CVE-2021-47510 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, identified as CVE-2021-47510, occurs in the Linux kernel's Btrfs file system. It affects versions 5.12 to 5.15.7 and 5.16 (before commit 84c254489299). The issue arises when a transaction is aborted with an `-EAGAIN` error while writing out freeing tree nodes of a tree-log tree, leading to a write hole.

 The root cause of the problem is that, for zoned Btrfs devices, a freed tree node needs to be re-dirtied to ensure that Btrfs can write the region and avoid leaving a hole. However, the current code fails to re-dirty a node when the tree-log tree's depth is greater than or equal to 2. This failure leads to a transaction abort with `-EAGAIN`.

 The fix involves properly re-dirtying a node on walking up the tree. The affected file is `fs/btrfs/tree-log.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from commits 477675049ca8 and 84c254489299.

 In technical terms, the vulnerability occurs during the cleanup of a transaction, specifically in the `cleanup_transaction` function (line 1946). The error happens when writing out freeing tree nodes of a tree-log tree, which can lead to a write hole. The fix involves re-dirtying the node properly by walking up the tree, ensuring that Btrfs can write the region without leaving a hole on zoned devices.
	The vulnerability, identified as CVE-2021-47510, occurs in the Linux kernel's Btrfs file system. It affects versions 5.12 to 5.15.7 and 5.16 (before commit 84c254489299). The issue arises when a transaction is aborted with an `-EAGAIN` error while writing out freeing tree nodes of a tree-log tree, leading to a write hole.

	The root cause of the problem is that, for zoned Btrfs devices, a freed tree node needs to be re-dirtied to ensure that Btrfs can write the region and avoid leaving a hole. However, the current code fails to re-dirty a node when the tree-log tree's depth is greater than or equal to 2. This failure leads to a transaction abort with `-EAGAIN`.

	The fix involves properly re-dirtying a node on walking up the tree. The affected file is `fs/btrfs/tree-log.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from commits 477675049ca8 and 84c254489299.

	In technical terms, the vulnerability occurs during the cleanup of a transaction, specifically in the `cleanup_transaction` function (line 1946). The error happens when writing out freeing tree nodes of a tree-log tree, which can lead to a write hole. The fix involves re-dirtying the node properly by walking up the tree, ensuring that Btrfs can write the region without leaving a hole on zoned devices.