Fix: RCU read-side lock released too early in destroy_agent_app

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-sessiond/agent-thread.c b/src/bin/lttng-sessiond/agent-thread.c
index 4c1457fe0df7a6fed32ce8141a1474e4cc2d531e..dbbdfde4ae08437f931039deaabb212593fe2e2b 100644 (file)
--- a/src/bin/lttng-sessiond/agent-thread.c
+++ b/src/bin/lttng-sessiond/agent-thread.c
@@ -89,13 +89,13 @@ static void destroy_agent_app(int sock)
        rcu_read_lock();
        app = agent_find_app_by_sock(sock);
        assert(app);
-       rcu_read_unlock();
 
-       /* RCU read side lock is taken in this function call. */
+       /* RCU read side lock is assumed to be held by this function. */
        agent_delete_app(app);
 
        /* The application is freed in a RCU call but the socket is closed here. */
        agent_destroy_app(app);
+       rcu_read_unlock();
 }
 
 /*

diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index 8992d2d80159cb71c502e51584753c299d071ffe..1bf490f5a139afd9d47343276111ff6cd1d6ae4f 100644 (file)
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -677,6 +677,8 @@ void agent_add_app(struct agent_app *app)
 
 /*
  * Delete agent application from the global hash table.
+ *
+ * rcu_read_lock() must be held by the caller.
  */
 void agent_delete_app(struct agent_app *app)
 {
@@ -688,9 +690,7 @@ void agent_delete_app(struct agent_app *app)
        DBG3("Agent deleting app pid: %d and sock: %d", app->pid, app->sock->fd);
 
        iter.iter.node = &app->node.node;
-       rcu_read_lock();
        ret = lttng_ht_del(agent_apps_ht_by_sock, &iter);
-       rcu_read_unlock();
        assert(!ret);
 }