Fix: event notifier: racy use of last subbuffer record

The lttng-modules event notifiers use the ring buffer internally. When
reading the payload of the last event in a sub-buffer with a multi-part
read (e.g. two read system calls), we should not "put" the sub-buffer
holding this data, else continuing reading the data in the following
read system call can observe corrupted data if it has been concurrently
overwritten by the producer.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Idb051e50ee8a25958cfd63a9b143f4943ca2e01a

diff --git a/src/lttng-abi.c b/src/lttng-abi.c
index f8004e9b708a6a840b162a6fb6f99e70706aa444..9b1cceac0d99ce7bd2adc91356fc7fd64ec504bc 100644 (file)
--- a/src/lttng-abi.c
+++ b/src/lttng-abi.c
@@ -1016,7 +1016,7 @@ ssize_t lttng_event_notifier_group_notif_read(struct file *filp, char __user *us
 
        /* Finish copy of previous record */
        if (*ppos != 0) {
-               if (read_count < count) {
+               if (count != 0) {
                        len = chan->iter.len_left;
                        read_offset = *ppos;
                        goto skip_get_next;
@@ -1096,7 +1096,8 @@ nodata:
        chan->iter.len_left = 0;
 
 put_record:
-       lib_ring_buffer_put_current_record(buf);
+       if (*ppos == 0)
+               lib_ring_buffer_put_current_record(buf);
        return read_count;
 }