luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

poll,unix: ensure safety of rapid fd reuse

Browse Source 
Consider the following scenario:

uv_poll_init(loop, poll, fd);
uv_poll_start(poll, UV_READABLE, cb);
// the cb gets invoked etc.
uv_poll_stop(poll);

close(fd);
fd = allocate_new_socket(); // allocate_new_socket() is assigned the same fd by "bad luck" from the OS

// some time later:
uv_poll_init(loop, otherpoll, fd);
uv_poll_start(otherpoll, UV_READABLE, cb);

uv_close(poll); // uv__io_stop: Assertion `loop->watchers[w->fd] == w' failed.

According to documentation, "however the fd can be safely closed
immediately after a call to uv_poll_stop() or uv_close()."
Though, in this scenario, we close()'d our file descriptor, and by
bad luck we got the same file descriptor again and register a new
handle for it and start polling.

Previously that would lead to an assertion failure, if we were to
properly free the original handle via uv_close().

This commit fixes that by moving the check whether a only a single
poll handle is active to uv_poll_start() instead of the stopping
routines.

Fixes: https://github.com/libuv/libuv/issues/1172
Fixes: https://github.com/bwoebi/php-uv/issues/81
Fixes: https://github.com/b2wdigital/aiologger/issues/82
Fixes: https://github.com/invenia/LibPQ.jl/issues/140
PR-URL: https://github.com/libuv/libuv/pull/2686
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jameson Nash <vtjnash@gmail.com>
This commit is contained in:
Bob Weinand 2020-12-28 17:51:23 +01:00 committed by GitHub
parent a779fccfd1
commit c9406ba0e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 114 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -475,6 +475,7 @@ if(LIBUV_BUILD_TESTS)
test/test-poll-close-doesnt-corrupt-stack.c test/test-poll-close-doesnt-corrupt-stack.c
test/test-poll-close.c test/test-poll-close.c
test/test-poll-closesocket.c test/test-poll-closesocket.c
test/test-poll-multiple-handles.c
test/test-poll-oob.c test/test-poll-oob.c
test/test-poll.c test/test-poll.c
test/test-process-priority.c test/test-process-priority.c

1
Makefile.am
View File

@ -225,6 +225,7 @@ test_run_tests_SOURCES = test/blackhole-server.c \
test/test-poll-close.c \ test/test-poll-close.c \
test/test-poll-close-doesnt-corrupt-stack.c \ test/test-poll-close-doesnt-corrupt-stack.c \
test/test-poll-closesocket.c \ test/test-poll-closesocket.c \
test/test-poll-multiple-handles.c \
test/test-poll-oob.c \ test/test-poll-oob.c \
test/test-process-priority.c \ test/test-process-priority.c \
test/test-process-title.c \ test/test-process-title.c \

5
src/unix/core.c
View File

@ -925,13 +925,12 @@ void uv__io_stop(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
if (w->pevents == 0) { if (w->pevents == 0) {
QUEUE_REMOVE(&w->watcher_queue); QUEUE_REMOVE(&w->watcher_queue);
QUEUE_INIT(&w->watcher_queue); QUEUE_INIT(&w->watcher_queue);
w->events = 0;
if (loop->watchers[w->fd] != NULL) { if (w == loop->watchers[w->fd]) {
assert(loop->watchers[w->fd] == w);
assert(loop->nfds > 0); assert(loop->nfds > 0);
loop->watchers[w->fd] = NULL; loop->watchers[w->fd] = NULL;
loop->nfds--; loop->nfds--;
w->events = 0;
} }
} }
else if (QUEUE_EMPTY(&w->watcher_queue)) else if (QUEUE_EMPTY(&w->watcher_queue))

9
src/unix/poll.c
View File

@ -116,12 +116,21 @@ int uv_poll_stop(uv_poll_t* handle) {
int uv_poll_start(uv_poll_t* handle, int pevents, uv_poll_cb poll_cb) { int uv_poll_start(uv_poll_t* handle, int pevents, uv_poll_cb poll_cb) {
uv__io_t** watchers;
uv__io_t* w;
int events; int events;
assert((pevents & ~(UV_READABLE | UV_WRITABLE | UV_DISCONNECT | assert((pevents & ~(UV_READABLE | UV_WRITABLE | UV_DISCONNECT |
UV_PRIORITIZED)) == 0); UV_PRIORITIZED)) == 0);
assert(!uv__is_closing(handle)); assert(!uv__is_closing(handle));
watchers = handle->loop->watchers;
w = &handle->io_watcher;
if (uv__fd_exists(handle->loop, w->fd))
if (watchers[w->fd] != w)
return UV_EEXIST;
uv__poll_stop(handle); uv__poll_stop(handle);
if (pevents == 0) if (pevents == 0)

