From a10984f577a5b43d15bd176d5e35bab58c3049d3 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Thu, 27 May 2021 17:11:22 -0400 Subject: [PATCH] Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The error label jumps to the end label which releases the RCU read-side lock. There are many error paths in this function which goto error without holding the RCU read-side lock, thus causing unbalanced RCU read-side lock. There is no point in keeping so short RCU read-side critical sections, so cover the entire function with a single read-side critical section. [ Applies to stable-2.12 and possibly prior versions. Does _not_ apply to stable-2.13+. ] Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau Change-Id: I5b20c229a5df22d22ecfdc64dbbb87ee118649d2 --- src/bin/lttng-sessiond/cmd.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c index 31eb2b430..a635c6511 100644 --- a/src/bin/lttng-sessiond/cmd.c +++ b/src/bin/lttng-sessiond/cmd.c @@ -517,7 +517,6 @@ static int list_lttng_agent_events(struct agent *agt, rcu_read_lock(); nb_event = lttng_ht_get_count(agt->events); - rcu_read_unlock(); if (nb_event == 0) { ret = nb_event; *total_size = 0; @@ -531,7 +530,6 @@ static int list_lttng_agent_events(struct agent *agt, * This is only valid because the commands which add events are * processed in the same thread as the listing. */ - rcu_read_lock(); cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) { ret = increment_extended_len(event->filter_expression, NULL, NULL, &extended_len); @@ -541,7 +539,6 @@ static int list_lttng_agent_events(struct agent *agt, goto error; } } - rcu_read_unlock(); *total_size = nb_event * sizeof(*tmp_events) + extended_len; tmp_events = zmalloc(*total_size); @@ -554,7 +551,6 @@ static int list_lttng_agent_events(struct agent *agt, extended_at = ((uint8_t *) tmp_events) + nb_event * sizeof(struct lttng_event); - rcu_read_lock(); cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) { strncpy(tmp_events[i].name, event->name, sizeof(tmp_events[i].name)); tmp_events[i].name[sizeof(tmp_events[i].name) - 1] = '\0'; -- 2.39.5