Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f094ac32 authored by Liu Bo's avatar Liu Bo Committed by Josef Bacik
Browse files

Btrfs: fix NULL pointer after aborting a transaction 



While doing cleanup work on an aborted transaction, we've set
the global running transaction pointer to NULL _before_ waiting all
other transaction handles to finish, so others'd hit NULL pointer
crash when referencing the global running transaction pointer.

This first sets a hint to avoid new transaction handle joining, then
waits other existing handles to abort or finish so that we can safely
set the above global pointer to NULL.

Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
parent 3321719e

fs/btrfs/transaction.c

+7 −1
Original line number Original line Diff line number Diff line
@@ -1447,6 +1447,7 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans, 
				struct btrfs_root *root, int err)

				struct btrfs_root *root, int err)

{

{

	struct btrfs_transaction *cur_trans = trans->transaction;

	struct btrfs_transaction *cur_trans = trans->transaction;

	DEFINE_WAIT(wait);





	WARN_ON(trans->use_count > 1);

	WARN_ON(trans->use_count > 1);
@@ -1455,8 +1456,13 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans, 
	spin_lock(&root->fs_info->trans_lock);

	spin_lock(&root->fs_info->trans_lock);

	list_del_init(&cur_trans->list);

	list_del_init(&cur_trans->list);

	if (cur_trans == root->fs_info->running_transaction) {

	if (cur_trans == root->fs_info->running_transaction) {

		root->fs_info->trans_no_join = 1;

		spin_unlock(&root->fs_info->trans_lock);

		wait_event(cur_trans->writer_wait,

			   atomic_read(&cur_trans->num_writers) == 1);



		spin_lock(&root->fs_info->trans_lock);

		root->fs_info->running_transaction = NULL;

		root->fs_info->running_transaction = NULL;

		root->fs_info->trans_no_join = 0;

	}

	}

	spin_unlock(&root->fs_info->trans_lock);

	spin_unlock(&root->fs_info->trans_lock);