Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1884390pxb;
        Sun, 31 Oct 2021 02:56:11 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw90fF0TpM5yrDyp3UXol1C6DyLoyShH+coml7BV/cvIK86cJMFfG78QqbSptryTUXNzO0j
X-Received: by 2002:a5d:9753:: with SMTP id c19mr2176003ioo.136.1635674170935;
        Sun, 31 Oct 2021 02:56:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635674170; cv=none;
        d=google.com; s=arc-20160816;
        b=KnANHQfvODigBPvC2cDUhroo4IMezYsR9QajBMdHnwQ18cuv2rC8986cizDYKaJX0l
         wt+jmiT2nOjc6/6vEFOHUcB/c4ZGtWMhPP8baRa6n3uh8/x/FBROmdBtj36wwvViC7UI
         kxh+pJpCr1mgCr3VGDkPGqpdP4PGh1fntyYe+Cb8Kq5vgz06b8CcxCn6s/05uRoi7k9/
         eNtvvYi5l/emFj4yPYsTiWxsVRiR+VVqd2qzL+L3sRLgxNJdI8WE9oxqwx6XxkIv4AGP
         73pwRce0AekyYP3R8S1+QkxaWkWEM0Dt2p/4Ti4QgGeHp5P6n5Sbn2cQBPrEM4eazGXH
         6+CA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=;
        b=Uen9fglwiqDRgb6/eEl0Aynl1ImDtfVd/s4TdurVCXmySqhJgoRMx4xhlgBf071/0g
         I3uFPjRLsvXYQshhuLJjPrEsqjSl84iSHLY4xH7SVmPimfpQKF3wszVXHPdPtivVBajs
         UCD4b5Ge48uHPClY//7ArwWGpgY7kn9oto8I9r3U6GJgM/1vxidfLOO4u/QxwgcozbSa
         ywZw5CJ/o/G3j9XIO9ooTgyb0y8CG1TIspPLruKESKtmZb5H3vVBNuT1ygencsVRvM8G
         BQ/pxTCqfHEqaXUsuX0UwXtvThu4G26XfMoAhMSgtGYsG5yS+eYKU92WCkf/jnItr7ob
         SmRg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b=NFDharSl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id v8si19592962jas.85.2021.10.31.02.55.46;
        Sun, 31 Oct 2021 02:56:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b=NFDharSl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230196AbhJaJ4b (ORCPT <rfc822;lyj496332184@gmail.com>
        + 99 others); Sun, 31 Oct 2021 05:56:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47262 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229660AbhJaJ43 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 31 Oct 2021 05:56:29 -0400
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17FACC061570
        for <linux-kernel@vger.kernel.org>; Sun, 31 Oct 2021 02:53:58 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id g8so16763814iob.10
        for <linux-kernel@vger.kernel.org>; Sun, 31 Oct 2021 02:53:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sargun.me; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=;
        b=NFDharSlF3D7NuTEJXRJ8w1Nw3SZHAaCzfkcDT5CT6rfiXYtDzilMrsQgn011HIyU7
         SBn4ifDKNfvIZKJnFskWTEKWZoHV958/U3+Ke8Q4NOi+fXSfab4ycifxdCvZSDTmxxiz
         +2UTEMDRiOsegVhCHVAQrNmalAfQD3BpeOtDo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=;
        b=Xg9IWtCamOfZcvXU3ItA5taUOg69CgA1tHvlppa1QI8Sfs+5PUnjxWXcrUZXhlomrt
         WO6ezrnuj3okRBe5HrEJwoWBvyd8uMyaAFqS4N4J0CriroJ0+7BmQKGy9IvE4eYs+5E4
         W+IpYuu07bH8tjMh6yFNSnYTlL4ODooILR53aOXPZLFZVL51LmhjD72nmEfx7fklRUFk
         PWx3+vIohR5TKwWgmLRa1NKyztSoCuL14NvzAI/aYcy4Y8DRpSh3BbdE8rmMy4ukNVQ5
         34OVOxKkRQL4yfokwO0tBjnNH64sgMqPYcPLFgvex8yvGAbDoKHPP1zK3sdZrq2Lc3KC
         0cXA==
X-Gm-Message-State: AOAM532CNWYTRkZZGdEpr2kEqAaMRFgbIoMDsNDLty4+TE2meKd8vXh1
        WWlJ8zjiQlLCnHgVEnTICrTq82evni35pQ==
X-Received: by 2002:a5e:8911:: with SMTP id k17mr14660691ioj.63.1635674037235;
        Sun, 31 Oct 2021 02:53:57 -0700 (PDT)
Received: from ircssh-3.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80])
        by smtp.gmail.com with ESMTPSA id w6sm6628345ilv.63.2021.10.31.02.53.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 31 Oct 2021 02:53:56 -0700 (PDT)
Date:   Sun, 31 Oct 2021 09:53:55 +0000
From:   Sargun Dhillon <sargun@sargun.me>
To:     Eric Wong <e@80x24.org>
Cc:     linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
        willy@infradead.org, arnd@kernel.org,
        Willem de Bruijn <willemb@google.com>
Subject: Re: epoll may leak events on dup
Message-ID: <20211031095355.GA15963@ircssh-3.c.rugged-nimbus-611.internal>
References: <20211030100319.GA11526@ircssh-3.c.rugged-nimbus-611.internal>
 <20211031073923.M174137@dcvr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211031073923.M174137@dcvr>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Oct 31, 2021 at 07:39:23AM +0000, Eric Wong wrote:
> Sargun Dhillon <sargun@sargun.me> wrote:
> > I discovered an interesting behaviour in epoll today. If I register the same 
> > file twice, under two different file descriptor numbers, and then I close one of 
> > the two file descriptors, epoll "leaks" the first event. This is fine, because 
> > one would think I could just go ahead and remove the event, but alas, that isn't 
> > the case. Some example python code follows to show the issue at hand.
> >
> > I'm not sure if this is really considered a "bug" or just "interesting epoll
> > behaviour", but in my opinion this is kind of a bug, especially because leaks
> > may happen by accident -- especially if files are not immediately freed.
> 
> "Interesting epoll behavior" combined with a quirk with the
> Python wrapper for epoll.  It passes the FD as epoll_event.data
> (.data could also be any void *ptr, a u64, or u32).
> 
> Not knowing Python myself (but knowing Ruby and Perl5 well); I
> assume Python developers chose the safest route in passing an
> integer FD for .data.  Passing a pointer to an arbitrary
> Perl/Ruby object would cause tricky lifetime issues with the
> automatic memory management of those languages; I expect Python
> would have the same problem.
> 

