From: Maneesh Soni <maneesh@in.ibm.com>

I have re-done the patch fixing the race between sysfs_remove_dir() and
dcache_readdir().  If you recall, sysfs_remove_dir(kobj) manipulates the
->d_subdirs list for the dentry corresponding to the sysfs directory being
removed.  It can end up deleting the cursor dentry which is added to the
->d_subdirs list during a concurrent dcache_dir_open() ==> dcache_readdir()
for the same directory.  And as a result dcache_readdir() can loop for ever
holding dcache_lock.

The earlier patch which was included in -mm1 created problems which
resulted in list_del() BUG hits in prune_dcache().  The reason I think is
that in the main loop in sysfs_remove_dir(), dcache_lock is dropped and
re-acquired, and this could result in inconsistent ->d_subdirs list and
prune_dcache() may try to delete an already deleted dentry.  I have
corrected this in the new patch as below.

I could do sysfs_remove_dir() more neatly on sysfs backing store patch set
as there I don't use the ->d_subdirs list.  Instead the list of children
sysfs_dirent works out well.  But untill sysfs backing store patch is
picked up the existing code suffer from this race.  This can be easily
tested by running following two loops on a SMP box

# while true; do insmod drivers/net/dummy.ko; rmmod dummy; done
# while true; do find /sys/class/net > /dev/null; done


o This patch fixes sysfs_remove_dir race with dcache_readdir.  There is
  no need for sysfs_remove_dir to modify the d_subdirs list for the
  directory being deleted as it is taken care in the final dput.  Modifying
  this list results in inconsistent d_subdirs list and causes infinite loop
  in concurrently occurring dcache_readdir.

o The main loop is restarted every time, dcache_lock is re-acquired in
  order to maintain consistency.