From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 16 Jun 2026 06:57:23 +0000 (+0530)
Subject: Merge tag 'hfs-v7.2-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d29fd593e6836c96c6fd6df2b0cc6a47dda21b74;p=thirdparty%2Flinux.git

Merge tag 'hfs-v7.2-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs

Pull hfs/hfsplus updates from Viacheslav Dubeyko:
 "Several fixes in HFS/HFS+ of syzbot reported issues and HFS//HFS+
  fixes of xfstests failures.

   - fix a null-ptr-deref issue reported by syzbot (Edward Adam Davis)

     If the attributes file is not loaded during system mount
     hfsplus_create_attributes_file can dereference a NULL pointer.

     Also, add a b-tree node size check in hfs_btree_open() with the
     goal to prevent an uninit-value bug reported by syzbot for the case
     of corrupted HFS+ image.

   - fix __hfs_bnode_create() by using kzalloc_flex() instead of
     kzalloc() (Rosen Penev)

   - fix early return in hfs_bnode_read() (Tristan Madani)

     hfs_bnode_read() can return early without writing to the output
     buffer when is_bnode_offset_valid() fails or when
     check_and_correct_requested_ length() corrects the length to zero.
     Callers such as hfs_bnode_read_ u16() and hfs_bnode_read_u8() pass
     stack-allocated buffers and use the result unconditionally, leading
     to KMSAN uninit-value reports.

  The rest fix (1) generic/637, generic/729 issue for the case of HFS+
  file system, (2) generic/003, generic/637 for the case of HFS file
  system"

* tag 'hfs-v7.2-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs:
  hfs: rework hfsplus_readdir() logic
  hfs: disable the updating of file access times (atime)
  hfs: fix incorrect inode ID assignment in hfs_new_inode()
  hfsplus: rework hfsplus_readdir() logic
  hfs/hfsplus: zero-initialize buffer in hfs_bnode_read
  hfs/hfsplus: fix u32 overflow in check_and_correct_requested_length
  hfsplus: Add a sanity check for btree node size
  hfsplus: fix issue of direct writes beyond end-of-file
  hfs/hfxplus: use kzalloc_flex()
  hfsplus: Remove the duplicate attr inode dirty marking action
---

d29fd593e6836c96c6fd6df2b0cc6a47dda21b74