On Mon, Jan 23, 2017 at 2:37 PM, Joel Cunningham <joel.cunning...@me.com> wrote: > Hi, > > I’m working on a research effort to understand the synchronization mechanisms > for accessing and modifying a struct net_device object. One area that isn’t > clear is the net device pointer (dev) stored in a struct sk_buff. From my > investigation, the pointer appears to be assigned without increasing the > struct net_device’s reference count (example __netdev_alloc_skb doesn’t call > dev_hold) and also when the sk_buff is freed (kfree_skb) no call to dev_put() > is made. This seems to leave a possibility of an skb referencing a stale net > device unless something is cleaning up all the skbs during > unregister_netdevice() (which waits for all outstanding references to be > released). Any insight in understanding how this is working would be > appreciated! >
This is a very common question. synchronize_net() is supposed to wait for on-flying packets, since both for TX and RX paths we acquire RCU read lock.
