Linux Kernel Btrfs Exclusive Operation Assertion Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, concerning the handling of exclusive operations during balance and device addition processes. The issue arose because the balance operation, when paused, could lead to conflicting states if multiple threads attempted to initiate balancing and add devices simultaneously. This vulnerability is present in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to assertion failures, causing the system to halt the Btrfs operation and potentially disrupt file system management tasks.

Reproduction

The vulnerability can be reproduced by concurrently adding multiple devices to the same Btrfs mount point while attempting to start a balance operation. This can be done using a script or tool that automates the device addition process, such as 'repro', which is mentioned in the context. The 'repro' tool fails to add the device '/dev/vda' due to the assertion error, demonstrating the vulnerability in action.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.