rss_data->rss_key needs to be nullified after it is freed.
Checks like "if (!rss_data->rss_key)" in the code could fail
if it is not nullified.

Tested: built and booted the kernel.

Fixes: 83f38f210b85 ("idpf: Fix RSS LUT NULL pointer crash on early ethtool operations")
Signed-off-by: Li Li <boolli@google.com>
---
Changes in v2:
 - Remove the line to nullify vport->q_vector_idxs as it is not
   necessary.

 drivers/net/ethernet/intel/idpf/idpf_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/ethernet/intel/idpf/idpf_lib.c b/drivers/net/ethernet/intel/idpf/idpf_lib.c
index 131a8121839bd..f63ab58428d2e 100644
--- a/drivers/net/ethernet/intel/idpf/idpf_lib.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_lib.c
@@ -1308,6 +1308,7 @@ static struct idpf_vport *idpf_vport_alloc(struct idpf_adapter *adapter,
 
 free_rss_key:
 	kfree(rss_data->rss_key);
+	rss_data->rss_key = NULL;
 free_vector_idxs:
 	kfree(vport->q_vector_idxs);
 free_vport:
-- 
2.52.0.457.g6b5491de43-goog

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf
> Of Li Li via Intel-wired-lan
> Sent: Friday, January 23, 2026 7:58 AM
> To: Nguyen, Anthony L <anthony.l.nguyen@intel.com>; Kitszel,
> Przemyslaw <przemyslaw.kitszel@intel.com>; David S. Miller
> <davem@davemloft.net>; Jakub Kicinski <kuba@kernel.org>; Eric Dumazet
> <edumazet@google.com>; intel-wired-lan@lists.osuosl.org
> Cc: netdev@vger.kernel.org; linux-kernel@vger.kernel.org; David
> Decotigny <decot@google.com>; Singhai, Anjali
> <anjali.singhai@intel.com>; Samudrala, Sridhar
> <sridhar.samudrala@intel.com>; Brian Vazquez <brianvv@google.com>; Li
> Li <boolli@google.com>; Tantilov, Emil S <emil.s.tantilov@intel.com>
> Subject: [Intel-wired-lan] [PATCH v2] idpf: nullify pointers after
> they are freed
> 
> rss_data->rss_key needs to be nullified after it is freed.
> Checks like "if (!rss_data->rss_key)" in the code could fail if it is
> not nullified.
> 
> Tested: built and booted the kernel.
> 
Good day ,Li Li

Can you re-spin v3 and mention the reproduction steps (exact bash commands)?
The CALL trace from dmesg also is needed for users/admins to find the fix.

Otherwise, fine
Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>

> Fixes: 83f38f210b85 ("idpf: Fix RSS LUT NULL pointer crash on early
> ethtool operations")
> Signed-off-by: Li Li <boolli@google.com>
> ---
> Changes in v2:
>  - Remove the line to nullify vport->q_vector_idxs as it is not
>    necessary.
> 
>  drivers/net/ethernet/intel/idpf/idpf_lib.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/net/ethernet/intel/idpf/idpf_lib.c
> b/drivers/net/ethernet/intel/idpf/idpf_lib.c
> index 131a8121839bd..f63ab58428d2e 100644
> --- a/drivers/net/ethernet/intel/idpf/idpf_lib.c
> +++ b/drivers/net/ethernet/intel/idpf/idpf_lib.c
> @@ -1308,6 +1308,7 @@ static struct idpf_vport
> *idpf_vport_alloc(struct idpf_adapter *adapter,
> 
>  free_rss_key:
>  	kfree(rss_data->rss_key);
> +	rss_data->rss_key = NULL;
>  free_vector_idxs:
>  	kfree(vport->q_vector_idxs);
>  free_vport:
> --
> 2.52.0.457.g6b5491de43-goog

On Thu, Jan 22, 2026 at 11:15 PM Loktionov, Aleksandr
<aleksandr.loktionov@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf
> > Of Li Li via Intel-wired-lan
> > Sent: Friday, January 23, 2026 7:58 AM
> > To: Nguyen, Anthony L <anthony.l.nguyen@intel.com>; Kitszel,
> > Przemyslaw <przemyslaw.kitszel@intel.com>; David S. Miller
> > <davem@davemloft.net>; Jakub Kicinski <kuba@kernel.org>; Eric Dumazet
> > <edumazet@google.com>; intel-wired-lan@lists.osuosl.org
> > Cc: netdev@vger.kernel.org; linux-kernel@vger.kernel.org; David
> > Decotigny <decot@google.com>; Singhai, Anjali
> > <anjali.singhai@intel.com>; Samudrala, Sridhar
> > <sridhar.samudrala@intel.com>; Brian Vazquez <brianvv@google.com>; Li
> > Li <boolli@google.com>; Tantilov, Emil S <emil.s.tantilov@intel.com>
> > Subject: [Intel-wired-lan] [PATCH v2] idpf: nullify pointers after
> > they are freed
> >
> > rss_data->rss_key needs to be nullified after it is freed.
> > Checks like "if (!rss_data->rss_key)" in the code could fail if it is
> > not nullified.
> >
> > Tested: built and booted the kernel.
> >
> Good day ,Li Li
>
> Can you re-spin v3 and mention the reproduction steps (exact bash commands)?
> The CALL trace from dmesg also is needed for users/admins to find the fix.

Thank you for the review. This patch isn't to fix any kernel panics we
encountered. It is
just to address a discrepancy I observed between the Google idpf and
the upstream idpf
as I was preparing for another patch about to be sent out. So far we
haven't seen this
particular dangling pointer cause any issues yet, but it's still a
good practice to set it to
NULL because there are other places guarded by this pointer being
NULL, and it'd be
great to avoid any race conditions.

>
> Otherwise, fine
> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
>
> > Fixes: 83f38f210b85 ("idpf: Fix RSS LUT NULL pointer crash on early
> > ethtool operations")
> > Signed-off-by: Li Li <boolli@google.com>
> > ---
> > Changes in v2:
> >  - Remove the line to nullify vport->q_vector_idxs as it is not
> >    necessary.
> >
> >  drivers/net/ethernet/intel/idpf/idpf_lib.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/net/ethernet/intel/idpf/idpf_lib.c
> > b/drivers/net/ethernet/intel/idpf/idpf_lib.c
> > index 131a8121839bd..f63ab58428d2e 100644
> > --- a/drivers/net/ethernet/intel/idpf/idpf_lib.c
> > +++ b/drivers/net/ethernet/intel/idpf/idpf_lib.c
> > @@ -1308,6 +1308,7 @@ static struct idpf_vport
> > *idpf_vport_alloc(struct idpf_adapter *adapter,
> >
> >  free_rss_key:
> >       kfree(rss_data->rss_key);
> > +     rss_data->rss_key = NULL;
> >  free_vector_idxs:
> >       kfree(vport->q_vector_idxs);
> >  free_vport:
> > --
> > 2.52.0.457.g6b5491de43-goog
>