CVE ID:	CVE-2024-36027
Description:	In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an extent buffer, which is once allocated, marked dirty, but turns out unnecessary and cleaned up within one transaction operation. Currently, btrfs_clear_buffer_dirty() marks the extent buffer as EXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call happens while the buffer is under IO (with the WRITEBACK flag set, without the DIRTY flag), we can add the ZEROOUT flag and clear the buffer's content just before a bio submission. As a result: 1) it can lead to adding faulty delayed reference item which leads to a FS corrupted (EUCLEAN) error, and 2) it writes out cleared tree node on disk The former issue is previously discussed in [1]. The corruption happens when it runs a delayed reference update. So, on-disk data is safe. [1] https://lore.kernel.org/linux-btrfs/3f4f2a0ff1a6c81805043428 8925bdcf3cd719e5.1709124777.git.naohiro.aota@wdc.com/ The latter one can reach on-disk data. But, as that node is already processed by btrfs_clear_buffer_dirty(), that will be invalidated in the next transaction commit anyway. So, the chance of hitting the corruption is relatively small. Anyway, we should skip flagging ZEROOUT on a non- DIRTY extent buffer, to keep the content under IO intact.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2024-36027 https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457 https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457 https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043 https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043