Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=0x221E-v0.0.1-v6.19 2026-02-26T23:01:28Z 2026-02-26T23:01:28Z Szymon Wilczek swilczek.lx@gmail.com 2025-12-22T15:10:10Z urn:sha1:cfe246b318106e1691bd6c9466c739e8559d25c2 [ Upstream commit e37a75bb866c29da954b51d0dd7670406246d9ee ] Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is caused by a lock inversion deadlock involving the inode mutex (ni_lock) and page locks. Scenario: 1. Task A enters ntfs_read_folio() for page X. It acquires ni_lock. 2. Task A calls ni_read_folio_cmpr(), which attempts to lock all pages in the compressed frame (including page Y). 3. Concurrently, Task B (e.g., via readahead) has locked page Y and calls ntfs_read_folio(). 4. Task B waits for ni_lock (held by A). 5. Task A waits for page Y lock (held by B). -> DEADLOCK. The fix is to restructure locking: do not take ni_lock in ntfs_read_folio(). Instead, acquire ni_lock inside ni_read_folio_cmpr() ONLY AFTER all required page locks for the frame have been successfully acquired. This restores the correct lock ordering (Page Lock -> ni_lock) consistent with VFS. Reported-by: syzbot+5af33dd272b913b65880@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5af33dd272b913b65880 Fixes: f35590ee26f5 ("fs/ntfs3: remove ntfs_bio_pages and use page cache for compressed I/O") Signed-off-by: Szymon Wilczek <swilczek.lx@gmail.com> [almaz.alexandrovich@paragon-software.com: ni_readpage_cmpr was renamed to ni_read_folio_cmpr] Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-02-26T23:01:28Z Konstantin Komarov almaz.alexandrovich@paragon-software.com 2025-12-08T19:57:46Z urn:sha1:bce124ddbcdc157bbbe8df2efdc64531dc80a8df [ Upstream commit 4248f563f0b76f3fb74b2a28ee068bf66fcbbedf ] The old "readpage" naming is still used in ni_readpage_cmpr(), even though the vfs has transitioned to the folio-based read_folio() API. This patch performs a straightforward renaming of the helper: ni_readpage_cmpr() -> ni_read_folio_cmpr(). Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Stable-dep-of: e37a75bb866c ("fs/ntfs3: fix deadlock in ni_read_folio_cmpr") Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-11-18T12:56:27Z Edward Adam Davis eadavis@qq.com 2025-11-11T11:05:42Z urn:sha1:ccc4e86d1c24260c18ae94541198c3711c140da6 If a rb node with the same ino already exists in the rb tree, the newly alloced mft_inode in ni_add_subrecord() will not have its memory cleaned up, which leads to the memory leak issue reported by syzbot. The best option to avoid this issue is to put the newly alloced mft node when a rb node with the same ino already exists in the rb tree and return the rb node found in the rb tree to the parent layer. syzbot reported: BUG: memory leak unreferenced object 0xffff888110bef280 (size 128): backtrace (crc 126a088f): ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317 ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715 BUG: memory leak unreferenced object 0xffff888109093400 (size 1024): backtrace (crc 7197c55e): mi_init+0x2b/0x50 fs/ntfs3/record.c:105 mi_format_new+0x40/0x220 fs/ntfs3/record.c:422 Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation") Reported-by: syzbot+3932ccb896e06f7414c9@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-11-18T12:56:12Z Edward Adam Davis eadavis@qq.com 2025-11-11T11:13:56Z urn:sha1:4d78d1173a653acdaf7500a32b8dc530ca4ad075 After ntfs_look_free_mft() executes successfully, all subsequent code that fails to execute must put mi. Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation") Signed-off-by: Edward Adam Davis <eadavis@qq.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-11-10T13:30:16Z Konstantin Komarov almaz.alexandrovich@paragon-software.com 2025-10-14T17:36:17Z urn:sha1:f35590ee26f5722bfe12cdff14396c4c057a8f74 Replace the use of ntfs_bio_pages with the disk page cache for reading and writing compressed files. This slightly improves performance when reading compressed data and simplifies the I/O logic. When an XPRESS or LZX compressed file is opened for writing, it is now decompressed into a normal file before modification. A new argument (`int copy`) is added to ni_read_frame() to handle writing of decompressed and mapped data. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-11-10T13:30:15Z Nirbhay Sharma nirbhay.lkd@gmail.com 2025-10-06T22:38:04Z urn:sha1:5f33da04e6ceee849e76e6592cc283c72fef7af9 The call to kmalloc() to allocate the attribute list buffer is given a size of al_aligned(rs). This size can be larger than the data subsequently copied into the buffer, leaving trailing bytes uninitialized. This can trigger a KMSAN "uninit-value" warning if that memory is later accessed. Fix this by using kzalloc() instead, which ensures the entire allocated buffer is zero-initialized, preventing the warning. Reported-by: syzbot+83c9dd5c0dcf6184fdbf@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=83c9dd5c0dcf6184fdbf Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-10-17T14:45:36Z Matthew Wilcox (Oracle) willy@infradead.org 2025-07-18T19:53:58Z urn:sha1:68f6bd128e75a032432eda9d16676ed2969a1096 When reading a compressed file, we may read several pages in addition to the one requested. The current code will overwrite pages in the page cache with the data from disc which can definitely result in changes that have been made being lost. For example if we have four consecutie pages ABCD in the file compressed into a single extent, on first access, we'll bring in ABCD. Then we write to page B. Memory pressure results in the eviction of ACD. When we attempt to write to page C, we will overwrite the data in page B with the data currently on disk. I haven't investigated the decompression code to check whether it's OK to overwrite a clean page or whether it might be possible to see corrupt data. Out of an abundance of caution, decline to overwrite uptodate pages, not just dirty pages. Fixes: 4342306f0f0d (fs/ntfs3: Add file operations and implementation) Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: stable@vger.kernel.org Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-10-17T14:45:35Z Matthew Wilcox (Oracle) willy@infradead.org 2025-07-18T19:53:57Z urn:sha1:953b79a7a124c3dae86544cea581a5bc7655aa13 These pages are accessed through vmap; they are not accessed by calling page_address(), so they do not need to be kmapped. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-10-17T14:45:34Z Matthew Wilcox (Oracle) willy@infradead.org 2025-07-18T19:53:56Z urn:sha1:14656154d26cf244d063477a03606775eec19780 These pages are accessed through DMA and vmap; they are not accessed by calling page_address(), so they do not need to be kmapped. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2025-10-17T10:08:42Z Konstantin Komarov almaz.alexandrovich@paragon-software.com 2025-09-01T09:00:43Z urn:sha1:a846cd0d0a05364c6fa5c4988e75d3b639d6dae5 Reformatted the driver code according to the current .clang-format rules and updated description of used terminology. No functional changes intended. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>