Linux Kernel Btrfs Filesystem Read-Only Assertion Failure Vulnerability

A vulnerability in the Linux kernel's Btrfs filesystem has been identified, where an assertion failure occurs in the 'btrfs_repair_io_failure' function. This issue arises when the filesystem encounters an 'ENOSPC' error during a critical operation, causing it to switch to read-only mode. If a read repair is already in progress, the assertion that the filesystem is not read-only fails, leading to a kernel crash. The problem is linked to how Btrfs handles low disk space errors, which can disrupt ongoing repair processes.

Impact

Exiting a critical read-repair operation due to a read-only filesystem state can cause a kernel crash, disrupting system stability and potentially leading to data loss.

Reproduction

The vulnerability can be reproduced by triggering an 'ENOSPC' error during a Btrfs balance operation, which is a critical path process. This can be done by over-committing metadata, causing the filesystem to run out of space and automatically switch to read-only mode. If a read repair is pending at this time, the assertion in 'btrfs_repair_io_failure' will fail, leading to a crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.