Bug 2320795 (CVE-2022-49033) - CVE-2022-49033 kernel: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
Summary: CVE-2022-49033 kernel: btrfs: qgroup: fix sleep from invalid context bug in b...
Keywords:
Status: NEW
Alias: CVE-2022-49033
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 22:04 UTC by OSIDB Bzimport
Modified: 2024-10-22 04:59 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 22:04:49 UTC 
In the Linux kernel, the following vulnerability has been resolved:

btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

Syzkaller reported BUG as follows:

  BUG: sleeping function called from invalid context at
       include/linux/sched/mm.h:274
  Call Trace:
   <TASK>
   dump_stack_lvl+0xcd/0x134
   __might_resched.cold+0x222/0x26b
   kmem_cache_alloc+0x2e7/0x3c0
   update_qgroup_limit_item+0xe1/0x390
   btrfs_qgroup_inherit+0x147b/0x1ee0
   create_subvol+0x4eb/0x1710
   btrfs_mksubvol+0xfe5/0x13f0
   __btrfs_ioctl_snap_create+0x2b0/0x430
   btrfs_ioctl_snap_create_v2+0x25a/0x520
   btrfs_ioctl+0x2a1c/0x5ce0
   __x64_sys_ioctl+0x193/0x200
   do_syscall_64+0x35/0x80

Fix this by calling qgroup_dirty() on @dstqgroup, and update limit item in
btrfs_run_qgroups() later outside of the spinlock context.
Comment 1 Avinash Hanwate 2024-10-22 04:17:07 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102156-CVE-2022-49033-a8c6@gregkh/T
Comment 2 Avinash Hanwate 2024-10-22 04:58:03 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102156-CVE-2022-49033-a8c6@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.