Re: [PATCH v6 3/4] ntfs: update index root allocated size before shrink

[Hyunchul Lee]

2026년 6월 9일 (화) 오전 12:49, DaeMyung Kang <charsyam@xxxxxxxxx>님이 작성:
>
> ntfs_ir_truncate() currently shrinks the resident $INDEX_ROOT value first
> and only updates index.allocated_size after re-looking up the attribute.
> During that relookup, the resident value_length can already be smaller
> while index.allocated_size still contains the old larger size.
>
> That leaves a transiently inconsistent $INDEX_ROOT layout and prevents
> lookup-time $INDEX_ROOT validation from being enabled: validation can
> correctly reject allocated_size extending past the newly shrunk resident
> value.
>
> When shrinking, lower index.allocated_size before shrinking value_length.
> If the truncate fails, restore the old allocated_size. Keep the existing
> grow ordering because the old allocated_size remains within the enlarged
> resident value until it is updated after the relookup. The shrink path is
> safe because the new value_length still covers struct index_root, so the
> index.allocated_size field remains present while it is updated first.
>
> Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>

Looks good to me.

Reviewed-by: Hyunchul Lee <hyc.lee@xxxxxxxxx>

> ---
>  fs/ntfs/index.c | 18 +++++++++++++++---
>  1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ntfs/index.c b/fs/ntfs/index.c
> index 052d80fddbbc..c5f2cf75b750 100644
> --- a/fs/ntfs/index.c
> +++ b/fs/ntfs/index.c
> @@ -1365,9 +1365,16 @@ static int ntfs_ir_reparent(struct ntfs_index_context *icx)
>  static int ntfs_ir_truncate(struct ntfs_index_context *icx, int data_size)
>  {
>         int ret;
> +       u32 old_allocated_size;
> +       bool shrink;
>
>         ntfs_debug("Entering\n");
>
> +       old_allocated_size = le32_to_cpu(icx->ir->index.allocated_size);
> +       shrink = data_size < old_allocated_size;
> +       if (shrink)
> +               icx->ir->index.allocated_size = cpu_to_le32(data_size);
> +
>         /*
>          *  INDEX_ROOT must be resident and its entries can be moved to
>          *  struct index_block, so ENOSPC isn't a real error.
> @@ -1379,9 +1386,14 @@ static int ntfs_ir_truncate(struct ntfs_index_context *icx, int data_size)
>                 if (!icx->ir)
>                         return -ENOENT;
>
> -               icx->ir->index.allocated_size = cpu_to_le32(data_size);
> -       } else if (ret != -ENOSPC)
> -               ntfs_error(icx->idx_ni->vol->sb, "Failed to truncate INDEX_ROOT");
> +               if (!shrink)
> +                       icx->ir->index.allocated_size = cpu_to_le32(data_size);
> +       } else {
> +               if (shrink)
> +                       icx->ir->index.allocated_size = cpu_to_le32(old_allocated_size);
> +               if (ret != -ENOSPC)
> +                       ntfs_error(icx->idx_ni->vol->sb, "Failed to truncate INDEX_ROOT");
> +       }
>
>         return ret;
>  }
> --
> 2.43.0
>


-- 
Thanks,
Hyunchul