]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: f3756af c1307d1)
Merge tag 'hfs-v7.1-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs
authorLinus Torvalds <torvalds@linux-foundation.org>
Mon, 13 Apr 2026 23:50:38 +0000 (16:50 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 13 Apr 2026 23:50:38 +0000 (16:50 -0700)
Pull hfsplus updates from Viacheslav Dubeyko:
 "This contains several fixes of syzbot reported issues and HFS+ fixes
  of xfstests failures.

   - Fix a syzbot reported issue of a KMSAN uninit-value in
     hfsplus_strcasecmp().

     The root cause was that hfs_brec_read() doesn't validate that the
     on-disk record size matches the expected size for the record type
     being read. The fix introduced hfsplus_brec_read_cat() wrapper that
     validates the record size based on the type field and returns -EIO
     if size doesn't match (Deepanshu Kartikey)

   - Fix a syzbot reported issue of processing corrupted HFS+ images
     where the b-tree allocation bitmap indicates that the header node
     (Node 0) is free. Node 0 must always be allocated. Violating this
     invariant leads to allocator corruption, which cascades into kernel
     panics or undefined behavior.

     Prevent trusting a corrupted allocator state by adding a validation
     check during hfs_btree_open(). If corruption is detected, print a
     warning identifying the specific corrupted tree and force the
     filesystem to mount read-only (SB_RDONLY).

     This prevents kernel panics from corrupted images while enabling
     data recovery (Shardul Bankar)

   - Fix a potential deadlock in hfsplus_fill_super().

     hfsplus_fill_super() calls hfs_find_init() to initialize a search
     structure, which acquires tree->tree_lock. If the subsequent call
     to hfsplus_cat_build_key() fails, the function jumps to the
     out_put_root error label without releasing the lock.

     Fix this by adding the missing hfs_find_exit(&fd) call before
     jumping to the out_put_root error label. This ensures that
     tree->tree_lock is properly released on the error path (Zilin Guan)

   - Update a files ctime after rename in hfsplus_rename() (Yangtao Li)

  The rest of the patches introduce the HFS+ fixes for the case of
  generic/348, generic/728, generic/533, generic/523, and generic/642
  test-cases of xfstests suite"

* tag 'hfs-v7.1-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs:
  hfsplus: fix generic/642 failure
  hfsplus: rework logic of map nodes creation in xattr b-tree
  hfsplus: fix logic of alloc/free b-tree node
  hfsplus: fix error processing issue in hfs_bmap_free()
  hfsplus: fix potential race conditions in b-tree functionality
  hfsplus: extract hidden directory search into a helper function
  hfsplus: fix held lock freed on hfsplus_fill_super()
  hfsplus: fix generic/523 test-case failure
  hfsplus: validate b-tree node 0 bitmap at mount time
  hfsplus: refactor b-tree map page access and add node-type validation
  hfsplus: fix to update ctime after rename
  hfsplus: fix generic/533 test-case failure
  hfsplus: set ctime after setxattr and removexattr
  hfsplus: fix uninit-value by validating catalog record size
  hfsplus: fix potential Allocation File corruption after fsync

1  2 
fs/hfsplus/attributes.c patch | diff1 | diff2 | blob | history
fs/hfsplus/catalog.c patch | diff1 | diff2 | blob | history
fs/hfsplus/dir.c patch | diff1 | diff2 | blob | history
fs/hfsplus/extents.c patch | diff1 | diff2 | blob | history
fs/hfsplus/inode.c patch | diff1 | diff2 | blob | history
fs/hfsplus/super.c patch | diff1 | diff2 | blob | history
fs/hfsplus/xattr.c patch | diff1 | diff2 | blob | history

diff --cc fs/hfsplus/attributes.c
index 174cd13106ad66008a120e3e70984be7cb42a65f,fa87496409c9bab970bbf6cf041288681ac4b6f5..7c2e589d45538061819302d7ad8700db15ae782b
--- 1/fs/hfsplus/attributes.c
--- 2/fs/hfsplus/attributes.c
+++ b/fs/hfsplus/attributes.c
@@@ -174,6 -183,9 +183,9 @@@ int hfsplus_attr_exists(struct inode *i
        struct super_block *sb = inode->i_sb;
        struct hfs_find_data fd;
  
 -      hfs_dbg("name %s, ino %ld\n",
++      hfs_dbg("name %s, ino %llu\n",
+               name ? name : NULL, inode->i_ino);
        if (!HFSPLUS_SB(sb)->attr_tree)
                return 0;
  
diff --cc fs/hfsplus/catalog.c
Simple merge
diff --cc fs/hfsplus/dir.c
index 054f6da46033404bbbcf299beb5d8765495c0de3,8ad73378ed64412b2016fda058cc5cf60d6a7a46..47194370c2c5e03c15cded7a29982d040821a823
--- 1/fs/hfsplus/dir.c
--- 2/fs/hfsplus/dir.c
+++ b/fs/hfsplus/dir.c
@@@ -478,6 -478,9 +478,9 @@@ static int hfsplus_symlink(struct mnt_i
        if (!inode)
                goto out;
  
 -      hfs_dbg("dir->i_ino %lu, inode->i_ino %lu\n",
++      hfs_dbg("dir->i_ino %llu, inode->i_ino %llu\n",
+               dir->i_ino, inode->i_ino);
        res = page_symlink(inode, symname, strlen(symname) + 1);
        if (res)
                goto out_err;
@@@ -526,6 -529,9 +529,9 @@@ static int hfsplus_mknod(struct mnt_idm
        if (!inode)
                goto out;
  
 -      hfs_dbg("dir->i_ino %lu, inode->i_ino %lu\n",
++      hfs_dbg("dir->i_ino %llu, inode->i_ino %llu\n",
+               dir->i_ino, inode->i_ino);
        if (S_ISBLK(mode) || S_ISCHR(mode) || S_ISFIFO(mode) || S_ISSOCK(mode))
                init_special_inode(inode, mode, rdev);
  
diff --cc fs/hfsplus/extents.c
Simple merge
diff --cc fs/hfsplus/inode.c
index 02be32dc6833dfdd767c407ec0263485d1a2c3c6,e8f359d69328dfd60adec34b778b4ba3cc73031c..d05891ec492e3a5de80b2055c75ec51193cc3f78
--- 1/fs/hfsplus/inode.c
--- 2/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@@ -709,6 -720,15 +720,15 @@@ int hfsplus_cat_write_inode(struct inod
                                         sizeof(struct hfsplus_cat_file));
        }
  
 -              pr_err("b-tree write err: %d, ino %lu\n",
+       res = hfs_btree_write(tree);
+       if (res) {
++              pr_err("b-tree write err: %d, ino %llu\n",
+                      res, inode->i_ino);
+               goto out;
+       }
+       set_bit(HFSPLUS_I_CAT_DIRTY,
+               &HFSPLUS_I(HFSPLUS_CAT_TREE_I(inode->i_sb))->flags);
        set_bit(HFSPLUS_I_CAT_DIRTY, &HFSPLUS_I(inode)->flags);
  out:
        hfs_find_exit(&fd);
diff --cc fs/hfsplus/super.c
index b3917249c206c3a25fe98b39a5eb2168b7404dc2,44635f92ada9111437c27a1db2b67e0618133386..40a0feda716bfabbb429abd568b736dd48030ddb
--- 1/fs/hfsplus/super.c
--- 2/fs/hfsplus/super.c
+++ b/fs/hfsplus/super.c
@@@ -153,10 -153,13 +153,13 @@@ static int hfsplus_system_write_inode(s
        }
        hfsplus_inode_write_fork(inode, fork);
        if (tree) {
+               mutex_lock_nested(&tree->tree_lock,
+                                 hfsplus_btree_lock_class(tree));
                int err = hfs_btree_write(tree);
+               mutex_unlock(&tree->tree_lock);
  
                if (err) {
 -                      pr_err("b-tree write err: %d, ino %lu\n",
 +                      pr_err("b-tree write err: %d, ino %llu\n",
                               err, inode->i_ino);
                        return err;
                }
diff --cc fs/hfsplus/xattr.c
Simple merge
A mirror of Linus' kernel repository