Linux Kernel Btrfs Subsystem Deadlock Vulnerability

A potential deadlock vulnerability has been identified in the Linux kernel's Btrfs file system, specifically in versions through 6.5.0-rc7. The issue arises when the system processes delayed items while holding a mutex for a delayed node. If an error occurs during the modification of a subvolume B-tree—such as when inserting, updating, or deleting delayed items—the function 'btrfs_insert_delayed_items()' may return a path with locked extent buffers. This situation leads to a deadlock when the system tries to release the delayed node, as it requires re-acquiring the mutex, creating a circular locking dependency.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to circular locking dependencies.

Reproduction

The vulnerability can be reproduced by triggering a scenario where the Btrfs file system processes delayed items while holding a mutex for a delayed node. This can be done by initiating a file operation that involves syncing changes, such as using the 'fsync' system call, which prompts the Btrfs subsystem to run delayed items. If an error occurs during this process, the deadlock vulnerability is exposed.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.