From: Jérémie Galarneau Date: Tue, 18 Feb 2020 01:05:22 +0000 (-0500) Subject: Fix: relayd: use of relay_session ref count before initialization X-Git-Tag: v2.13.0-rc1~750 X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=19efdf659e29ec34a27c304ccbf7ad6ff8e26337 Fix: relayd: use of relay_session ref count before initialization The relay_session's reference count is used before it is initialized on multiple code paths of session_create(). The initialization of the reference count, mutexes, and intrusive data structure nodes are initialized earlier to make their use safe in the event of an error. Signed-off-by: Jérémie Galarneau Change-Id: I1be53ad88a3e783b85b4c568527df1a75ce58d3a --- diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index daae9a55b..f40f70965 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -316,6 +316,17 @@ struct relay_session *session_create(const char *session_name, PERROR("Failed to allocate session"); goto error; } + + pthread_mutex_lock(&last_relay_session_id_lock); + session->id = ++last_relay_session_id; + pthread_mutex_unlock(&last_relay_session_id_lock); + + lttng_ht_node_init_u64(&session->session_n, session->id); + urcu_ref_init(&session->ref); + CDS_INIT_LIST_HEAD(&session->recv_list); + pthread_mutex_init(&session->lock, NULL); + pthread_mutex_init(&session->recv_list_lock, NULL); + if (lttng_strncpy(session->session_name, session_name, sizeof(session->session_name))) { WARN("Session name exceeds maximal allowed length"); @@ -342,17 +353,8 @@ struct relay_session *session_create(const char *session_name, goto error; } - pthread_mutex_lock(&last_relay_session_id_lock); - session->id = ++last_relay_session_id; - pthread_mutex_unlock(&last_relay_session_id_lock); - session->major = major; session->minor = minor; - lttng_ht_node_init_u64(&session->session_n, session->id); - urcu_ref_init(&session->ref); - CDS_INIT_LIST_HEAD(&session->recv_list); - pthread_mutex_init(&session->lock, NULL); - pthread_mutex_init(&session->recv_list_lock, NULL); session->live_timer = live_timer; session->snapshot = snapshot;