Fix: kretprobe: null ptr deref on session destroy

[lttng-modules.git] / src / lttng-events.c

diff --git a/src/lttng-events.c b/src/lttng-events.c
index bcb817e55cf721490c4e6f4656b8f7626e9a9ebb..d819c9e20dac0e28719b61aeb6373da868cc5efc 100644 (file)
--- a/src/lttng-events.c
+++ b/src/lttng-events.c
@@ -90,21 +90,21 @@ int _lttng_field_statedump(struct lttng_session *session,
 
 void synchronize_trace(void)
 {
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,1,0))
+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,1,0))
        synchronize_rcu();
 #else
        synchronize_sched();
 #endif
 
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,0))
+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,4,0))
 #ifdef CONFIG_PREEMPT_RT_FULL
        synchronize_rcu();
 #endif
-#else /* (LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,0)) */
+#else /* (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,4,0)) */
 #ifdef CONFIG_PREEMPT_RT
        synchronize_rcu();
 #endif
-#endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,0)) */
+#endif /* (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,4,0)) */
 }
 
 void lttng_lock_sessions(void)
@@ -949,6 +949,8 @@ struct lttng_event *_lttng_event_create(struct lttng_channel *chan,
                event_return->enabled = 0;
                event_return->registered = 1;
                event_return->instrumentation = itype;
+               INIT_LIST_HEAD(&event_return->filter_bytecode_runtime_head);
+               INIT_LIST_HEAD(&event_return->enablers_ref_head);
                /*
                 * Populate lttng_event structure before kretprobe registration.
                 */
@@ -1485,6 +1487,8 @@ int _lttng_event_notifier_unregister(
 static
 void _lttng_event_destroy(struct lttng_event *event)
 {
+       struct lttng_enabler_ref *enabler_ref, *tmp_enabler_ref;
+
        switch (event->instrumentation) {
        case LTTNG_KERNEL_TRACEPOINT:
                lttng_event_desc_put(event->desc);
@@ -1510,6 +1514,11 @@ void _lttng_event_destroy(struct lttng_event *event)
        }
        list_del(&event->list);
        lttng_destroy_context(event->ctx);
+       lttng_free_event_filter_runtime(event);
+       /* Free event enabler refs */
+       list_for_each_entry_safe(enabler_ref, tmp_enabler_ref,
+                                &event->enablers_ref_head, node)
+               kfree(enabler_ref);
        kmem_cache_free(event_cache, event);
 }
 
@@ -1519,6 +1528,8 @@ void _lttng_event_destroy(struct lttng_event *event)
 static
 void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier)
 {
+       struct lttng_enabler_ref *enabler_ref, *tmp_enabler_ref;
+
        switch (event_notifier->instrumentation) {
        case LTTNG_KERNEL_TRACEPOINT:
                lttng_event_desc_put(event_notifier->desc);
@@ -1540,6 +1551,11 @@ void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier)
                WARN_ON_ONCE(1);
        }
        list_del(&event_notifier->list);
+       lttng_free_event_notifier_filter_runtime(event_notifier);
+       /* Free event enabler refs */
+       list_for_each_entry_safe(enabler_ref, tmp_enabler_ref,
+                                &event_notifier->enablers_ref_head, node)
+               kfree(enabler_ref);
        kmem_cache_free(event_notifier_cache, event_notifier);
 }
 
@@ -4029,7 +4045,7 @@ void lttng_counter_transport_unregister(struct lttng_counter_transport *transpor
 }
 EXPORT_SYMBOL_GPL(lttng_counter_transport_unregister);
 
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0))
+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0))
 
 enum cpuhp_state lttng_hp_prepare;
 enum cpuhp_state lttng_hp_online;
@@ -4145,7 +4161,7 @@ static void __exit lttng_exit_cpu_hotplug(void)
        cpuhp_remove_multi_state(lttng_hp_prepare);
 }
 
-#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)) */
+#else /* #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0)) */
 static int lttng_init_cpu_hotplug(void)
 {
        return 0;
@@ -4153,7 +4169,7 @@ static int lttng_init_cpu_hotplug(void)
 static void lttng_exit_cpu_hotplug(void)
 {
 }
-#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)) */
+#endif /* #else #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0)) */
 
 
 static int __init lttng_events_init(void)