From eaa4878a26e1dc5a5aa6afa1d29c5462bc0d61c6 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@google.com>
Date: Wed, 27 Jul 2022 13:58:52 +0200
Subject: [PATCH] Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"

This reverts commit dd887f83ea54aea5b780a84527e23ab95f777fed which is
commit 0be698ecbe4471fcad80e81ec6a05001421041b3 upstream as it breaks
the build in Android kernel builds due to out-of-tree changes that were
never merged upstream.

Bug: 236690716
Fixes: 0e8e989142a0 ("Merge 5.10.121 into android12-5.10-lts")
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I511f362fecb21bdc53fb3a93bb9772be96e7f985
---
 fs/ext4/namei.c | 30 +++---------------------------
 1 file changed, 3 insertions(+), 27 deletions(-)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 9a5ba0daaea2..b745665955f8 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3626,9 +3626,6 @@ static struct buffer_head *ext4_get_first_dir_block(handle_t *handle,
 	struct buffer_head *bh;
 
 	if (!ext4_has_inline_data(inode)) {
-		struct ext4_dir_entry_2 *de;
-		unsigned int offset;
-
 		/* The first directory block must not be a hole, so
 		 * treat it as DIRENT_HTREE
 		 */
@@ -3637,30 +3634,9 @@ static struct buffer_head *ext4_get_first_dir_block(handle_t *handle,
 			*retval = PTR_ERR(bh);
 			return NULL;
 		}
-
-		de = (struct ext4_dir_entry_2 *) bh->b_data;
-		if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
-					 bh->b_size, 0) ||
-		    le32_to_cpu(de->inode) != inode->i_ino ||
-		    strcmp(".", de->name)) {
-			EXT4_ERROR_INODE(inode, "directory missing '.'");
-			brelse(bh);
-			*retval = -EFSCORRUPTED;
-			return NULL;
-		}
-		offset = ext4_rec_len_from_disk(de->rec_len,
-						inode->i_sb->s_blocksize);
-		de = ext4_next_entry(de, inode->i_sb->s_blocksize);
-		if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
-					 bh->b_size, offset) ||
-		    le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) {
-			EXT4_ERROR_INODE(inode, "directory missing '..'");
-			brelse(bh);
-			*retval = -EFSCORRUPTED;
-			return NULL;
-		}
-		*parent_de = de;
-
+		*parent_de = ext4_next_entry(
+					(struct ext4_dir_entry_2 *)bh->b_data,
+					inode->i_sb->s_blocksize);
 		return bh;
 	}