Fix: event notifier: racy use of last subbuffer record
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Mon, 4 Apr 2022 19:42:00 +0000 (15:42 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fri, 3 Jun 2022 15:44:14 +0000 (11:44 -0400)
The lttng-modules event notifiers use the ring buffer internally. When
reading the payload of the last event in a sub-buffer with a multi-part
read (e.g. two read system calls), we should not "put" the sub-buffer
holding this data, else continuing reading the data in the following
read system call can observe corrupted data if it has been concurrently
overwritten by the producer.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Idb051e50ee8a25958cfd63a9b143f4943ca2e01a

src/lttng-abi.c

index c3e676902d787fe88c84d0ef034930f169cd4372..59fea6266a840fd53e568c6526f12a60ccb72333 100644 (file)
@@ -1016,7 +1016,7 @@ ssize_t lttng_event_notifier_group_notif_read(struct file *filp, char __user *us
 
        /* Finish copy of previous record */
        if (*ppos != 0) {
-               if (read_count < count) {
+               if (count != 0) {
                        len = chan->iter.len_left;
                        read_offset = *ppos;
                        goto skip_get_next;
@@ -1096,7 +1096,8 @@ nodata:
        chan->iter.len_left = 0;
 
 put_record:
-       lib_ring_buffer_put_current_record(buf);
+       if (*ppos == 0)
+               lib_ring_buffer_put_current_record(buf);
        return read_count;
 }
 
This page took 0.029983 seconds and 4 git commands to generate.