A vulnerability found in the Linux kernel's btrfs zoned mode has been fixed. The issue lies with calc_available_free_space(), a function that calculates the total amount of metadata or system block groups available for allocation from unallocated disk space. The problem occurs due to two incorrect logic implementations when the kernel is operating in zoned mode.

The first issue involves the calculation of data_chunk_size within the function. In a zoned mode configuration, one zone is always allocated as one chunk, and no partial allocation of a zone is allowed. Consequently, the function must use zone_size (equated to data_sinfo->chunk_size) directly.

/* Incorrect logic */
data_chunk_size = entry->bytes_super_reserved;

/* Corrected logic */
data_chunk_size = data_sinfo->chunk_size;

The second problem in the code is that the result "avail" may not be aligned with the zone size in some cases. Since zoned mode always allocates one zone as one chunk, non-zone size aligned bytes can result in less pressure on the async metadata reclaim process.

In cases where the system is in a nearly full state with a large zone size device, this issue can be quite significant. Allowing for overcommitting too much can lead to less async reclaim work and eventually running out of space (ENOSPC). To avoid this problem, the "avail" value can be aligned down to the zone size.

/* Incorrect logic */
avail = unallocated - entry->alloc_size;

/* Corrected logic */
avail = round_down(unallocated - entry->alloc_size, data_sinfo->chunk_size);

By implementing these fixes, the Linux Kernel team has resolved the vulnerability found in the btrfs zoned mode's calc_available_free_space() function.

For more details, refer to the official patch

- Linux Kernel Git Reference
- The original issue report: Linux Mailing List

This CVE-2024-42231 vulnerability has been resolved in the Linux kernel's btrfs zoned mode. Users are advised to update their systems accordingly to protect against possible exploitation of this security flaw.

Timeline

Published on: 07/30/2024 08:15:08 UTC
Last modified on: 07/30/2024 19:30:52 UTC