libfs: take cursors out of list when moving past the end of directory

that eliminates the last place where we accessed the tail of ->d_subdirs

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/libfs.c b/fs/libfs.c
index 8e023b0..540611b 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -92,14 +92,13 @@ EXPORT_SYMBOL(dcache_dir_close);
 /*
  * Returns an element of siblings' list.
  * We are looking for <count>th positive after <p>; if
- * found, dentry is grabbed and passed to caller via *<res>.
- * If no such element exists, the anchor of list is returned
- * and *<res> is set to NULL.
+ * found, dentry is grabbed and returned to caller.
+ * If no such element exists, NULL is returned.
  */
-static struct list_head *scan_positives(struct dentry *cursor,
+static struct dentry *scan_positives(struct dentry *cursor,
 					struct list_head *p,
 					loff_t count,
-					struct dentry **res)
+					struct dentry *last)
 {
 	struct dentry *dentry = cursor->d_parent, *found = NULL;
 
@@ -127,9 +126,8 @@ static struct list_head *scan_positives(struct dentry *cursor,
 		}
 	}
 	spin_unlock(&dentry->d_lock);
-	dput(*res);
-	*res = found;
-	return p;
+	dput(last);
+	return found;
 }
 
 loff_t dcache_dir_lseek(struct file *file, loff_t offset, int whence)
@@ -149,25 +147,22 @@ loff_t dcache_dir_lseek(struct file *file, loff_t offset, int whence)
 	if (offset != file->f_pos) {
 		struct dentry *cursor = file->private_data;
 		struct dentry *to = NULL;
-		struct list_head *p;
 
-		file->f_pos = offset;
 		inode_lock_shared(dentry->d_inode);
 
-		if (file->f_pos > 2) {
-			p = scan_positives(cursor, &dentry->d_subdirs,
-					   file->f_pos - 2, &to);
-			spin_lock(&dentry->d_lock);
-			list_move(&cursor->d_child, p);
-			spin_unlock(&dentry->d_lock);
-		} else {
-			spin_lock(&dentry->d_lock);
+		if (offset > 2)
+			to = scan_positives(cursor, &dentry->d_subdirs,
+					    offset - 2, NULL);
+		spin_lock(&dentry->d_lock);
+		if (to)
+			list_move(&cursor->d_child, &to->d_child);
+		else
 			list_del_init(&cursor->d_child);
-			spin_unlock(&dentry->d_lock);
-		}
-
+		spin_unlock(&dentry->d_lock);
 		dput(to);
 
+		file->f_pos = offset;
+
 		inode_unlock_shared(dentry->d_inode);
 	}
 	return offset;
@@ -199,17 +194,23 @@ int dcache_readdir(struct file *file, struct dir_context *ctx)
 
 	if (ctx->pos == 2)
 		p = anchor;
-	else
+	else if (!list_empty(&cursor->d_child))
 		p = &cursor->d_child;
+	else
+		return 0;
 
-	while ((p = scan_positives(cursor, p, 1, &next)) != anchor) {
+	while ((next = scan_positives(cursor, p, 1, next)) != NULL) {
 		if (!dir_emit(ctx, next->d_name.name, next->d_name.len,
 			      d_inode(next)->i_ino, dt_type(d_inode(next))))
 			break;
 		ctx->pos++;
+		p = &next->d_child;
 	}
 	spin_lock(&dentry->d_lock);
-	list_move_tail(&cursor->d_child, p);
+	if (next)
+		list_move_tail(&cursor->d_child, &next->d_child);
+	else
+		list_del_init(&cursor->d_child);
 	spin_unlock(&dentry->d_lock);
 	dput(next);