* [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root
@ 2015-07-30 15:12 Julien Desfossez
2015-07-30 16:02 ` Jérémie Galarneau
0 siblings, 1 reply; 4+ messages in thread
From: Julien Desfossez @ 2015-07-30 15:12 UTC (permalink / raw)
Commit 6a4e403927ffef4cae8726064dcf53c463eb128c introduced a bug where
we could end up iterating over the agent_apps_ht_by_sock regardless if
it was allocated or not (only when the sessiond is launched as root).
Steps to reproduce:
$ sudo lttng-sessiond -d
$ lttng-sessiond
Error: Already running daemon.
Segmentation fault (core dumped)
Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
---
src/bin/lttng-sessiond/main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
index 91dd047..5840165 100644
--- a/src/bin/lttng-sessiond/main.c
+++ b/src/bin/lttng-sessiond/main.c
@@ -677,7 +677,9 @@ static void sessiond_cleanup(void)
}
DBG("Cleaning up all agent apps");
- agent_app_ht_clean();
+ if (is_root) {
+ agent_app_ht_clean();
+ }
DBG("Closing all UST sockets");
ust_app_clean_list();
--
1.9.1
^ permalink raw reply [flat|nested] 4+ messages in thread* [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root
2015-07-30 15:12 [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root Julien Desfossez
@ 2015-07-30 16:02 ` Jérémie Galarneau
2015-07-30 16:53 ` Jérémie Galarneau
0 siblings, 1 reply; 4+ messages in thread
From: Jérémie Galarneau @ 2015-07-30 16:02 UTC (permalink / raw)
On Thu, Jul 30, 2015 at 11:12 AM, Julien Desfossez <jdesfossez at efficios.com>
wrote:
> Commit 6a4e403927ffef4cae8726064dcf53c463eb128c introduced a bug where
> we could end up iterating over the agent_apps_ht_by_sock regardless if
> it was allocated or not (only when the sessiond is launched as root).
>
> Steps to reproduce:
> $ sudo lttng-sessiond -d
> $ lttng-sessiond
> Error: Already running daemon.
> Segmentation fault (core dumped)
>
> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
> ---
> src/bin/lttng-sessiond/main.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
> index 91dd047..5840165 100644
> --- a/src/bin/lttng-sessiond/main.c
> +++ b/src/bin/lttng-sessiond/main.c
> @@ -677,7 +677,9 @@ static void sessiond_cleanup(void)
> }
>
> DBG("Cleaning up all agent apps");
> - agent_app_ht_clean();
> + if (is_root) {
> + agent_app_ht_clean();
> + }
>
>
This will leak the hash table if the session daemon was launched as an
unprivileged user. However, the problem can also be reproduced by launching
two session daemons under the same unprivileged user.
The real issue here seems to be that the session daemon will enter the
"exit_init_data" code path before creating the hash table if it can't
acquire the lock file and that there are no NULL checks performed during
the sessiond_cleanup().
Thanks,
J?r?mie
> DBG("Closing all UST sockets");
> ust_app_clean_list();
> --
> 1.9.1
>
>
--
J?r?mie Galarneau
EfficiOS Inc.
http://www.efficios.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lttng.org/pipermail/lttng-dev/attachments/20150730/4ffda13d/attachment.html>
^ permalink raw reply [flat|nested] 4+ messages in thread* [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root
2015-07-30 16:02 ` Jérémie Galarneau
@ 2015-07-30 16:53 ` Jérémie Galarneau
2015-07-30 17:40 ` Julien Desfossez
0 siblings, 1 reply; 4+ messages in thread
From: Jérémie Galarneau @ 2015-07-30 16:53 UTC (permalink / raw)
Here is my proposed fix. Can you test it on your end?
https://github.com/jgalar/lttng-tools/commits/sessiond-agent-crash
commit 5e249e09a2bd68f96e546bf83b4710596518f675
Author: J?r?mie Galarneau <jeremie.galarneau at efficios.com>
Date: Thu Jul 30 12:48:52 2015 -0400
Clean-up: Move agent_apps_ht_by_sock definition to main.c
Signed-off-by: J?r?mie Galarneau <jeremie.galarneau at efficios.com>
commit 1af8b99faa625033f9e0c2a6eaa9b3006cfadadd
Author: J?r?mie Galarneau <jeremie.galarneau at efficios.com>
Date: Thu Jul 30 12:46:56 2015 -0400
Fix: Initialize global agent_apps_ht_by_sock on session daemon launch
Signed-off-by: J?r?mie Galarneau <jeremie.galarneau at efficios.com>
J?r?mie
On Thu, Jul 30, 2015 at 12:02 PM, J?r?mie Galarneau <
jeremie.galarneau at efficios.com> wrote:
>
>
> On Thu, Jul 30, 2015 at 11:12 AM, Julien Desfossez <
> jdesfossez at efficios.com> wrote:
>
>> Commit 6a4e403927ffef4cae8726064dcf53c463eb128c introduced a bug where
>> we could end up iterating over the agent_apps_ht_by_sock regardless if
>> it was allocated or not (only when the sessiond is launched as root).
>>
>> Steps to reproduce:
>> $ sudo lttng-sessiond -d
>> $ lttng-sessiond
>> Error: Already running daemon.
