From: Jérémie Galarneau Date: Tue, 18 Feb 2020 01:05:22 +0000 (-0500) Subject: Fix: relayd: use of relay_session ref count before initialization X-Git-Tag: v2.11.3~9 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=d75e57d44a2f2dffcdbf9a745358a128f5ec374f;p=lttng-tools.git Fix: relayd: use of relay_session ref count before initialization The relay_session's reference count is used before it is initialized on multiple code paths of session_create(). The initialization of the reference count, mutexes, and intrusive data structure nodes are initialized earlier to make their use safe in the event of an error. Signed-off-by: Jérémie Galarneau Change-Id: I1be53ad88a3e783b85b4c568527df1a75ce58d3a --- diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index 2f65848a9..146a5dffc 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -206,6 +206,17 @@ struct relay_session *session_create(const char *session_name, PERROR("Failed to allocate session"); goto error; } + + pthread_mutex_lock(&last_relay_session_id_lock); + session->id = ++last_relay_session_id; + pthread_mutex_unlock(&last_relay_session_id_lock); + + lttng_ht_node_init_u64(&session->session_n, session->id); + urcu_ref_init(&session->ref); + CDS_INIT_LIST_HEAD(&session->recv_list); + pthread_mutex_init(&session->lock, NULL); + pthread_mutex_init(&session->recv_list_lock, NULL); + if (lttng_strncpy(session->session_name, session_name, sizeof(session->session_name))) { WARN("Session name exceeds maximal allowed length"); @@ -232,17 +243,8 @@ struct relay_session *session_create(const char *session_name, goto error; } - pthread_mutex_lock(&last_relay_session_id_lock); - session->id = ++last_relay_session_id; - pthread_mutex_unlock(&last_relay_session_id_lock); - session->major = major; session->minor = minor; - lttng_ht_node_init_u64(&session->session_n, session->id); - urcu_ref_init(&session->ref); - CDS_INIT_LIST_HEAD(&session->recv_list); - pthread_mutex_init(&session->lock, NULL); - pthread_mutex_init(&session->recv_list_lock, NULL); session->live_timer = live_timer; session->snapshot = snapshot;