Linux Kernel Btrfs Component Race Condition Vulnerability in Space Information Management

A race condition vulnerability has been identified in the Linux kernel's Btrfs file system component, specifically within the space information management functions. The issue arises from the use of bitfields in the 'btrfs_space_info' structure, which share an underlying word for the 'full', 'chunk_alloc', and 'flush' fields. This design can lead to data corruption when parallel processes modify these fields simultaneously. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can disrupt the Btrfs file system's space management, causing processes to block indefinitely while waiting for resources, effectively leading to a denial of service condition.

Reproduction

The vulnerability can be reproduced by initiating a Btrfs transaction that involves deleting a block group, while concurrently running the data reclaim process. This scenario creates a conflict where the 'btrfs_clear_space_info_full' function clears the 'full' bitfield without proper locking, allowing the 'flush' field to become incorrectly set, disrupting the expected flow of space management operations.

Remediation

The vulnerability has been addressed by changing the bitfield members in the 'btrfs_space_info' structure to boolean values, which eliminates the risk of non-atomic read-modify-write operations causing data corruption. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.