From b8363d6a0a8e507bd52318305e6a8b4f116792bc Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 13 Jul 2020 14:59:33 -0400
Subject: [PATCH] Fix: Lock metadata cache on session destroy

commit 92143b2c5656 ("Fix: metadata stream leak, missing list removal and locking")
missed taking a lock protecting the metadata stream list iteration on
session destroy. This opens a race window between iteration and item
removal/free which triggers kernel OOPS.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 lttng-events.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lttng-events.c b/lttng-events.c
index f5948f07..bb72156a 100644
--- a/lttng-events.c
+++ b/lttng-events.c
@@ -199,8 +199,10 @@ void lttng_session_destroy(struct lttng_session *session)
 		BUG_ON(chan->channel_type == METADATA_CHANNEL);
 		_lttng_channel_destroy(chan);
 	}
+	mutex_lock(&session->metadata_cache->lock);
 	list_for_each_entry(metadata_stream, &session->metadata_cache->metadata_stream, list)
 		_lttng_metadata_channel_hangup(metadata_stream);
+	mutex_unlock(&session->metadata_cache->lock);
 	if (session->pid_tracker)
 		lttng_pid_tracker_destroy(session->pid_tracker);
 	kref_put(&session->metadata_cache->refcount, metadata_cache_destroy);
-- 
2.34.1