[PATCH] nvme-pci: serialize polling interrupt queue with shutdown
Keith Busch
kbusch at meta.com
Thu May 14 07:45:44 PDT 2026
From: Keith Busch <kbusch at kernel.org>
Polling an interrupt driven completion queue temporarilly disables the
irq. If this occurs concurrently with another thread disabling the
device, the irq vector may have been freed, which makes it available for
reuse. Reenabling the irq after polling the queue may be referencing a
stale irq at that point.
Fix this race by ensuring nvme_poll_irqdisable() can not run
concurrently with nvme_dev_disable(), and skip polling the completion
queue if the queue has already been disabled.
Reported-by: Bjorn Helgaas <helgaas at kernel.org>
Signed-off-by: Keith Busch <kbusch at kernel.org>
---
drivers/nvme/host/pci.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 139a10cd687f9..34845d73cb3ab 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1885,8 +1885,12 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req)
*/
if (test_bit(NVMEQ_POLLED, &nvmeq->flags))
nvme_poll(req->mq_hctx, NULL);
- else
- nvme_poll_irqdisable(nvmeq);
+ else {
+ mutex_lock(&dev->shutdown_lock);
+ if (test_bit(NVMEQ_ENABLED, &nvmeq->flags))
+ nvme_poll_irqdisable(nvmeq);
+ mutex_unlock(&dev->shutdown_lock);
+ }
if (blk_mq_rq_state(req) != MQ_RQ_IN_FLIGHT) {
dev_warn(dev->ctrl.device,
--
2.53.0-Meta
More information about the Linux-nvme
mailing list