From: Linus Torvalds Date: Tue, 19 May 2026 16:47:23 +0000 (-0700) Subject: Merge tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinj... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c0b282d502b1fc5a67740ea1d88b90c042d5727;p=thirdparty%2Fkernel%2Flinux.git Merge tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs Pull ntfs fixes from Namjae Jeon: - Check the index depth limit via ntfs_icx_parent_inc(), avoiding context corruption from excessively deep child chains - Switch security descriptor allocation to kzalloc() to avoid leaking uninitialized memory - Prevent an inconsistent state where vol->volume_label becomes NULL on allocation failure - Validate MFT records by verifying that attrs_offset sits within bytes_in_use - Fix an off-by-one boundary comparison, correctly catching the out-of-range MFT record number - Validate the attribute name offset and length bounds prior to AT_UNUSED enumeration - Check for a valid left neighbor before runlist merges to prevent an 8byte out-of-bounds write on crafted volumes - Add the missing record comparison against $MFTMirr during mount - Fix wrong inode lookup when writing extent MFT records - Redirty folio on memory allocation failure in ntfs_write_mft_block() - Capture and propagate $MFTMirr sync errors during writeback - Ensure MFT mirror and synchronous writes wait for I/O completion - Fix buffer overflow/heap over-read in ntfs_bdev_write() when cluster size is smaller than PAGE_SIZE - Fix use-after-free in ntfs_inode_sync_filename() when parent index inode is evicted while still holding its mrec_lock - Update resident attribute length validation to match $AttrDef - Fix refcount underflow and UAF of the global upcase table - Fix two smatch warnings * tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs: ntfs: restore $MFT mirror contents check ntfs: fix empty_buf and ra lifetime bugs in ntfs_empty_logfile() ntfs: validate attribute name bounds before returning it ntfs: fix MFT bitmap scan 2^32 boundary check ntfs: validate MFT attrs_offset against bytes_in_use ntfs: fix missing kstrdup() error check in ntfs_write_volume_label() ntfs: avoid leaking uninitialised bytes in new security descriptors ntfs: fix out-of-bounds write in ntfs_index_walk_down() ntfs: fix out-of-bounds write in ntfs_rl_collapse_range() merge path ntfs: fix variable dereferenced before check ni in ntfs_attr_open() ntfs: fix default_upcase refcount underflow and UAF on fs_context teardown ntfs: match ntfs_resident_attr_min_value_length with $AttrDef ntfs: avoid use-after-free of index inode in ntfs_inode_sync_filename() ntfs: fix copy length in ntfs_bdev_write() for non-page-aligned start ntfs: wait for sync mft writes to complete ntfs: capture mft mirror sync errors in ntfs_write_mft_block() ntfs: redirty folio when ntfs_write_mft_block() runs out of memory ntfs: use base mft_no when looking up base inode for extent record ntfs: fix variable dereferenced before check ni and attr in ntfs_attrlist_entry_add() --- 0c0b282d502b1fc5a67740ea1d88b90c042d5727