[PATCH AUTOSEL 5.4 8/9] hfs: fix not erasing deleted b-tree node issue

[Sasha Levin <sashal@kernel.org>]

From: Viacheslav Dubeyko <slava@dubeyko.com>

[ Upstream commit d3ed6d6981f4756f145766753c872482bc3b28d3 ]

The generic/001 test of xfstests suite fails and corrupts
the HFS volume:

sudo ./check generic/001
FSTYP         -- hfs
PLATFORM      -- Linux/x86_64 hfsplus-testing-0001 6.15.0-rc2+ #3 SMP PREEMPT_DYNAMIC Fri Apr 25 17:13:00 PDT 2>
MKFS_OPTIONS  -- /dev/loop51
MOUNT_OPTIONS -- /dev/loop51 /mnt/scratch

generic/001 32s ... _check_generic_filesystem: filesystem on /dev/loop50 is inconsistent
(see /home/slavad/XFSTESTS-2/xfstests-dev/results//generic/001.full for details)

Ran: generic/001
Failures: generic/001
Failed 1 of 1 tests

fsck.hfs -d -n ./test-image.bin
** ./test-image.bin (NO WRITE)
	Using cacheBlockSize=32K cacheTotalBlock=1024 cacheSize=32768K.
   Executing fsck_hfs (version 540.1-Linux).
** Checking HFS volume.
   The volume name is untitled
** Checking extents overflow file.
** Checking catalog file.
   Unused node is not erased (node = 2)
   Unused node is not erased (node = 4)
<skipped>
   Unused node is not erased (node = 253)
   Unused node is not erased (node = 254)
   Unused node is not erased (node = 255)
   Unused node is not erased (node = 256)
** Checking catalog hierarchy.
** Checking volume bitmap.
** Checking volume information.
   Verify Status: VIStat = 0x0000, ABTStat = 0x0000 EBTStat = 0x0000
                  CBTStat = 0x0004 CatStat = 0x00000000
** The volume untitled was found corrupt and needs to be repaired.
	volume type is HFS
	primary MDB is at block 2 0x02
	alternate MDB is at block 20971518 0x13ffffe
	primary VHB is at block 0 0x00
	alternate VHB is at block 0 0x00
	sector size = 512 0x200
	VolumeObject flags = 0x19
	total sectors for volume = 20971520 0x1400000
	total sectors for embedded volume = 0 0x00

This patch adds logic of clearing the deleted b-tree node.

sudo ./check generic/001
FSTYP         -- hfs
PLATFORM      -- Linux/x86_64 hfsplus-testing-0001 6.15.0-rc2+ #3 SMP PREEMPT_DYNAMIC Fri Apr 25 17:13:00 PDT 2025
MKFS_OPTIONS  -- /dev/loop51
MOUNT_OPTIONS -- /dev/loop51 /mnt/scratch

generic/001 9s ...  32s
Ran: generic/001
Passed all 1 tests

fsck.hfs -d -n ./test-image.bin
** ./test-image.bin (NO WRITE)
	Using cacheBlockSize=32K cacheTotalBlock=1024 cacheSize=32768K.
   Executing fsck_hfs (version 540.1-Linux).
** Checking HFS volume.
   The volume name is untitled
** Checking extents overflow file.
** Checking catalog file.
** Checking catalog hierarchy.
** Checking volume bitmap.
** Checking volume information.
** The volume untitled appears to be OK.

Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Link: https://lore.kernel.org/r/20250430001211.1912533-1-slava@dubeyko.com
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

Based on my analysis of the commit and the surrounding code, I can now
provide a determination on whether this should be backported to stable
kernel trees.

**Backport Status: YES**

This commit should be backported to stable kernel trees for the
following reasons:

1. **Fixes a real bug that causes filesystem corruption**: The commit
   fixes a bug where deleted b-tree nodes in HFS filesystems are not
   properly erased, leading to filesystem corruption that is detected by
   fsck.hfs. The commit message shows clear evidence of filesystem
   corruption with "Unused node is not erased" errors across multiple
   nodes (2, 4, 253-256).

2. **Small and contained fix**: The patch is only 1 line of code
   addition (`hfs_bnode_clear(node, 0, tree->node_size);`), well within
   the 100-line stable tree limit. The fix is localized to the HFS
   b-tree node management code and doesn't affect other subsystems.

3. **Obviously correct**: The fix adds a missing step that already
   exists in the HFS+ implementation. Looking at
   fs/hfsplus/bnode.c:728-729, the HFS+ code already calls
   `hfs_bnode_clear()` when deleting b-tree nodes (conditionally based
   on a volume attribute). The HFS code was missing this critical step
   entirely.

4. **Tested with concrete results**: The commit message includes before
   and after test results using xfstests generic/001, showing that the
   filesystem corruption is resolved after applying the patch. The
   "after" test shows "The volume untitled appears to be OK" from
   fsck.hfs.

5. **Data corruption prevention**: Without this fix, HFS filesystems can
   become corrupted during normal operations that involve b-tree node
   deletion, potentially leading to data loss. This is a serious issue
   that affects filesystem integrity.

6. **No architectural changes**: The commit doesn't introduce any new
   features or architectural changes - it simply adds a missing cleanup
   step that should have been there all along.

7. **Low regression risk**: The `hfs_bnode_clear()` function being
   called already exists and is used elsewhere in the HFS code. The fix
   follows the established pattern from HFS+ and uses existing, tested
   infrastructure.

The commit meets all the stable kernel rules criteria: it fixes a real
bug that causes filesystem corruption, is small and contained, is
obviously correct (matches HFS+ implementation), and has been tested to
resolve the issue.

 fs/hfs/bnode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/hfs/bnode.c b/fs/hfs/bnode.c
index 2039cb6d5f66..219e3b8fd6a8 100644
--- a/fs/hfs/bnode.c
+++ b/fs/hfs/bnode.c
@@ -586,6 +586,7 @@ void hfs_bnode_put(struct hfs_bnode *node)
 		if (test_bit(HFS_BNODE_DELETED, &node->flags)) {
 			hfs_bnode_unhash(node);
 			spin_unlock(&tree->hash_lock);
+			hfs_bnode_clear(node, 0, tree->node_size);
 			hfs_bmap_free(node);
 			hfs_bnode_free(node);
 			return;
-- 
2.39.5