lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080118134318.GD9607@artemis.madism.org>
Date:	Fri, 18 Jan 2008 14:43:18 +0100
From:	Pierre Habouzit <madcoder@...ian.org>
To:	linux-kernel@...r.kernel.org
Cc:	madcoder@...ian.org
Subject: epoll and shared fd's

  Hi,

  I just came across a strange behavior of epoll that seems to
contradict the documentation. Here is what happens:

* I have two processes P1 and P2, P1 accept()s connections, and send the
  resulting file descriptors to P2 through a unix socket.

* P2 registers the received socket in his epollfd.

  [time passes]

* P2 is done with the socket and closes it

* P2 gets events for the socket again !


  Though the documentation says that if a process closes a file
descriptor, it gets unregistered. And yes I'm sure that P2 doens't dup()
the file descriptor. Though (because of a bug) it was still open in
P1[0], hence the referenced socket still live at the kernel level.

  Of course the userland workaround is to force the EPOLL_CTL_DEL before
the close, which I now do, but costs me a syscall where I wanted to
spare one :|

  I _believe_ this is if not a bug, at least a misfeature, hence I'm
reporting the issue :)


PS: please Cc: on answers me I'm not subscribed.


  [0] and despite the bug in our software that leaked the socket, P1
      is supposed to only close the socket when P2 acks the fact that it
      received a valid fd (else P1 tries to send it to a P2'), and there
      may be uncontrollable races that could trigger the issue again
      (with P2 closing the socket before P1 had time to process the ACK
      and close the socket on its end).
-- 
·O·  Pierre Habouzit
··O                                                madcoder@...ian.org
OOO                                                http://www.madism.org

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