When booting a Qemu VM with virtio-blk and KCSAN enabled, KCSAN emits
the following warning about a data-race in virtqueue_kick_prepare().
==================================================================
BUG: KCSAN: data-race in virtqueue_kick_prepare+0x14d/0x200
race at unknown origin, with read to 0xffff888101c9cd44 of 2 bytes by task 224 on cpu 2:
virtqueue_kick_prepare+0x14d/0x200
virtio_fs_enqueue_req+0x664/0x7d0
virtio_fs_send_req+0xac/0x230
flush_bg_queue+0x1a8/0x1f0
fuse_simple_background+0x312/0x490
fuse_file_put+0xcf/0x190
fuse_file_release+0xd3/0xf0
fuse_release+0x91/0xb0
__fput+0x200/0x4f0
____fput+0x15/0x20
task_work_run+0xda/0x140
do_exit+0x414/0x11a0
do_group_exit+0x53/0xf0
__x64_sys_exit_group+0x25/0x30
x64_sys_call+0x1c23/0x1c30
do_syscall_64+0x5d/0x240
entry_SYSCALL_64_after_hwframe+0x76/0x7e
value changed: 0x1ab0 -> 0x1ab3
Reported by Kernel Concurrency Sanitizer on:
CPU: 2 UID: 0 PID: 224 Comm: grepconf.sh Not tainted 6.19.0-rc7+ #230 PREEMPT(none)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-9.fc43 06/10/2025
==================================================================
This warning is likely a false positive as the change happens on the
virtio vring.
Annotate the return of vring_avail_event() with data_race() to silence
the warning.
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
---
include/uapi/linux/virtio_ring.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/virtio_ring.h b/include/uapi/linux/virtio_ring.h
index f8c20d3de8da..32568cfa1c63 100644
--- a/include/uapi/linux/virtio_ring.h
+++ b/include/uapi/linux/virtio_ring.h
@@ -194,7 +194,7 @@ struct vring {
/* We publish the used event index at the end of the available ring, and vice
* versa. They are at the end for backwards compatibility. */
#define vring_used_event(vr) ((vr)->avail->ring[(vr)->num])
-#define vring_avail_event(vr) (*(__virtio16 *)&(vr)->used->ring[(vr)->num])
+#define vring_avail_event(vr) (data_race(*(__virtio16 *)&(vr)->used->ring[(vr)->num]))
static inline void vring_init(struct vring *vr, unsigned int num, void *p,
unsigned long align)
--
2.52.0Hi Johannes,
kernel test robot noticed the following build errors:
[auto build test ERROR on linus/master]
[also build test ERROR on v6.19-rc7]
[cannot apply to mst-vhost/linux-next next-20260127]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Johannes-Thumshirn/virtio-silence-KCSAN-warning-in-virtqueue_get_buf_ctx_split/20260127-235023
base: linus/master
patch link: https://lore.kernel.org/r/20260127152524.200465-3-johannes.thumshirn%40wdc.com
patch subject: [PATCH v2 2/2] virtio: silence KCSAN warning in virtqueue_kick_prepare
config: hexagon-allmodconfig (https://download.01.org/0day-ci/archive/20260129/202601290632.9LWUgtlM-lkp@intel.com/config)
compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260129/202601290632.9LWUgtlM-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202601290632.9LWUgtlM-lkp@intel.com/
All errors (new ones prefixed by >>):
>> drivers/vhost/vringh.c:559:19: error: cannot take the address of an rvalue of type '__virtio16' (aka 'unsigned short')
559 | if (putu16(vrh, &vring_avail_event(&vrh->vring),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/vhost/vringh.c:562:8: error: cannot take the address of an rvalue of type '__virtio16' (aka 'unsigned short')
562 | &vring_avail_event(&vrh->vring));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 errors generated.
