From: Flavio Leitner <redacted>
Date: Wed, 30 Dec 2009 12:23:25 -0200

Almost all igmp functions accessing inet->mc_list are protected by
rtnl_lock(), but there is one exception which is ip_mc_sf_allow(),
so there is a chance of either ip_mc_drop_socket or ip_mc_leave_group
remove an entry while ip_mc_sf_allow is running causing a crash.

Signed-off-by: Flavio Leitner <redacted>

Have you triggered this in practice or is this due purely
to code inspection?

That new synchronize_rcu() is very expensive and will decrease
the rate at which groups can be joined and left, _especially_
on high cpu count machines.

I do not think it is therefore a suitable problem to this
race, if it does in fact exist.