Python was just chosen as a way to have some inline code to explain the problem. 
Python has a bunch of libraries that will properly manage epoll under the hood, 
but the point was to describe the "leak" behaviour, where you cannot (easily) 
free up the registered epoll_event.

It was shorter inline code than C. :).

> > I'm also not sure why epoll events are registered by file, and not just fd.
> > Is the expectation that you can share a single epoll amongst multiple
> > "users" and register different files that have the same file descriptor
> 
> No, the other way around.  Different FDs for the same file.
> 
> Having registration keyed by [file+fd] allows users to pass
> different pointers for different events to the same file;
> which could have its uses.
> 
> Registering by FD alone isn't enough; since the epoll FD itself
> can be shared across fork (which is of limited usefulness[1]).
> Originaly iterations of epoll were keyed only by the file;
> with the FD being added later.
> 
> > number (at least for purposes other than CRIU). Maybe someone can shed
> > light on the behaviour.
> 
> CRIU?  Checkpoint/Restore In Userspace?
> 
Right, in CRIU, epoll is restored by manually cloning the FDs to the
right spot, and re-installing the events into epoll. This requires:
0. Getting the original epoll FD
1. Fetching / recreating the original FD
2. dup2'ing it to right spot (and avoiding overwriting the original epoll FD)
3. EPOLL_CTL_ADD'ing the FD back in.

> 
> [1] In contrast, kqueue has a unique close-on-fork behavior
>     which greatly simplifies usage from C code (but less so
>     for high-level runtimes which auto-close FDs).

Perhaps a question for epoll developers and maintains, how would you feel about 
the idea of adding a new set of commands that allow the user to add / mod / del 
by arbitrary key. For example, EPOLL_CTL_ADD_BY_KEY, EPOLL_CTL_MOD_BY_KEY, 
EPOLL_CTL_DEL_BY_KEY, and instead the fd argument would be an arbitrary key, and 
the object for add would be:


struct epoll_event_with_fd {
	uint32_t	fd;	
	epoll_data_t	data;
}

EPOLL_CTL_MOD_BY_KEY and EPOLL_CTL_DEL_BY_KEY would just treat the fd argument 
as a key. In order for this not to be horrible (IMHO), we would have to make
epoll run in a mode where only one event can be registered for a given key.

Then the rb_tree key, instead of being:
struct epoll_filefd {
	struct file *file;
	int fd;
} __packed;

would be:
struct epoll_filefd {
	struct file *file;
	union {
		int fd;
		int key;
	}
} __packed;

Perhaps this is rambly, and code / patches are required for better articulation,
but I guess the whole idea "fd is the key" for entries in epoll seems weird to
me, and I'm wondering if people would be open to changing the API at this point
in time.