Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.1.y 2026-05-09T15:42:27+00:00 2026-05-09T15:42:27+00:00 DaeMyung Kang charsyam@gmail.com 2026-05-09T06:12:36+00:00 urn:sha1:679ee5afd5b4764911656b4d4b83b9abee2b5572 NTFS MFT record numbers are limited to the 32-bit range, and ntfs_mft_record_layout() rejects mft_no >= 2^32. The free-MFT-record bitmap scan in ntfs_mft_bitmap_find_and_alloc_free_rec_nolock() also guards against this overflow but uses a strict greater than comparison, allowing record number 2^32 itself through this earlier check. Every other 2^32 boundary check in fs/ntfs/mft.c uses '>=', so the strict greater than here is both a real off-by-one and an internal inconsistency. A model with ll == 2^32 confirms the current check accepts the value while the corrected check rejects it. Use '>=' so the boundary matches the layout-time rejection and the surrounding bitmap-scan checks. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-05-09T15:42:17+00:00 DaeMyung Kang charsyam@gmail.com 2026-05-09T06:12:35+00:00 urn:sha1:6098790c403d5e95a35bb6bf938591ca8c8e224f ntfs_mft_record_check() verifies that attrs_offset is aligned and that the resulting pointer stays within the allocated MFT record buffer, but it does not check that the first attribute header starts within the bytes_in_use area. A malformed record with attrs_offset greater than bytes_in_use can pass this check as long as attrs_offset is still within bytes_allocated. The attribute parser then computes the remaining record space by subtracting the attribute pointer from bytes_in_use. Because that value is unsigned, the subtraction can underflow and allow bytes after bytes_in_use to be interpreted as an attribute. Reject records where attrs_offset is outside bytes_in_use or where the used area does not even contain the four-byte attribute type/AT_END terminator at attrs_offset. A small userspace model with attrs_offset=128 and bytes_in_use=64 shows the current check accepts the record and the parser space calculation underflows to 0xffffffc0. With this change the same malformed record is rejected before the attribute walker is entered. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-05-08T14:50:51+00:00 DaeMyung Kang charsyam@gmail.com 2026-04-30T17:20:53+00:00 urn:sha1:563d0d4c2c1dc1f3f84104c78b388d0490c0086f ntfs_sync_mft_mirror() and write_mft_record_nolock() with @sync set are both documented as synchronous, but neither actually waits for the bio they submit nor inspects bi_status. write_inode() can return success while dirty mft record bytes are still in flight, and bio errors are silently dropped: the volume is not marked with errors and the inode is not redirtied. This breaks fsync()/sync metadata durability. Switch ntfs_sync_mft_mirror() and the @sync path of write_mft_record_nolock() to submit_bio_wait() and propagate the returned error to the caller. Capture ntfs_sync_mft_mirror()'s return value at its call sites in write_mft_record_nolock() so a mirror write failure surfaces too. The @sync parameter only controls the main MFT bio. The !@sync main submission is therefore unchanged and still uses ntfs_bio_end_io() to drop the folio reference taken before submission. The mirror call has always been documented as performing synchronous I/O regardless of @sync, so making it actually block restores the originally intended contract for both @sync and !@sync callers. Note this only fixes the synchronous mirror/main paths reachable from write_mft_record_nolock(). The main MFT write submitted from ntfs_write_mft_block() (the .writepages path) still does not wait for completion or check bi_status; that requires a larger restructuring and is left to a follow-up patch. Fixes: 115380f9a2f9 ("ntfs: update mft operations") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-05-08T14:50:49+00:00 DaeMyung Kang charsyam@gmail.com 2026-04-30T17:20:55+00:00 urn:sha1:618c991cdf031925b09cbb1117f613abdb068680 After ntfs_sync_mft_mirror() became able to return real I/O errors, ntfs_write_mft_block() still discards its return value at the call site inside the per-record loop. A failed $MFTMirr write therefore leaves the volume looking clean from the writeback path even though the on-disk mirror is now stale. Capture the return value and feed it into the function's existing @err variable using the same "first error wins" pattern already used on other failure paths. The error is propagated to the caller and, via the existing tail of the function, sets NVolErrors so umount and chkdsk see the volume as inconsistent. Fixes: 115380f9a2f9 ("ntfs: update mft operations") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-05-08T14:50:47+00:00 DaeMyung Kang charsyam@gmail.com 2026-04-30T17:20:54+00:00 urn:sha1:49c12bee2bb2604e82a997521175b85ca5421685 ntfs_write_mft_block() is called by writeback_iter() with the folio locked. When the per-call allocations for @locked_nis or @ref_inos fail, the function returns -ENOMEM directly without unlocking the folio. Any later task that needs the folio's lock then stalls, and the folio's dirty state is silently lost from the writeback iterator's point of view. Use folio_redirty_for_writepage() so the folio remains dirty for a subsequent writeback pass, unlock it, and only then return -ENOMEM so the caller can propagate the error to