From ab036a634622df4e3657f3936ba688e2c0d12c50 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 13 Jul 2020 14:59:33 -0400
Subject: [PATCH] Fix: Lock metadata cache on session destroy

commit 92143b2c5656 ("Fix: metadata stream leak, missing list removal and locking")
missed taking a lock protecting the metadata stream list iteration on
session destroy. This opens a race window between iteration and item
removal/free which triggers kernel OOPS.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 src/lttng-events.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lttng-events.c b/src/lttng-events.c
index 11b0ed53..62f8e054 100644
--- a/src/lttng-events.c
+++ b/src/lttng-events.c
@@ -214,8 +214,10 @@ void lttng_session_destroy(struct lttng_session *session)
 		BUG_ON(chan->channel_type == METADATA_CHANNEL);
 		_lttng_channel_destroy(chan);
 	}
+	mutex_lock(&session->metadata_cache->lock);
 	list_for_each_entry(metadata_stream, &session->metadata_cache->metadata_stream, list)
 		_lttng_metadata_channel_hangup(metadata_stream);
+	mutex_unlock(&session->metadata_cache->lock);
 	lttng_id_tracker_destroy(&session->pid_tracker, false);
 	lttng_id_tracker_destroy(&session->vpid_tracker, false);
 	lttng_id_tracker_destroy(&session->uid_tracker, false);
-- 
2.34.1