vim +559 drivers/vhost/vringh.c
f87d0fbb579818 Rusty Russell 2013-03-20 542
f87d0fbb579818 Rusty Russell 2013-03-20 543 static inline bool __vringh_notify_enable(struct vringh *vrh,
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 544 int (*getu16)(const struct vringh *vrh,
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 545 u16 *val, const __virtio16 *p),
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 546 int (*putu16)(const struct vringh *vrh,
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 547 __virtio16 *p, u16 val))
f87d0fbb579818 Rusty Russell 2013-03-20 548 {
f87d0fbb579818 Rusty Russell 2013-03-20 549 u16 avail;
f87d0fbb579818 Rusty Russell 2013-03-20 550
f87d0fbb579818 Rusty Russell 2013-03-20 551 if (!vrh->event_indices) {
f87d0fbb579818 Rusty Russell 2013-03-20 552 /* Old-school; update flags. */
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 553 if (putu16(vrh, &vrh->vring.used->flags, 0) != 0) {
f87d0fbb579818 Rusty Russell 2013-03-20 554 vringh_bad("Clearing used flags %p",
f87d0fbb579818 Rusty Russell 2013-03-20 555 &vrh->vring.used->flags);
f87d0fbb579818 Rusty Russell 2013-03-20 556 return true;
f87d0fbb579818 Rusty Russell 2013-03-20 557 }
f87d0fbb579818 Rusty Russell 2013-03-20 558 } else {
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 @559 if (putu16(vrh, &vring_avail_event(&vrh->vring),
f87d0fbb579818 Rusty Russell 2013-03-20 560 vrh->last_avail_idx) != 0) {
f87d0fbb579818 Rusty Russell 2013-03-20 561 vringh_bad("Updating avail event index %p",
f87d0fbb579818 Rusty Russell 2013-03-20 562 &vring_avail_event(&vrh->vring));
f87d0fbb579818 Rusty Russell 2013-03-20 563 return true;
f87d0fbb579818 Rusty Russell 2013-03-20 564 }
f87d0fbb579818 Rusty Russell 2013-03-20 565 }
f87d0fbb579818 Rusty Russell 2013-03-20 566
f87d0fbb579818 Rusty Russell 2013-03-20 567 /* They could have slipped one in as we were doing that: make
f87d0fbb579818 Rusty Russell 2013-03-20 568 * sure it's written, then check again. */
f87d0fbb579818 Rusty Russell 2013-03-20 569 virtio_mb(vrh->weak_barriers);
f87d0fbb579818 Rusty Russell 2013-03-20 570
b9f7ac8c72894c Michael S. Tsirkin 2014-12-12 571 if (getu16(vrh, &avail, &vrh->vring.avail->idx) != 0) {
f87d0fbb579818 Rusty Russell 2013-03-20 572 vringh_bad("Failed to check avail idx at %p",
f87d0fbb579818 Rusty Russell 2013-03-20 573 &vrh->vring.avail->idx);
f87d0fbb579818 Rusty Russell 2013-03-20 574 return true;
f87d0fbb579818 Rusty Russell 2013-03-20 575 }
f87d0fbb579818 Rusty Russell 2013-03-20 576
f87d0fbb579818 Rusty Russell 2013-03-20 577 /* This is unlikely, so we just leave notifications enabled
f87d0fbb579818 Rusty Russell 2013-03-20 578 * (if we're using event_indices, we'll only get one
f87d0fbb579818 Rusty Russell 2013-03-20 579 * notification anyway). */
f87d0fbb579818 Rusty Russell 2013-03-20 580 return avail == vrh->last_avail_idx;
f87d0fbb579818 Rusty Russell 2013-03-20 581 }
f87d0fbb579818 Rusty Russell 2013-03-20 582
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Johannes,
kernel test robot noticed the following build errors:
[auto build test ERROR on linus/master]
[also build test ERROR on v6.19-rc7]
[cannot apply to mst-vhost/linux-next next-20260127]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Johannes-Thumshirn/virtio-silence-KCSAN-warning-in-virtqueue_get_buf_ctx_split/20260127-235023
base: linus/master
patch link: https://lore.kernel.org/r/20260127152524.200465-3-johannes.thumshirn%40wdc.com
patch subject: [PATCH v2 2/2] virtio: silence KCSAN warning in virtqueue_kick_prepare
config: sh-allmodconfig (https://download.01.org/0day-ci/archive/20260128/202601282030.CWdibo9B-lkp@intel.com/config)
