The OOPS at bug #622 is likely caused by a missing reference on the
lttng channel structure, which could lead to accessing the object after
it has been destroyed if the lttng channel file descriptor is closed
while the metadata stream fd is still in use.
Fixes #622
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: Julien Desfossez <jdesfossez@efficios.com>
{
struct lttng_metadata_stream *stream = file->private_data;
struct lib_ring_buffer *buf = stream->priv;
{
struct lttng_metadata_stream *stream = file->private_data;
struct lib_ring_buffer *buf = stream->priv;
+ struct channel *chan = buf->backend.chan;
+ struct lttng_channel *lttng_chan = channel_get_private(chan);
kref_put(&stream->metadata_cache->refcount, metadata_cache_destroy);
kref_put(&stream->metadata_cache->refcount, metadata_cache_destroy);
+ fput(lttng_chan->file);
return lib_ring_buffer_release(inode, file, buf);
}
return lib_ring_buffer_release(inode, file, buf);
}
if (ret < 0)
goto fd_error;
if (ret < 0)
goto fd_error;
+ atomic_long_inc(&channel_file->f_count);
kref_get(&session->metadata_cache->refcount);
list_add(&metadata_stream->list,
&session->metadata_cache->metadata_stream);
kref_get(&session->metadata_cache->refcount);
list_add(&metadata_stream->list,
&session->metadata_cache->metadata_stream);