cve-2021-47510
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-11-04 12:07
Severity ?
EPSS score ?
Summary
btrfs: fix re-dirty process of tree-log nodes
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:36.503255Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "477675049ca8", "status": "affected", "version": "d3575156f662", "versionType": "git" }, { "lessThan": "84c254489299", "status": "affected", "version": "d3575156f662", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix re-dirty process of tree-log nodes\n\nThere is a report of a transaction abort of -EAGAIN with the following\nscript.\n\n #!/bin/sh\n\n for d in sda sdb; do\n mkfs.btrfs -d single -m single -f /dev/\\${d}\n done\n\n mount /dev/sda /mnt/test\n mount /dev/sdb /mnt/scratch\n\n for dir in test scratch; do\n echo 3 \u003e/proc/sys/vm/drop_caches\n fio --directory=/mnt/\\${dir} --name=fio.\\${dir} --rw=read --size=50G --bs=64m \\\n --numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \\\n --group_reporting |\u0026 tee /dev/shm/fio.\\${dir}\n echo 3 \u003e/proc/sys/vm/drop_caches\n done\n\n for d in sda sdb; do\n umount /dev/\\${d}\n done\n\nThe stack trace is shown in below.\n\n [3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction)\n [3310.968060] BTRFS info (device sda): forced readonly\n [3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction.\n [3310.968065] ------------[ cut here ]------------\n [3310.968066] BTRFS: Transaction aborted (error -11)\n [3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8\n [3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1\n [3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021\n [3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8\n [3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282\n [3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027\n [3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00\n [3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48\n [3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00\n [3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58\n [3310.968154] FS: 00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000\n [3310.968157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0\n [3310.968160] PKRU: 55555554\n [3310.968161] Call Trace:\n [3310.968167] ? dput+0xd4/0x300\n [3310.968174] btrfs_sync_file+0x3f1/0x490\n [3310.968180] __x64_sys_fsync+0x33/0x60\n [3310.968185] do_syscall_64+0x3b/0x90\n [3310.968190] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [3310.968194] RIP: 0033:0x7efe6557329b\n [3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a\n [3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b\n [3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006\n [3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010\n [3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980\n [3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000\n [3310.968212] ---[ end trace 1a346f4d3c0d96ba ]---\n [3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown\n\nThe abort occurs because of a write hole while writing out freeing tree\nnodes of a tree-log tree. For zoned btrfs, we re-dirty a freed tree\nnode to ensure btrfs can write the region and does not leave a hole on\nwrite on a zoned device. The current code fails to re-dirty a node\nwhen the tree-log tree\u0027s depth is greater or equal to 2. That leads to\na transaction abort with -EAGAIN.\n\nFix the issue by properly re-dirtying a node on walking up the tree." } ], "providerMetadata": { "dateUpdated": "2024-11-04T12:07:19.466Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0" }, { "url": "https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a" } ], "title": "btrfs: fix re-dirty process of tree-log nodes", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47510", "datePublished": "2024-05-24T15:09:26.019Z", "dateReserved": "2024-05-24T15:02:54.823Z", "dateUpdated": "2024-11-04T12:07:19.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-47510\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-24T15:15:12.000\",\"lastModified\":\"2024-05-24T18:09:20.027\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix re-dirty process of tree-log nodes\\n\\nThere is a report of a transaction abort of -EAGAIN with the following\\nscript.\\n\\n #!/bin/sh\\n\\n for d in sda sdb; do\\n mkfs.btrfs -d single -m single -f /dev/\\\\${d}\\n done\\n\\n mount /dev/sda /mnt/test\\n mount /dev/sdb /mnt/scratch\\n\\n for dir in test scratch; do\\n echo 3 \u003e/proc/sys/vm/drop_caches\\n fio --directory=/mnt/\\\\${dir} --name=fio.\\\\${dir} --rw=read --size=50G --bs=64m \\\\\\n --numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \\\\\\n --group_reporting |\u0026 tee /dev/shm/fio.\\\\${dir}\\n echo 3 \u003e/proc/sys/vm/drop_caches\\n done\\n\\n for d in sda sdb; do\\n umount /dev/\\\\${d}\\n done\\n\\nThe stack trace is shown in below.\\n\\n [3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction)\\n [3310.968060] BTRFS info (device sda): forced readonly\\n [3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction.\\n [3310.968065] ------------[ cut here ]------------\\n [3310.968066] BTRFS: Transaction aborted (error -11)\\n [3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8\\n [3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1\\n [3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021\\n [3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8\\n [3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282\\n [3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027\\n [3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00\\n [3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48\\n [3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00\\n [3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58\\n [3310.968154] FS: 00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000\\n [3310.968157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n [3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0\\n [3310.968160] PKRU: 55555554\\n [3310.968161] Call Trace:\\n [3310.968167] ? dput+0xd4/0x300\\n [3310.968174] btrfs_sync_file+0x3f1/0x490\\n [3310.968180] __x64_sys_fsync+0x33/0x60\\n [3310.968185] do_syscall_64+0x3b/0x90\\n [3310.968190] entry_SYSCALL_64_after_hwframe+0x44/0xae\\n [3310.968194] RIP: 0033:0x7efe6557329b\\n [3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a\\n [3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b\\n [3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006\\n [3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010\\n [3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980\\n [3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000\\n [3310.968212] ---[ end trace 1a346f4d3c0d96ba ]---\\n [3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown\\n\\nThe abort occurs because of a write hole while writing out freeing tree\\nnodes of a tree-log tree. For zoned btrfs, we re-dirty a freed tree\\nnode to ensure btrfs can write the region and does not leave a hole on\\nwrite on a zoned device. The current code fails to re-dirty a node\\nwhen the tree-log tree\u0027s depth is greater or equal to 2. That leads to\\na transaction abort with -EAGAIN.\\n\\nFix the issue by properly re-dirtying a node on walking up the tree.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige el proceso re-sucio de los nodos de registro de \u00e1rbol Hay un informe de una transacci\u00f3n cancelada de -EAGAIN with the following script. #!/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/\\\\${d} done mount /dev/sda /mnt/test mount /dev/sdb /mnt/scratch for dir in test scratch; do echo 3 \u0026gt;/proc/sys/vm/drop_caches fio --directory=/mnt/\\\\${dir} --name=fio.\\\\${dir} --rw=read --size=50G --bs=64m \\\\ --numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \\\\ --group_reporting |\u0026amp; tee /dev/shm/fio.\\\\${dir} echo 3 \u0026gt;/proc/sys/vm/drop_caches done for d in sda sdb; do umount /dev/\\\\${d} done The stack trace is shown in below. [3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction) [3310.968060] BTRFS info (device sda): forced readonly [3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction. [3310.968065] ------------[ cut here ]------------ [3310.968066] BTRFS: Transaction aborted (error -11) [3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8 [3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1 [3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021 [3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8 [3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282 [3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027 [3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00 [3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48 [3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00 [3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58 [3310.968154] FS: 00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000 [3310.968157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0 [3310.968160] PKRU: 55555554 [3310.968161] Call Trace: [3310.968167] ? dput+0xd4/0x300 [3310.968174] btrfs_sync_file+0x3f1/0x490 [3310.968180] __x64_sys_fsync+0x33/0x60 [3310.968185] do_syscall_64+0x3b/0x90 [3310.968190] entry_SYSCALL_64_after_hwframe+0x44/0xae [3310.968194] RIP: 0033:0x7efe6557329b [3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a [3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b [3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006 [3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010 [3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980 [3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000 [3310.968212] ---[ end trace 1a346f4d3c0d96ba ]--- [3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown. El aborto se produce debido a un agujero de escritura mientras se escriben los nodos del \u00e1rbol liberado de un \u00e1rbol de registro de \u00e1rbol. Para btrfs zonificados, volvemos a ensuciar un nodo de \u00e1rbol liberado para garantizar que btrfs pueda escribir la regi\u00f3n y no deje un agujero al escribir en un dispositivo zonificado. El c\u00f3digo actual no puede volver a ensuciar un nodo cuando la profundidad del \u00e1rbol de registro es mayor o igual a 2. Eso conduce a una transacci\u00f3n abortada con -EAGAIN. Solucione el problema volviendo a ensuciar adecuadamente un nodo al subir al \u00e1rbol.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.