From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 25 Jun 2015 13:10:52 +0000 (-0400)
Subject: Fix: use after free on metadata cache reallocation
X-Git-Tag: v2.6.3~12
X-Git-Url: http://git.liburcu.org/?a=commitdiff_plain;ds=sidebyside;h=9a0aa3b1fd7f693fc14b29cce9eb07cd275b0347;hp=9a0aa3b1fd7f693fc14b29cce9eb07cd275b0347;p=lttng-modules.git

Fix: use after free on metadata cache reallocation

When the metadata cache is expanded (reallocated) by
lttng_metadata_printf(), the metadata cache reader
(lttng_metadata_output_channel()) may use freed memory, because the
metadata cache is not protected from concurrent read accesses. The
metadata cache updates are protected from each other by the sessions
mutex, but metadata cache reads do not hold the sessions mutex.
Actually, the comment on top of lttng_metadata_output_channel() stating
"We have exclusive access to our metadata buffer (protected by the
sessions_mutex)" is simply wrong, because this mutex is never held when
calling lttng_metadata_output_channel().

Promote the per-stream lock to the metadata cache used by each of those
metadata streams, thus ensuring mutual exclusion between metadata cache
reallocation and readers.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---