Re: CVE-2025-40128: btrfs: fix symbolic link reading when bs > ps

Next message: Yang Shi: "Re: [PATCH 1/2] arm64/pageattr: Propagate return value from __change_memory_common"
Previous message: Eric Biggers: "Re: [PATCH v4] mmc: sdhci-msm: Enable ICE support for non-cmdq eMMC devices"
In reply to: David Sterba: "Re: CVE-2025-40128: btrfs: fix symbolic link reading when bs &gt; ps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg Kroah-Hartman

Date: Thu Nov 13 2025 - 12:37:55 EST

On Thu, Nov 13, 2025 at 11:40:08AM +0100, David Sterba wrote:
> On Wed, Nov 12, 2025 at 07:24:04PM +0900, Greg Kroah-Hartman wrote:
> > From: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>
> >
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > btrfs: fix symbolic link reading when bs > ps
> >
> > [BUG DURING BS > PS TEST]
> > When running the following script on a btrfs whose block size is larger
> > than page size, e.g. 8K block size and 4K page size, it will trigger a
> > kernel BUG:
> >
> > # mkfs.btrfs -s 8k $dev
> > # mount $dev $mnt
> > # mkdir $mnt/dir
> > # ln -s dir $mnt/link
> > # ls $mnt/link
>
> Please drop the CVE status from this patch, the bs > ps (block size
> bigger than page size) feature requires CONFIG_BTRFS_EXPERIMENTAL and is
> unfinished and possibly unstable in other use cases. It does not make
> sense to improve security where none should be expected.

Oops, good catch, now rejected, thanks for the review!

greg k-h