Fix: Missing rcu_read_lock in cmd_snapshot_list_outputs()

[lttng-tools.git] / src / bin / lttng-sessiond / cmd.c

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index c2b0248ea5210e4506b9086d2228b89fbf89c1ff..0b97ed61a1ec54fc928b1e5a69890ede4002a162 100644 (file)
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -16,6 +16,7 @@
  */
 
 #define _GNU_SOURCE
+#define _LGPL_SOURCE
 #include <assert.h>
 #include <inttypes.h>
 #include <urcu/list.h>
@@ -1385,6 +1386,7 @@ end:
 
 /*
  * Command LTTNG_ENABLE_EVENT processed by the client thread.
+ * We own filter, exclusion, and filter_expression.
  */
 int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                char *channel_name, struct lttng_event *event,
@@ -1536,6 +1538,10 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                /* At this point, the session and channel exist on the tracer */
                ret = event_ust_enable_tracepoint(usess, uchan, event,
                                filter_expression, filter, exclusion);
+               /* We have passed ownership */
+               filter_expression = NULL;
+               filter = NULL;
+               exclusion = NULL;
                if (ret != LTTNG_OK) {
                        goto error;
                }
@@ -1598,8 +1604,30 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                        assert(0);
                }
 
-               ret = cmd_enable_event(session, &tmp_dom, (char *) default_chan_name,
-                       &uevent, filter_expression, filter, NULL, wpipe);
+               {
+                       struct lttng_filter_bytecode *filter_copy = NULL;
+
+                       if (filter) {
+                               filter_copy = zmalloc(
+                                       sizeof(struct lttng_filter_bytecode)
+                                       + filter->len);
+                               if (!filter_copy) {
+                                       goto error;
+                               }
+
+                               memcpy(filter_copy, filter,
+                                       sizeof(struct lttng_filter_bytecode)
+                                       + filter->len);
+                       }
+
+                       ret = cmd_enable_event(session, &tmp_dom,
+                                       (char *) default_chan_name,
+                                       &uevent, filter_expression, filter_copy,
+                                       NULL, wpipe);
+                       /* We have passed ownership */
+                       filter_expression = NULL;
+               }
+
                if (ret != LTTNG_OK && ret != LTTNG_ERR_UST_EVENT_ENABLED) {
                        goto error;
                }
@@ -1607,8 +1635,10 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                /* The wild card * means that everything should be enabled. */
                if (strncmp(event->name, "*", 1) == 0 && strlen(event->name) == 1) {
                        ret = event_agent_enable_all(usess, agt, event, filter);
+                       filter = NULL;
                } else {
                        ret = event_agent_enable(usess, agt, event, filter);
+                       filter = NULL;
                }
                if (ret != LTTNG_OK) {
                        goto error;
@@ -1629,6 +1659,9 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
        ret = LTTNG_OK;
 
 error:
+       free(filter_expression);
+       free(filter);
+       free(exclusion);
        rcu_read_unlock();
        return ret;
 }
@@ -2763,7 +2796,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                struct lttng_snapshot_output **outputs)
 {
        int ret, idx = 0;
-       struct lttng_snapshot_output *list;
+       struct lttng_snapshot_output *list = NULL;
        struct lttng_ht_iter iter;
        struct snapshot_output *output;
 
@@ -2777,7 +2810,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
         * set in no output mode.
         */
        if (session->output_traces) {
-               ret = LTTNG_ERR_EPERM;
+               ret = -LTTNG_ERR_EPERM;
                goto error;
        }
 
@@ -2788,11 +2821,12 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 
        list = zmalloc(session->snapshot.nb_output * sizeof(*list));
        if (!list) {
-               ret = LTTNG_ERR_NOMEM;
+               ret = -LTTNG_ERR_NOMEM;
                goto error;
        }
 
        /* Copy list from session to the new list object. */
+       rcu_read_lock();
        cds_lfht_for_each_entry(session->snapshot.output_ht->ht, &iter.iter,
                        output, node.node) {
                assert(output->consumer);
@@ -2807,28 +2841,28 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                        ret = uri_to_str_url(&output->consumer->dst.net.control,
                                        list[idx].ctrl_url, sizeof(list[idx].ctrl_url));
                        if (ret < 0) {
-                               ret = LTTNG_ERR_NOMEM;
-                               goto free_error;
+                               ret = -LTTNG_ERR_NOMEM;
+                               goto error;
                        }
 
                        /* Data URI. */
                        ret = uri_to_str_url(&output->consumer->dst.net.data,
                                        list[idx].data_url, sizeof(list[idx].data_url));
                        if (ret < 0) {
-                               ret = LTTNG_ERR_NOMEM;
-                               goto free_error;
+                               ret = -LTTNG_ERR_NOMEM;
+                               goto error;
                        }
                }
                idx++;
        }
 
        *outputs = list;
-       return session->snapshot.nb_output;
-
-free_error:
-       free(list);
+       list = NULL;
+       ret = session->snapshot.nb_output;
 error:
-       return -ret;
+       free(list);
+       rcu_read_unlock();
+       return ret;
 }
 
 /*
@@ -3021,12 +3055,14 @@ static uint64_t get_session_max_subbuf_size(struct ltt_session *session)
                struct ltt_ust_channel *uchan;
                struct ltt_ust_session *usess = session->ust_session;
 
+               rcu_read_lock();
                cds_lfht_for_each_entry(usess->domain_global.channels->ht, &iter.iter,
                                uchan, node.node) {
                        if (uchan->attr.subbuf_size > max_size) {
                                max_size = uchan->attr.subbuf_size;
                        }
                }
+               rcu_read_unlock();
        }
 
        return max_size;