Linux Kernel Btrfs Proper Folio Cleanup Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been identified, related to improper cleanup of folios when the 'copy-on-write' (COW) operation fails. This issue arises after a failed attempt to run a deferred allocation range, triggering a kernel bug that can lead to a crash. The problem is linked to the error handling of the COW operation, which, under certain conditions, can leave pages dirty and cause a crash by hitting a 'BUG_ON()' assertion. This vulnerability has existed since the introduction of Btrfs.

Impact

Exploitation of this vulnerability can lead to a kernel crash, although the issue is currently mitigated by the way the COW fixup is handled.

Reproduction

The vulnerability can be reproduced by triggering a 'copy-on-write' operation in Btrfs while the COW fixup is marked to cause a bug assertion. This can be done by creating a dirty range of an inode and then attempting to run a deferred allocation range that fails due to lack of space. The failure in the allocation process does not properly clear the dirty flags for all pages, leaving some pages in a dirty state. When the writeback process is triggered again, the Btrfs file system's error handling mistakenly assumes there are no dirty pages, leading to a crash by hitting the 'BUG_ON()' assertion.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed.