Linux Kernel Btrfs Symbolic Link Handling Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, which involved improper handling of symbolic links when the block size exceeded the page size. This issue was particularly evident with an 8K block size and a 4K page size, where the kernel would crash due to a bug in the high memory management. The problem arose because Btrfs did not correctly set the minimum order for symbolic link inodes, leading to a kernel bug when the system attempted to read the link's target. The vulnerability was resolved by ensuring that the inode mapping order is properly set for symbolic links, preventing the crash without affecting other inode types.

Impact

The vulnerability could lead to a kernel crash, causing a denial of service by interrupting system operations and potentially requiring a manual restart to recover.

Reproduction

To reproduce this vulnerability, create a Btrfs file system with a block size of 8K and a page size of 4K. After mounting the file system, create a directory and a symbolic link pointing to that directory. When attempting to access the symbolic link, the system will crash, displaying a kernel bug related to high memory management.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.