CVE-2022-49761

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: always report error in run_one_delayed_ref()<br /> <br /> Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but<br /> if end users hit such problem, there will be no chance that<br /> btrfs_debug() is enabled. This can lead to very little useful info for<br /> debugging.<br /> <br /> This patch will:<br /> <br /> - Add extra info for error reporting<br /> Including:<br /> * logical bytenr<br /> * num_bytes<br /> * type<br /> * action<br /> * ref_mod<br /> <br /> - Replace the btrfs_debug() with btrfs_err()<br /> <br /> - Move the error reporting into run_one_delayed_ref()<br /> This is to avoid use-after-free, the @node can be freed in the caller.<br /> <br /> This error should only be triggered at most once.<br /> <br /> As if run_one_delayed_ref() failed, we trigger the error message, then<br /> causing the call chain to error out:<br /> <br /> btrfs_run_delayed_refs()<br /> `- btrfs_run_delayed_refs()<br /> `- btrfs_run_delayed_refs_for_head()<br /> `- run_one_delayed_ref()<br /> <br /> And we will abort the current transaction in btrfs_run_delayed_refs().<br /> If we have to run delayed refs for the abort transaction,<br /> run_one_delayed_ref() will just cleanup the refs and do nothing, thus no<br /> new error messages would be output.