<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/ntfs, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>iomap: consolidate bio submission</title>
<updated>2026-07-01T13:26:47+00:00</updated>
<author>
<name>Christoph Hellwig</name>
<email>hch@lst.de</email>
</author>
<published>2026-06-29T12:17:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=044472d5ee7d71f918fa3f61bd65e4933a0c006e'/>
<id>044472d5ee7d71f918fa3f61bd65e4933a0c006e</id>
<content type='text'>
Add a iomap_bio_submit_read_endio helper factored out of
iomap_bio_submit_read to that all -&gt;submit_read implementations for
iomap_read_ops that use iomap_bio_read_folio_range can shared the
logic.

Right now that logic is mostly trivial, but already has a bug for XFS
because the XFS version is too trivial:  file system integrity validation
needs a workqueue context and thus can't happen from the default iomap
bi_end_io I/O handler.  Unfortunately the iomap refactoring just before
fs integrity landed moved code around here and the call go misplaced,
meaning it never got called.  The PI information still is verified by
the block layer, but the offloading is less efficient (and the future
userspace interface can't get at it).

Fixes: 0b10a370529c ("iomap: support T10 protection information")
Cc: stable@vger.kernel.org # v7.1
Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Link: https://patch.msgid.link/20260629121750.3392300-2-hch@lst.de
Acked-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Reviewed-by: "Darrick J. Wong" &lt;djwong@kernel.org&gt;
Reviewed-by: Joanne Koong &lt;joannelkoong@gmail.com&gt;
Signed-off-by: Christian Brauner (Amutable) &lt;brauner@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a iomap_bio_submit_read_endio helper factored out of
iomap_bio_submit_read to that all -&gt;submit_read implementations for
iomap_read_ops that use iomap_bio_read_folio_range can shared the
logic.

Right now that logic is mostly trivial, but already has a bug for XFS
because the XFS version is too trivial:  file system integrity validation
needs a workqueue context and thus can't happen from the default iomap
bi_end_io I/O handler.  Unfortunately the iomap refactoring just before
fs integrity landed moved code around here and the call go misplaced,
meaning it never got called.  The PI information still is verified by
the block layer, but the offloading is less efficient (and the future
userspace interface can't get at it).

Fixes: 0b10a370529c ("iomap: support T10 protection information")
Cc: stable@vger.kernel.org # v7.1
Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Link: https://patch.msgid.link/20260629121750.3392300-2-hch@lst.de
Acked-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Reviewed-by: "Darrick J. Wong" &lt;djwong@kernel.org&gt;
Reviewed-by: Joanne Koong &lt;joannelkoong@gmail.com&gt;
Signed-off-by: Christian Brauner (Amutable) &lt;brauner@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'ntfs-for-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs</title>
<updated>2026-06-19T20:23:59+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-19T20:23:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dbad5db3a0bbf843adef9732ad44b817273e0a64'/>
<id>dbad5db3a0bbf843adef9732ad44b817273e0a64</id>
<content type='text'>
Pull ntfs updates from Namjae Jeon:

 - Harden handling of malformed on-disk metadata.

   This adds stricter validation for attributes, attribute lists, index
   roots and entries, EA entries, mapping pairs, and $LogFile restart
   areas. These changes fix several out-of-bounds access, integer
   overflow, and inconsistent metadata handling issues.

 - Prevent a writeback deadlock involving extent MFT records

 - Fix resource leaks in fill_super() failure paths and the name cache

 - Serialize volume label access and improving its error handling

 - Fix mapping-pairs decoding bounds and LCN overflow checks

 - Keep resident index root metadata consistent during resize

 - Fix the reported size of symbolic links

 - Avoid an unnecessary allocation for resident inline data

 - Add support for following and creating Windows native symbolic links.

   Relative links, absolute links, and junctions are handled, with new
   mount options controlling native symlink creation and absolute target
   translation. The existing WSL symlink behavior remains the default.

 - The unsupported quota code is removed, along with several smaller
   cleanups

* tag 'ntfs-for-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs: (39 commits)
  docs/fs/ntfs: add mount options to support Windows native symbolic links
  ntfs: support creating Windows native symlinks
  ntfs: clean up target name conversion for WSL symlinks
  ntfs: add native_symlink mount option
  ntfs: support following Windows native symlink with absolute paths
  ntfs: support following Windows native symlink with relative paths
  ntfs: fix incorrect size of symbolic link
  ntfs: use direct pointer for inline data to avoid redundant allocation
  ntfs: validate resident index root values on lookup
  ntfs: update index root allocated size before shrink
  ntfs: grow index root value before reparent header update
  ntfs: reject non-resident records for resident-only attributes
  ntfs: fix u16 truncation of restart-area length check
  ntfs: bound the attribute-list entry in ntfs_read_inode_mount()
  ntfs: bound the look-ahead attribute-list entry in ntfs_external_attr_find()
  ntfs: validate resident attribute lists and harden the validator
  ntfs: validate resident volume name values on lookup
  ntfs: reinit search context before volume information lookup
  ntfs: do not replace volume name after lookup errors
  ntfs: validate attribute values on lookup
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull ntfs updates from Namjae Jeon:

 - Harden handling of malformed on-disk metadata.

   This adds stricter validation for attributes, attribute lists, index
   roots and entries, EA entries, mapping pairs, and $LogFile restart
   areas. These changes fix several out-of-bounds access, integer
   overflow, and inconsistent metadata handling issues.

 - Prevent a writeback deadlock involving extent MFT records

 - Fix resource leaks in fill_super() failure paths and the name cache

 - Serialize volume label access and improving its error handling

 - Fix mapping-pairs decoding bounds and LCN overflow checks

 - Keep resident index root metadata consistent during resize

 - Fix the reported size of symbolic links

 - Avoid an unnecessary allocation for resident inline data

 - Add support for following and creating Windows native symbolic links.

   Relative links, absolute links, and junctions are handled, with new
   mount options controlling native symlink creation and absolute target
   translation. The existing WSL symlink behavior remains the default.

 - The unsupported quota code is removed, along with several smaller
   cleanups

* tag 'ntfs-for-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs: (39 commits)
  docs/fs/ntfs: add mount options to support Windows native symbolic links
  ntfs: support creating Windows native symlinks
  ntfs: clean up target name conversion for WSL symlinks
  ntfs: add native_symlink mount option
  ntfs: support following Windows native symlink with absolute paths
  ntfs: support following Windows native symlink with relative paths
  ntfs: fix incorrect size of symbolic link
  ntfs: use direct pointer for inline data to avoid redundant allocation
  ntfs: validate resident index root values on lookup
  ntfs: update index root allocated size before shrink
  ntfs: grow index root value before reparent header update
  ntfs: reject non-resident records for resident-only attributes
  ntfs: fix u16 truncation of restart-area length check
  ntfs: bound the attribute-list entry in ntfs_read_inode_mount()
  ntfs: bound the look-ahead attribute-list entry in ntfs_external_attr_find()
  ntfs: validate resident attribute lists and harden the validator
  ntfs: validate resident volume name values on lookup
  ntfs: reinit search context before volume information lookup
  ntfs: do not replace volume name after lookup errors
  ntfs: validate attribute values on lookup
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: support creating Windows native symlinks</title>
<updated>2026-06-15T10:39:43+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d8f1df2e133f203cae3f458cba44efa327b093d9'/>
<id>d8f1df2e133f203cae3f458cba44efa327b093d9</id>
<content type='text'>
And introduce the symlink=&lt;value&gt; mount option to configure how symbolic
links are created. The option accepts "wsl" or "native", with "wsl"
being the default.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
And introduce the symlink=&lt;value&gt; mount option to configure how symbolic
links are created. The option accepts "wsl" or "native", with "wsl"
being the default.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: clean up target name conversion for WSL symlinks</title>
<updated>2026-06-15T10:39:41+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7266767f67e0fbf343b4ce67cb437fe4024fc55f'/>
<id>7266767f67e0fbf343b4ce67cb437fe4024fc55f</id>
<content type='text'>
WSL symlink target names are stored as narrow NLS/UTF-8 strings on
disk. Converting the target name to Unicode in ntfs_symlink and
converting it back to NLS in ntfs_reparse_set_wsl_symlink is
redundant.

