Linux Kernel Btrfs Incorrect Extent Map Handling Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, specifically related to improper management of extent maps. This issue arose in the function 'btrfs_drop_extent_map_range', where the logic for splitting extents was flawed. When the function was called to drop a range that included pinned extents, it skipped the pinned areas but failed to correctly adjust the starting point for subsequent operations. This miscalculation led to invalid extent maps being inserted, which could overlap with other entries or disrupt block-related processes. The problem was particularly noticeable during frequent relocation operations, a scenario that can occur with Btrfs's automatic relocation feature.

Impact

The vulnerability could cause the Btrfs file system to insert invalid extent maps, potentially overlapping with existing entries or causing disruptions in block-related calculations. This could lead to data corruption or other unforeseen issues within the file system.

Reproduction

The vulnerability can be reproduced by calling the 'btrfs_drop_extent_map_range' function with a range that includes pinned extents, while the 'skip_pinned' option is set to true. This will trigger the incorrect logic that skips the pinned extents without properly adjusting the subsequent extent handling, leading to the described issues.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.