From: Christoph Hellwig <hch@lst.de>
To: Chao Shi <coshi036@gmail.com>
Cc: linux-nvme@lists.infradead.org, linux-block@vger.kernel.org,
hch@lst.de, kbusch@kernel.org, sagi@grimberg.me, axboe@kernel.dk,
Sungwoo Kim <iam@sung-woo.kim>, Dave Tian <daveti@purdue.edu>,
Weidong Zhu <weizhu@fiu.edu>
Subject: Re: [PATCH RFC 1/2] nvme: downgrade WARN in nvme_setup_rw to pr_debug
Date: Thu, 7 May 2026 07:48:09 +0200 [thread overview]
Message-ID: <20260507054809.GA19796@lst.de> (raw)
In-Reply-To: <20260427003457.1264511-1-coshi036@gmail.com>
On Sun, Apr 26, 2026 at 08:34:56PM -0400, Chao Shi wrote:
> When an NVMe namespace is configured with embedded metadata (flbas bit 4
> set, NVME_NS_FLBAS_META_EXT) but no Protection Information (dps=0) and
> no NVME_NS_METADATA_SUPPORTED, nvme_setup_rw() fires WARN_ON_ONCE on
> any request that reaches it with REQ_INTEGRITY unset. The WARN was
> observed repeatedly during NVMe fuzz testing with a FEMU-based fuzzer
> that performs semantic mutation of Identify Namespace responses.
What is "semantic mutation of Identify Namespace responses" supposed to
mean?
> In both cases the bio was submitted without REQ_INTEGRITY (because
> blk_get_integrity() returned NULL at dispatch time, so
> bio_integrity_action() returned 0 and bio_integrity_prep() was not
> called), and it reaches nvme_setup_rw() for a namespace where
> head->ms != 0. The existing BLK_STS_NOTSUPP return correctly handles
> this dispatch; the WARN_ON_ONCE is a false positive.
That means we fail to properaly freeze and quiesce the queue over
updateѕm which has much worse results than just a WARN_ON. So if we
care about this rather theoretical case we'll need to fix that.
next prev parent reply other threads:[~2026-05-07 5:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 0:34 [PATCH RFC 1/2] nvme: downgrade WARN in nvme_setup_rw to pr_debug Chao Shi
2026-04-27 0:34 ` [PATCH RFC 2/2] nvme: set integrity metadata size for EXT_LBAS non-PI namespace Chao Shi
2026-05-07 5:49 ` Christoph Hellwig
2026-05-07 8:05 ` Keith Busch
2026-05-07 5:48 ` Christoph Hellwig [this message]
2026-05-17 3:54 ` [PATCH RFC 1/2] nvme: downgrade WARN in nvme_setup_rw to pr_debug Chao S
2026-05-18 5:56 ` Christoph Hellwig
2026-05-07 18:12 ` Keith Busch
2026-05-17 3:53 ` Chao S
2026-05-17 22:05 ` Keith Busch
2026-05-17 22:42 ` Keith Busch
2026-05-18 22:41 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507054809.GA19796@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=coshi036@gmail.com \
--cc=daveti@purdue.edu \
--cc=iam@sung-woo.kim \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
--cc=weizhu@fiu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.