CVE-2024-56759

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

When a COWing a tree block, at btrfscowblock(), and we have the tracepoint tracebtrfscowblock() enabled and preemption is also enabled (CONFIGPREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfscowblock(), such as btrfssearchslot(), we are holding the last reference on the extent buffer @buf so btrfsforcecowblock() drops the last reference on the @buf extent buffer when it calls freeextentbufferstale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling tracebtrfscowblock() and the extent buffer already released by the time tracebtrfscowblock() is called, resulting in a use-after-free.

Fix this by moving the tracebtrfscowblock() from btrfscowblock() to btrfsforcecowblock() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfsreallocnode(), since btrfsforcecow_block() is called there, but this is fine and it was actually missing there.