Linux Kernel Btrfs Folio Cleanup Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, related to improper cleanup of folio structures when the 'run_delalloc_nocow' function fails. This issue, which can occur with 'CONFIG_DEBUG_VM' enabled, may lead to a kernel crash. The problem arises during the error handling of 'run_delalloc_nocow', where dirty folios are not properly cleared before unlocking, causing a violation of the folio locking requirements. The vulnerability can trigger a 'VM_BUG_ON_FOLIO' assertion, indicating a serious internal error in the virtual memory management.

Impact

The vulnerability can cause a kernel crash due to a 'VM_BUG_ON_FOLIO' assertion failure, which is triggered when folios are not properly locked before being unlocked, leading to a violation of the expected memory management rules.

Reproduction

The vulnerability can be reproduced by running the Btrfs file system with 'CONFIG_DEBUG_VM' enabled. Under these conditions, the 'generic/476' test case may trigger the vulnerability by causing 'run_delalloc_nocow' to fail while processing a range of dirty pages. This failure can result in the folios being unlocked without clearing the dirty flags, violating the locking requirements and triggering the 'VM_BUG_ON_FOLIO' assertion.