Btrfs: fix NULL pointer after aborting a transaction
authorLiu Bo <bo.li.liu@oracle.com>
Wed, 27 Feb 2013 13:28:25 +0000 (13:28 +0000)
committerJosef Bacik <jbacik@fusionio.com>
Thu, 28 Feb 2013 18:33:52 +0000 (13:33 -0500)
While doing cleanup work on an aborted transaction, we've set
the global running transaction pointer to NULL _before_ waiting all
other transaction handles to finish, so others'd hit NULL pointer
crash when referencing the global running transaction pointer.

This first sets a hint to avoid new transaction handle joining, then
waits other existing handles to abort or finish so that we can safely
set the above global pointer to NULL.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
fs/btrfs/transaction.c

index 4330433b7b4f5617edfd36ffb68a252e509328ea..3733c4939a27a6c2dc1cc3dce41de7989fd7be58 100644 (file)
@@ -1447,6 +1447,7 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans,
                                struct btrfs_root *root, int err)
 {
        struct btrfs_transaction *cur_trans = trans->transaction;
+       DEFINE_WAIT(wait);
 
        WARN_ON(trans->use_count > 1);
 
@@ -1455,8 +1456,13 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans,
        spin_lock(&root->fs_info->trans_lock);
        list_del_init(&cur_trans->list);
        if (cur_trans == root->fs_info->running_transaction) {
+               root->fs_info->trans_no_join = 1;
+               spin_unlock(&root->fs_info->trans_lock);
+               wait_event(cur_trans->writer_wait,
+                          atomic_read(&cur_trans->num_writers) == 1);
+
+               spin_lock(&root->fs_info->trans_lock);
                root->fs_info->running_transaction = NULL;
-               root->fs_info->trans_no_join = 0;
        }
        spin_unlock(&root->fs_info->trans_lock);