From: Mathieu Desnoyers Date: Thu, 27 May 2021 21:11:22 +0000 (-0400) Subject: Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error X-Git-Url: http://git.efficios.com/?p=lttng-tools.git;a=commitdiff_plain;h=ca8331f78e8c57d8d699926c7b4948cad9905b2e Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error The error label jumps to the end label which releases the RCU read-side lock. There are many error paths in this function which goto error without holding the RCU read-side lock, thus causing unbalanced RCU read-side lock. There is no point in keeping so short RCU read-side critical sections, so cover the entire function with a single read-side critical section. [ Applies to stable-2.12 and possibly prior versions. Does _not_ apply to stable-2.13+. ] Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau Change-Id: I5b20c229a5df22d22ecfdc64dbbb87ee118649d2 --- diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c index b608df1e1..eb5da1b76 100644 --- a/src/bin/lttng-sessiond/cmd.c +++ b/src/bin/lttng-sessiond/cmd.c @@ -510,7 +510,6 @@ static int list_lttng_agent_events(struct agent *agt, rcu_read_lock(); nb_event = lttng_ht_get_count(agt->events); - rcu_read_unlock(); if (nb_event == 0) { ret = nb_event; *total_size = 0; @@ -524,7 +523,6 @@ static int list_lttng_agent_events(struct agent *agt, * This is only valid because the commands which add events are * processed in the same thread as the listing. */ - rcu_read_lock(); cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) { ret = increment_extended_len(event->filter_expression, NULL, NULL, &extended_len); @@ -534,7 +532,6 @@ static int list_lttng_agent_events(struct agent *agt, goto error; } } - rcu_read_unlock(); *total_size = nb_event * sizeof(*tmp_events) + extended_len; tmp_events = zmalloc(*total_size); @@ -547,7 +544,6 @@ static int list_lttng_agent_events(struct agent *agt, extended_at = ((uint8_t *) tmp_events) + nb_event * sizeof(struct lttng_event); - rcu_read_lock(); cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) { strncpy(tmp_events[i].name, event->name, sizeof(tmp_events[i].name)); tmp_events[i].name[sizeof(tmp_events[i].name) - 1] = '\0';