Fix: relayd: use of relay_session ref count before initialization

The relay_session's reference count is used before it is initialized
on multiple code paths of session_create(). The initialization of the
reference count, mutexes, and intrusive data structure nodes are
initialized earlier to make their use safe in the event of an error.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I1be53ad88a3e783b85b4c568527df1a75ce58d3a

diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c
index daae9a55ba1d5308427a101f16e2416e9f4d46bb..f40f70965c97d6a1ceffdf85a066a7a282dd1d1c 100644 (file)
--- a/src/bin/lttng-relayd/session.c
+++ b/src/bin/lttng-relayd/session.c
@@ -316,6 +316,17 @@ struct relay_session *session_create(const char *session_name,
                PERROR("Failed to allocate session");
                goto error;
        }
+
+       pthread_mutex_lock(&last_relay_session_id_lock);
+       session->id = ++last_relay_session_id;
+       pthread_mutex_unlock(&last_relay_session_id_lock);
+
+       lttng_ht_node_init_u64(&session->session_n, session->id);
+       urcu_ref_init(&session->ref);
+       CDS_INIT_LIST_HEAD(&session->recv_list);
+       pthread_mutex_init(&session->lock, NULL);
+       pthread_mutex_init(&session->recv_list_lock, NULL);
+
        if (lttng_strncpy(session->session_name, session_name,
                        sizeof(session->session_name))) {
                WARN("Session name exceeds maximal allowed length");
@@ -342,17 +353,8 @@ struct relay_session *session_create(const char *session_name,
                goto error;
        }
 
-       pthread_mutex_lock(&last_relay_session_id_lock);
-       session->id = ++last_relay_session_id;
-       pthread_mutex_unlock(&last_relay_session_id_lock);
-
        session->major = major;
        session->minor = minor;
-       lttng_ht_node_init_u64(&session->session_n, session->id);
-       urcu_ref_init(&session->ref);
-       CDS_INIT_LIST_HEAD(&session->recv_list);
-       pthread_mutex_init(&session->lock, NULL);
-       pthread_mutex_init(&session->recv_list_lock, NULL);
 
        session->live_timer = live_timer;
        session->snapshot = snapshot;