Remove this conversion and pass the symname directly to the reparse
data setter.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
WSL symlink target names are stored as narrow NLS/UTF-8 strings on
disk. Converting the target name to Unicode in ntfs_symlink and
converting it back to NLS in ntfs_reparse_set_wsl_symlink is
redundant.

Remove this conversion and pass the symname directly to the reparse
data setter.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: add native_symlink mount option</title>
<updated>2026-06-15T10:39:39+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=115446b06fb725ba04e0f2ae5174029d2c60cad6'/>
<id>115446b06fb725ba04e0f2ae5174029d2c60cad6</id>
<content type='text'>
Because bind-mounted subtrees of the volume may resolve to unexpected
locations, change converting junctions and non-relative symbolic links
into paths relative to the NTFS volume to be allowed only if the
native_symlink=rel mount option is specified.

Add the native_symlink=&lt;value&gt; mount option to configure how absolute
symbolic links and mount points (junctions) are handled.
The option accepts "raw" or "rel", with "raw" being the default.

Under "raw", the absolute target path (ni-&gt;target) is returned as-is
without translation. Under "rel", ntfs_translate_junction() is called
to rewrite the absolute path as a relative path anchored at the volume
root.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Because bind-mounted subtrees of the volume may resolve to unexpected
locations, change converting junctions and non-relative symbolic links
into paths relative to the NTFS volume to be allowed only if the
native_symlink=rel mount option is specified.

Add the native_symlink=&lt;value&gt; mount option to configure how absolute
symbolic links and mount points (junctions) are handled.
The option accepts "raw" or "rel", with "raw" being the default.

Under "raw", the absolute target path (ni-&gt;target) is returned as-is
without translation. Under "rel", ntfs_translate_junction() is called
to rewrite the absolute path as a relative path anchored at the volume
root.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: support following Windows native symlink with absolute paths</title>
<updated>2026-06-15T10:39:37+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2b58f93a131373117cfea02843f69a02b67a6664'/>
<id>2b58f93a131373117cfea02843f69a02b67a6664</id>
<content type='text'>
Extend reparse-point handling beyond relative symlinks so NTFS can
expose the Windows absolute forms used by non-relative symbolic links
and junctions.
* Store the reparse tag and symlink flags in the inode.
* Validate junction payloads, and parse targets from substitute_name.
* Add function to rewrite supported Windows absolute path into Linux
  path relative to the mounted NTFS volume.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Extend reparse-point handling beyond relative symlinks so NTFS can
expose the Windows absolute forms used by non-relative symbolic links
and junctions.
* Store the reparse tag and symlink flags in the inode.
* Validate junction payloads, and parse targets from substitute_name.
* Add function to rewrite supported Windows absolute path into Linux
  path relative to the mounted NTFS volume.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: support following Windows native symlink with relative paths</title>
<updated>2026-06-15T10:39:34+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=517cd625ad79b8bfa429092ad1536ee2dd477e68'/>
<id>517cd625ad79b8bfa429092ad1536ee2dd477e68</id>
<content type='text'>
Make ntfs_make_symlink() parse native Windows symbolic link reparse
payloads when the SYMLINK_FLAG_RELATIVE bit is set.
Implement the following changes:
 * Add a dedicated on-disk layout definition for symbolic link reparse
   data.
 * validate the UTF-16 name ranges before decoding them.
 * convert the substitute name into the mount's NLS and normalize path
   separators.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make ntfs_make_symlink() parse native Windows symbolic link reparse
payloads when the SYMLINK_FLAG_RELATIVE bit is set.
Implement the following changes:
 * Add a dedicated on-disk layout definition for symbolic link reparse
   data.
 * validate the UTF-16 name ranges before decoding them.
 * convert the substitute name into the mount's NLS and normalize path
   separators.

Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: fix incorrect size of symbolic link</title>
<updated>2026-06-15T10:39:31+00:00</updated>
<author>
<name>Hyunchul Lee</name>
<email>hyc.lee@gmail.com</email>
</author>
<published>2026-06-14T23:49:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=05a5ff86a7f12c861e3516d3dc4d092ce620742d'/>
<id>05a5ff86a7f12c861e3516d3dc4d092ce620742d</id>
<content type='text'>
This patch fixes the issue where a symbolic link size is displayed as 0.

Cc: stable@vger.kernel.org # v7.1
Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch fixes the issue where a symbolic link size is displayed as 0.

Cc: stable@vger.kernel.org # v7.1
Signed-off-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: use direct pointer for inline data to avoid redundant allocation</title>
<updated>2026-06-09T12:51:02+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-06-09T12:16:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5aec1efb11ab2a87d1e4be063830268f7980ec4a'/>
<id>5aec1efb11ab2a87d1e4be063830268f7980ec4a</id>
<content type='text'>
Previously, NTFS used page allocation for IOMAP_INLINE to ensure that
the inline_data pointer was page-aligned, avoiding strict boundary checks
in the iomap core. Since the previous patch has removed the over-strict
PAGE_SIZE boundary check in iomap, NTFS can now safely point
iomap::inline_data directly to the MFT record.
This change eliminates redundant memory allocations and memcpy operations
in both read and write paths. It also simplifies the iomap_ops by removing
the need for a iomap_end callback that was previously used to free
the temporary page.

Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Previously, NTFS used page allocation for IOMAP_INLINE to ensure that
the inline_data pointer was page-aligned, avoiding strict boundary checks
in the iomap core. Since the previous patch has removed the over-strict
PAGE_SIZE boundary check in iomap, NTFS can now safely point
iomap::inline_data directly to the MFT record.
This change eliminates redundant memory allocations and memcpy operations
in both read and write paths. It also simplifies the iomap_ops by removing
the need for a iomap_end callback that was previously used to free
the temporary page.

Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntfs: validate resident index root values on lookup</title>
<updated>2026-06-09T12:51:01+00:00</updated>
<author>
<name>DaeMyung Kang</name>
<email>charsyam@gmail.com</email>
</author>
<published>2026-06-08T15:49:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fcf5bf0e8570798970e3ae8c95d04765ba2c5b97'/>
<id>fcf5bf0e8570798970e3ae8c95d04765ba2c5b97</id>
<content type='text'>
Resident $INDEX_ROOT values carry index header fields that callers
consume after lookup. Some callers already validate parts of the layout
before walking entries, but those checks are scattered and do not cover
all root header invariants, such as entries_offset alignment and lower
bound, index_length, and allocated_size consistency.

The resident root resize paths now keep these header fields consistent
while the value size changes: ntfs_ir_truncate() lowers
index.allocated_size before shrinking the resident value, and
ntfs_ir_reparent() grows the resident value before publishing a larger
root header. Lookup-time validation can therefore cover these invariants
without tripping over the driver's own resize paths.

Add $INDEX_ROOT to the minimum resident value size table and validate the
resident index header fields before returning the attribute from lookup.
Require 8-byte aligned index header fields, a sane entries_offset, an
index_length within allocated_size, allocated_size within the resident
value, and enough entry space for at least an index entry header.

The shared validator already rejects non-resident records for
resident-only attribute types, including $INDEX_ROOT.

Cc: stable@vger.kernel.org # v7.1
Signed-off-by: DaeMyung Kang &lt;charsyam@gmail.com&gt;
Reviewed-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Resident $INDEX_ROOT values carry index header fields that callers
consume after lookup. Some callers already validate parts of the layout
before walking entries, but those checks are scattered and do not cover
all root header invariants, such as entries_offset alignment and lower
bound, index_length, and allocated_size consistency.

The resident root resize paths now keep these header fields consistent
while the value size changes: ntfs_ir_truncate() lowers
index.allocated_size before shrinking the resident value, and
ntfs_ir_reparent() grows the resident value before publishing a larger
root header. Lookup-time validation can therefore cover these invariants
without tripping over the driver's own resize paths.

Add $INDEX_ROOT to the minimum resident value size table and validate the
resident index header fields before returning the attribute from lookup.
Require 8-byte aligned index header fields, a sane entries_offset, an
index_length within allocated_size, allocated_size within the resident
value, and enough entry space for at least an index entry header.

The shared validator already rejects non-resident records for
resident-only attribute types, including $INDEX_ROOT.

Cc: stable@vger.kernel.org # v7.1
Signed-off-by: DaeMyung Kang &lt;charsyam@gmail.com&gt;
Reviewed-by: Hyunchul Lee &lt;hyc.lee@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