compiler: sh4-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260128/202601282030.CWdibo9B-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202601282030.CWdibo9B-lkp@intel.com/
All errors (new ones prefixed by >>):
drivers/vhost/vringh.c: In function '__vringh_notify_enable':
>> drivers/vhost/vringh.c:559:33: error: lvalue required as unary '&' operand
559 | if (putu16(vrh, &vring_avail_event(&vrh->vring),
| ^
drivers/vhost/vringh.c:562:36: error: lvalue required as unary '&' operand
562 | &vring_avail_event(&vrh->vring));
| ^
vim +559 drivers/vhost/vringh.c
f87d0fbb579818f Rusty Russell 2013-03-20 542
f87d0fbb579818f Rusty Russell 2013-03-20 543 static inline bool __vringh_notify_enable(struct vringh *vrh,
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 544 int (*getu16)(const struct vringh *vrh,
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 545 u16 *val, const __virtio16 *p),
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 546 int (*putu16)(const struct vringh *vrh,
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 547 __virtio16 *p, u16 val))
f87d0fbb579818f Rusty Russell 2013-03-20 548 {
f87d0fbb579818f Rusty Russell 2013-03-20 549 u16 avail;
f87d0fbb579818f Rusty Russell 2013-03-20 550
f87d0fbb579818f Rusty Russell 2013-03-20 551 if (!vrh->event_indices) {
f87d0fbb579818f Rusty Russell 2013-03-20 552 /* Old-school; update flags. */
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 553 if (putu16(vrh, &vrh->vring.used->flags, 0) != 0) {
f87d0fbb579818f Rusty Russell 2013-03-20 554 vringh_bad("Clearing used flags %p",
f87d0fbb579818f Rusty Russell 2013-03-20 555 &vrh->vring.used->flags);
f87d0fbb579818f Rusty Russell 2013-03-20 556 return true;
f87d0fbb579818f Rusty Russell 2013-03-20 557 }
f87d0fbb579818f Rusty Russell 2013-03-20 558 } else {
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 @559 if (putu16(vrh, &vring_avail_event(&vrh->vring),
f87d0fbb579818f Rusty Russell 2013-03-20 560 vrh->last_avail_idx) != 0) {
f87d0fbb579818f Rusty Russell 2013-03-20 561 vringh_bad("Updating avail event index %p",
f87d0fbb579818f Rusty Russell 2013-03-20 562 &vring_avail_event(&vrh->vring));
f87d0fbb579818f Rusty Russell 2013-03-20 563 return true;
f87d0fbb579818f Rusty Russell 2013-03-20 564 }
f87d0fbb579818f Rusty Russell 2013-03-20 565 }
f87d0fbb579818f Rusty Russell 2013-03-20 566
f87d0fbb579818f Rusty Russell 2013-03-20 567 /* They could have slipped one in as we were doing that: make
f87d0fbb579818f Rusty Russell 2013-03-20 568 * sure it's written, then check again. */
f87d0fbb579818f Rusty Russell 2013-03-20 569 virtio_mb(vrh->weak_barriers);
f87d0fbb579818f Rusty Russell 2013-03-20 570
b9f7ac8c72894c1 Michael S. Tsirkin 2014-12-12 571 if (getu16(vrh, &avail, &vrh->vring.avail->idx) != 0) {
f87d0fbb579818f Rusty Russell 2013-03-20 572 vringh_bad("Failed to check avail idx at %p",
f87d0fbb579818f Rusty Russell 2013-03-20 573 &vrh->vring.avail->idx);
f87d0fbb579818f Rusty Russell 2013-03-20 574 return true;
f87d0fbb579818f Rusty Russell 2013-03-20 575 }
f87d0fbb579818f Rusty Russell 2013-03-20 576
f87d0fbb579818f Rusty Russell 2013-03-20 577 /* This is unlikely, so we just leave notifications enabled
f87d0fbb579818f Rusty Russell 2013-03-20 578 * (if we're using event_indices, we'll only get one
f87d0fbb579818f Rusty Russell 2013-03-20 579 * notification anyway). */
f87d0fbb579818f Rusty Russell 2013-03-20 580 return avail == vrh->last_avail_idx;
f87d0fbb579818f Rusty Russell 2013-03-20 581 }
f87d0fbb579818f Rusty Russell 2013-03-20 582
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
© 2016 - 2026 Red Hat, Inc.