2
test/test-list.h
View File

@ -453,6 +453,7 @@ TEST_DECLARE (poll_nested_epoll)
#ifdef UV_HAVE_KQUEUE #ifdef UV_HAVE_KQUEUE
TEST_DECLARE (poll_nested_kqueue) TEST_DECLARE (poll_nested_kqueue)
#endif #endif
TEST_DECLARE (poll_multiple_handles)
TEST_DECLARE (ip4_addr) TEST_DECLARE (ip4_addr)
TEST_DECLARE (ip6_addr_link_local) TEST_DECLARE (ip6_addr_link_local)
@ -903,6 +904,7 @@ TASK_LIST_START
#ifdef UV_HAVE_KQUEUE #ifdef UV_HAVE_KQUEUE
TEST_ENTRY (poll_nested_kqueue) TEST_ENTRY (poll_nested_kqueue)
#endif #endif
TEST_ENTRY (poll_multiple_handles)
TEST_ENTRY (socket_buffer_size) TEST_ENTRY (socket_buffer_size)

99
test/test-poll-multiple-handles.c Normal file
View File

@ -0,0 +1,99 @@
/* Copyright libuv project contributors. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
#include <errno.h>
#ifndef _WIN32
# include <fcntl.h>
# include <sys/socket.h>
# include <unistd.h>
#endif
#include "uv.h"
#include "task.h"
static int close_cb_called = 0;
static void close_cb(uv_handle_t* handle) {
close_cb_called++;
}
static void poll_cb(uv_poll_t* handle, int status, int events) {
/* Not a bound socket, linux immediately reports UV_READABLE, other OS do not */
ASSERT(events == UV_READABLE);
}
TEST_IMPL(poll_multiple_handles) {
uv_os_sock_t sock;
uv_poll_t first_poll_handle, second_poll_handle;
#ifdef _WIN32
{
struct WSAData wsa_data;
int r = WSAStartup(MAKEWORD(2, 2), &wsa_data);
ASSERT(r == 0);
}
#endif
sock = socket(AF_INET, SOCK_STREAM, 0);
#ifdef _WIN32
ASSERT(sock != INVALID_SOCKET);
#else
ASSERT(sock != -1);
#endif
ASSERT(0 == uv_poll_init_socket(uv_default_loop(), &first_poll_handle, sock));
ASSERT(0 == uv_poll_init_socket(uv_default_loop(), &second_poll_handle, sock));
ASSERT(0 == uv_poll_start(&first_poll_handle, UV_READABLE, poll_cb));
/* We may not start polling while another polling handle is active
* on that fd.
*/
#ifndef _WIN32
/* We do not track handles in an O(1) lookupable way on Windows,
* so not checking that here.
*/
ASSERT(uv_poll_start(&second_poll_handle, UV_READABLE, poll_cb) == UV_EEXIST);
#endif
/* After stopping the other polling handle, we now should be able to poll */
ASSERT(0 == uv_poll_stop(&first_poll_handle));
ASSERT(0 == uv_poll_start(&second_poll_handle, UV_READABLE, poll_cb));
/* Closing an already stopped polling handle is safe in any case */
uv_close((uv_handle_t*) &first_poll_handle, close_cb);
uv_unref(&second_poll_handle);
ASSERT(0 == uv_run(uv_default_loop(), UV_RUN_DEFAULT));
ASSERT(close_cb_called == 1);
uv_ref(&second_poll_handle);
ASSERT(uv_is_active((uv_handle_t*) &second_poll_handle));
uv_close((uv_handle_t*) &second_poll_handle, close_cb);
ASSERT(0 == uv_run(uv_default_loop(), UV_RUN_DEFAULT));
ASSERT(close_cb_called == 2);
MAKE_VALGRIND_HAPPY();
return 0;
}