From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Mon, 29 Sep 2025 22:03:07 +0000 (-0700)
Subject: Merge tag 'hfs-v6.18-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3e1c7855e8e1c4d77685ce4a8cd9cdd576058eb;p=thirdparty%2Fkernel%2Fstable.git

Merge tag 'hfs-v6.18-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs

Pull hfs updates from Viacheslav Dubeyko:
 "This contains several fixes of syzbot reported issues, HFS/HFS+ fixes
  of xfstests failures, and rework of HFS/HFS+ debug output subsystem.

   - Kang Chen fixed a slab-out-of-bounds issue in hfsplus_uni2asc()
     when hfsplus_uni2asc() is called from hfsplus_listxattr().

   - Yang Chenzhi fixed a crash in hfsplus_bmap_alloc() if record offset
     or length is larger than node_size.

   - Yangtao Li corrected the error code from hfsplus_fill_super() if
     Catalog File contains corrupted record for the case of hidden
     directory's type.

   - KMSAN uninit-value fixes: hfs_find_set_zero_bits() and
     __hfsplus_ext_cache_extent() use kzalloc() instead of kmalloc(),
     and in hfsplus_delete_cat() by proper initialization of struct
     hfsplus_inode_info in the hfsplus_iget() logic.

   - A slab-out-of-bounds issue could happen in hfsplus_strcasecmp() if
     the length field of struct hfsplus_unistr is bigger than
     HFSPLUS_MAX_STRLEN. Fixed by checking the length of comparing
     strings, and if the strings' length is bigger than
     HFSPLUS_MAX_STRLEN, then the length is corrected to this value.

   - The generic/736 xfstest failed for HFS because the HFS volume
     becomes corrupted after the test run.

     The main reason was the absence of logic that corrects
     mdb->drNxtCNID/HFS_SB(sb)->next_id (next unused CNID) after
     deleting a record in Catalog File. That was fixed by implementing
     the necessary logic in hfs_correct_next_unused_CNID()"

* tag 'hfs-v6.18-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs:
  hfs/hfsplus: rework debug output subsystem
  hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
  hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
  hfs: clear offset and space out of valid records in b-tree node
  hfs: add logic of correcting a next unused CNID
  hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
  hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
  hfs: make proper initalization of struct hfs_find_data
  hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
  hfs: validate record offset in hfsplus_bmap_alloc
  hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super()
  MAINTAINERS: update location of hfs&hfsplus trees
---

b3e1c7855e8e1c4d77685ce4a8cd9cdd576058eb