From: Boris Burkov <boris@bur.io>
To: fdmanana@kernel.org
Cc: linux-btrfs@vger.kernel.org
Subject: Re: [PATCH 0/5] btrfs: fix exploits that allow malicious users to turn fs into RO mode
Date: Thu, 26 Feb 2026 11:10:09 -0800 [thread overview]
Message-ID: <20260226191009.GB2996252@zen.localdomain> (raw)
In-Reply-To: <cover.1772105193.git.fdmanana@suse.com>
On Thu, Feb 26, 2026 at 02:33:57PM +0000, fdmanana@kernel.org wrote:
> From: Filipe Manana <fdmanana@suse.com>
>
> We have a couple scenarios that regular users can exploit to trigger a
> transaction abort and turn a filesystem into RO mode, causing some
> disruption. The first 2 patches fix these, the remainder are just a few
> trivial and cleanups.
Bug fixes and cleanups look good. No need to abort in these cases as you
have shown.
Reviewed-by: Boris Burkov <boris@bur.io>
But on the topic of security, or malicious users:
How is this sort of attack conceptually different from simply filling
up the filesystem with fallocates then doing random metadata operations
until we ENOSPC and go readonly?
What about if the attacker also exploits the behavior of the extent
allocator to try to produce fragmentation driven metadata ENOSPCs
aborts?
Thanks,
Boris
>
> Filipe Manana (5):
> btrfs: fix transaction abort on file creation due to name hash collision
> btrfs: fix transaction abort when snapshotting received subvolumes
> btrfs: stop checking for -EEXIST return value from btrfs_uuid_tree_add()
> btrfs: remove duplicated uuid tree existence check in btrfs_uuid_tree_add()
> btrfs: remove pointless error check in btrfs_check_dir_item_collision()
>
> fs/btrfs/dir-item.c | 4 +---
> fs/btrfs/inode.c | 19 +++++++++++++++++++
> fs/btrfs/ioctl.c | 2 +-
> fs/btrfs/transaction.c | 18 +++++++++++++++++-
> fs/btrfs/uuid-tree.c | 5 +----
> 5 files changed, 39 insertions(+), 9 deletions(-)
>
> --
> 2.47.2
>
next prev parent reply other threads:[~2026-02-26 19:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 14:33 [PATCH 0/5] btrfs: fix exploits that allow malicious users to turn fs into RO mode fdmanana
2026-02-26 14:33 ` [PATCH 1/5] btrfs: fix transaction abort on file creation due to name hash collision fdmanana
2026-02-26 18:55 ` Boris Burkov
2026-02-26 21:24 ` Filipe Manana
2026-02-26 21:29 ` Boris Burkov
2026-02-26 14:33 ` [PATCH 2/5] btrfs: fix transaction abort when snapshotting received subvolumes fdmanana
2026-02-26 20:40 ` Qu Wenruo
2026-02-26 21:30 ` Filipe Manana
2026-02-26 14:34 ` [PATCH 3/5] btrfs: stop checking for -EEXIST return value from btrfs_uuid_tree_add() fdmanana
2026-02-26 14:34 ` [PATCH 4/5] btrfs: remove duplicated uuid tree existence check in btrfs_uuid_tree_add() fdmanana
2026-02-26 14:34 ` [PATCH 5/5] btrfs: remove pointless error check in btrfs_check_dir_item_collision() fdmanana
2026-02-26 19:10 ` Boris Burkov [this message]
2026-02-26 21:18 ` [PATCH 0/5] btrfs: fix exploits that allow malicious users to turn fs into RO mode Filipe Manana
2026-02-26 21:57 ` Boris Burkov
2026-02-26 23:10 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260226191009.GB2996252@zen.localdomain \
--to=boris@bur.io \
--cc=fdmanana@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox