From e8474d9dd2d43b1e81998cd286e50ecd1a207920 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 4 Apr 2022 15:42:00 -0400 Subject: [PATCH] Fix: event notifier: racy use of last subbuffer record The lttng-modules event notifiers use the ring buffer internally. When reading the payload of the last event in a sub-buffer with a multi-part read (e.g. two read system calls), we should not "put" the sub-buffer holding this data, else continuing reading the data in the following read system call can observe corrupted data if it has been concurrently overwritten by the producer. Signed-off-by: Mathieu Desnoyers Change-Id: Idb051e50ee8a25958cfd63a9b143f4943ca2e01a --- src/lttng-abi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lttng-abi.c b/src/lttng-abi.c index f8004e9b..9b1cceac 100644 --- a/src/lttng-abi.c +++ b/src/lttng-abi.c @@ -1016,7 +1016,7 @@ ssize_t lttng_event_notifier_group_notif_read(struct file *filp, char __user *us /* Finish copy of previous record */ if (*ppos != 0) { - if (read_count < count) { + if (count != 0) { len = chan->iter.len_left; read_offset = *ppos; goto skip_get_next; @@ -1096,7 +1096,8 @@ nodata: chan->iter.len_left = 0; put_record: - lib_ring_buffer_put_current_record(buf); + if (*ppos == 0) + lib_ring_buffer_put_current_record(buf); return read_count; } -- 2.34.1