Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1884390pxb; Sun, 31 Oct 2021 02:56:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw90fF0TpM5yrDyp3UXol1C6DyLoyShH+coml7BV/cvIK86cJMFfG78QqbSptryTUXNzO0j X-Received: by 2002:a5d:9753:: with SMTP id c19mr2176003ioo.136.1635674170935; Sun, 31 Oct 2021 02:56:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635674170; cv=none; d=google.com; s=arc-20160816; b=KnANHQfvODigBPvC2cDUhroo4IMezYsR9QajBMdHnwQ18cuv2rC8986cizDYKaJX0l wt+jmiT2nOjc6/6vEFOHUcB/c4ZGtWMhPP8baRa6n3uh8/x/FBROmdBtj36wwvViC7UI kxh+pJpCr1mgCr3VGDkPGqpdP4PGh1fntyYe+Cb8Kq5vgz06b8CcxCn6s/05uRoi7k9/ eNtvvYi5l/emFj4yPYsTiWxsVRiR+VVqd2qzL+L3sRLgxNJdI8WE9oxqwx6XxkIv4AGP 73pwRce0AekyYP3R8S1+QkxaWkWEM0Dt2p/4Ti4QgGeHp5P6n5Sbn2cQBPrEM4eazGXH 6+CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=; b=Uen9fglwiqDRgb6/eEl0Aynl1ImDtfVd/s4TdurVCXmySqhJgoRMx4xhlgBf071/0g I3uFPjRLsvXYQshhuLJjPrEsqjSl84iSHLY4xH7SVmPimfpQKF3wszVXHPdPtivVBajs UCD4b5Ge48uHPClY//7ArwWGpgY7kn9oto8I9r3U6GJgM/1vxidfLOO4u/QxwgcozbSa ywZw5CJ/o/G3j9XIO9ooTgyb0y8CG1TIspPLruKESKtmZb5H3vVBNuT1ygencsVRvM8G BQ/pxTCqfHEqaXUsuX0UwXtvThu4G26XfMoAhMSgtGYsG5yS+eYKU92WCkf/jnItr7ob SmRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=NFDharSl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v8si19592962jas.85.2021.10.31.02.55.46; Sun, 31 Oct 2021 02:56:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=NFDharSl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230196AbhJaJ4b (ORCPT + 99 others); Sun, 31 Oct 2021 05:56:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47262 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229660AbhJaJ43 (ORCPT ); Sun, 31 Oct 2021 05:56:29 -0400 Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17FACC061570 for ; Sun, 31 Oct 2021 02:53:58 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id g8so16763814iob.10 for ; Sun, 31 Oct 2021 02:53:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=; b=NFDharSlF3D7NuTEJXRJ8w1Nw3SZHAaCzfkcDT5CT6rfiXYtDzilMrsQgn011HIyU7 SBn4ifDKNfvIZKJnFskWTEKWZoHV958/U3+Ke8Q4NOi+fXSfab4ycifxdCvZSDTmxxiz +2UTEMDRiOsegVhCHVAQrNmalAfQD3BpeOtDo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=JGqPbm7tO1VICGqBd/Inpku02T8Zpei3T3QkIwLq8SM=; b=Xg9IWtCamOfZcvXU3ItA5taUOg69CgA1tHvlppa1QI8Sfs+5PUnjxWXcrUZXhlomrt WO6ezrnuj3okRBe5HrEJwoWBvyd8uMyaAFqS4N4J0CriroJ0+7BmQKGy9IvE4eYs+5E4 W+IpYuu07bH8tjMh6yFNSnYTlL4ODooILR53aOXPZLFZVL51LmhjD72nmEfx7fklRUFk PWx3+vIohR5TKwWgmLRa1NKyztSoCuL14NvzAI/aYcy4Y8DRpSh3BbdE8rmMy4ukNVQ5 34OVOxKkRQL4yfokwO0tBjnNH64sgMqPYcPLFgvex8yvGAbDoKHPP1zK3sdZrq2Lc3KC 0cXA== X-Gm-Message-State: AOAM532CNWYTRkZZGdEpr2kEqAaMRFgbIoMDsNDLty4+TE2meKd8vXh1 WWlJ8zjiQlLCnHgVEnTICrTq82evni35pQ== X-Received: by 2002:a5e:8911:: with SMTP id k17mr14660691ioj.63.1635674037235; Sun, 31 Oct 2021 02:53:57 -0700 (PDT) Received: from ircssh-3.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80]) by smtp.gmail.com with ESMTPSA id w6sm6628345ilv.63.2021.10.31.02.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 31 Oct 2021 02:53:56 -0700 (PDT) Date: Sun, 31 Oct 2021 09:53:55 +0000 From: Sargun Dhillon To: Eric Wong Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk, akpm@linux-foundation.org, willy@infradead.org, arnd@kernel.org, Willem de Bruijn Subject: Re: epoll may leak events on dup Message-ID: <20211031095355.GA15963@ircssh-3.c.rugged-nimbus-611.internal> References: <20211030100319.GA11526@ircssh-3.c.rugged-nimbus-611.internal> <20211031073923.M174137@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211031073923.M174137@dcvr> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 31, 2021 at 07:39:23AM +0000, Eric Wong wrote: > Sargun Dhillon wrote: > > I discovered an interesting behaviour in epoll today. If I register the same > > file twice, under two different