CVE-2021-38203 – About btrfs design defect (9th Aug 2021)

Preface: The following companies use Btrfs in production: Facebook (testing in production as of 2014/04, deployed on millions of servers as of 2018/10) Jolla (smartphone) Lavu (iPad) point of sale solution.

Background: Btrfs is an advanced file system, jointly developed by an organization, and now specific Synology NAS models support this file system.Btrfs is now the Default Filesystem on Fedora 33.

Vulnerability details: (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).

Cause: If process B allocated a new system chunk and process A is waiting on process B to finish creation of the respective system block group. However before process B ends its transaction handle and finishes the creation of the system block group, it attempts to allocate another chunk (like a data chunk for an fallocate operation for a very large range). process B will be unable to progress and allocate the new chunk.

*The default operation (i.e., mode is zero) of fallocate() allocates the disk space within the range specified by offset and len (off is used to pass an offset and len is used to pass a length)

Remedy: btrfs fix deadlock with concurrent chunk allocations – Refer to link: https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.