projects
/
lttng-modules.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: kretprobe: null ptr deref on session destroy
[lttng-modules.git]
/
src
/
lttng-events.c
diff --git
a/src/lttng-events.c
b/src/lttng-events.c
index cb1eb5bf030ea233c15309e3c8baa21a04402c43..d819c9e20dac0e28719b61aeb6373da868cc5efc 100644
(file)
--- a/
src/lttng-events.c
+++ b/
src/lttng-events.c
@@
-949,6
+949,8
@@
struct lttng_event *_lttng_event_create(struct lttng_channel *chan,
event_return->enabled = 0;
event_return->registered = 1;
event_return->instrumentation = itype;
event_return->enabled = 0;
event_return->registered = 1;
event_return->instrumentation = itype;
+ INIT_LIST_HEAD(&event_return->filter_bytecode_runtime_head);
+ INIT_LIST_HEAD(&event_return->enablers_ref_head);
/*
* Populate lttng_event structure before kretprobe registration.
*/
/*
* Populate lttng_event structure before kretprobe registration.
*/
@@
-1485,6
+1487,8
@@
int _lttng_event_notifier_unregister(
static
void _lttng_event_destroy(struct lttng_event *event)
{
static
void _lttng_event_destroy(struct lttng_event *event)
{
+ struct lttng_enabler_ref *enabler_ref, *tmp_enabler_ref;
+
switch (event->instrumentation) {
case LTTNG_KERNEL_TRACEPOINT:
lttng_event_desc_put(event->desc);
switch (event->instrumentation) {
case LTTNG_KERNEL_TRACEPOINT:
lttng_event_desc_put(event->desc);
@@
-1510,6
+1514,11
@@
void _lttng_event_destroy(struct lttng_event *event)
}
list_del(&event->list);
lttng_destroy_context(event->ctx);
}
list_del(&event->list);
lttng_destroy_context(event->ctx);
+ lttng_free_event_filter_runtime(event);
+ /* Free event enabler refs */
+ list_for_each_entry_safe(enabler_ref, tmp_enabler_ref,
+ &event->enablers_ref_head, node)
+ kfree(enabler_ref);
kmem_cache_free(event_cache, event);
}
kmem_cache_free(event_cache, event);
}
@@
-1519,6
+1528,8
@@
void _lttng_event_destroy(struct lttng_event *event)
static
void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier)
{
static
void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier)
{
+ struct lttng_enabler_ref *enabler_ref, *tmp_enabler_ref;
+
switch (event_notifier->instrumentation) {
case LTTNG_KERNEL_TRACEPOINT:
lttng_event_desc_put(event_notifier->desc);
switch (event_notifier->instrumentation) {
case LTTNG_KERNEL_TRACEPOINT:
lttng_event_desc_put(event_notifier->desc);
@@
-1540,6
+1551,11
@@
void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier)
WARN_ON_ONCE(1);
}
list_del(&event_notifier->list);
WARN_ON_ONCE(1);
}
list_del(&event_notifier->list);
+ lttng_free_event_notifier_filter_runtime(event_notifier);
+ /* Free event enabler refs */
+ list_for_each_entry_safe(enabler_ref, tmp_enabler_ref,
+ &event_notifier->enablers_ref_head, node)
+ kfree(enabler_ref);
kmem_cache_free(event_notifier_cache, event_notifier);
}
kmem_cache_free(event_notifier_cache, event_notifier);
}
This page took
0.024356 seconds
and
4
git commands to generate.