CVE-2021-47599

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: use latest_dev in btrfs_show_devname<br /> <br /> The test case btrfs/238 reports the warning below:<br /> <br /> WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]<br /> CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72<br /> Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015<br /> Call trace:<br /> btrfs_show_devname+0x108/0x1b4 [btrfs]<br /> show_mountinfo+0x234/0x2c4<br /> m_show+0x28/0x34<br /> seq_read_iter+0x12c/0x3c4<br /> vfs_read+0x29c/0x2c8<br /> ksys_read+0x80/0xec<br /> __arm64_sys_read+0x28/0x34<br /> invoke_syscall+0x50/0xf8<br /> do_el0_svc+0x88/0x138<br /> el0_svc+0x2c/0x8c<br /> el0t_64_sync_handler+0x84/0xe4<br /> el0t_64_sync+0x198/0x19c<br /> <br /> Reason:<br /> While btrfs_prepare_sprout() moves the fs_devices::devices into<br /> fs_devices::seed_list, the btrfs_show_devname() searches for the devices<br /> and found none, leading to the warning as in above.<br /> <br /> Fix:<br /> latest_dev is updated according to the changes to the device list.<br /> That means we could use the latest_dev-&gt;name to show the device name in<br /> /proc/self/mounts, the pointer will be always valid as it&amp;#39;s assigned<br /> before the device is deleted from the list in remove or replace.<br /> The RCU protection is sufficient as the device structure is freed after<br /> synchronization.