Linux Kernel Btrfs Deadlock Vulnerability in Inode Handling

A deadlock vulnerability has been identified in the Linux kernel's Btrfs file system, specifically within the inode management process. The issue arises in the function 'btrfs_read_locked_inode()' when the inode lookup fails. The function then proceeds to the 'out' label with a path that has a read-locked leaf, subsequently calling 'iget_failed()'. This sequence can create an ABBA deadlock scenario. The 'iget_failed()' call triggers the eviction of the inode, releasing the delayed inode, which requires locking its mutex. Meanwhile, a task processing a delayed inode must first lock the delayed inode's mutex before modifying the inode's subvolume B-tree, leading to a circular locking dependency. This vulnerability was reported by Syzbot, which highlighted the potential for a deadlock situation.

Impact

Exploitation of this vulnerability can lead to a deadlock condition, where processes become stuck waiting for each other to release locks, causing a halt in system operations related to the affected tasks.

Reproduction

The vulnerability can be reproduced by initiating a Btrfs defragmentation process while simultaneously running a workload that triggers the eviction of inodes. This can be done using the 'btrfs defragment' command on a Btrfs file system that is under heavy use, particularly in areas that involve delayed inode processing.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.