From f094ac32aba3a51c00e970a2ea029339af2ca048 Mon Sep 17 00:00:00 2001 From: Liu Bo Date: Wed, 27 Feb 2013 13:28:25 +0000 Subject: [PATCH] Btrfs: fix NULL pointer after aborting a transaction While doing cleanup work on an aborted transaction, we've set the global running transaction pointer to NULL _before_ waiting all other transaction handles to finish, so others'd hit NULL pointer crash when referencing the global running transaction pointer. This first sets a hint to avoid new transaction handle joining, then waits other existing handles to abort or finish so that we can safely set the above global pointer to NULL. Signed-off-by: Liu Bo Signed-off-by: Josef Bacik --- fs/btrfs/transaction.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index 4330433b7b4f..3733c4939a27 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1447,6 +1447,7 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans, struct btrfs_root *root, int err) { struct btrfs_transaction *cur_trans = trans->transaction; + DEFINE_WAIT(wait); WARN_ON(trans->use_count > 1); @@ -1455,8 +1456,13 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans, spin_lock(&root->fs_info->trans_lock); list_del_init(&cur_trans->list); if (cur_trans == root->fs_info->running_transaction) { + root->fs_info->trans_no_join = 1; + spin_unlock(&root->fs_info->trans_lock); + wait_event(cur_trans->writer_wait, + atomic_read(&cur_trans->num_writers) == 1); + + spin_lock(&root->fs_info->trans_lock); root->fs_info->running_transaction = NULL; - root->fs_info->trans_no_join = 0; } spin_unlock(&root->fs_info->trans_lock); -- 2.30.2