Linux Kernel Btrfs Free Space Cache Locking Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, related to improper handling of the free space cache during error conditions. When loading the free space cache, a temporary control structure is used to avoid allocations. If an error occurs, this temporary structure is cleared, but the process inadvertently disrupts the management of discardable space statistics. The issue arises because the necessary lock is not held during the cleanup, leading to potential inconsistencies. The vulnerability has been resolved by modifying the cleanup process to use a locked variant, ensuring that only cache entries are removed without interfering with the discardable space metrics.

Impact

The vulnerability could lead to incorrect management of free space and discardable statistics in the Btrfs file system, potentially causing performance issues or improper space reclamation.

Reproduction

The vulnerability can be reproduced by enabling lock dependency tracking in the Linux kernel, which exposes the issue during continuous integration testing. This creates a warning about the free space cache management in Btrfs, indicating that the discardable space statistics were not properly maintained after an error occurred while loading the free space cache.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree to address this vulnerability.