Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller. This error should only be triggered at most once. As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out: btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref() And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output.

Weaknesses 1

Affected Products 5

References 4

• git.kernel.org https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098
  Patch
• git.kernel.org https://git.kernel.org/stable/c/39f501d68ec1ed5cd5c66ac6ec2a7131c517bb92
  Patch
• git.kernel.org https://git.kernel.org/stable/c/853ffa1511b058c79a4c9bb1407b3b20ce311792
  Patch
• git.kernel.org https://git.kernel.org/stable/c/fdb4a70bb768d2a87890409597529ad81cb3de8a
  Patch

Remediation

• git.kernel.org https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098
  Patch
• git.kernel.org https://git.kernel.org/stable/c/39f501d68ec1ed5cd5c66ac6ec2a7131c517bb92
  Patch
• git.kernel.org https://git.kernel.org/stable/c/853ffa1511b058c79a4c9bb1407b3b20ce311792
  Patch
• git.kernel.org https://git.kernel.org/stable/c/fdb4a70bb768d2a87890409597529ad81cb3de8a
  Patch