ovl: don't poison cursor ovl_cache_put() can be called from ovl_dir_reset() if the cache needs to be rebuilt. We did list_del() on the cursor, which results in an Oops on the poisoned pointer in ovl_seek_cursor(). Reported-by: Jordi Pujol Palomer <jordipujolp@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Tested-by: Jordi Pujol Palomer <jordipujolp@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: 3f822c6264954660babce757fb45792fd3af273e [log] [tgz]
author: Miklos Szeredi <miklos@szeredi.hu> Tue Nov 04 16:11:03 2014 +0100
committer: Al Viro <viro@zeniv.linux.org.uk> Wed Nov 05 08:49:38 2014 -0500
tree: c89c9b7ddf6c1a7628b9c6fd2246574aec9d500f
parent: a1cff6e25e6e3b55183610dddca91546951b20e3 [diff]
diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c
index 4e9d7c1..2a7ef4f 100644
--- a/fs/overlayfs/readdir.c
+++ b/fs/overlayfs/readdir.c

@@ -168,7 +168,7 @@
 {
 	struct ovl_dir_cache *cache = od->cache;
 
-	list_del(&od->cursor.l_node);
+	list_del_init(&od->cursor.l_node);
 	WARN_ON(cache->refcount <= 0);
 	cache->refcount--;
 	if (!cache->refcount) {
commit	3f822c6264954660babce757fb45792fd3af273e	[log] [tgz]
author	Miklos Szeredi <miklos@szeredi.hu>	Tue Nov 04 16:11:03 2014 +0100
committer	Al Viro <viro@zeniv.linux.org.uk>	Wed Nov 05 08:49:38 2014 -0500
tree	c89c9b7ddf6c1a7628b9c6fd2246574aec9d500f
parent	a1cff6e25e6e3b55183610dddca91546951b20e3 [diff]