| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260127083926.865555-3-johannes.thumshirn@wdc.com>
Date: Tue, 27 Jan 2026 09:39:25 +0100
From: Johannes Thumshirn <johannes.thumshirn@....com>
To: virtualization@...ts.linux.dev
Cc: Alexander Graf <graf@...zon.com>,
mst@...hat.com,
jasowang@...hat.com,
xuanzhuo@...ux.alibaba.com,
eperezma@...hat.com,
linux-kernel@...r.kernel.org,
Johannes Thumshirn <johannes.thumshirn@....com>
Subject: [PATCH RFC 2/3] virtio: silence KCSAN warning in virtqueue_get_buf_ctx_split
When booting a Qemu VM with virtio-blk and KCSAN enabled, KCSAN emits
the following warning about a data-race in virtqueue_get_buf_ctx_split().
==================================================================
BUG: KCSAN: data-race in virtqueue_get_buf_ctx_split+0x6e/0x260
race at unknown origin, with read to 0xffff8881020f1942 of 2 bytes by task 1 on cpu 7:
virtqueue_get_buf_ctx_split+0x6e/0x260
virtqueue_get_buf+0x4b/0x60
__send_to_port+0x156/0x170
put_chars+0xcb/0x110
hvc_console_print+0x1d6/0x2a0
console_flush_one_record+0x3dd/0x510
console_unlock+0x8c/0x160
vprintk_emit+0x2fe/0x380
vprintk_default+0x1d/0x30
vprintk+0xe/0x20
_printk+0x4c/0x60
btrfs_test_raid_stripe_tree+0x25/0x90
btrfs_run_sanity_tests.cold+0xf1/0x13b
init_btrfs_fs+0x73/0x110
do_one_initcall+0x5b/0x2d0
kernel_init_freeable+0x2a2/0x340
kernel_init+0x1e/0x1b0
ret_from_fork+0x137/0x1b0
ret_from_fork_asm+0x1a/0x30
value changed: 0x0160 -> 0x0161
Reported by Kernel Concurrency Sanitizer on:
CPU: 7 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0-rc7+ #219 PREEMPT(none)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-9.fc43 06/10/2025
==================================================================
This warning is likely a false positive as the change happens on the
virtio vring.
Annotate the return of more_used_split() with data_race() to silence
the warning.
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@....com>
---
drivers/virtio/virtio_ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 5f8c8254bb6c..d1033768b6cd 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -829,7 +829,7 @@ static void *virtqueue_get_buf_ctx_split(struct virtqueue *_vq,
return NULL;
}
- if (!more_used_split(vq)) {
+ if (data_race(!more_used_split(vq))) {
pr_debug("No more buffers in queue\n");
END_USE(vq);
return NULL;
--
2.52.0
Powered by blists - more mailing lists