Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

epoll_fd leaks to child processes #3809

Closed
Tim-Zhang opened this issue May 25, 2021 · 8 comments · Fixed by tokio-rs/mio#1491 or kata-containers/kata-containers#2034
Closed

epoll_fd leaks to child processes #3809

Tim-Zhang opened this issue May 25, 2021 · 8 comments · Fixed by tokio-rs/mio#1491 or kata-containers/kata-containers#2034
Labels
A-tokio Area: The main tokio crate C-bug Category: This is a bug. M-io Module: tokio/io

Comments

@Tim-Zhang
Copy link

Version
>= 0.3

Platform
Linux k 5.8.0-38-generic #43~20.04.1-Ubuntu SMP Tue Jan 12 16:39:47 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Description

I tried this code:

use nix::unistd;
use std::ffi::CString;

fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
    let rt = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()?;

    rt.block_on(async {
        let path = CString::new("/usr/bin/sleep").unwrap();
        let args = vec![
            CString::new("sleep").unwrap(),
            CString::new("500000").unwrap(),
        ];
        let envs: Vec<&CString> = Vec::new();
        unsafe {
            match unistd::fork().unwrap() {
                unistd::ForkResult::Parent { child: _, .. } => {
                    println!("{}", "hehe");
                }
                unistd::ForkResult::Child => match unistd::execve(&path, &args, &envs) {
                    Err(_e) => {
                        std::process::exit(1);
                    }
                    _ => unreachable!(),
                },
            };
        }

        tokio::time::sleep(std::time::Duration::from_secs(10000)).await;
    });

    Ok(())
}

start the program then check fds.

tim@k:~$ ps aux|grep sleep
tim       279808  0.0  0.0   2516   592 pts/0    S+   13:44   0:00 sleep 500000
tim       281141  0.0  0.0   2516   584 ?        S    13:46   0:00 sleep 180
tim       281419  0.0  0.0  17672   728 pts/5    S+   13:47   0:00 grep --color=auto sleep

tim@k:~$ ls -l /proc/279808/fd
total 0
lrwx------ 1 tim tim 64 May 25 13:44 0 -> /dev/pts/0
lrwx------ 1 tim tim 64 May 25 13:44 1 -> /dev/pts/0
...
lrwx------ 1 tim tim 64 May 25 13:44 7 -> 'anon_inode:[eventpoll]'
...

The fd of epoll was mistakenly leaked to the child process

@Tim-Zhang Tim-Zhang added A-tokio Area: The main tokio crate C-bug Category: This is a bug. labels May 25, 2021
Tim-Zhang added a commit to Tim-Zhang/mio that referenced this issue May 25, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off
and we should set it manually.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
Tim-Zhang added a commit to Tim-Zhang/mio that referenced this issue May 25, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off
and we should set it manually.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
Tim-Zhang added a commit to Tim-Zhang/mio that referenced this issue May 25, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off
and we should set it manually.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
@Darksonn Darksonn added the M-io Module: tokio/io label May 25, 2021
Tim-Zhang added a commit to Tim-Zhang/mio that referenced this issue May 25, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the
duplicate descriptor created by dup(2) is off.

We can use fcntl + F_DUPFD_CLOEXEC to dup the epoll_fd to fix this
issue.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
Thomasdezeeuw pushed a commit to tokio-rs/mio that referenced this issue Jun 9, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the
duplicate descriptor created by dup(2) is off.

We can use fcntl + F_DUPFD_CLOEXEC to dup the epoll_fd to fix this
issue.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
@Tim-Zhang
Copy link
Author

@Darksonn This issue was closed by pr merged, but the problem still exist until the version released, Can you reopen it?

Tim-Zhang added a commit to Tim-Zhang/mio that referenced this issue Jun 11, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off
and we should set it manually.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
@Darksonn
Copy link
Contributor

I will reopen this pending the backport in tokio-rs/mio#1495, but once the backport is merged we will close it. We usually do not keep issues open just because the fix is still pending a release.

@Darksonn Darksonn reopened this Jun 11, 2021
Thomasdezeeuw pushed a commit to tokio-rs/mio that referenced this issue Jun 11, 2021
The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off
and we should set it manually.

Fixes: tokio-rs/tokio#3809

Signed-off-by: Tim Zhang <[email protected]>
@Thomasdezeeuw
Copy link
Contributor

I've merged the pr on Mio side, want a new release for it? Or does anyone have any pending changes to Mio?

@Darksonn
Copy link
Contributor

Go ahead and make a release for it.

@Tim-Zhang
Copy link
Author

@Thomasdezeeuw @Darksonn Thanks.

@Thomasdezeeuw
Copy link
Contributor

Publish Mio v0.7.12, also fixed it for kqueue in commit tokio-rs/mio@b367a05, pr for master: tokio-rs/mio#1496.

