From: Jérémie Galarneau Date: Wed, 30 Oct 2019 19:35:28 +0000 (-0400) Subject: Fix: consumerd: crash occurs when taking snapshot of ust channel X-Git-Tag: v2.11.1~57 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=c9b95901694142be2fada10de730b46b3b138b84;p=lttng-tools.git Fix: consumerd: crash occurs when taking snapshot of ust channel Commit 8e1ef46e8 added an acquisition of the metadata_stream's lock during consumer_metadata_cache_flushed() as stream attributes are used. However, when this function is called, the metadata channel's stream can already be NULL, as indicated by the function's comments. Check if the stream is NULL before attempting to acquire its lock. Signed-off-by: Jérémie Galarneau --- diff --git a/src/common/consumer/consumer-metadata-cache.c b/src/common/consumer/consumer-metadata-cache.c index 5eee40142..3fffe5339 100644 --- a/src/common/consumer/consumer-metadata-cache.c +++ b/src/common/consumer/consumer-metadata-cache.c @@ -274,16 +274,19 @@ int consumer_metadata_cache_flushed(struct lttng_consumer_channel *channel, } pthread_mutex_lock(&channel->timer_lock); metadata_stream = channel->metadata_stream; - pthread_mutex_lock(&metadata_stream->lock); - pthread_mutex_lock(&channel->metadata_cache->lock); - if (!metadata_stream) { /* * Having no metadata stream means the channel is being destroyed so there * is no cache to flush anymore. */ ret = 0; - } else if (metadata_stream->ust_metadata_pushed >= offset) { + goto end_unlock_channel; + } + + pthread_mutex_lock(&metadata_stream->lock); + pthread_mutex_lock(&channel->metadata_cache->lock); + + if (metadata_stream->ust_metadata_pushed >= offset) { ret = 0; } else if (channel->metadata_stream->endpoint_status != CONSUMER_ENDPOINT_ACTIVE) { @@ -296,6 +299,7 @@ int consumer_metadata_cache_flushed(struct lttng_consumer_channel *channel, pthread_mutex_unlock(&channel->metadata_cache->lock); pthread_mutex_unlock(&metadata_stream->lock); +end_unlock_channel: pthread_mutex_unlock(&channel->timer_lock); if (!timer) { pthread_mutex_unlock(&channel->lock);