Fix: scope ownership of a stream for ust-consumer
authorJonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Thu, 28 Sep 2017 20:37:21 +0000 (16:37 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Sun, 3 Dec 2017 14:44:04 +0000 (09:44 -0500)
commita8086cf4bc77068ee760919d980cae92f5f70bb2
treeef301864a4530844919c17ef4d2b297f31029fdf
parentddaec4a2b9b7c8be74166525bdcdff115c80d7c4
Fix: scope ownership of a stream for ust-consumer

A failure on lttng_pipe_write() during send_stream_to_thread() leads to
a null-pointer dereference of the stream handle during
consumer_del_channel(). The chain of events leading to the problem
is:

 - Failure during lttng_pipe_write() inside send_stream_to_thread().

 - Call to consumer_stream_destroy() via consumer_del_stream_for_data()
   or consumer_del_stream_for_metadata().

 - The stream is monitor and globally visible at this point leading to
   performing a call to destroy_close_stream() which performs the first
   cleanup of the stream.

   Note: At this point the stream is still in the channel local stream
         list (stream.send_node).

 - The call to unref_channel() returns a reference to a channel for which
   a cleanup call must be done.

 - The cleanup call for the channel is performed using
   consumer_del_channel().

 - At this point the stream is still in the channel's local stream list.
   This results in a second call to consumer_stream_destroy() via
   clean_channel_stream_list(). Which, itself, results in accesses to
   freed memory.

The fix consists in:

 - Using cds_list_del() inside send_stream_to_thread() after public
   exposition of the stream to ensure that the stream ownership/visibility
   is clear. A stream cannot be globally visible and local
   (stream.send_node) to a channel at the same time.
 - Modifying error paths to acknowledge the ownership transfer to
   send_stream_to_thread().

Reported-by: Liguang Li <liguang.li@windriver.com>
Signed-off-by: Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/common/ust-consumer/ust-consumer.c
This page took 0.035836 seconds and 4 git commands to generate.