Hi Stephen,
I am studying vxlan device driver in 4.10 kernel. I see that vxlan_fdb in fdb_head list is rcu protected. call_rcu is invoked to free vxlan fdb, which will defer the vxlan_fdb_free until all rcu reads exist the race condition. But I don’t find any rcu_read_lock invoked before travelling fdb_head list. In vxlan_xmit and vxlan_snoop function, vxlan_find_mac function is called to search the vxlan_fdb of the dst_mac or src_mac. Then information in vxlan_fdb is used for further process. But as no rcu_read_lock is obtained before the list travelling, I am wondering if it is possible that vxlan_fdb is freed when it is being used. static void vxlan_fdb_destroy(struct vxlan_dev *vxlan, struct vxlan_fdb *f) { netdev_dbg(vxlan->dev, "delete %pM\n", f->eth_addr); --vxlan->addrcnt; vxlan_fdb_notify(vxlan, f, first_remote_rtnl(f), RTM_DELNEIGH); hlist_del_rcu(&f->hlist); call_rcu(&f->rcu, vxlan_fdb_free); } Thanks Xiaobo