From 62a0c2d4933fd52b78c896cf40a935e42ea94360 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?=
 <jeremie.galarneau@efficios.com>
Date: Thu, 25 Aug 2016 16:20:47 -0400
Subject: [PATCH] Fix: RCU lock imbalance on error in
 cmd_snapshot_list_outputs()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The error path of cmd_snapshot_list_outputs() unlocks the
rcu_read_lock. However, this path can be taken without having
ever locked before.

Fixes #1044

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---
 src/bin/lttng-sessiond/cmd.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index a57afe2c3..86c3c765c 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -3352,14 +3352,14 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 		if (lttng_strncpy(list[idx].name, output->name,
 				sizeof(list[idx].name))) {
 			ret = -LTTNG_ERR_INVALID;
-			goto error;
+			goto error_unlock;
 		}
 		if (output->consumer->type == CONSUMER_DST_LOCAL) {
 			if (lttng_strncpy(list[idx].ctrl_url,
 					output->consumer->dst.trace_path,
 					sizeof(list[idx].ctrl_url))) {
 				ret = -LTTNG_ERR_INVALID;
-				goto error;
+				goto error_unlock;
 			}
 		} else {
 			/* Control URI. */
@@ -3367,7 +3367,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 					list[idx].ctrl_url, sizeof(list[idx].ctrl_url));
 			if (ret < 0) {
 				ret = -LTTNG_ERR_NOMEM;
-				goto error;
+				goto error_unlock;
 			}
 
 			/* Data URI. */
@@ -3375,7 +3375,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 					list[idx].data_url, sizeof(list[idx].data_url));
 			if (ret < 0) {
 				ret = -LTTNG_ERR_NOMEM;
-				goto error;
+				goto error_unlock;
 			}
 		}
 		idx++;
@@ -3384,9 +3384,10 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 	*outputs = list;
 	list = NULL;
 	ret = session->snapshot.nb_output;
+error_unlock:
+	rcu_read_unlock();
 error:
 	free(list);
-	rcu_read_unlock();
 	return ret;
 }
 
-- 
2.34.1