epoll: avoid orphaned interest on EventRegister failure#13245
Open
ibondarenko1 wants to merge 1 commit into
Open
epoll: avoid orphaned interest on EventRegister failure#13245ibondarenko1 wants to merge 1 commit into
ibondarenko1 wants to merge 1 commit into
Conversation
EpollInstance.AddInterest inserts the new epollInterest into ep.interest before calling file.EventRegister, and adds it to file.epolls only after EventRegister succeeds. If EventRegister fails, AddInterest returns with the epollInterest in ep.interest but never in file.epolls. That breaks the invariant the interest-removal paths rely on: EpollInstance.Release walks ep.interest and the FileDescription.DecRef path walks file.epolls. An entry present in one but not the other is orphaned and pins the target FileDescription. EventRegister fails deterministically for an unprivileged caller, for example epoll_ctl on an opened-but-unmounted /dev/fuse FD. Insert into ep.interest only after EventRegister succeeds.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
EpollInstance.AddInterestinserts the newepollInterestintoep.interestbefore registering with the file, and adds it tofile.epollsonly after registration succeeds:If
file.EventRegisterfails,AddInterestreturns withepiinep.interestbut never infile.epolls.The interest-removal paths rely on
ep.interestandfile.epollsstaying in sync:EpollInstance.Releasewalksep.interest, and theFileDescription.DecRefpath walksfile.epolls. An entry present inep.interestbut notfile.epollsis orphaned, and it keeps the target*FileDescriptionreachable past its own release.EventRegisterfails deterministically for an unprivileged caller. For example,epoll_ctl(EPOLL_CTL_ADD)on an opened-but-unmounted/dev/fuseFD reachesfuse.DeviceFD.EventRegister, which returnsEPERMwhen the device is not connected.Change
Move
ep.interest[key] = epito afterEventRegistersucceeds.epiis then added toep.interestandfile.epollsonly on the success path, with no fallible call between the two inserts, so a failed registration leaves nothing behind. A short comment records the ordering requirement.Scope
Hardening. A bounded per-
epoll_ctlleak plus a stale*FileDescriptionreference, reachable by an unprivileged process.