Patch "udf_rename(): only access the child content on cross-directory rename" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 2 Jan 2025 19:45:24 -0500

This is a note to let you know that I've just added the patch titled

    udf_rename(): only access the child content on cross-directory rename

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     udf_rename-only-access-the-child-content-on-cross-di.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 29df5c14514fcefbda1046b60119bf5d6b3119e8
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date:   Tue Oct 17 14:44:23 2023 -0400

    udf_rename(): only access the child content on cross-directory rename
    
    [ Upstream commit 9d35cebb794bb7be93db76c3383979c7deacfef9 ]
    
    We can't really afford locking the source on same-directory rename;
    currently vfs_rename() tries to do that, but it will have to be
    changed.  The logics in udf_rename() is lazy and goes looking for
    ".." in source even in same-directory case.  It's not hard to get
    rid of that, leaving that behaviour only for cross-directory case;
    that VFS can get locks safely (and will keep doing that after the
    coming changes).
    
    Reviewed-by: Jan Kara <jack@xxxxxxx>
    Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
    Stable-dep-of: 6756af923e06 ("udf: Verify inode link counts before performing rename")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index b3f57ad2b869..0461a7b1e9b4 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -770,7 +770,7 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
 	struct inode *old_inode = d_inode(old_dentry);
 	struct inode *new_inode = d_inode(new_dentry);
 	struct udf_fileident_iter oiter, niter, diriter;
-	bool has_diriter = false;
+	bool has_diriter = false, is_dir = false;
 	int retval;
 	struct kernel_lb_addr tloc;
 
@@ -793,6 +793,9 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
 			if (!empty_dir(new_inode))
 				goto out_oiter;
 		}
+		is_dir = true;
+	}
+	if (is_dir && old_dir != new_dir) {
 		retval = udf_fiiter_find_entry(old_inode, &dotdot_name,
 					       &diriter);
 		if (retval == -ENOENT) {
@@ -880,7 +883,9 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
 					cpu_to_lelb(UDF_I(new_dir)->i_location);
 		udf_fiiter_write_fi(&diriter, NULL);
 		udf_fiiter_release(&diriter);
+	}
 
+	if (is_dir) {
 		inode_dec_link_count(old_dir);
 		if (new_inode)
 			inode_dec_link_count(new_inode);







