Re: [PATCH v2 1/2] virtio: silence KCSAN warning in virtqueue_get_buf_ctx_split

[Alexander Graf]

On 27.01.26 16:25, Johannes Thumshirn wrote:
> When booting a Qemu VM with virtio-blk and KCSAN enabled, KCSAN emits
> the following warning about a data-race in virtqueue_get_buf_ctx_split().
>
>   ==================================================================
>   BUG: KCSAN: data-race in virtqueue_get_buf_ctx_split+0x6e/0x260
>
>   race at unknown origin, with read to 0xffff8881020f1942 of 2 bytes by task 1 on cpu 7:
>    virtqueue_get_buf_ctx_split+0x6e/0x260
>    virtqueue_get_buf+0x4b/0x60
>    __send_to_port+0x156/0x170
>    put_chars+0xcb/0x110
>    hvc_console_print+0x1d6/0x2a0
>    console_flush_one_record+0x3dd/0x510
>    console_unlock+0x8c/0x160
>    vprintk_emit+0x2fe/0x380
>    vprintk_default+0x1d/0x30
>    vprintk+0xe/0x20
>    _printk+0x4c/0x60
>    btrfs_test_raid_stripe_tree+0x25/0x90
>    btrfs_run_sanity_tests.cold+0xf1/0x13b
>    init_btrfs_fs+0x73/0x110
>    do_one_initcall+0x5b/0x2d0
>    kernel_init_freeable+0x2a2/0x340
>    kernel_init+0x1e/0x1b0
>    ret_from_fork+0x137/0x1b0
>    ret_from_fork_asm+0x1a/0x30
>
>   value changed: 0x0160 -> 0x0161
>
>   Reported by Kernel Concurrency Sanitizer on:
>   CPU: 7 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0-rc7+ #219 PREEMPT(none)
>   Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-9.fc43 06/10/2025
>   ==================================================================
>
> This warning is likely a false positive as the change happens on the
> virtio vring.
>
> Annotate the return of more_used_split() with data_race() to silence
> the warning.
>
> Signed-off-by: Johannes Thumshirn <johannes.thumshirn@xxxxxxx>
> ---
>   drivers/virtio/virtio_ring.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> index ddab68959671..1db27ee2d89f 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -808,8 +808,8 @@ static void detach_buf_split(struct vring_virtqueue *vq, unsigned int head,
>
>   static bool more_used_split(const struct vring_virtqueue *vq)


This patches the split vring format, but does not touch the packed one. 
What happens if you run the same test with the packed format? You can do 
so by passing "packed=on" as argument to your -device parameter.


Alex





Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597