virtio_ring: tag event_triggered as racy for KCSAN

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Setting event_triggered from the interrupt handler
is fundamentally racy. There are races of 2 types:
1. vq processing can read false value while interrupt
triggered and set it to true.
result will be a bit of extra work when disabling cbs, no big deal.

1. vq processing can set false value then interrupt
immediately sets true value
since interrupt then triggers a callback which will
process buffers, this is also not an issue.

However, looks like KCSAN can not figure all this out, and warns about
the race between the write and the read. Tag the access data_racy for
now. We should probably look at ways to make this more
straight-forwardly correct.

Message-ID: <6bdd771a4fb7625a9227971b3cf4745c34c31a32.1726153334.git.mst@redhat.com>
Reported-by: syzbot+8a02104389c2e0ef5049@syzkaller.appspotmail.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Marco Elver <elver@google.com>

Michael S. Tsirkin 2 years ago 83c334ed bc0dcbc5

+1 -1

1 changed file

expand all

drivers

virtio

virtio_ring.c

+1 -1

drivers/virtio/virtio_ring.c

··· 2588 2588 2589 2589 /* Just a hint for performance: so it's ok that this can be racy! */ 2590 2590 if (vq->event) 2591 - vq->event_triggered = true; 2591 + data_race(vq->event_triggered = true); 2592 2592 2593 2593 pr_debug("virtqueue callback for %p (%p)\n", vq, vq->vq.callback); 2594 2594 if (vq->vq.callback)