@Thomasdezeeuw
Copy link
Contributor

For people still keeping track, v0.7.12 of Mio was yanked, but v0.7.13 (just released) fixes this.

@Tim-Zhang
Copy link
Author

Thank you @Thomasdezeeuw , I have updated the mio and everything is ok.

Tim-Zhang added a commit to Tim-Zhang/kata-containers that referenced this issue Jun 15, 2021
bdbai added a commit to YtFlow/mio-noafd that referenced this issue Feb 9, 2022
commit 5234b5f
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 13 12:57:29 2021 +0100

    Release v0.8.0

commit 41a494b
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 13 12:59:43 2021 +0100

    Fix Clippy warning

commit a8c5756
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 12:45:33 2021 +0100

    Add changelog for v0.8

commit 7029a35
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 12:34:33 2021 +0100

    Add v0.7.14 change log

    From commit 064af84

commit dca2134
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 11:26:23 2021 +0100

    Fix feature flags for some tests files

    The test util module requires both the "os-poll" and "net" features.

commit b9f089b
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 11:19:09 2021 +0100

    Remove cfg attributes for Solaris

    We never really supported Solaris, we pretended it implemented epoll,
    but it never did see tokio-rs#1152. As no
    one ever committed to being a maintainer for the port I'm removing it
    now with this commit.

    Instead replace it with illumuos on the CI, which we do support (as it
    supports epoll) and for which we do have maintainers.

commit 7d86108
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 11:53:32 2021 +0100

    Add section about raw fd to portability guidelines

commit 3be5811
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Nov 7 12:09:53 2021 +0100

    Add note about short receive on datagram sockets

    Talking about the differences between OSs.

commit 3ca57f3
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 6 15:20:54 2021 +0100

    Document unconnected TcpStream returned by TcpStream::connect

commit 47cf59c
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 6 15:04:56 2021 +0100

    Deregister connection before dropping it in TCP example

commit 05009e4
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 6 14:53:45 2021 +0100

    Document that Mio report OOB data in Event::is_readable

    Reporting Out-of-band (OOB) as readable it could leave applications open
    to DoS attacks. However because Mio uses edge-triggers most applications
    won't actually be effected.

commit 44666e8
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 6 14:41:54 2021 +0100

    Fix match_like_matches_macro Clippy lint

    We've updated our MSVR since the comment above it.

commit f8695a7
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Nov 6 14:39:42 2021 +0100

    Update Rustc nightly version in CI

commit f4b9252
Author: Ben Noordhuis <[email protected]>
Date:   Sun Oct 10 16:45:25 2021 +0200

    Add sys::unix::SocketAddr::as_abstract_namespace()

    Fixes tokio-rs#1517.

commit 04e0ca4
Author: Thomas de Zeeuw <[email protected]>
Date:   Tue Sep 28 18:16:01 2021 +0200

    Update change log with v0.7.x releases

    Contains the work in the following commits:
     * v0.7.8 20b7298.
     * v0.7.9 07bc32f.
     * v0.7.10 b7006d7.
     * v0.7.11 772c692.
     * v0.7.12 7adfb75.
     * v0.7.13 75f41fb.

commit e55ec59
Author: Thomas de Zeeuw <[email protected]>
Date:   Thu Oct 7 20:21:22 2021 +0200

    Install nightly Rust on CI for install cargo-hack

commit 499004f
Author: Thomas de Zeeuw <[email protected]>
Date:   Thu Oct 7 20:14:36 2021 +0200

    Install Cargo-hack using nightly on CI

    Cargo-hack's (transient) dependency bitflags has updated its MSRV.

commit e9e91ff
Author: Thomas de Zeeuw <[email protected]>
Date:   Tue Sep 28 19:59:15 2021 +0200

    Fix Clippy warnings on Windows

    Seems this isn't check on the CI.

commit b48cce6
Author: Thomas de Zeeuw <[email protected]>
Date:   Tue Sep 28 19:51:19 2021 +0200

    Fix Clippy warnings

commit 37aec3e
Author: Thomas de Zeeuw <[email protected]>
Date:   Tue Sep 28 19:45:26 2021 +0200

    Fix dead_code warnings for Windows

commit 02e9be4
Author: Thomas de Zeeuw <[email protected]>
Date:   Tue Sep 28 19:32:35 2021 +0200

    Remove TcpSocket type

    The socket2 crate provide all the functionality and more. Furthermore
    supporting all socket options is beyond the scope of Mio.

    The easier migration is to the socket2 crate, using the Socket or
    SockRef types.