>> Segmentation fault (core dumped)
>>
>> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
>> ---
>> src/bin/lttng-sessiond/main.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
>> index 91dd047..5840165 100644
>> --- a/src/bin/lttng-sessiond/main.c
>> +++ b/src/bin/lttng-sessiond/main.c
>> @@ -677,7 +677,9 @@ static void sessiond_cleanup(void)
>> }
>>
>> DBG("Cleaning up all agent apps");
>> - agent_app_ht_clean();
>> + if (is_root) {
>> + agent_app_ht_clean();
>> + }
>>
>>
> This will leak the hash table if the session daemon was launched as an
> unprivileged user. However, the problem can also be reproduced by launching
> two session daemons under the same unprivileged user.
>
> The real issue here seems to be that the session daemon will enter the
> "exit_init_data" code path before creating the hash table if it can't
> acquire the lock file and that there are no NULL checks performed during
> the sessiond_cleanup().
>
> Thanks,
> J?r?mie
>
>
>> DBG("Closing all UST sockets");
>> ust_app_clean_list();
>> --
>> 1.9.1
>>
>>
>
>
> --
> J?r?mie Galarneau
> EfficiOS Inc.
> http://www.efficios.com
>
--
J?r?mie Galarneau
EfficiOS Inc.
http://www.efficios.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lttng.org/pipermail/lttng-dev/attachments/20150730/ce861cf7/attachment.html>
^ permalink raw reply [flat|nested] 4+ messages in thread* [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root
2015-07-30 16:53 ` Jérémie Galarneau
@ 2015-07-30 17:40 ` Julien Desfossez
0 siblings, 0 replies; 4+ messages in thread
From: Julien Desfossez @ 2015-07-30 17:40 UTC (permalink / raw)
I confirm it fixes the problem I was seeing.
Thanks,
Julien
On 15-07-30 12:53 PM, J?r?mie Galarneau wrote:
> Here is my proposed fix. Can you test it on your end?
>
> https://github.com/jgalar/lttng-tools/commits/sessiond-agent-crash
>
> commit 5e249e09a2bd68f96e546bf83b4710596518f675
> Author: J?r?mie Galarneau <jeremie.galarneau at efficios.com
> <mailto:jeremie.galarneau at efficios.com>>
> Date: Thu Jul 30 12:48:52 2015 -0400
>
> Clean-up: Move agent_apps_ht_by_sock definition to main.c
>
> Signed-off-by: J?r?mie Galarneau <jeremie.galarneau at efficios.com
> <mailto:jeremie.galarneau at efficios.com>>
>
> commit 1af8b99faa625033f9e0c2a6eaa9b3006cfadadd
> Author: J?r?mie Galarneau <jeremie.galarneau at efficios.com
> <mailto:jeremie.galarneau at efficios.com>>
> Date: Thu Jul 30 12:46:56 2015 -0400
>
> Fix: Initialize global agent_apps_ht_by_sock on session daemon launch
>
> Signed-off-by: J?r?mie Galarneau <jeremie.galarneau at efficios.com
> <mailto:jeremie.galarneau at efficios.com>>
>
>
> J?r?mie
>
>
> On Thu, Jul 30, 2015 at 12:02 PM, J?r?mie Galarneau
> <jeremie.galarneau at efficios.com <mailto:jeremie.galarneau at efficios.com>>
> wrote:
>
>
>
> On Thu, Jul 30, 2015 at 11:12 AM, Julien Desfossez
> <jdesfossez at efficios.com <mailto:jdesfossez at efficios.com>> wrote:
>
> Commit 6a4e403927ffef4cae8726064dcf53c463eb128c introduced a bug
> where
> we could end up iterating over the agent_apps_ht_by_sock
> regardless if
> it was allocated or not (only when the sessiond is launched as
> root).
>
> Steps to reproduce:
> $ sudo lttng-sessiond -d
> $ lttng-sessiond
> Error: Already running daemon.
> Segmentation fault (core dumped)
>
> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com
> <mailto:jdesfossez at efficios.com>>
> ---
> src/bin/lttng-sessiond/main.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng-sessiond/main.c
> b/src/bin/lttng-sessiond/main.c
> index 91dd047..5840165 100644
> --- a/src/bin/lttng-sessiond/main.c
> +++ b/src/bin/lttng-sessiond/main.c
> @@ -677,7 +677,9 @@ static void sessiond_cleanup(void)
> }
>
> DBG("Cleaning up all agent apps");
> - agent_app_ht_clean();
> + if (is_root) {
> + agent_app_ht_clean();
> + }
>
>
> This will leak the hash table if the session daemon was launched as
> an unprivileged user. However, the problem can also be reproduced by
> launching two session daemons under the same unprivileged user.
>
> The real issue here seems to be that the session daemon will enter
> the "exit_init_data" code path before creating the hash table if it
> can't acquire the lock file and that there are no NULL checks
> performed during the sessiond_cleanup().
>
> Thanks,
> J?r?mie
>
>
> DBG("Closing all UST sockets");
> ust_app_clean_list();
> --
> 1.9.1
>
>
>
>
> --
> J?r?mie Galarneau
> EfficiOS Inc.
> http://www.efficios.com
>
>
>
>
> --
> J?r?mie Galarneau
> EfficiOS Inc.
> http://www.efficios.com
>
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-30 17:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-30 15:12 [lttng-dev] [LTTNG-TOOLS PATCH] Fix: only cleanup the agent_apps_ht_by_sock as root Julien Desfossez
2015-07-30 16:02 ` Jérémie Galarneau
2015-07-30 16:53 ` Jérémie Galarneau
2015-07-30 17:40 ` Julien Desfossez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox