git-server-git.apps.pok.os.sepia.ceph.com Git

author	Filipe Manana <fdmanana@suse.com>
	Thu, 26 Feb 2026 23:41:07 +0000 (23:41 +0000)
committer	David Sterba <dsterba@suse.com>
	Tue, 3 Mar 2026 16:03:59 +0000 (17:03 +0100)
commit	87f2c46003fce4d739138aab4af1942b1afdadac
tree	168cdee57669b7914a2b9c69cd6a7cf8af0ef159	tree \| snapshot
parent	e1b18b959025e6b5dbad668f391f65d34b39595a	commit \| diff

btrfs: fix transaction abort on set received ioctl due to item overflow

If the set received ioctl fails due to an item overflow when attempting to
add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction
since we did some metadata updates before.

This means that if a user calls this ioctl with the same received UUID
field for a lot of subvolumes, we will hit the overflow, trigger the
transaction abort and turn the filesystem into RO mode. A malicious user
could exploit this, and this ioctl does not even requires that a user
has admin privileges (CAP_SYS_ADMIN), only that he/she owns the subvolume.

Fix this by doing an early check for item overflow before starting a
transaction. This is also race safe because we are holding the subvol_sem
semaphore in exclusive (write) mode.

A test case for fstests will follow soon.

Fixes: dd5f9615fc5c ("Btrfs: maintain subvolume items in the UUID tree")
CC: stable@vger.kernel.org # 3.12+
Reviewed-by: Anand Jain <asj@kernel.org>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

fs/btrfs/ioctl.c		diff \| blob \| history
fs/btrfs/uuid-tree.c		diff \| blob \| history
fs/btrfs/uuid-tree.h		diff \| blob \| history