Re: [PATCHv2 05/17] nvme: add Clang context annotations for nvme_ns_head::current_path

From: Marco Elver

Date: Sat Jun 27 2026 - 11:39:34 EST


On Fri, 26 Jun 2026 at 20:36, Paul E. McKenney <paulmck@xxxxxxxxxx> wrote:
> On Fri, Jun 26, 2026 at 08:40:50AM +0200, Christoph Hellwig wrote:
> > On Sun, Jun 14, 2026 at 06:45:20PM +0530, Nilay Shroff wrote:
> > > +++ b/drivers/nvme/host/multipath.c
> > > @@ -231,8 +231,16 @@ bool nvme_mpath_clear_current_path(struct nvme_ns *ns)
> > > bool changed = false;
> > > int node;
> > >
> > > + /*
> > > + * This helper is used by namespace failover/teardown and I/O policy
> > > + * update paths. We only compare the head->current_path[] pointer value
> > > + * and do not dereference the referenced namespace, so suppress the
> > > + * context analysis warning for this lockless inspection of the
> > > + * __rcu_guarded pointer.
> > > + */
> > > for_each_node(node) {
> > > - if (ns == rcu_access_pointer(head->current_path[node])) {
> > > + if (context_unsafe(ns ==
> > > + rcu_access_pointer(head->current_path[node]))) {
> >
> > I think we need a helper for this, as for a simple pointer value
> > comparison without a dereference we don't really need either
> > rcu_access_pointer nor locking.
> >
> > Maybe somthing like a
> >
> > rcu_compare_pointer(rcu_pointer, nonrcu_pointer)
> >
> > ?
>
> We could provide something like this:
>
> #define rcu_compare_pointer(rcu_pointer, nonrcu_pointer) \
> context_unsafe(rcu_access_pointer(rcu_pointer) == (nonrcu_pointer))
>
> Or maybe rcu_pointer_equals()?
>
> Marco, thoughts?

I see 2 options:

1. rcu_compare_pointer / rcu_pointer_equals as proposed. It's more
explicit but does add some friction during Context Analysis
enablement. But this only makes sense if there are cases where
rcu_access_pointer() should be used under the RCU reader lock, which
led me to the next suggestion...

2. Redefine rcu_access_pointer() to just not require the RCU read-side
lock to be held as:

> #define rcu_access_pointer(p) context_unsafe(__rcu_access_pointer((p), __UNIQUE_ID(rcu), __rcu))

[ Or alternatively wrap __rcu_access_pointer() in context_unsafe()
(similar to rcu_assign_pointer and friends). ]

I think rcu_access_pointer() is in the same category as the other RCU
pointer helpers, although currently only the pointer update helpers
imply context_unsafe(); I think it might have been an oversight
initially, and we should change rcu_access_pointer() to match. There
should be no reason why an rcu_access_pointer() should be protected by
the RCU read-side critical section, since it's not meant for
dereferencing the pointer (that'd be a bug; its documentation also
says "Return the value of the specified RCU-protected pointer, but
omit the lockdep checks for being in an RCU read-side critical section
[...]").

If you agree there should be no cases where an rcu_access_pointer()
should be guarded by an RCU read-side critical section, then I think
this is the simplest and correct design, and avoids expanding the RCU
API.

Thanks,
-- Marco