fsync()/sync_filesystem(). Fixes: f462fdf3d6a4 ("ntfs: reduce stack usage in ntfs_write_mft_block()") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-05-08T14:50:45+00:00 DaeMyung Kang charsyam@gmail.com 2026-04-30T11:54:47+00:00 urn:sha1:47773fa85e470e9896a22a99ccd5b5930d469680 When the mft record is an extent record, ntfs_may_write_mft_record() looks up its base inode in the icache. The hash key passed to find_inode_nowait() must be the base inode's mft number (na.mft_no, set just above to MREF_LE(m->base_mft_record)), but the code passes @mft_no, the extent record's own number. find_inode_nowait() uses its second argument as the hashval, so the lookup lands in the wrong bucket and almost always returns NULL. ntfs_may_write_mft_record() then returns false and the writeback path (ntfs_write_mft_block()) skips that extent record, leaving the on-disk copy permanently out of sync with the in-memory one. The original ilookup5_nowait() call this conversion replaced used na.mft_no. Restore that. Fixes: 115380f9a2f9 ("ntfs: update mft operations") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-04-18T02:33:13+00:00 Dan Carpenter error27@gmail.com 2026-04-10T06:47:25+00:00 urn:sha1:e8b79d09e3121390ebd04591ac1d8c4dea811815 Return -ENOMEM if the kmalloc() fails. Don't return success. Signed-off-by: Dan Carpenter <error27@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-04-18T02:33:07+00:00 Namjae Jeon linkinjeon@kernel.org 2026-04-10T14:49:01+00:00 urn:sha1:545834ac412fb42d41a41442aee7998c1d2dcced Smatch reported that the variable rl could be used uninitialized in ntfs_write_mft_block(). After analyzing the code, when vol->cluster_size == NTFS_BLOCK_SIZE (512), it is smaller than folio_size, so rl is guaranteed to be initialized. If vol->cluster_size is larger, the condition to access rl becomes false, so a runtime error is not expected to occur. However, to make the static checker happy, this patch initializes rl to NULL and adds an explicit check before its usage. Reported-by: Dan Carpenter <error27@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 2026-04-17T23:35:49+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-04-17T23:35:49+00:00 urn:sha1:cdd4dc3aebeab43a72ce0bc2b5bab6f0a80b97a5 Pull ntfs resurrection from Namjae Jeon: "Ever since Kari Argillander’s 2022 report [1] regarding the state of the ntfs3 driver, I have spent the last 4 years working to provide full write support and current trends (iomap, no buffer head, folio), enhanced performance, stable maintenance, utility support including fsck for NTFS in Linux. This new implementation is built upon the clean foundation of the original read-only NTFS driver, adding: - Write support: Implemented full write support based on the classic read-only NTFS driver. Added delayed allocation to improve write performance through multi-cluster allocation and reduced fragmentation of the cluster bitmap. - iomap conversion: Switched buffered IO (reads/writes), direct IO, file extent mapping, readpages, and writepages to use iomap. - Remove buffer_head: Completely removed buffer_head usage by converting to folios. As a result, the dependency on CONFIG_BUFFER_HEAD has been removed from Kconfig. - Stability improvements: The new ntfs driver passes 326 xfstests, compared to 273 for ntfs3. All tests passed by ntfs3 are a complete subset of the tests passed by this implementation. Added support for fallocate, idmapped mounts, permissions, and more. xfstests Results report: Total tests run: 787 Passed : 326 Failed : 38 Skipped : 423 Failed tests breakdown: - 34 tests require metadata journaling - 4 other tests: 094: No unwritten extent concept in NTFS on-disk format 563: cgroup v2 aware writeback accounting not supported 631: RENAME_WHITEOUT support required 787: NFS delegation test" Link: https://lore.kernel.org/all/da20d32b-5185-f40b-48b8-2986922d8b25@stargateuniverse.net/ [1] [ Let's see if this undead filesystem ends up being of the "Easter miracle" kind, or the "Nosferatu of filesystems" kind... ] * tag 'ntfs-for-7.1-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs: (46 commits) ntfs: remove redundant out-of-bound checks ntfs: add bound checking to ntfs_external_attr_find ntfs: add bound checking to ntfs_attr_find ntfs: fix ignoring unreachable code warnings ntfs: fix inconsistent indenting warnings ntfs: fix variable dereferenced before check warnings ntfs: prefer IS_ERR_OR_NULL() over manual NULL check ntfs: harden ntfs_listxattr against EA entries ntfs: harden ntfs_ea_lookup against malformed EA entries ntfs: check $EA query-length in ntfs_ea_get ntfs: validate WSL EA payload sizes ntfs: fix WSL ea restore condition ntfs: add missing newlines to pr_err() messages ntfs: fix pointer/integer casting warnings ntfs: use ->mft_no instead of ->i_ino in prints ntfs: change mft_no type to u64 ntfs: select FS_IOMAP in Kconfig ntfs: add MODULE_ALIAS_FS ntfs: reduce stack usage in ntfs_write_mft_block() ntfs: fix sysctl table registration and path ... 2026-03-16T11:27:49+00:00 Hyunchul Lee hyc.lee@gmail.com 2026-03-13T00:25:21+00:00 urn:sha1:068a35fd7293c20ba35cc3f19ce981c038cc9328 Detected by Smatch. ndex.c:2041 ntfs_index_walk_up() warn: inconsistent indenting mft.c:2462 ntfs_mft_record_alloc() warn: inconsistent indenting Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>