Overview

File Fix-lttng-sessiond-segfault-during-session-destruction.patch of Package lttng-tools.37065

From bedceab72b4809cab0cc7633a55214cc23dbcbe6 Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kstewart@efficios.com>
Date: Mon, 18 Nov 2024 09:22:35 -0500
Subject: [PATCH] Fix: lttng-sessiond segfault during session destruction

In `cmd.c:cmd_destroy_session()`, if rotate_size is set for the
session, the condition is unsubscribed.

During unsubscription, the session's stored value is never nulled
out. It could happen that later, after the session is unlocked, the
rotate thread may try to do another round of unsubscribe/subscribe,
causing a double free of the condition.

Change-Id: I183a32224d25345a2088959e6d5c4e41a82d6801
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/rotate.c b/src/bin/lttng-sessiond/rotate.c
index e2a3ef9..604157b 100644
--- a/src/bin/lttng-sessiond/rotate.c
+++ b/src/bin/lttng-sessiond/rotate.c
@@ -124,6 +124,7 @@
 		ret = -1;
 		goto end;
 	}
+	session->rotate_condition = NULL;
 
 	ret = notification_thread_command_unregister_trigger(
 			notification_thread_handle, session->rotate_trigger);
@@ -131,6 +132,7 @@
 		ERR("Session unregister trigger error: %d", ret);
 		goto end;
 	}
+	session->rotate_trigger = NULL;
 
 	ret = 0;
 end:
openSUSE Build Service is sponsored by
Places