<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/ntfs3, branch linux-6.2.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>fs/ntfs3: Refactoring of various minor issues</title>
<updated>2023-05-17T11:59:08+00:00</updated>
<author>
<name>Konstantin Komarov</name>
<email>almaz.alexandrovich@paragon-software.com</email>
</author>
<published>2022-12-30T10:58:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=77f1450161c9ba7068c5783a94a39830e01723c4'/>
<id>77f1450161c9ba7068c5783a94a39830e01723c4</id>
<content type='text'>
commit 6827d50b2c430c329af442b64c9176d174f56521 upstream.

Removed unused macro.
Changed null pointer checking.
Fixed inconsistent indenting.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Cc: Rudi Heitbaum &lt;rudi@heitbaum.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6827d50b2c430c329af442b64c9176d174f56521 upstream.

Removed unused macro.
Changed null pointer checking.
Fixed inconsistent indenting.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Cc: Rudi Heitbaum &lt;rudi@heitbaum.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Fix null-ptr-deref on inode-&gt;i_op in ntfs_lookup()</title>
<updated>2023-05-17T11:58:40+00:00</updated>
<author>
<name>ZhangPeng</name>
<email>zhangpeng362@huawei.com</email>
</author>
<published>2022-11-25T10:21:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2ba22cbc6a1cf4b58195adbee0b80262e53992d3'/>
<id>2ba22cbc6a1cf4b58195adbee0b80262e53992d3</id>
<content type='text'>
[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]

Syzbot reported a null-ptr-deref bug:

ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
 &lt;TASK&gt;
 d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
 lookup_open fs/namei.c:3391 [inline]
 open_last_lookups fs/namei.c:3481 [inline]
 path_openat+0x10e6/0x2df0 fs/namei.c:3688
 do_filp_open+0x264/0x4f0 fs/namei.c:3718
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_open fs/open.c:1334 [inline]
 __se_sys_open fs/open.c:1330 [inline]
 __x64_sys_open+0x221/0x270 fs/open.c:1330
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

If the MFT record of ntfs inode is not a base record, inode-&gt;i_op can be
NULL. And a null-ptr-deref may happen:

ntfs_lookup()
    dir_search_u() # inode-&gt;i_op is set to NULL
    d_splice_alias()
        __d_add()
            d_flags_for_inode() # inode-&gt;i_op-&gt;get_link null-ptr-deref

Fix this by adding a Check on inode-&gt;i_op before calling the
d_splice_alias() function.

Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng &lt;zhangpeng362@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]

Syzbot reported a null-ptr-deref bug:

ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
 &lt;TASK&gt;
 d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
 lookup_open fs/namei.c:3391 [inline]
 open_last_lookups fs/namei.c:3481 [inline]
 path_openat+0x10e6/0x2df0 fs/namei.c:3688
 do_filp_open+0x264/0x4f0 fs/namei.c:3718
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_open fs/open.c:1334 [inline]
 __se_sys_open fs/open.c:1330 [inline]
 __x64_sys_open+0x221/0x270 fs/open.c:1330
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

If the MFT record of ntfs inode is not a base record, inode-&gt;i_op can be
NULL. And a null-ptr-deref may happen:

ntfs_lookup()
    dir_search_u() # inode-&gt;i_op is set to NULL
    d_splice_alias()
        __d_add()
            d_flags_for_inode() # inode-&gt;i_op-&gt;get_link null-ptr-deref

Fix this by adding a Check on inode-&gt;i_op before calling the
d_splice_alias() function.

Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng &lt;zhangpeng362@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()</title>
<updated>2023-05-11T14:11:27+00:00</updated>
<author>
<name>Zeng Heng</name>
<email>zengheng4@huawei.com</email>
</author>
<published>2022-12-12T01:31:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=114204d25e1dffdd3a0c1cfbba219afd344f4b4f'/>
<id>114204d25e1dffdd3a0c1cfbba219afd344f4b4f</id>
<content type='text'>
[ Upstream commit ab84eee4c7ab929996602eda7832854c35a6dda2 ]

Here is a BUG report from syzbot:

BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631

Call Trace:
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276

Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or malicious) fs image can cause out-of-bounds access which
could make kernel panic.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+9c2811fd56591639ff5f@syzkaller.appspotmail.com
Signed-off-by: Zeng Heng &lt;zengheng4@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit ab84eee4c7ab929996602eda7832854c35a6dda2 ]

Here is a BUG report from syzbot:

BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631

Call Trace:
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276

Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or malicious) fs image can cause out-of-bounds access which
could make kernel panic.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+9c2811fd56591639ff5f@syzkaller.appspotmail.com
Signed-off-by: Zeng Heng &lt;zengheng4@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Fix OOB read in indx_insert_into_buffer</title>
<updated>2023-05-11T14:11:27+00:00</updated>
<author>
<name>ZhangPeng</name>
<email>zhangpeng362@huawei.com</email>
</author>
<published>2022-12-07T09:46:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a7e5dba10ba1402dd6c2f961a70320770865c4a5'/>
<id>a7e5dba10ba1402dd6c2f961a70320770865c4a5</id>
<content type='text'>
[ Upstream commit b8c44949044e5f7f864525fdffe8e95135ce9ce5 ]

Syzbot reported a OOB read bug:

BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630

Call Trace:
 &lt;TASK&gt;
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
 indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
 ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
 ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
 lookup_open fs/namei.c:3413 [inline]

If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+d882d57193079e379309@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng &lt;zhangpeng362@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b8c44949044e5f7f864525fdffe8e95135ce9ce5 ]

Syzbot reported a OOB read bug:

BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630

Call Trace:
 &lt;TASK&gt;
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
 indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
 ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
 ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
 lookup_open fs/namei.c:3413 [inline]

If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+d882d57193079e379309@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng &lt;zhangpeng362@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Add check for kmemdup</title>
<updated>2023-05-11T14:11:27+00:00</updated>
<author>
<name>Jiasheng Jiang</name>
<email>jiasheng@iscas.ac.cn</email>
</author>
<published>2022-11-23T08:48:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9f36704a58adade3b0216f8a3fa5503db4517208'/>
<id>9f36704a58adade3b0216f8a3fa5503db4517208</id>
<content type='text'>
[ Upstream commit e6c3cef24cb0d045f99d5cb039b344874e3cfd74 ]

Since the kmemdup may return NULL pointer,
it should be better to add check for the return value
in order to avoid NULL pointer dereference.

Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
Signed-off-by: Jiasheng Jiang &lt;jiasheng@iscas.ac.cn&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit e6c3cef24cb0d045f99d5cb039b344874e3cfd74 ]

Since the kmemdup may return NULL pointer,
it should be better to add check for the return value
in order to avoid NULL pointer dereference.

Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
Signed-off-by: Jiasheng Jiang &lt;jiasheng@iscas.ac.cn&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Fix memory leak if ntfs_read_mft failed</title>
<updated>2023-05-11T14:11:27+00:00</updated>
<author>
<name>Chen Zhongjin</name>
<email>chenzhongjin@huawei.com</email>
</author>
<published>2022-11-22T09:24:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=93bf79f989688852deade1550fb478b0a4d8daa8'/>
<id>93bf79f989688852deade1550fb478b0a4d8daa8</id>
<content type='text'>
[ Upstream commit bfa434c60157c9793e9b12c9b68ade02aff9f803 ]

Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and
ni-&gt;ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC
and alloc ni-&gt;dir.alloc_run. However two states are not always
consistent and can make memory leak.

 1) attr_name in ATTR_ROOT does not fit the condition it will set
 is_root = true but NI_FLAG_DIR is not set.
 2) next attr_name in ATTR_ALLOC fits the condition and alloc
 ni-&gt;dir.alloc_run
 3) in cleanup function ni_clear(), when NI_FLAG_DIR is set, it frees
 ni-&gt;dir.alloc_run, otherwise it frees ni-&gt;file.run
 4) because NI_FLAG_DIR is not set in this case, ni-&gt;dir.alloc_run is
 leaked as kmemleak reported:

unreferenced object 0xffff888003bc5480 (size 64):
  backtrace:
    [&lt;000000003d42e6b0&gt;] __kmalloc_node+0x4e/0x1c0
    [&lt;00000000d8e19b8a&gt;] kvmalloc_node+0x39/0x1f0
    [&lt;00000000fc3eb5b8&gt;] run_add_entry+0x18a/0xa40 [ntfs3]
    [&lt;0000000011c9f978&gt;] run_unpack+0x75d/0x8e0 [ntfs3]
    [&lt;00000000e7cf1819&gt;] run_unpack_ex+0xbc/0x500 [ntfs3]
    [&lt;00000000bbf0a43d&gt;] ntfs_iget5+0xb25/0x2dd0 [ntfs3]
    [&lt;00000000a6e50693&gt;] ntfs_fill_super+0x218d/0x3580 [ntfs3]
    [&lt;00000000b9170608&gt;] get_tree_bdev+0x3fb/0x710
    [&lt;000000004833798a&gt;] vfs_get_tree+0x8e/0x280
    [&lt;000000006e20b8e6&gt;] path_mount+0xf3c/0x1930
    [&lt;000000007bf15a5f&gt;] do_mount+0xf3/0x110
    ...

