[lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root

Jérémie Galarneau jeremie.galarneau at efficios.com
Thu Jul 30 12:02:59 EDT 2015


On Thu, Jul 30, 2015 at 11:12 AM, Julien Desfossez <jdesfossez at efficios.com>
wrote:

> Commit 6a4e403927ffef4cae8726064dcf53c463eb128c introduced a bug where
> we could end up iterating over the agent_apps_ht_by_sock regardless if
> it was allocated or not (only when the sessiond is launched as root).
>
> Steps to reproduce:
> $ sudo lttng-sessiond -d
> $ lttng-sessiond
> Error: Already running daemon.
> Segmentation fault (core dumped)
>
> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
> ---
>  src/bin/lttng-sessiond/main.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
> index 91dd047..5840165 100644
> --- a/src/bin/lttng-sessiond/main.c
> +++ b/src/bin/lttng-sessiond/main.c
> @@ -677,7 +677,9 @@ static void sessiond_cleanup(void)
>         }
>
>         DBG("Cleaning up all agent apps");
> -       agent_app_ht_clean();
> +       if (is_root) {
> +               agent_app_ht_clean();
> +       }
>
>
This will leak the hash table if the session daemon was launched as an
unprivileged user. However, the problem can also be reproduced by launching
two session daemons under the same unprivileged user.

The real issue here seems to be that the session daemon will enter the
"exit_init_data" code path before creating the hash table if it can't
acquire the lock file and that there are no NULL checks performed during
the sessiond_cleanup().

Thanks,
Jérémie


>         DBG("Closing all UST sockets");
>         ust_app_clean_list();
> --
> 1.9.1
>
>


-- 
Jérémie Galarneau
EfficiOS Inc.
http://www.efficios.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lttng.org/pipermail/lttng-dev/attachments/20150730/4ffda13d/attachment.html>


More information about the lttng-dev mailing list