| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jan 2008 14:43:18 +0100
From: Pierre Habouzit <madcoder@...ian.org>
To: linux-kernel@...r.kernel.org
Cc: madcoder@...ian.org
Subject: epoll and shared fd's
Hi,
I just came across a strange behavior of epoll that seems to
contradict the documentation. Here is what happens:
* I have two processes P1 and P2, P1 accept()s connections, and send the
resulting file descriptors to P2 through a unix socket.
* P2 registers the received socket in his epollfd.
[time passes]
* P2 is done with the socket and closes it
* P2 gets events for the socket again !
Though the documentation says that if a process closes a file
descriptor, it gets unregistered. And yes I'm sure that P2 doens't dup()
the file descriptor. Though (because of a bug) it was still open in
P1[0], hence the referenced socket still live at the kernel level.
Of course the userland workaround is to force the EPOLL_CTL_DEL before
the close, which I now do, but costs me a syscall where I wanted to
spare one :|
I _believe_ this is if not a bug, at least a misfeature, hence I'm
reporting the issue :)
PS: please Cc: on answers me I'm not subscribed.
[0] and despite the bug in our software that leaked the socket, P1
is supposed to only close the socket when P2 acks the fact that it
received a valid fd (else P1 tries to send it to a P2'), and there
may be uncontrollable races that could trigger the issue again
(with P2 closing the socket before P1 had time to process the ACK
and close the socket on its end).
--
·O· Pierre Habouzit
··O madcoder@...ian.org
OOO http://www.madism.org
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists