From: Kevin Xu <kaiwen...@hulu.com> Date: Thu, 16 Mar 2017 01:08:30 -0700
> In some rare cases, inet_sk_rx_dst_set() may be called multiple times > on the same dst, causing reference count leakage. Eventually, it > prevents net_device to be destroyed. The bug then manifested as > > unregister_netdevice: waiting for lo to become free. Usage count = 1 > > in the kernel log, preventing new network namespace creation. > > The patch works around the issue by checking whether the socket already > has the same dst set. > > Signed-off-by: Kevin Xu <kaiwen...@hulu.com> You need to prevent this parallel execution of this function or use atomic compare-and-exchange to set the rx_dst in order to prevent the double refcounting. This patch by itself is even worse than a workaround, because depending upon how the compiler reloads values from memory, the problem can still occur.
