[lttng-dev] [PATCH lttng-tools stable-2.12] Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error

Mathieu Desnoyers mathieu.desnoyers at efficios.com
Thu May 27 17:11:22 EDT 2021 

The error label jumps to the end label which releases the RCU read-side
lock. There are many error paths in this function which goto error
without holding the RCU read-side lock, thus causing unbalanced RCU
read-side lock.

There is no point in keeping so short RCU read-side critical sections,
so cover the entire function with a single read-side critical section.

[ Applies to stable-2.12 and possibly prior versions. Does _not_ apply
  to stable-2.13+. ]

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Change-Id: I5b20c229a5df22d22ecfdc64dbbb87ee118649d2
---
 src/bin/lttng-sessiond/cmd.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index b608df1e1..eb5da1b76 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -510,7 +510,6 @@ static int list_lttng_agent_events(struct agent *agt,
 
 	rcu_read_lock();
 	nb_event = lttng_ht_get_count(agt->events);
-	rcu_read_unlock();
 	if (nb_event == 0) {
 		ret = nb_event;
 		*total_size = 0;
@@ -524,7 +523,6 @@ static int list_lttng_agent_events(struct agent *agt,
 	 * This is only valid because the commands which add events are
 	 * processed in the same thread as the listing.
 	 */
-	rcu_read_lock();
 	cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) {
 		ret = increment_extended_len(event->filter_expression, NULL, NULL,
 				&extended_len);
@@ -534,7 +532,6 @@ static int list_lttng_agent_events(struct agent *agt,
 			goto error;
 		}
 	}
-	rcu_read_unlock();
 
 	*total_size = nb_event * sizeof(*tmp_events) + extended_len;
 	tmp_events = zmalloc(*total_size);
@@ -547,7 +544,6 @@ static int list_lttng_agent_events(struct agent *agt,
 	extended_at = ((uint8_t *) tmp_events) +
 		nb_event * sizeof(struct lttng_event);
 
-	rcu_read_lock();
 	cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) {
 		strncpy(tmp_events[i].name, event->name, sizeof(tmp_events[i].name));
 		tmp_events[i].name[sizeof(tmp_events[i].name) - 1] = '\0';
-- 
2.17.1

More information about the lttng-dev mailing list