CVE-2023-52897
- Source
- https://cve.org/CVERecord?id=CVE-2023-52897
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52897.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52897
- Downstream
- Published
- 2024-08-21T06:10:37.316Z
- Modified
- 2026-02-24T10:11:26.665644Z
- Summary
- btrfs: qgroup: do not warn on record without old_roots populated
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: do not warn on record without old_roots populated
[BUG] There are some reports from the mailing list that since v6.1 kernel, the WARNON() inside btrfsqgroupaccountextent() gets triggered during rescan:
WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfsqgroupaccountextents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7 RIP: 0010:btrfsqgroupaccountextents+0x1ae/0x260 [btrfs] Call Trace: <TASK> btrfscommittransaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? starttransaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfsqgrouprescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfsioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? _rseqhandlenotifyresume+0xa9/0x4a0 ? mntputnoexpire+0x4a/0x240 ? _seccompfilter+0x319/0x4d0 _x64sysioctl+0x90/0xd0 dosyscall64+0x5b/0x80 ? syscallexittousermode+0x17/0x40 ? dosyscall64+0x67/0x80 entrySYSCALL64after_hwframe+0x63/0xcd RIP: 0033:0x7fd9b790d9bf </TASK>
[CAUSE] Since commit e15e9f43c7ca ("btrfs: introduce BTRFSQGROUPRUNTIMEFLAGNO_ACCOUNTING to skip qgroup accounting"), if our qgroup is already in inconsistent state, we will no longer do the time-consuming backref walk.
This can leave some qgroup records without a valid oldroots ulist. Normally this is fine, as btrfsqgroupaccountextents() would also skip those records if we have NO_ACCOUNTING flag set.
But there is a small window, if we have NOACCOUNTING flag set, and inserted some qgrouprecord without a old_roots ulist, but then the user triggered a qgroup rescan.
During btrfsqgrouprescan(), we firstly clear NO_ACCOUNTING flag, then commit current transaction.
And since we have a qgrouprecord with oldroots = NULL, we trigger the WARNON() during btrfsqgroupaccountextents().
[FIX] Unfortunately due to the introduction of NOACCOUNTING flag, the assumption that every qgrouprecord would have its old_roots populated is no longer correct.
Fix the false alerts and drop the WARN_ON().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52897.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/75181406b4eafacc531ff2ee5fb032bd93317e2b
- https://git.kernel.org/stable/c/bb2c2e62539f2b63c5e0beb51501d328260c7595
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52897.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52897
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede15e9f43c7ca25603fcf4c20d44ec777726f1034Fixedbb2c2e62539f2b63c5e0beb51501d328260c7595Fixed75181406b4eafacc531ff2ee5fb032bd93317e2b
Affected versions
v6.*
Database specific
vanir_signatures
[
{
"id": "CVE-2023-52897-3b233389",
"signature_version": "v1",
"digest": {
"function_hash": "266757706377593618902991757928007548883",
"length": 1217.0
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bb2c2e62539f2b63c5e0beb51501d328260c7595",
"signature_type": "Function",
"target": {
"file": "fs/btrfs/qgroup.c",
"function": "btrfs_qgroup_account_extents"
}
},
{
"id": "CVE-2023-52897-6264ee44",
"signature_version": "v1",
"digest": {
"function_hash": "318253056261228408820990186442589731240",
"length": 1323.0
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75181406b4eafacc531ff2ee5fb032bd93317e2b",
"signature_type": "Function",
"target": {
"file": "fs/btrfs/qgroup.c",
"function": "btrfs_qgroup_account_extents"
}
},
{
"id": "CVE-2023-52897-b38e02ce",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"67821475638367676404016561592384352930",
"214928058543830446973456585841176279158",
"59889967589629904814909839944697349201",
"242936938678591585934304507982711609897"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75181406b4eafacc531ff2ee5fb032bd93317e2b",
"signature_type": "Line",
"target": {
"file": "fs/btrfs/qgroup.c"
}
},
{
"id": "CVE-2023-52897-ef2c4181",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"95284346372284379696531218103686347232",
"172353770038680277711971126654859855520",
"151264429046052174390979411093101571716",
"88798191734397534401531679547202381303"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bb2c2e62539f2b63c5e0beb51501d328260c7595",
"signature_type": "Line",
"target": {
"file": "fs/btrfs/qgroup.c"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52897.json"