CVE-2022-50379

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix race between quota enable and quota rescan ioctl<br /> <br /> When enabling quotas, at btrfs_quota_enable(), after committing the<br /> transaction, we change fs_info-&gt;quota_root to point to the quota root we<br /> created and set BTRFS_FS_QUOTA_ENABLED at fs_info-&gt;flags. Then we try<br /> to start the qgroup rescan worker, first by initializing it with a call<br /> to qgroup_rescan_init() - however if that fails we end up freeing the<br /> quota root but we leave fs_info-&gt;quota_root still pointing to it, this<br /> can later result in a use-after-free somewhere else.<br /> <br /> We have previously set the flags BTRFS_FS_QUOTA_ENABLED and<br /> BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at<br /> btrfs_quota_enable(), which is possible if someone already called the<br /> quota rescan ioctl, and therefore started the rescan worker.<br /> <br /> So fix this by ignoring an -EINPROGRESS and asserting we can&amp;#39;t get any<br /> other error.