Hi, I’m working on a research effort to understand the synchronization mechanisms for accessing and modifying a struct net_device object. One area that isn’t clear is the net device pointer (dev) stored in a struct sk_buff. From my investigation, the pointer appears to be assigned without increasing the struct net_device’s reference count (example __netdev_alloc_skb doesn’t call dev_hold) and also when the sk_buff is freed (kfree_skb) no call to dev_put() is made. This seems to leave a possibility of an skb referencing a stale net device unless something is cleaning up all the skbs during unregister_netdevice() (which waits for all outstanding references to be released). Any insight in understanding how this is working would be appreciated!
Joel
