Bug 2266752 (CVE-2021-46987) - CVE-2021-46987 kernel: btrfs: fix deadlock when cloning inline extents and using qgroups
Summary: CVE-2021-46987 kernel: btrfs: fix deadlock when cloning inline extents and us...
Keywords:
Status: NEW
Alias: CVE-2021-46987
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2266753
Blocks: 2266939
TreeView+ depends on / blocked
 
Reported: 2024-02-28 21:45 UTC by Mauro Matteo Cascella
Modified: 2024-06-20 11:42 UTC (History)
50 users (show)

Fixed In Version: kernel 5.11.22, kernel 5.12.5, kernel 5.13
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel’s btrfs module, where there are a few exceptional cases when cloning an inline extent needs to copy the inline extent data into a page of the destination inode.  When this happens, a transaction starts while having a dirty page for the destination inode and while having the range locked in the destination's inode iotree. When reserving metadata space for a transaction, flushing the existing delalloc is needed in case there is not enough free space. There is a mechanism in place to prevent a deadlock, which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock when cloning inline extent and low on free metadata space"). However, when using qgroups, a transaction also reserves metadata qgroup space, which can also result in flushing delalloc in case there is not enough available space. When this happens, a deadlock occurs, since flushing delalloc requires locking the file range in the inode's iotree and the range was already locked at the very beginning of the clone operation, before attempting to start the transaction.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Mauro Matteo Cascella 2024-02-28 21:45:08 UTC
In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix deadlock when cloning inline extents and using qgroups

The Linux kernel CVE team has assigned CVE-2021-46987 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024022825-CVE-2021-46987-f73f@gregkh/T/#u

Comment 1 Mauro Matteo Cascella 2024-02-28 21:45:41 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266753]

Comment 3 Justin M. Forbes 2024-03-01 22:41:41 UTC
This was fixed for Fedora with the 5.12.5 stable kernel updates.

Comment 4 Alex 2024-06-09 13:42:37 UTC
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2021-46987 is: 	SKIPCHECK	Skip, because not a security issue or not included. Check manually anyway.	YES	NONE	READ DEADLOCK DISK INIT SKIP 	YES	YES	guess (where first YES/NO value means if related sources built).


Note You need to log in before you can comment on or make changes to this bug.