Re: [PATCH net 1/3] netdevsim: psp: only call nsim_psp_uninit() on PFs

[Willem de Bruijn]

Daniel Zahka wrote:
> VFs go through nsim_init_netdevsim_vf() which never calls
> nsim_psp_init(), so ns->psp.dev stays NULL. nsim_psp_uninit() guards
> with !IS_ERR(ns->psp.dev), so destroying a VF reaches
> psp_dev_unregister(NULL) and dereferences NULL on the first
> mutex_lock(&psd->lock):
> 
>   BUG: kernel NULL pointer dereference, address: 0000000000000020
>   RIP: 0010:mutex_lock+0x1c/0x30
>   Call Trace:
>    psp_dev_unregister+0x2a/0x1a0
>    nsim_psp_uninit+0x1f/0x40 [netdevsim]
>    nsim_destroy+0x61/0x1e0 [netdevsim]
>    __nsim_dev_port_del+0x47/0x90 [netdevsim]
>    nsim_drv_configure_vfs+0xc9/0x130 [netdevsim]
>    nsim_bus_dev_numvfs_store+0x79/0xb0 [netdevsim]
> 
> Gate nsim_psp_uninit() on nsim_dev_port_is_pf(), matching the pattern
> already used for nsim_exit_netdevsim() and the bpf/ipsec/macsec/queue
> teardowns.
> 
> Reproducer:
>   modprobe netdevsim
>   echo "10 1" > /sys/bus/netdevsim/new_device
>   echo 1 > /sys/bus/netdevsim/devices/netdevsim10/sriov_numvfs
>   devlink dev eswitch set netdevsim/netdevsim10 mode switchdev
>   echo 0 > /sys/bus/netdevsim/devices/netdevsim10/sriov_numvfs
> 
> Fixes: f857478d6206 ("netdevsim: a basic test PSP implementation")
> Assisted-by: Claude:claude-opus-4.6
> Signed-off-by: Daniel Zahka <daniel.zahka@xxxxxxxxx>

Reviewed-by: Willem de Bruijn <willemb@xxxxxxxxxx>