When an idpf HW reset is triggered, it clears the vport but does not clear the netdev held by vport: // In idpf_vport_dealloc() called by idpf_init_hard_reset(), // idpf_init_hard_reset() sets IDPF_HR_RESET_IN_PROG, so // idpf_decfg_netdev() doesn't get called. if (!test_bit(IDPF_HR_RESET_IN_PROG, adapter->flags)) idpf_decfg_netdev(vport); // idpf_decfg_netdev() would clear netdev but it isn't called: unregister_netdev(vport->netdev); free_netdev(vport->netdev); vport->netdev = NULL; // Later in idpf_init_hard_reset(), the vport is cleared: kfree(adapter->vports); adapter->vports = NULL; During an idpf HW reset, when userspace changes the netdev channels, the vport associated with the netdev is NULL, and so a kernel panic would happen: [ 2245.795117] BUG: kernel NULL pointer dereference, address: 0000000000000088 ... [ 2245.842720] RIP: 0010:idpf_set_channels+0x40/0x120 This can be reproduced reliably by injecting a TX timeout to cause an idpf HW reset, and injecting a virtchnl error to cause the HW reset to fail and retry, while running "ethtool -L" in userspace. With this patch applied, we see the following error but no kernel panics anymore: [ 1176.743096] idpf 0000:05:00.0 eth1: channels not changed due to no vport in netdev netlink error: Bad address Signed-off-by: Li Li --- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/ethernet/intel/idpf/idpf_ethtool.c b/drivers/net/ethernet/intel/idpf/idpf_ethtool.c index c71af85408a29..1b03528041af4 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_ethtool.c +++ b/drivers/net/ethernet/intel/idpf/idpf_ethtool.c @@ -580,6 +579,11 @@ static int idpf_set_channels(struct net_device *netdev, idpf_vport_ctrl_lock(netdev); vport = idpf_netdev_to_vport(netdev); + if (!vport) { + netdev_err(netdev, "channels not changed due to no vport in netdev\n"); + err = -EFAULT; + goto unlock_mutex; + } idx = vport->idx; vport_config = vport->adapter->vport_config[idx]; -- 2.52.0.351.gbe84eed79e-goog