Linux Kernel Btrfs Directory Logging Vulnerability During Rename Operations

A vulnerability in the Linux kernel's Btrfs file system has been identified, involving a race condition between file renaming and directory logging. This issue can lead to the unintentional deletion of files during the log replay process after a crash or power failure. The vulnerability arises when a file is renamed while its corresponding directory inode is being logged. If a power failure occurs before the rename is fully processed, the log replay will delete the file, resulting in data loss.

Impact

Exploitation of this vulnerability can lead to unintended file deletions, causing data loss.

Reproduction

The vulnerability can be reproduced by creating a scenario where a file is renamed while its directory is being logged. This can be done by removing a hard link to a file, initiating a rename operation for that file, and then logging a different file in the same directory before the rename is completed. If a power failure occurs after the logging but before the rename is fully processed, the file will be deleted during the log replay, resulting in data loss.

Remediation

Users can avoid this vulnerability by ensuring that the Btrfs log is synced after renaming files, particularly before initiating any logging operations that could interfere with the rename process.