Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address watch descriptor reuse #73

Open
hannobraun opened this issue Aug 20, 2017 · 2 comments
Open

Address watch descriptor reuse #73

hannobraun opened this issue Aug 20, 2017 · 2 comments
Labels
bug help wanted

Comments

@hannobraun
Copy link
Owner

From the inotify man page:

When a watch descriptor is removed by calling inotify_rm_watch(2) (or because a watch file is deleted or the filesystem that contains it is unmounted), any pending unread events for that watch descriptor remain available to read. As watch descriptors are subsequently allocated with inotify_add_watch(2), the kernel cycles through the range of possible watch descriptors (0 to INT_MAX) incrementally. When allocating a free watch descriptor, no check is made to see whether that watch descriptor number has any pending unread events in the inotify queue. Thus, it can happen that a watch descriptor is reallocated even when pending unread events exist for a previous incarnation of that watch descriptor number, with the result that the application might then read those events and interpret them as belonging to the file associated with the newly recycled watch descriptor. In practice, the likelihood of hitting this bug may be extremely low, since it requires that an application cycle through INT_MAX watch descriptors, release a watch descriptor while leaving unread events for that watch descriptor in the queue, and then recycle that watch descriptor. For this reason, and because there have been no reports of the bug occurring in real-world applications, as of Linux 3.15, no kernel changes have yet been made to eliminate this possible bug.

I think a solution to this problem would be to force the user to read the full event queue before adding another watch. In principle, it should be relatively straight-forward to enforce this at compile-time, but that would require us to rethink Inotify's API.
@hannobraun hannobraun added the bug label Aug 20, 2017
@hannobraun hannobraun mentioned this issue Aug 20, 2017
Closed
@arsalan86
Copy link
Contributor

Thinking in terms of implementing futures (see #49), is it possible to continuously poll for watch events in a separate thread and return them via a future?

@hannobraun
Copy link
Owner Author

Certainly possible, but I don't think it would be an advantage. Even if you polled in short intervals, this issue would still be present (although less likely, maybe). You'd need some kind of synchronization between the main thread and the polling thread to fully solve the problem, and at that point this seems like way more complexity than is warranted. In addition, I don't think it's possible to prevent this issue at compile-time, if multiple threads are involved.

Generally speaking, I can't imagine circumstances where I would accept a solution to a problem that would require additional threads. That kind of thing would be way too heavyweight for what is supposed to be a simple wrapper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hannobraun @arsalan86