnt added in sctp_stream_priorities, we don't need to
> traverse all streams to check if the prio is used by other streams
> when freeing one stream's prio in sctp_sched_prio_free_sid(). This
> can avoid a nested loop (up to 65535 * 65535), which may cause a
> stuck as Ying reported:
>
> watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136]
> Call Trace:
> <TASK>
> sctp_sched_prio_free_sid+0xab/0x100 [sctp]
> sctp_stream_free_ext+0x64/0xa0 [sctp]
> sctp_stream_free+0x31/0x50 [sctp]
> sctp_association_free+0xa5/0x200 [sctp]
>
> Note that it doesn't need to use refcount_t type for this counter,
> as its accessing is always protected under the sock lock.
>
> v1->v2:
> - add a check in sctp_sched_prio_set to avoid the possible prio_head
> refcnt overflow.
>
> Fixes: 9ed7bfc79542 ("sctp: fix memory leak in sctp_stream_outq_migrate()")
> Reported-by: Ying Xu <yinxu@xxxxxxxxxx>
> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
> Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
Applied, thanks!
