Fix: RCU lock imbalance on error in cmd_snapshot_list_outputs()

[lttng-tools.git] / src / bin / lttng-sessiond / cmd.c
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c

index 3c59d092c2e9b0f2ca848277219091307b20c078..fed029443094a39fe395c15d549744f3e46fa6ec 100644 (file)
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -277,7 +277,10 @@ static void list_lttng_channels(enum lttng_domain_type domain,
                                 &iter.iter, uchan, node.node) {
                         uint64_t discarded_events = 0, lost_packets = 0;
  
-                       strncpy(channels[i].name, uchan->name, LTTNG_SYMBOL_NAME_LEN);
+                       if (lttng_strncpy(channels[i].name, uchan->name,
+                                       LTTNG_SYMBOL_NAME_LEN)) {
+                               break;
+                       }
                         channels[i].attr.overwrite = uchan->attr.overwrite;
                         channels[i].attr.subbuf_size = uchan->attr.subbuf_size;
                         channels[i].attr.num_subbuf = uchan->attr.num_subbuf;
@@ -1330,16 +1333,6 @@ int cmd_enable_channel(struct ltt_session *session,
                 attr->attr.switch_timer_interval = 0;
         }
  
-       /*
-        * The ringbuffer (both in user space and kernel) behave badly in overwrite
-        * mode and with less than 2 subbuf so block it right away and send back an
-        * invalid attribute error.
-        */
-       if (attr->attr.overwrite && attr->attr.num_subbuf < 2) {
-               ret = LTTNG_ERR_INVALID;
-               goto error;
-       }
-
         switch (domain->type) {
         case LTTNG_DOMAIN_KERNEL:
         {
@@ -2444,7 +2437,15 @@ int cmd_stop_trace(struct ltt_session *session)
         if (ksession && ksession->active) {
                 DBG("Stop kernel tracing");
  
-               /* Flush metadata if exist */
+               ret = kernel_stop_session(ksession);
+               if (ret < 0) {
+                       ret = LTTNG_ERR_KERN_STOP_FAIL;
+                       goto error;
+               }
+
+               kernel_wait_quiescent(kernel_tracer_fd);
+
+               /* Flush metadata after stopping (if exists) */
                 if (ksession->metadata_stream_fd >= 0) {
                         ret = kernel_metadata_flush_buffer(ksession->metadata_stream_fd);
                         if (ret < 0) {
@@ -2452,7 +2453,7 @@ int cmd_stop_trace(struct ltt_session *session)
                         }
                 }
  
-               /* Flush all buffers before stopping */
+               /* Flush all buffers after stopping */
                 cds_list_for_each_entry(kchan, &ksession->channel_list.head, list) {
                         ret = kernel_flush_buffer(kchan);
                         if (ret < 0) {
@@ -2460,14 +2461,6 @@ int cmd_stop_trace(struct ltt_session *session)
                         }
                 }
  
-               ret = kernel_stop_session(ksession);
-               if (ret < 0) {
-                       ret = LTTNG_ERR_KERN_STOP_FAIL;
-                       goto error;
-               }
-
-               kernel_wait_quiescent(kernel_tracer_fd);
-
                 ksession->active = 0;
         }
  
@@ -3359,14 +3352,14 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                 if (lttng_strncpy(list[idx].name, output->name,
                                 sizeof(list[idx].name))) {
                         ret = -LTTNG_ERR_INVALID;
-                       goto error;
+                       goto error_unlock;
                 }
                 if (output->consumer->type == CONSUMER_DST_LOCAL) {
                         if (lttng_strncpy(list[idx].ctrl_url,
                                         output->consumer->dst.trace_path,
                                         sizeof(list[idx].ctrl_url))) {
                                 ret = -LTTNG_ERR_INVALID;
-                               goto error;
+                               goto error_unlock;
                         }
                 } else {
                         /* Control URI. */
@@ -3374,7 +3367,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                                         list[idx].ctrl_url, sizeof(list[idx].ctrl_url));
                         if (ret < 0) {
                                 ret = -LTTNG_ERR_NOMEM;
-                               goto error;
+                               goto error_unlock;
                         }
  
                         /* Data URI. */
@@ -3382,7 +3375,7 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                                         list[idx].data_url, sizeof(list[idx].data_url));
                         if (ret < 0) {
                                 ret = -LTTNG_ERR_NOMEM;
-                               goto error;
+                               goto error_unlock;
                         }
                 }
                 idx++;
@@ -3391,9 +3384,10 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
         *outputs = list;
         list = NULL;
         ret = session->snapshot.nb_output;
+error_unlock:
+       rcu_read_unlock();
  error:
         free(list);
-       rcu_read_unlock();
         return ret;
  }