!13052 ext4: fix CVE-2024-47701

					struct ext4_dir_entry_2 **res_dir,

					int *has_inline_data)

{

	struct ext4_xattr_ibody_find is = {

		.s = { .not_found = -ENODATA, },

	};

	struct ext4_xattr_info i = {

		.name_index = EXT4_XATTR_INDEX_SYSTEM,

		.name = EXT4_XATTR_SYSTEM_DATA,

	};

	int ret;

	struct ext4_iloc iloc;

	void *inline_start;

	int inline_size;

	if (ext4_get_inode_loc(dir, &iloc))

		return NULL;

	ret = ext4_get_inode_loc(dir, &is.iloc);

	if (ret)

		return ERR_PTR(ret);

	down_read(&EXT4_I(dir)->xattr_sem);

	ret = ext4_xattr_ibody_find(dir, &i, &is);

	if (ret)

		goto out;

	if (!ext4_has_inline_data(dir)) {

		*has_inline_data = 0;

		goto out;

	}

	inline_start = (void *)ext4_raw_inode(&iloc)->i_block +

	inline_start = (void *)ext4_raw_inode(&is.iloc)->i_block +

						EXT4_INLINE_DOTDOT_SIZE;

	inline_size = EXT4_MIN_INLINE_DATA_SIZE - EXT4_INLINE_DOTDOT_SIZE;

	ret = ext4_search_dir(iloc.bh, inline_start, inline_size,

	ret = ext4_search_dir(is.iloc.bh, inline_start, inline_size,

			      dir, fname, 0, res_dir);

	if (ret == 1)

		goto out_find;

	if (ext4_get_inline_size(dir) == EXT4_MIN_INLINE_DATA_SIZE)

		goto out;

	inline_start = ext4_get_inline_xattr_pos(dir, &iloc);

	inline_start = ext4_get_inline_xattr_pos(dir, &is.iloc);

	inline_size = ext4_get_inline_size(dir) - EXT4_MIN_INLINE_DATA_SIZE;

	ret = ext4_search_dir(iloc.bh, inline_start, inline_size,

	ret = ext4_search_dir(is.iloc.bh, inline_start, inline_size,

			      dir, fname, 0, res_dir);

	if (ret == 1)

		goto out_find;

out:

	brelse(iloc.bh);

	iloc.bh = NULL;

	brelse(is.iloc.bh);

	if (ret < 0)

		is.iloc.bh = ERR_PTR(ret);

	else

		is.iloc.bh = NULL;

out_find:

	up_read(&EXT4_I(dir)->xattr_sem);

	return iloc.bh;

	return is.iloc.bh;

}

int ext4_delete_inline_entry(handle_t *handle,

}

/*

 * Returns 0 if not found, -1 on failure, and 1 on success

 * Returns 0 if not found, -EFSCORRUPTED on failure, and 1 on success

 */

int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size,

		    struct inode *dir, struct ext4_filename *fname,

			 * a full check */

			if (ext4_check_dir_entry(dir, NULL, de, bh, search_buf,

						 buf_size, offset))

				return -1;

				return -EFSCORRUPTED;

			*res_dir = de;

			return 1;

		}

		de_len = ext4_rec_len_from_disk(de->rec_len,

						dir->i_sb->s_blocksize);

		if (de_len <= 0)

			return -1;

			return -EFSCORRUPTED;

		offset += de_len;

		de = (struct ext4_dir_entry_2 *) ((char *) de + de_len);

	}

		int has_inline_data = 1;

		ret = ext4_find_inline_entry(dir, &fname, res_dir,

					     &has_inline_data);

		if (has_inline_data) {

		if (inlined)

				*inlined = 1;

			*inlined = has_inline_data;

		if (has_inline_data || IS_ERR(ret))

			goto cleanup_and_exit;

	}

	}

	if ((namelen <= 2) && (name[0] == '.') &&

	    (name[1] == '.' || name[1] == '\0')) {

			goto cleanup_and_exit;

		} else {

			brelse(bh);

			if (i < 0)

			if (i < 0) {

				ret = ERR_PTR(i);

				goto cleanup_and_exit;

			}

		}

	next:

		if (++block >= nblocks)

			block = 0;

		if (retval == 1)

			goto success;

		brelse(bh);

		if (retval == -1) {

		if (retval < 0) {

			bh = ERR_PTR(ERR_BAD_DX_DIR);

			goto errout;

		}

	 * so the old->de may no longer valid and need to find it again

	 * before reset old inode info.

	 */

	old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de, NULL);

	old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de,

				 &old.inlined);

	if (IS_ERR(old.bh))

		retval = PTR_ERR(old.bh);

	if (!old.bh)

			return retval;

	}

	old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de, NULL);

	old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de,

				 &old.inlined);

	if (IS_ERR(old.bh))

		return PTR_ERR(old.bh);

	/*