Re: CVE-2024-26905: btrfs: fix data races when accessing the reserved amount of block reserves
From: Greg Kroah-Hartman
Date: Mon Jul 29 2024 - 09:13:50 EST
On Mon, Jul 29, 2024 at 01:46:37PM +0100, Filipe Manana wrote:
> On Wed, Apr 17, 2024 at 12:29:20PM +0200, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > btrfs: fix data races when accessing the reserved amount of block reserves
> >
>
> Greg, can you clarify why is this being classified as a CVE?
The text of the changelog made it sound like a race condition that was
being fixed, except for this bit:
> > So add a helper to get the reserved amount of a block reserve while
> > holding the lock. The value may be not be up to date anymore when used by
> > need_preemptive_reclaim() and btrfs_preempt_reclaim_metadata_space(), but
> > that's ok since the worst it can do is cause more reclaim work do be done
> > sooner rather than later. Reading the field while holding the lock instead
> > of using the data_race() annotation is used in order to prevent load
> > tearing.
That paragraph explains that this really isn't a vulnerability, sorry
about that. I'll go reject this CVE id now, thanks for the review!
greg k-h