    The migration for Tokio is tracked in
    tokio-rs/tokio#4135.

commit d4ce420
Author: Rémi Lauzier <[email protected]>
Date:   Tue Jul 6 14:21:17 2021 -0400

    Update dev-dependencies

commit fbcc849
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Jul 3 12:44:57 2021 +0200

    Change port in connect_error

    Hopefully this port is actually not used.

    Also check Event::is_write_closed since we expect that to be true.

commit bfbcd9d
Author: Jake Shadle <[email protected]>
Date:   Fri Jul 2 15:17:17 2021 +0200

    Move wine from unsupported

commit 21ddf94
Author: Ivan Enderlin <[email protected]>
Date:   Tue Jun 22 22:36:09 2021 +0200

    chore: Make Clippy happy (bis).

commit 6d62f5d
Author: Ivan Enderlin <[email protected]>
Date:   Mon Jun 21 16:41:21 2021 +0200

    chore: Make Clippy happy.

commit 6eb1efa
Author: Ivan Enderlin <[email protected]>
Date:   Mon Jun 21 16:22:16 2021 +0200

    feat: Move `poll::selector` to `Registry::selector`.

commit 441367b
Author: Thomas de Zeeuw <[email protected]>
Date:   Sun Jun 13 00:33:17 2021 +0200

    Fix Selector::try_clone

    Calls fcntl F_DUPFD_CLOEXEC expects two arguments; the command
    (F_DUPFD_CLOEXEC) and an argument for the command. In this case an lower
    bound for the resulting file descriptor. Because we didn't provide a
    value it would take whatever value was left in the register from
    whatever code used it before the system call.

    This caused Waker::new to fail, see issue
    tokio-rs#1497.

commit cbcaedf
Author: Thomas de Zeeuw <[email protected]>
Date:   Sat Jun 12 20:39:12 2021 +0200

    Set FD_CLOEXEC flag on duplicated kqueue Poll

    Same as commit c52635c, but for kqueue.

commit c52635c
Author: Tim Zhang <[email protected]>
Date:   Tue May 25 11:40:54 2021 +0800

    Set the close-on-exec flag for the duplicate epoll_fd

    The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the
    duplicate descriptor created by dup(2) is off.

    We can use fcntl + F_DUPFD_CLOEXEC to dup the epoll_fd to fix this
    issue.

    Fixes: tokio-rs/tokio#3809

    Signed-off-by: Tim Zhang <[email protected]>

commit 2246ffb
Author: Taiki Endo <[email protected]>
Date:   Sun May 23 16:06:15 2021 +0900

    Use ubuntu-18.04 instead of ubuntu-16.04

commit 0cfba5d
Author: cdcode <[email protected]>
Date:   Sun Jun 6 22:42:26 2021 +0100

    Small spelling correction in example

commit 22e8858
Author: Thomas de Zeeuw <[email protected]>
Date:   Thu May 13 17:09:57 2021 +0200

    Update outdated comment

commit 607a12f
Author: Thomas de Zeeuw <[email protected]>
Date:   Mon May 10 12:10:28 2021 +0200

    Replace x86_64-sun-solaris with x86_64-pc-solaris

    rust-lang/rust#82216 removed the
    x86_64-sun-solaris target from rustup, changing it to use
    x86_64-pc-solaris instead.

    Related issues:
     * rust-lang/rust#85098

commit 27a6a3c
Author: Thomas de Zeeuw <[email protected]>
Date:   Mon May 10 11:56:41 2021 +0200

    Avoid cast pointers to usize in windows::NamedPipe

    Changes the Inner::ptr_from_* methods to use ptr::wrapping_sub rather
    then casting to usize.

commit e316b21
Author: Thomas de Zeeuw <[email protected]>
Date:   Wed May 5 12:13:47 2021 +0200

    Replace offset constants with methods in Windows NamedPipe

commit 9e13732
Author: Thomas de Zeeuw <[email protected]>
Date:   Mon Apr 12 20:26:53 2021 +0200

    Reorder NamedPipe fields

    Moving the Overlapped fields to the start to make it easier to determine
    the offsets and hopefully incur less breakage once external fields
    change size.

    Note that the Overlapped fields internally uses miow::Overlapped, which
    in turn is a OVERLAPPED struct as found in the winapi crate and has a
    stable layout (as defined by the Windows API).

commit db0d74c
Author: Thomas de Zeeuw <[email protected]>
Date:   Mon Apr 12 20:03:24 2021 +0200

    Remove unsound offset_of macro

    And replace it with constants that define the offsets to the fields.
    It's not a pretty solution, but it's one without UB.

commit 1667a70
Author: Rob Ede <[email protected]>
Date:   Thu Apr 1 17:01:01 2021 +0100

    remove manual doc versioning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-tokio Area: The main tokio crate C-bug Category: This is a bug. M-io Module: tokio/io
Projects
None yet
3 participants