linux-stable.git/fs/ntfs/dir.c, branch master Linux kernel stable tree ntfs: fix NULL dereference in ntfs_index_walk_down() 2026-04-27T13:29:04+00:00 DaeMyung Kang charsyam@gmail.com 2026-04-26T04:02:31+00:00 b5198fcdc195fa531adff7bbfbe40dd27c8d0e89 ntfs_index_walk_down() allocates ictx->ib when descending from the root into an index allocation block. If that allocation fails, the old code still passes the NULL buffer to ntfs_ib_read(), which can write through it via ntfs_inode_attr_pread(). Allocate the index block into a temporary pointer and return -ENOMEM before changing the index context on allocation failure. Also propagate ERR_PTR() through ntfs_index_next() and ntfs_readdir() so walk-down allocation or index block read failures are not mistaken for normal index iteration inside the filesystem. ntfs_readdir() keeps the existing userspace-visible behavior of suppressing readdir errors after marking end_in_iterate; this change only prevents the walk-down failure path from dereferencing NULL internally. The failure was reproduced with failslab fail-nth injection on getdents64; the original module hits a NULL pointer dereference in memcpy_orig through ntfs_ib_read(), while the patched module reaches the same ntfs_index_walk_down() allocation failure without crashing. Fixes: 0a8ac0c1fa0b ("ntfs: update directory operations") Signed-off-by: DaeMyung Kang <charsyam@gmail.com> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
ntfs_index_walk_down() allocates ictx->ib when descending from the root
into an index allocation block. If that allocation fails, the old code
still passes the NULL buffer to ntfs_ib_read(), which can write through
it via ntfs_inode_attr_pread().

Allocate the index block into a temporary pointer and return -ENOMEM
before changing the index context on allocation failure. Also propagate
ERR_PTR() through ntfs_index_next() and ntfs_readdir() so walk-down
allocation or index block read failures are not mistaken for normal
index iteration inside the filesystem.

ntfs_readdir() keeps the existing userspace-visible behavior of
suppressing readdir errors after marking end_in_iterate; this change only
prevents the walk-down failure path from dereferencing NULL internally.

The failure was reproduced with failslab fail-nth injection on getdents64;
the original module hits a NULL pointer dereference in memcpy_orig through
ntfs_ib_read(), while the patched module reaches the same
ntfs_index_walk_down() allocation failure without crashing.

Fixes: 0a8ac0c1fa0b ("ntfs: update directory operations")
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
ntfs: fix variable dereferenced before check warnings 2026-03-16T11:27:45+00:00 Hyunchul Lee hyc.lee@gmail.com 2026-03-12T23:59:07+00:00 4e59f8a1a82beaa49d7796648fc4dc538eff6485 Detected by Smatch. lcnalloc.c:736 ntfs_cluster_alloc() error: we previously assumed 'rl' could be null (see line 719) inode.c:3275 ntfs_inode_close() warn: variable dereferenced before check 'tmp_nis' (see line 3255) attrib.c:4952 ntfs_attr_remove() warn: variable dereferenced before check 'ni' (see line 4951) dir.c:1035 ntfs_readdir() error: we previously assumed 'private' could be null (see line 850) Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
Detected by Smatch.

lcnalloc.c:736 ntfs_cluster_alloc() error:
  we previously assumed 'rl' could be null (see line 719)

inode.c:3275 ntfs_inode_close() warn:
  variable dereferenced before check 'tmp_nis' (see line 3255)

attrib.c:4952 ntfs_attr_remove() warn:
  variable dereferenced before check 'ni' (see line 4951)

dir.c:1035 ntfs_readdir() error:
  we previously assumed 'private' could be null (see line 850)

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
ntfs: prefer IS_ERR_OR_NULL() over manual NULL check 2026-03-16T11:27:42+00:00 Hyunchul Lee hyc.lee@gmail.com 2026-03-11T02:13:51+00:00 7cf4b3c768fda4076af25d5c4bb4a6267e32d42d Use IS_ERR_OR_NULL() instead of manual NULL and IS_ERR() checks. Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
Use IS_ERR_OR_NULL() instead of manual NULL and IS_ERR() checks.

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
ntfs: use ->mft_no instead of ->i_ino in prints 2026-03-06T13:08:42+00:00 Namjae Jeon linkinjeon@kernel.org 2026-03-05T01:46:42+00:00 e7d82353986c7267fbd03d7385829cc763807b55 This improves log accuracy for NTFS debugging and removes unnecessary reliance on the VFS i_ino field ahead of the core VFS type change. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
This improves log accuracy for NTFS debugging and removes unnecessary
reliance on the VFS i_ino field ahead of the core VFS type change.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
ntfs: change mft_no type to u64 2026-03-06T13:08:39+00:00 Namjae Jeon linkinjeon@kernel.org 2026-03-05T01:40:54+00:00 d9038d99fb5c623f43bcd8b726bfbbe8562648c2 Changes the type of ntfs_inode::mft_no from unsigned long to u64 to safely handle the full 48-bit range without truncation risk, especially in preparation for broader VFS inode number type (i_ino:u64) and to improve consistency with ntfs driver practices. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
Changes the type of ntfs_inode::mft_no from unsigned long to u64
to safely handle the full 48-bit range without truncation risk, especially
in preparation for broader VFS inode number type (i_ino:u64) and to
improve consistency with ntfs driver practices.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
ntfs: update directory operations 2026-02-19T12:48:07+00:00 Namjae Jeon linkinjeon@kernel.org 2026-02-13T01:40:41+00:00 0a8ac0c1fa0b99a5b29002bc7f232ed7eafddef0 Update the directory and index operations to support full read-write functionality and use the folio API, including directory modification. Acked-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
Update the directory and index operations to support full read-write
functionality and use the folio API, including directory modification.

Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Revert "fs: Remove NTFS classic" 2026-02-19T12:48:05+00:00 Namjae Jeon linkinjeon@kernel.org 2025-12-30T05:24:16+00:00 1e9ea7e04472d4e5e12e58c881eaacfb3e49b669 This reverts commit 7ffa8f3d30236e0ab897c30bdb01224ff1fe1c89. Reverts the removal of the classic read-only ntfs driver to serve as the base for a new read-write ntfs implementation. If we stack changes on top of the revert patch, It will significantly reduce the diff size, making the review easier. This revert intentionally excludes the restoration of Kconfig and Makefile. The Kconfig and Makefile will be added back in the final patch of this series, enabling the driver only after all features and improvements have been applied. Acked-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> 
This reverts commit 7ffa8f3d30236e0ab897c30bdb01224ff1fe1c89.

Reverts the removal of the classic read-only ntfs driver to
serve as the base for a new read-write ntfs implementation.
If we stack changes on top of the revert patch, It will significantly
reduce the diff size, making the review easier.

This revert intentionally excludes the restoration of Kconfig and
Makefile. The Kconfig and Makefile will be added back in the final patch
of this series, enabling the driver only after all features and
improvements have been applied.

Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
fs: Remove NTFS classic 2024-01-24T09:47:00+00:00 Matthew Wilcox (Oracle) willy@infradead.org 2024-01-15T07:20:25+00:00 7ffa8f3d30236e0ab897c30bdb01224ff1fe1c89 The replacement, NTFS3, was merged over two years ago. It is now time to remove the original from the tree as it is the last user of several APIs, and it is not worth changing. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Link: https://lore.kernel.org/r/20240115072025.2071931-1-willy@infradead.org Acked-by: Namjae Jeon <linkinjeon@kernel.org> Acked-by: Dave Chinner <david@fromorbit.com> Cc: Anton Altaparmakov <anton@tuxera.com> Cc: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 
The replacement, NTFS3, was merged over two years ago.  It is now time to
remove the original from the tree as it is the last user of several APIs,
and it is not worth changing.

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://lore.kernel.org/r/20240115072025.2071931-1-willy@infradead.org
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Acked-by: Dave Chinner <david@fromorbit.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ntfs: dir.c: fix kernel-doc function parameter warnings 2023-12-21T12:17:54+00:00 Randy Dunlap rdunlap@infradead.org 2023-12-19T04:54:14+00:00 4cf8249dc907398f694d310b89b494c144a4d9ec Correct the kernel-doc function parameter warnings for function ntfs_dir_fsync() to prevent the following kernel-doc warnings: dir.c:1489: warning: Function parameter or member 'start' not described in 'ntfs_dir_fsync' dir.c:1489: warning: Function parameter or member 'end' not described in 'ntfs_dir_fsync' dir.c:1489: warning: Excess function parameter 'dentry' description in 'ntfs_dir_fsync' Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Link: https://lore.kernel.org/r/20231219045414.24670-1-rdunlap@infradead.org Reviewed-by: Namjae Jeon <linkinjeon@kernel.org> Cc: Anton Altaparmakov <anton@tuxera.com> Cc: Namjae Jeon <linkinjeon@kernel.org> Cc: <linux-ntfs-dev@lists.sourceforge.net> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 
Correct the kernel-doc function parameter warnings for function
ntfs_dir_fsync() to prevent the following kernel-doc warnings:

dir.c:1489: warning: Function parameter or member 'start' not described in 'ntfs_dir_fsync'
dir.c:1489: warning: Function parameter or member 'end' not described in 'ntfs_dir_fsync'
dir.c:1489: warning: Excess function parameter 'dentry' description in 'ntfs_dir_fsync'

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20231219045414.24670-1-rdunlap@infradead.org
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: <linux-ntfs-dev@lists.sourceforge.net>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
vfs: get rid of old '->iterate' directory operation 2023-08-06T13:08:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2023-08-05T19:25:01+00:00 3e3271549670783be20e233a2b78a87a0b04c715 All users now just use '->iterate_shared()', which only takes the directory inode lock for reading. Filesystems that never got convered to shared mode now instead use a wrapper that drops the lock, re-takes it in write mode, calls the old function, and then downgrades the lock back to read mode. This way the VFS layer and other callers no longer need to care about filesystems that never got converted to the modern era. The filesystems that use the new wrapper are ceph, coda, exfat, jfs, ntfs, ocfs2, overlayfs, and vboxsf. Honestly, several of them look like they really could just iterate their directories in shared mode and skip the wrapper entirely, but the point of this change is to not change semantics or fix filesystems that haven't been fixed in the last 7+ years, but to finally get rid of the dual iterators. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 
All users now just use '->iterate_shared()', which only takes the
directory inode lock for reading.

Filesystems that never got convered to shared mode now instead use a
wrapper that drops the lock, re-takes it in write mode, calls the old
function, and then downgrades the lock back to read mode.

This way the VFS layer and other callers no longer need to care about
filesystems that never got converted to the modern era.

The filesystems that use the new wrapper are ceph, coda, exfat, jfs,
ntfs, ocfs2, overlayfs, and vboxsf.

Honestly, several of them look like they really could just iterate their
directories in shared mode and skip the wrapper entirely, but the point
of this change is to not change semantics or fix filesystems that
haven't been fixed in the last 7+ years, but to finally get rid of the
dual iterators.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>