Linux Kernel Btrfs Log Replay Vulnerability in Directory Handling

A vulnerability in the Linux kernel's Btrfs file system can lead to a mount failure due to improper logging of directory inodes during transaction handling. This issue arises when a directory is moved between parent directories within the same transaction, creating a scenario where the directory appears to have two hard links after a log replay, one for each parent directory. The problem is triggered by a specific sequence of actions involving directory and file operations, followed by a power failure, which disrupts the normal transaction logging process. When the file system is next mounted, the log replay fails to correctly resolve the inode references, leading to a detected corruption that prevents the file system from mounting correctly.

Impact

The vulnerability causes a directory hard link count corruption, leading to a mount failure of the affected file system.

Reproduction

1. Create two directories, 'dir1' and 'dir2', in a past transaction. 'Dir1' should have inode A as its parent. 2. Move 'dir1' to a new directory. 3. Create a file named 'dir1' in the original parent directory (inode A) of 'dir1'. 4. Sync the new file, which logs its inode and the inode for 'dir1'. 5. Move the new file to another directory, updating the log tree to reflect this change. 6. Sync the file again to persist the log tree changes. 7. Simulate a power failure. 8. When the file system is mounted again, the log replay will process 'dir1', adding a new link for its current location but not removing the old link, resulting in a hard link count of 2 and a mount failure.

Remediation

The vulnerability has been addressed in Linux kernel versions 6.1.0-rc6 and later. Users should upgrade to a patched version.