Linux Kernel Btrfs Inode Size Handling Vulnerability After Log Replay

A vulnerability in the Linux kernel's Btrfs file system has been addressed, concerning the management of inode sizes during log replay. The issue arose because the kernel logged inodes with a generation value of zero, indicating that only the existence of the inode was being recorded, not its size. This approach worked well until a specific scenario occurred: when an inode created in a previous transaction was logged again, the logging process inadvertently reset its size to zero. As a result, after a power failure and subsequent log replay, the inode's size was not correctly updated, leading to data inconsistency. The vulnerability has been fixed by ensuring that the correct generation and size of inodes are logged, particularly when they are re-logged after being modified.

Impact

The vulnerability could lead to incorrect inode size management, causing data loss or corruption in Btrfs file systems.

Reproduction

To reproduce the issue, create a directory and write a file into it. After truncating the file and logging its size, create a hard link to the file. Due to the way inode logging is handled, the size of the file will not be correctly updated during log replay after a power failure, leaving it incorrectly sized.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed.