From: DaeMyung Kang <charsyam@gmail.com>
To: Namjae Jeon <linkinjeon@kernel.org>, Hyunchul Lee <hyc.lee@gmail.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
DaeMyung Kang <charsyam@gmail.com>
Subject: [PATCH 0/2] ntfs: fix index walk NULL deref and WSL symlink leak
Date: Sun, 26 Apr 2026 03:42:41 +0900 [thread overview]
Message-ID: <20260425184243.116396-1-charsyam@gmail.com> (raw)
Two independent fixes for the new fs/ntfs/ that landed in v7.1-rc1.
1/2 fixes a NULL dereference in ntfs_index_walk_down(). When
kvzalloc() for ictx->ib fails, or ntfs_ib_read() fails mid
traversal, the function previously returned a state that
ntfs_index_next() and ntfs_readdir() could not distinguish
from end-of-directory, and ntfs_ib_read() itself could write
through a NULL ictx->ib. Errors are now propagated as
ERR_PTR() through ntfs_index_next() up to ntfs_readdir().
Reproduced with failslab fault injection on getdents64; the
reproducer is described in the commit log.
2/2 fixes a target-string leak in ntfs_reparse_set_wsl_symlink()
when ntfs_set_ntfs_reparse_data() fails. Also switches the
kvfree() on the local failure path to kfree() to match the
kmalloc() done by ntfs_ucstonls().
The two patches are independent and may be applied in any order.
DaeMyung Kang (2):
ntfs: fix NULL dereference in ntfs_index_walk_down()
ntfs: fix WSL symlink target leak on reparse failure
fs/ntfs/dir.c | 13 ++++++++++---
fs/ntfs/index.c | 17 +++++++++++++----
fs/ntfs/reparse.c | 5 +++--
3 files changed, 26 insertions(+), 9 deletions(-)
--
2.43.0
next reply other threads:[~2026-04-25 18:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-25 18:42 DaeMyung Kang [this message]
2026-04-25 18:42 ` [PATCH 1/2] ntfs: fix NULL dereference in ntfs_index_walk_down() DaeMyung Kang
2026-04-26 1:01 ` Namjae Jeon
2026-04-26 3:47 ` DaeMyung Kang
2026-04-25 18:42 ` [PATCH 2/2] ntfs: fix WSL symlink target leak on reparse failure DaeMyung Kang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260425184243.116396-1-charsyam@gmail.com \
--to=charsyam@gmail.com \
--cc=hyc.lee@gmail.com \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.