[PATCH] nvme: reserve a keep-alive admin tag for all transports
Keith Busch
kbusch at kernel.org
Mon Apr 27 23:47:49 PDT 2026
On Mon, Apr 27, 2026 at 10:29:11PM -0400, Chao Shi wrote:
> nvme_keep_alive_work() always allocates with BLK_MQ_REQ_RESERVED, but
> nvme_alloc_admin_tag_set() only sets reserved_tags for fabrics. Since
> commit b58da2d270db ("nvme: update keep alive interval when kato is
> modified"), userspace can start keep-alive on any transport via Set
> Features (KATO), after which the allocation trips WARN_ON_ONCE() in
> blk_mq_get_tag() and fails with -EWOULDBLOCK:
>
> nvme nvme0: keep-alive failed: -11
>
> Reserve one admin tag for keep-alive on all transports. Fabrics keeps
> two, the second being for the connect command.
> Fixes: b58da2d270db ("nvme: update keep alive interval when kato is modified")
>
> Found by FuzzNvme(Syzkaller with FEMU fuzzing framework).
>
> Acked-by: Sungwoo Kim <iam at sung-woo.kim>
> Acked-by: Dave Tian <daveti at purdue.edu>
> Acked-by: Weidong Zhu <weizhu at fiu.edu>
> Signed-off-by: Chao Shi <coshi036 at gmail.com>
> ---
>
> Reproducer (run as root on an unpatched kernel with a PCIe NVMe device):
You have a PCI controller that doesn't return Invalid Field In Command
status to the KATO feature? That's weird, it's fabrics specific feature.
I think the right thing to do is simply skip the driver's KATO start for
PCI.
More information about the Linux-nvme
mailing list