87873c8680
The error path in spufs_fill_dir() is broken. If d_alloc_name() or spufs_new_file() fails, spufs_prune_dir() is getting called. At this time dir->inode is not set and a NULL pointer is dereferenced by mutex_lock(). This bugfix replaces spufs_prune_dir() with a shorter version that does not touch dir->inode but simply removes all children. Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Acked-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org> |
||
---|---|---|
.. | ||
Makefile | ||
backing_ops.c | ||
context.c | ||
coredump.c | ||
fault.c | ||
file.c | ||
gang.c | ||
hw_ops.c | ||
inode.c | ||
lscsa_alloc.c | ||
run.c | ||
sched.c | ||
spu_restore.c | ||
spu_restore_crt0.S | ||
spu_restore_dump.h_shipped | ||
spu_save.c | ||
spu_save_crt0.S | ||
spu_save_dump.h_shipped | ||
spu_utils.h | ||
spufs.h | ||
switch.c | ||
syscalls.c |