• Josef Bacik's avatar
    Btrfs: fix two use-after-free bugs with transaction cleanup · 8b16b61c
    Josef Bacik authored
    commit 724e2315 upstream.
    
    I was noticing the slab redzone stuff going off every once and a while during
    transaction aborts.  This was caused by two things
    
    1) We would walk the pending snapshots and set their error to -ECANCELED.  We
    don't need to do this, the snapshot stuff waits for a transaction commit and if
    there is a problem we just free our pending snapshot object and exit.  Doing
    this was causing us to touch the pending snapshot object after the thing had
    already been freed.
    
    2) We were freeing the transaction manually with wanton disregard for it's
    use_count reference counter.  To fix this I cleaned up the transaction freeing
    loop to either wait for the transaction commit to finish if it was in the middle
    of that (since it will be cleaned and freed up there) or to do the cleanup
    oursevles.
    
    I also moved the global "kill all things dirty everywhere" stuff outside of the
    transaction cleanup loop since that only needs to be done once.  With this patch
    I'm no longer seeing slab corruption because of use after frees.  Thanks,
    Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
    Signed-off-by: default avatarChris Mason <chris.mason@fusionio.com>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    8b16b61c
transaction.c 53.2 KB