Fix this by always setting is_root and NI_FLAG_DIR together.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Chen Zhongjin &lt;chenzhongjin@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit bfa434c60157c9793e9b12c9b68ade02aff9f803 ]

Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and
ni-&gt;ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC
and alloc ni-&gt;dir.alloc_run. However two states are not always
consistent and can make memory leak.

 1) attr_name in ATTR_ROOT does not fit the condition it will set
 is_root = true but NI_FLAG_DIR is not set.
 2) next attr_name in ATTR_ALLOC fits the condition and alloc
 ni-&gt;dir.alloc_run
 3) in cleanup function ni_clear(), when NI_FLAG_DIR is set, it frees
 ni-&gt;dir.alloc_run, otherwise it frees ni-&gt;file.run
 4) because NI_FLAG_DIR is not set in this case, ni-&gt;dir.alloc_run is
 leaked as kmemleak reported:

unreferenced object 0xffff888003bc5480 (size 64):
  backtrace:
    [&lt;000000003d42e6b0&gt;] __kmalloc_node+0x4e/0x1c0
    [&lt;00000000d8e19b8a&gt;] kvmalloc_node+0x39/0x1f0
    [&lt;00000000fc3eb5b8&gt;] run_add_entry+0x18a/0xa40 [ntfs3]
    [&lt;0000000011c9f978&gt;] run_unpack+0x75d/0x8e0 [ntfs3]
    [&lt;00000000e7cf1819&gt;] run_unpack_ex+0xbc/0x500 [ntfs3]
    [&lt;00000000bbf0a43d&gt;] ntfs_iget5+0xb25/0x2dd0 [ntfs3]
    [&lt;00000000a6e50693&gt;] ntfs_fill_super+0x218d/0x3580 [ntfs3]
    [&lt;00000000b9170608&gt;] get_tree_bdev+0x3fb/0x710
    [&lt;000000004833798a&gt;] vfs_get_tree+0x8e/0x280
    [&lt;000000006e20b8e6&gt;] path_mount+0xf3c/0x1930
    [&lt;000000007bf15a5f&gt;] do_mount+0xf3/0x110
    ...

Fix this by always setting is_root and NI_FLAG_DIR together.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Chen Zhongjin &lt;chenzhongjin@huawei.com&gt;
Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: don't hold ni_lock when calling truncate_setsize()</title>
<updated>2023-01-02T18:31:09+00:00</updated>
<author>
<name>Tetsuo Handa</name>
<email>penguin-kernel@I-love.SAKURA.ne.jp</email>
</author>
<published>2023-01-02T14:05:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0226635c304cfd5c9db9b78c259cb713819b057e'/>
<id>0226635c304cfd5c9db9b78c259cb713819b057e</id>
<content type='text'>
syzbot is reporting hung task at do_user_addr_fault() [1], for there is
a silent deadlock between PG_locked bit and ni_lock lock.

Since filemap_update_page() calls filemap_read_folio() after calling
folio_trylock() which will set PG_locked bit, ntfs_truncate() must not
call truncate_setsize() which will wait for PG_locked bit to be cleared
when holding ni_lock lock.

Link: https://lore.kernel.org/all/00000000000060d41f05f139aa44@google.com/
Link: https://syzkaller.appspot.com/bug?extid=bed15dbf10294aa4f2ae [1]
Reported-by: syzbot &lt;syzbot+bed15dbf10294aa4f2ae@syzkaller.appspotmail.com&gt;
Debugged-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Co-developed-by: Hillf Danton &lt;hdanton@sina.com&gt;
Signed-off-by: Hillf Danton &lt;hdanton@sina.com&gt;
Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
syzbot is reporting hung task at do_user_addr_fault() [1], for there is
a silent deadlock between PG_locked bit and ni_lock lock.

Since filemap_update_page() calls filemap_read_folio() after calling
folio_trylock() which will set PG_locked bit, ntfs_truncate() must not
call truncate_setsize() which will wait for PG_locked bit to be cleared
when holding ni_lock lock.

