From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 4 Apr 2022 19:42:00 +0000 (-0400)
Subject: Fix: event notifier: racy use of last subbuffer record
X-Git-Url: http://git.liburcu.org/?p=lttng-modules.git;a=commitdiff_plain;h=08c43e0d7b186318e4d87994d8e284e339f805a2

Fix: event notifier: racy use of last subbuffer record

The lttng-modules event notifiers use the ring buffer internally. When
reading the payload of the last event in a sub-buffer with a multi-part
read (e.g. two read system calls), we should not "put" the sub-buffer
holding this data, else continuing reading the data in the following
read system call can observe corrupted data if it has been concurrently
overwritten by the producer.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Idb051e50ee8a25958cfd63a9b143f4943ca2e01a
---

diff --git a/src/lttng-abi.c b/src/lttng-abi.c
index c3e67690..59fea626 100644
--- a/src/lttng-abi.c
+++ b/src/lttng-abi.c
@@ -1016,7 +1016,7 @@ ssize_t lttng_event_notifier_group_notif_read(struct file *filp, char __user *us
 
 	/* Finish copy of previous record */
 	if (*ppos != 0) {
-		if (read_count < count) {
+		if (count != 0) {
 			len = chan->iter.len_left;
 			read_offset = *ppos;
 			goto skip_get_next;
@@ -1096,7 +1096,8 @@ nodata:
 	chan->iter.len_left = 0;
 
 put_record:
-	lib_ring_buffer_put_current_record(buf);
+	if (*ppos == 0)
+		lib_ring_buffer_put_current_record(buf);
 	return read_count;
 }