| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260127152524.200465-2-johannes.thumshirn@wdc.com>
Date: Tue, 27 Jan 2026 16:25:22 +0100
From: Johannes Thumshirn <johannes.thumshirn@....com>
To: virtualization@...ts.linux.dev
Cc: "Michael S . Tsirkin" <mst@...hat.com>,
Jason Wang <jasowang@...hat.com>,
Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
Eugenio PĂ©rez <eperezma@...hat.com>,
Alexander Graf <graf@...zon.com>,
linux-kernel@...r.kernel.org,
Johannes Thumshirn <johannes.thumshirn@....com>
Subject: [PATCH v2 1/2] virtio: silence KCSAN warning in virtqueue_get_buf_ctx_split
When booting a Qemu VM with virtio-blk and KCSAN enabled, KCSAN emits
the following warning about a data-race in virtqueue_get_buf_ctx_split().
==================================================================
BUG: KCSAN: data-race in virtqueue_get_buf_ctx_split+0x6e/0x260
race at unknown origin, with read to 0xffff8881020f1942 of 2 bytes by task 1 on cpu 7:
virtqueue_get_buf_ctx_split+0x6e/0x260
virtqueue_get_buf+0x4b/0x60
__send_to_port+0x156/0x170
put_chars+0xcb/0x110
hvc_console_print+0x1d6/0x2a0
console_flush_one_record+0x3dd/0x510
console_unlock+0x8c/0x160
vprintk_emit+0x2fe/0x380
vprintk_default+0x1d/0x30
vprintk+0xe/0x20
_printk+0x4c/0x60
btrfs_test_raid_stripe_tree+0x25/0x90
btrfs_run_sanity_tests.cold+0xf1/0x13b
init_btrfs_fs+0x73/0x110
do_one_initcall+0x5b/0x2d0
kernel_init_freeable+0x2a2/0x340
kernel_init+0x1e/0x1b0
ret_from_fork+0x137/0x1b0
ret_from_fork_asm+0x1a/0x30
value changed: 0x0160 -> 0x0161
Reported by Kernel Concurrency Sanitizer on:
CPU: 7 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0-rc7+ #219 PREEMPT(none)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-9.fc43 06/10/2025
==================================================================
This warning is likely a false positive as the change happens on the
virtio vring.
Annotate the return of more_used_split() with data_race() to silence
the warning.
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@....com>
---
drivers/virtio/virtio_ring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index ddab68959671..1db27ee2d89f 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -808,8 +808,8 @@ static void detach_buf_split(struct vring_virtqueue *vq, unsigned int head,
static bool more_used_split(const struct vring_virtqueue *vq)
{
- return vq->last_used_idx != virtio16_to_cpu(vq->vq.vdev,
- vq->split.vring.used->idx);
+ return data_race(vq->last_used_idx != virtio16_to_cpu(vq->vq.vdev,
+ vq->split.vring.used->idx));
}
static void *virtqueue_get_buf_ctx_split(struct virtqueue *_vq,
--
2.52.0
Powered by blists - more mailing lists