file descriptor numbers, and then I close one of > > the two file descriptors, epoll "leaks" the first event. This is fine, because > > one would think I could just go ahead and remove the event, but alas, that isn't > > the case. Some example python code follows to show the issue at hand. > > > > I'm not sure if this is really considered a "bug" or just "interesting epoll > > behaviour", but in my opinion this is kind of a bug, especially because leaks > > may happen by accident -- especially if files are not immediately freed. > > "Interesting epoll behavior" combined with a quirk with the > Python wrapper for epoll. It passes the FD as epoll_event.data > (.data could also be any void *ptr, a u64, or u32). > > Not knowing Python myself (but knowing Ruby and Perl5 well); I > assume Python developers chose the safest route in passing an > integer FD for .data. Passing a pointer to an arbitrary > Perl/Ruby object would cause tricky lifetime issues with the > automatic memory management of those languages; I expect Python > would have the same problem. > Python was just chosen as a way to have some inline code to explain the problem. Python has a bunch of libraries that will properly manage epoll under the hood, but the point was to describe the "leak" behaviour, where you cannot (easily) free up the registered epoll_event. It was shorter inline code than C. :). > > I'm also not sure why epoll events are registered by file, and not just fd. > > Is the expectation that you can share a single epoll amongst multiple > > "users" and register different files that have the same file descriptor > > No, the other way around. Different FDs for the same file. > > Having registration keyed by [file+fd] allows users to pass > different pointers for different events to the same file; > which could have its uses. > > Registering by FD alone isn't enough; since the epoll FD itself > can be shared across fork (which is of limited usefulness[1]). > Originaly iterations of epoll were keyed only by the file; > with the FD being added later. > > > number (at least for purposes other than CRIU). Maybe someone can shed > > light on the behaviour. > > CRIU? Checkpoint/Restore In Userspace? > Right, in CRIU, epoll is restored by manually cloning the FDs to the right spot, and re-installing the events into epoll. This requires: 0. Getting the original epoll FD 1. Fetching / recreating the original FD 2. dup2'ing it to right spot (and avoiding overwriting the original epoll FD) 3. EPOLL_CTL_ADD'ing the FD back in. > > [1] In contrast, kqueue has a unique close-on-fork behavior > which greatly simplifies usage from C code (but less so > for high-level runtimes which auto-close FDs). Perhaps a question for epoll developers and maintains, how would you feel about the idea of adding a new set of commands that allow the user to add / mod / del by arbitrary key. For example, EPOLL_CTL_ADD_BY_KEY, EPOLL_CTL_MOD_BY_KEY, EPOLL_CTL_DEL_BY_KEY, and instead the fd argument would be an arbitrary key, and the object for add would be: struct epoll_event_with_fd { uint32_t fd; epoll_data_t data; } EPOLL_CTL_MOD_BY_KEY and EPOLL_CTL_DEL_BY_KEY would just treat the fd argument as a key. In order for this not to be horrible (IMHO), we would have to make epoll run in a mode where only one event can be registered for a given key. Then the rb_tree key, instead of being: struct epoll_filefd { struct file *file; int fd; } __packed; would be: struct epoll_filefd { struct file *file; union { int fd; int key; } } __packed; Perhaps this is rambly, and code / patches are required for better articulation, but I guess the whole idea "fd is the key" for entries in epoll seems weird to me, and I'm wondering if people would be open to changing the API at this point in time.