From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 13 Jul 2020 18:59:33 +0000 (-0400)
Subject: Fix: Lock metadata cache on session destroy
X-Git-Tag: v2.11.5~2
X-Git-Url: https://git.lttng.org/?p=lttng-modules.git;a=commitdiff_plain;h=b8363d6a0a8e507bd52318305e6a8b4f116792bc

Fix: Lock metadata cache on session destroy

commit 92143b2c5656 ("Fix: metadata stream leak, missing list removal and locking")
missed taking a lock protecting the metadata stream list iteration on
session destroy. This opens a race window between iteration and item
removal/free which triggers kernel OOPS.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---

diff --git a/lttng-events.c b/lttng-events.c
index f5948f07..bb72156a 100644
--- a/lttng-events.c
+++ b/lttng-events.c
@@ -199,8 +199,10 @@ void lttng_session_destroy(struct lttng_session *session)
 		BUG_ON(chan->channel_type == METADATA_CHANNEL);
 		_lttng_channel_destroy(chan);
 	}
+	mutex_lock(&session->metadata_cache->lock);
 	list_for_each_entry(metadata_stream, &session->metadata_cache->metadata_stream, list)
 		_lttng_metadata_channel_hangup(metadata_stream);
+	mutex_unlock(&session->metadata_cache->lock);
 	if (session->pid_tracker)
 		lttng_pid_tracker_destroy(session->pid_tracker);
 	kref_put(&session->metadata_cache->refcount, metadata_cache_destroy);