Question: btrfs: clarify space_info RCU-list traversal contract
From: Runyu Xiao
Date: Sat Jun 27 2026 - 09:42:11 EST
Hi Btrfs maintainers,
This question comes from a candidate found by our static analysis tool
and then manually reviewed against the current tree. The audit used
CONFIG_PROVE_RCU_LIST as target-matched triage evidence; I am asking
for maintainer guidance because the source-level review did not prove
a use-after-free.
A CONFIG_PROVE_RCU_LIST audit flags the space_info traversal in
clear_incompat_bg_bits():
fs/btrfs/block-group.c:1061 clear_incompat_bg_bits()
The function walks fs_info->space_info with list_for_each_entry_rcu()
while checking whether RAID56/RAID1C34 incompat feature bits can be
cleared after block-group removal. The current source also documents
fs_info->space_info as effectively read-only after initial setup:
fs/btrfs/fs.h:748
The comment says the list is populated at mount time and cleaned up
after all block groups are removed, with RCU used to protect it. For
that reason I am not claiming a use-after-free here. The question is
only whether the iterator in clear_incompat_bg_bits() should express
the intended contract more directly.
Would you prefer one of these directions?
1. convert this traversal to ordinary list_for_each_entry() because the
space_info list is stable after mount setup;
2. keep list_for_each_entry_rcu() but add an explicit RCU read-side
section around this traversal;
3. keep the current code and treat the PROVE_RCU_LIST warning as
expected for this stable-after-setup list;
4. use a different Btrfs-specific annotation or helper pattern.
I am intentionally sending this as a maintainer question rather than a
patch because the right shape depends on the intended space_info list
lifetime and API contract.
Thanks.