RE: [Intel-wired-lan] [PATCH] ice: Fix PTP NULL pointer dereference during VSI rebuild

[Mekala, SunithaX D]

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@xxxxxxxxxx> On Behalf Of Aaron Ma via Intel-wired-lan
> Sent: Tuesday, January 20, 2026 11:51 PM
> To: Nguyen, Anthony L <anthony.l.nguyen@xxxxxxxxx>; Kitszel, Przemyslaw <przemyslaw.kitszel@xxxxxxxxx>; andrew+netdev@xxxxxxx; davem@xxxxxxxxxxxxx; edumazet@xxxxxxxxxx; > kuba@xxxxxxxxxx; pabeni@xxxxxxxxxx; intel-wired-lan@xxxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: [Intel-wired-lan] [PATCH] ice: Fix PTP NULL pointer dereference during VSI rebuild
>
> Fix race condition where PTP periodic work runs while VSI is being
> rebuilt, accessing NULL vsi->rx_rings.
>
> The sequence was:
> 1. ice_ptp_prepare_for_reset() cancels PTP work
> 2. ice_ptp_rebuild() immediately queues PTP work
> 3. VSI rebuild happens AFTER ice_ptp_rebuild()
> 4. PTP work runs and accesses NULL vsi->rx_rings
>
> Fix: Keep PTP work cancelled during rebuild, only queue it after
> VSI rebuild completes in ice_rebuild().
>
> Added ice_ptp_queue_work() helper function to encapsulate the logic
> for queuing PTP work, ensuring it's only queued when PTP is supported
> and the state is ICE_PTP_READY.
>
> Error log:
> [  121.392544] ice 0000:60:00.1: PTP reset successful
> [  121.392692] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [  121.392712] #PF: supervisor read access in kernel mode
> [  121.392720] #PF: error_code(0x0000) - not-present page
> [  121.392727] PGD 0
> [  121.392734] Oops: Oops: 0000 [#1] SMP NOPTI
> [  121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S                  6.19.0-rc6+ #4 PREEMPT(voluntary)
> [  121.392761] Tainted: [S]=CPU_OUT_OF_SPEC
> [  121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice]
> [  121.393042] Call Trace:
> [  121.393047]  <TASK>
> [  121.393055]  ice_ptp_periodic_work+0x69/0x180 [ice]
> [  121.393202]  kthread_worker_fn+0xa2/0x260
> [  121.393216]  ? __pfx_ice_ptp_periodic_work+0x10/0x10 [ice]
> [  121.393359]  ? __pfx_kthread_worker_fn+0x10/0x10
> [  121.393371]  kthread+0x10d/0x230
> [  121.393382]  ? __pfx_kthread+0x10/0x10
> [  121.393393]  ret_from_fork+0x273/0x2b0
> [  121.393407]  ? __pfx_kthread+0x10/0x10
> [  121.393417]  ret_from_fork_asm+0x1a/0x30
> [  121.393432]  </TASK>
>
> Fixes: 803bef817807d ("ice: factor out ice_ptp_rebuild_owner()")
> Signed-off-by: Aaron Ma <aaron.ma@xxxxxxxxxxxxx>
> ---
>  drivers/net/ethernet/intel/ice/ice_main.c |  3 +++
>  drivers/net/ethernet/intel/ice/ice_ptp.c  | 26 ++++++++++++++++++-----
>  drivers/net/ethernet/intel/ice/ice_ptp.h  |  5 +++++
>  3 files changed, 29 insertions(+), 5 deletions(-)

Tested-by: Sunitha Mekala <sunithax.d.mekala@xxxxxxxxx> (A Contingent worker at Intel)