Question: btrfs: clarify space_info RCU-list traversal contract

From: Runyu Xiao

Date: Sat Jun 27 2026 - 09:42:11 EST


Hi Btrfs maintainers,

This question comes from a candidate found by our static analysis tool
and then manually reviewed against the current tree. The audit used
CONFIG_PROVE_RCU_LIST as target-matched triage evidence; I am asking
for maintainer guidance because the source-level review did not prove
a use-after-free.

A CONFIG_PROVE_RCU_LIST audit flags the space_info traversal in
clear_incompat_bg_bits():

fs/btrfs/block-group.c:1061 clear_incompat_bg_bits()

The function walks fs_info->space_info with list_for_each_entry_rcu()
while checking whether RAID56/RAID1C34 incompat feature bits can be
cleared after block-group removal. The current source also documents
fs_info->space_info as effectively read-only after initial setup:

fs/btrfs/fs.h:748

The comment says the list is populated at mount time and cleaned up
after all block groups are removed, with RCU used to protect it. For
that reason I am not claiming a use-after-free here. The question is
only whether the iterator in clear_incompat_bg_bits() should express
the intended contract more directly.

Would you prefer one of these directions?

1. convert this traversal to ordinary list_for_each_entry() because the
space_info list is stable after mount setup;

2. keep list_for_each_entry_rcu() but add an explicit RCU read-side
section around this traversal;

3. keep the current code and treat the PROVE_RCU_LIST warning as
expected for this stable-after-setup list;

4. use a different Btrfs-specific annotation or helper pattern.

I am intentionally sending this as a maintainer question rather than a
patch because the right shape depends on the intended space_info list
lifetime and API contract.

Thanks.