On 3/20/2026 10:48 AM, Simon Horman wrote:
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.
For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
idpf: fix xdp crash in soft reset error path
This commit fixes a NULL pointer dereference that occurs when
idpf_vport_open() fails during soft reset. The fix restores
vport->xdp_prog in the error path and updates the restart check in
idpf_xsk_pool_setup() to use IDPF_VPORT_UP instead of netif_running().
Fixes: 3d57b2c00f09 ("idpf: add XSk pool initialization")
The Fixes: tag may not be targeting the correct commit. The primary bug
being fixed is the NULL pointer dereference crash in idpf_xdp_setup_prog()
that occurs when soft reset fails and vport->xdp_prog is not restored.
This is not exactly true, this is just one of the instances that would
cause idpf_qp_switch() to be called. [1]
Looking at the git history, this missing restoration was introduced in
commit 705457e7211f ("idpf: implement XDP_SETUP_PROG in ndo_bpf for
splitq"), where idpf_xdp_setup_prog() was first implemented. While commit
3d57b2c00f09 introduced the secondary issue with the netif_running()
check, the main crash fix addresses code from commit 705457e7211f.
Should the Fixes: tag point to commit 705457e7211f instead?
The reason I chose commit 3d57b2c00f09 is because it is the commit
introducing the function where the crash is occurring:
[ 3179.284770] RIP: 0010:idpf_find_rxq_vec+0x17/0x30 [idpf]
...
[ 3179.291937] Call Trace:
[ 3179.292392] <TASK>
[ 3179.292843] idpf_qp_switch+0x25/0x820 [idpf]
The setting of the restart variable is where the above commits "meet",
in that both conditions - netif_ruinning() and idpf_xdp_enabled() [1]
can be wrong:
https://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue.git/tree/drivers/net/ethernet/intel/idpf/xsk.c#n571
which would end up calling idpf_qp_switch() instead of taking the
alternate path:
restart = idpf_xdp_enabled(vport) && netif_running(vport->netdev);
if (!restart)
goto pool;
Which was introduced by 3d57b2c00f09.
Thanks,
Emil
