Description
In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop With this refcnt added in sctp_stream_priorities, we don't need to traverse all streams to check if the prio is used by other streams when freeing one stream's prio in sctp_sched_prio_free_sid(). This can avoid a nested loop (up to 65535 * 65535), which may cause a stuck as Ying reported: watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136] Call Trace: <TASK> sctp_sched_prio_free_sid+0xab/0x100 [sctp] sctp_stream_free_ext+0x64/0xa0 [sctp] sctp_stream_free+0x31/0x50 [sctp] sctp_association_free+0xa5/0x200 [sctp] Note that it doesn't need to use refcount_t type for this counter, as its accessing is always protected under the sock lock. v1->v2: - add a check in sctp_sched_prio_set to avoid the possible prio_head refcnt overflow.
Product status
a7555681e50bdebed2c40ff7404ee73c2e932993 before cec326443f01283ef68ea00c06ea073b1835a562
176ee6c673ccd118e9392fd2dbb165423bdb99ca before 8ee401f89cdb10f39098c0656d695b2bc4052100
0dfb9a566327182387c90100ea54d8426cee8c67 before bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 before 03c3a5584a0a29821e59b7834635ce823050caaa
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 before 6d529928ea212127851a2df8c40d822237ca946b
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 before 68ba44639537de6f91fe32783766322d41848127
fa20f88271259d42ebe66f0a8c4c20199e888c99
6.1
Any version before 6.1
5.4.235
5.10.173
5.15.100
6.1.18
6.2.5
6.3
References
git.kernel.org/...c/cec326443f01283ef68ea00c06ea073b1835a562
git.kernel.org/...c/8ee401f89cdb10f39098c0656d695b2bc4052100
git.kernel.org/...c/bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
git.kernel.org/...c/03c3a5584a0a29821e59b7834635ce823050caaa
git.kernel.org/...c/6d529928ea212127851a2df8c40d822237ca946b
git.kernel.org/...c/68ba44639537de6f91fe32783766322d41848127
