From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 27 May 2021 21:11:22 +0000 (-0400)
Subject: Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error
X-Git-Tag: v2.11.8~15
X-Git-Url: http://git.liburcu.org/?p=lttng-tools.git;a=commitdiff_plain;h=a10984f577a5b43d15bd176d5e35bab58c3049d3

Fix: list_lttng_agent_events: unbalanced RCU read-side lock on error

The error label jumps to the end label which releases the RCU read-side
lock. There are many error paths in this function which goto error
without holding the RCU read-side lock, thus causing unbalanced RCU
read-side lock.

There is no point in keeping so short RCU read-side critical sections,
so cover the entire function with a single read-side critical section.

[ Applies to stable-2.12 and possibly prior versions. Does _not_ apply
  to stable-2.13+. ]

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I5b20c229a5df22d22ecfdc64dbbb87ee118649d2
---

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index 31eb2b430..a635c6511 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -517,7 +517,6 @@ static int list_lttng_agent_events(struct agent *agt,
 
 	rcu_read_lock();
 	nb_event = lttng_ht_get_count(agt->events);
-	rcu_read_unlock();
 	if (nb_event == 0) {
 		ret = nb_event;
 		*total_size = 0;
@@ -531,7 +530,6 @@ static int list_lttng_agent_events(struct agent *agt,
 	 * This is only valid because the commands which add events are
 	 * processed in the same thread as the listing.
 	 */
-	rcu_read_lock();
 	cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) {
 		ret = increment_extended_len(event->filter_expression, NULL, NULL,
 				&extended_len);
@@ -541,7 +539,6 @@ static int list_lttng_agent_events(struct agent *agt,
 			goto error;
 		}
 	}
-	rcu_read_unlock();
 
 	*total_size = nb_event * sizeof(*tmp_events) + extended_len;
 	tmp_events = zmalloc(*total_size);
@@ -554,7 +551,6 @@ static int list_lttng_agent_events(struct agent *agt,
 	extended_at = ((uint8_t *) tmp_events) +
 		nb_event * sizeof(struct lttng_event);
 
-	rcu_read_lock();
 	cds_lfht_for_each_entry(agt->events->ht, &iter.iter, event, node.node) {
 		strncpy(tmp_events[i].name, event->name, sizeof(tmp_events[i].name));
 		tmp_events[i].name[sizeof(tmp_events[i].name) - 1] = '\0';