Linux Kernel Btrfs Inode Logging Vulnerability Leading to Directory Deletion Errors

A vulnerability in the Linux kernel's Btrfs file system has been identified, where the logging of inode references can conflict, particularly after renaming directories. This issue arises when two inodes are exchanged and one is a directory, leading to a log tree that may not accurately reflect the file system state. Following a power failure, this can cause an incorrect attempt to delete an inode that still exists, especially if it contains a subvolume, resulting in a mount failure. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes the Btrfs file system to fail to mount, leading to a critical error where the log replay process cannot unlink a directory inode that is still referenced by a subvolume, causing the transaction to abort.

Reproduction

To reproduce this vulnerability, create two directories under the same parent, ensuring one contains a subvolume. Place a file in the other directory. After renaming the file and exchanging the directory names, a power failure can be simulated. Upon replaying the log, the system will attempt to delete the directory with the subvolume, leading to a mount failure.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.