Link: https://lore.kernel.org/all/00000000000060d41f05f139aa44@google.com/
Link: https://syzkaller.appspot.com/bug?extid=bed15dbf10294aa4f2ae [1]
Reported-by: syzbot &lt;syzbot+bed15dbf10294aa4f2ae@syzkaller.appspotmail.com&gt;
Debugged-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Co-developed-by: Hillf Danton &lt;hdanton@sina.com&gt;
Signed-off-by: Hillf Danton &lt;hdanton@sina.com&gt;
Signed-off-by: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3</title>
<updated>2022-12-21T18:18:17+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2022-12-21T18:18:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6022ec6ee2c3a16b26f218d7abb538afb839bd6d'/>
<id>6022ec6ee2c3a16b26f218d7abb538afb839bd6d</id>
<content type='text'>
Pull ntfs3 updates from Konstantin Komarov:

 - added mount options 'hidedotfiles', 'nocase' and 'windows_names'

 - fixed xfstests (tested on x86_64): generic/083 generic/263
   generic/307 generic/465

 - fix some logic errors

 - code refactoring and dead code removal

* tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3: (61 commits)
  fs/ntfs3: Make if more readable
  fs/ntfs3: Improve checking of bad clusters
  fs/ntfs3: Fix wrong if in hdr_first_de
  fs/ntfs3: Use ALIGN kernel macro
  fs/ntfs3: Fix incorrect if in ntfs_set_acl_ex
  fs/ntfs3: Check fields while reading
  fs/ntfs3: Correct ntfs_check_for_free_space
  fs/ntfs3: Restore correct state after ENOSPC in attr_data_get_block
  fs/ntfs3: Changing locking in ntfs_rename
  fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate
  fs/ntfs3: atomic_open implementation
  fs/ntfs3: Fix wrong indentations
  fs/ntfs3: Change new sparse cluster processing
  fs/ntfs3: Fixing work with sparse clusters
  fs/ntfs3: Simplify ntfs_update_mftmirr function
  fs/ntfs3: Remove unused functions
  fs/ntfs3: Fix sparse problems
  fs/ntfs3: Add ntfs_bitmap_weight_le function and refactoring
  fs/ntfs3: Use _le variants of bitops functions
  fs/ntfs3: Add functions to modify LE bitmaps
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull ntfs3 updates from Konstantin Komarov:

 - added mount options 'hidedotfiles', 'nocase' and 'windows_names'

 - fixed xfstests (tested on x86_64): generic/083 generic/263
   generic/307 generic/465

 - fix some logic errors

 - code refactoring and dead code removal

* tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3: (61 commits)
  fs/ntfs3: Make if more readable
  fs/ntfs3: Improve checking of bad clusters
  fs/ntfs3: Fix wrong if in hdr_first_de
  fs/ntfs3: Use ALIGN kernel macro
  fs/ntfs3: Fix incorrect if in ntfs_set_acl_ex
  fs/ntfs3: Check fields while reading
  fs/ntfs3: Correct ntfs_check_for_free_space
  fs/ntfs3: Restore correct state after ENOSPC in attr_data_get_block
  fs/ntfs3: Changing locking in ntfs_rename
  fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate
  fs/ntfs3: atomic_open implementation
  fs/ntfs3: Fix wrong indentations
  fs/ntfs3: Change new sparse cluster processing
  fs/ntfs3: Fixing work with sparse clusters
  fs/ntfs3: Simplify ntfs_update_mftmirr function
  fs/ntfs3: Remove unused functions
  fs/ntfs3: Fix sparse problems
  fs/ntfs3: Add ntfs_bitmap_weight_le function and refactoring
  fs/ntfs3: Use _le variants of bitops functions
  fs/ntfs3: Add functions to modify LE bitmaps
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Make if more readable</title>
<updated>2022-11-14T16:50:49+00:00</updated>
<author>
<name>Konstantin Komarov</name>
<email>almaz.alexandrovich@paragon-software.com</email>
</author>
<published>2022-10-11T17:21:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=36963cf225f890f97fd84af0a82d323043edd0f1'/>
<id>36963cf225f890f97fd84af0a82d323043edd0f1</id>
<content type='text'>
This way it looks better.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This way it looks better.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/ntfs3: Improve checking of bad clusters</title>
<updated>2022-11-14T16:50:48+00:00</updated>
<author>
<name>Konstantin Komarov</name>
<email>almaz.alexandrovich@paragon-software.com</email>
</author>
<published>2022-10-11T17:19:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ec5fc72013762500867c9cef96fed89dc7161832'/>
<id>ec5fc72013762500867c9cef96fed89dc7161832</id>
<content type='text'>
Added new function wnd_set_used_safe.
Load $BadClus before $AttrDef instead of before $Bitmap.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Added new function wnd_set_used_safe.
Load $BadClus before $AttrDef instead of before $Bitmap.

Signed-off-by: Konstantin Komarov &lt;almaz.alexandrovich@paragon-software.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
