From 19efdf659e29ec34a27c304ccbf7ad6ff8e26337 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 17 Feb 2020 20:05:22 -0500 Subject: [PATCH] Fix: relayd: use of relay_session ref count before initialization MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The relay_session's reference count is used before it is initialized on multiple code paths of session_create(). The initialization of the reference count, mutexes, and intrusive data structure nodes are initialized earlier to make their use safe in the event of an error. Signed-off-by: Jérémie Galarneau Change-Id: I1be53ad88a3e783b85b4c568527df1a75ce58d3a --- src/bin/lttng-relayd/session.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index daae9a55b..f40f70965 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -316,6 +316,17 @@ struct relay_session *session_create(const char *session_name, PERROR("Failed to allocate session"); goto error; } + + pthread_mutex_lock(&last_relay_session_id_lock); + session->id = ++last_relay_session_id; + pthread_mutex_unlock(&last_relay_session_id_lock); + + lttng_ht_node_init_u64(&session->session_n, session->id); + urcu_ref_init(&session->ref); + CDS_INIT_LIST_HEAD(&session->recv_list); + pthread_mutex_init(&session->lock, NULL); + pthread_mutex_init(&session->recv_list_lock, NULL); + if (lttng_strncpy(session->session_name, session_name, sizeof(session->session_name))) { WARN("Session name exceeds maximal allowed length"); @@ -342,17 +353,8 @@ struct relay_session *session_create(const char *session_name, goto error; } - pthread_mutex_lock(&last_relay_session_id_lock); - session->id = ++last_relay_session_id; - pthread_mutex_unlock(&last_relay_session_id_lock); - session->major = major; session->minor = minor; - lttng_ht_node_init_u64(&session->session_n, session->id); - urcu_ref_init(&session->ref); - CDS_INIT_LIST_HEAD(&session->recv_list); - pthread_mutex_init(&session->lock, NULL); - pthread_mutex_init(&session->recv_list_lock, NULL); session->live_timer = live_timer; session->snapshot = snapshot; -- 2.34.1