{"id":"CVE-2021-47189","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren't guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don't guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n    pc : submit_compressed_extents+0x38/0x3d0\n    lr : async_cow_submit+0x50/0xd0\n    sp : ffff800015d4bc20\n\n    \u003cregisters omitted for brevity\u003e\n\n    Call trace:\n     submit_compressed_extents+0x38/0x3d0\n     async_cow_submit+0x50/0xd0\n     run_ordered_work+0xc8/0x280\n     btrfs_work_helper+0x98/0x250\n     process_one_work+0x1f0/0x4ac\n     worker_thread+0x188/0x504\n     kthread+0x110/0x114\n     ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func.","modified":"2026-03-15T14:09:19.878101Z","published":"2024-04-10T19:15:47.570Z","related":["SUSE-SU-2024:1454-1","SUSE-SU-2024:1465-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:1641-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1647-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1","SUSE-SU-2024:1870-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136"},{"type":"FIX","url":"https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779"},{"type":"FIX","url":"https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513"},{"type":"FIX","url":"https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9"},{"type":"FIX","url":"https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff"},{"type":"FIX","url":"https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500"},{"type":"FIX","url":"https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179"},{"type":"FIX","url":"https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.15"},{"fixed":"4.4.293"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.291"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.256"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.218"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.162"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.82"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47189.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}