Re: CVE-2025-40128: btrfs: fix symbolic link reading when bs > ps

Next message: Krzysztof Kozlowski: "Re: [PATCH v20 1/4] dt-bindings: i2c: Split AST2600 binding into a new YAML"
Previous message: Liviu Dudau: "Re: [PATCH] drm/komeda: Convert logging in komeda_event.c to drm_* with"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2025-40128: btrfs: fix symbolic link reading when bs &gt; ps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Sterba

Date: Thu Nov 13 2025 - 05:40:15 EST

On Wed, Nov 12, 2025 at 07:24:04PM +0900, Greg Kroah-Hartman wrote:
> From: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>
>
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> btrfs: fix symbolic link reading when bs > ps
>
> [BUG DURING BS > PS TEST]
> When running the following script on a btrfs whose block size is larger
> than page size, e.g. 8K block size and 4K page size, it will trigger a
> kernel BUG:
>
> # mkfs.btrfs -s 8k $dev
> # mount $dev $mnt
> # mkdir $mnt/dir
> # ln -s dir $mnt/link
> # ls $mnt/link

Please drop the CVE status from this patch, the bs > ps (block size
bigger than page size) feature requires CONFIG_BTRFS_EXPERIMENTAL and is
unfinished and possibly unstable in other use cases. It does not make
sense to improve security where none should be expected.