From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Lezcano Subject: Re: [patch 1/1][NETNS] resend: fix net released by rcu callback Date: Tue, 30 Oct 2007 22:43:26 +0100 Message-ID: <4727A57E.501@fr.ibm.com> References: <20071030162139.954791193@mai.toulouse-stg.fr.ibm.com> <20071030162305.458123510@mai.toulouse-stg.fr.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netdev-owner@vger.kernel.org To: "Eric W. Biederman" Cc: davem@davemloft.net, containers@lists.osdl.org, netdev@vger.kernel.org List-Id: containers.vger.kernel.org Eric W. Biederman wrote: > Daniel Lezcano writes: > >> When a network namespace reference is held by a network subsystem, >> and when this reference is decremented in a rcu update callback, we >> must ensure that there is no more outstanding rcu update before >> trying to free the network namespace. >> >> In the normal case, the rcu_barrier is called when the network namespace >> is exiting in the cleanup_net function. >> >> But when a network namespace creation fails, and the subsystems are >> undone (like the cleanup), the rcu_barrier is missing. >> >> This patch adds the missing rcu_barrier. > > Looks sane. Did you have any specific failures related to this or was > this something that was just caught in review? Yes, I had this problem when doing ipv6 isolation for netns49. The ipv6 subsystem creation failed and the different subsystem where rollbacked in the setup_net function. When the network namespace was about to be freed in free_net function, I had the error with an usage refcount different from zero. It appears that was coming from core/neighbour.c neigh_parms_release -> neigh_rcu_free_parms -> neigh_parms_put -> neigh_parms_destroy -> release_net The free_net function was called before rcu callback neigh_rcu_free_parms.