CVE-2022-49761

In the Linux kernel, the following vulnerability has been resolved:

btrfs: always report error in runonedelayed_ref()

Currently we have a btrfsdebug() for runonedelayedref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging.

This patch will:

• Add extra info for error reporting Including:

  • logical bytenr
  • num_bytes
  • type
  • action
  • ref_mod

• Replace the btrfsdebug() with btrfserr()

• Move the error reporting into runonedelayed_ref() This is to avoid use-after-free, the @node can be freed in the caller.

This error should only be triggered at most once.

As if runonedelayed_ref() failed, we trigger the error message, then causing the call chain to error out:

btrfsrundelayedrefs() - btrfs_run_delayed_refs() - btrfsrundelayedrefsforhead() `- runonedelayed_ref()

And we will abort the current transaction in btrfsrundelayedrefs(). If we have to run delayed refs for the abort transaction, runonedelayedref() will just cleanup the refs and do nothing, thus no new error messages would be output.