Ensure guarantees about safe closing of poll watchers

bwoebi · bwoebi · commit 886cf1080d38 · 2020-03-17T14:22:19.000+01:00
Consider the following scenario:

uv_poll_init(loop, poll, fd);
uv_poll_start(poll, UV_READABLE, cb);
// the cb gets invoked etc.
uv_poll_stop(poll);

close(fd);
fd = allocate_new_socket(); // allocate_new_socket() is assigned the same fd by "bad luck" from the OS

// some time later:
uv_poll_init(loop, otherpoll, fd);
uv_poll_start(otherpoll, UV_READABLE, cb);

uv_close(poll); // uv__io_stop: Assertion `loop-&gt;watchers[w-&gt;fd] == w' failed.

According to documentation, "however the fd can be safely closed
immediately after a call to uv_poll_stop() or uv_close()."
Though, in this scenario, we close()'d our file descriptor, and by
bad luck we got the same file descriptor again and register a new
handle for it and start polling.

Previously that would lead to an assertion failure, if we were to
properly free the original handle via uv_close().

This commit fixes that by moving the check whether a only a single
poll handle is active to uv_poll_start() instead of the stopping
routines.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -363,6 +363,7 @@ if(LIBUV_BUILD_TESTS)
        test/test-poll-close-doesnt-corrupt-stack.c
        test/test-poll-close.c
        test/test-poll-closesocket.c
+       test/test-poll-multiple-handles.c
        test/test-poll-oob.c
        test/test-poll.c
        test/test-process-priority.c
diff --git a/Makefile.am b/Makefile.am
@@ -232,6 +232,7 @@ test_run_tests_SOURCES = test/blackhole-server.c \
                          test/test-poll-close.c \
                          test/test-poll-close-doesnt-corrupt-stack.c \
                          test/test-poll-closesocket.c \
+                         test/test-poll-multiple-handles.c \
                          test/test-poll-oob.c \
                          test/test-process-priority.c \
                          test/test-process-title.c \
diff --git a/src/unix/core.c b/src/unix/core.c
@@ -912,13 +912,12 @@ void uv__io_stop(uv_loop_t* loop, uv__io_t* w, unsigned int events) {
   if (w->pevents == 0) {
     QUEUE_REMOVE(&w->watcher_queue);
     QUEUE_INIT(&w->watcher_queue);
+    w->events = 0;
 
-    if (loop->watchers[w->fd] != NULL) {
-      assert(loop->watchers[w->fd] == w);
+    if (w == loop->watchers[w->fd]) {
       assert(loop->nfds > 0);
       loop->watchers[w->fd] = NULL;
       loop->nfds--;
-      w->events = 0;
     }
   }
   else if (QUEUE_EMPTY(&w->watcher_queue))
diff --git a/src/unix/poll.c b/src/unix/poll.c
@@ -116,12 +116,21 @@ int uv_poll_stop(uv_poll_t* handle) {
 
 
 int uv_poll_start(uv_poll_t* handle, int pevents, uv_poll_cb poll_cb) {
+  uv__io_t** watchers;
+  uv__io_t* w;
   int events;
 
   assert((pevents & ~(UV_READABLE | UV_WRITABLE | UV_DISCONNECT |
                       UV_PRIORITIZED)) == 0);
   assert(!uv__is_closing(handle));
 
+  watchers = handle->loop->watchers;
+  w = &handle->io_watcher;
+
+  if (uv__fd_exists(handle->loop, w->fd))
+    if (watchers[w->fd] != w)
+      return UV_EEXIST;
+
   uv__poll_stop(handle);
 
   if (pevents == 0)
diff --git a/test/test-list.h b/test/test-list.h
@@ -442,6 +442,7 @@ TEST_DECLARE   (poll_nested_epoll)
 #ifdef UV_HAVE_KQUEUE
 TEST_DECLARE   (poll_nested_kqueue)
 #endif
+TEST_DECLARE   (poll_multiple_handles)
 
 TEST_DECLARE   (ip4_addr)
 TEST_DECLARE   (ip6_addr_link_local)
@@ -874,6 +875,7 @@ TASK_LIST_START
 #ifdef UV_HAVE_KQUEUE
   TEST_ENTRY  (poll_nested_kqueue)
 #endif
+  TEST_ENTRY  (poll_multiple_handles)
 
   TEST_ENTRY  (socket_buffer_size)
 
diff --git a/test/test-poll-multiple-handles.c b/test/test-poll-multiple-handles.c
@@ -0,0 +1,97 @@
+/* Copyright libuv project contributors. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <errno.h>
+
+#ifndef _WIN32
+# include <fcntl.h>
+# include <sys/socket.h>
+# include <unistd.h>
+#endif
+
+#include "uv.h"
+#include "task.h"
+
+
+static int close_cb_called = 0;
+
+
+static void close_cb(uv_handle_t* handle) {
+  close_cb_called++;
+}
+
+static void poll_cb(uv_poll_t* handle, int status, int events) {
+  /* Not a bound socket, linux immediately reports UV_READABLE, other OS do not */
+  ASSERT(events == UV_READABLE);
+}
+
+TEST_IMPL(poll_multiple_handles) {
+  uv_os_sock_t sock;
+  uv_poll_t first_poll_handle, second_poll_handle;
+
+#ifdef _WIN32
+  {
+    struct WSAData wsa_data;
+    int r = WSAStartup(MAKEWORD(2, 2), &wsa_data);
+    ASSERT(r == 0);
+  }
+#endif
+
+  sock = socket(AF_INET, SOCK_STREAM, 0);
+#ifdef _WIN32
+  ASSERT(sock != INVALID_SOCKET);
+#else
+  ASSERT(sock != -1);
+#endif
+  ASSERT(0 == uv_poll_init_socket(uv_default_loop(), &first_poll_handle, sock));
+  ASSERT(0 == uv_poll_init_socket(uv_default_loop(), &second_poll_handle, sock));
+
+  ASSERT(0 == uv_poll_start(&first_poll_handle, UV_READABLE, poll_cb));
+
+  /* We may not start polling while another polling handle is active
+   * on that fd.
+   */
+#ifndef _WIN32
+  /* We do not track handles in an O(1) lookupable way on Windows,
+   * so not checking that here.
+   */
+  ASSERT(uv_poll_start(&second_poll_handle, UV_READABLE, poll_cb) == UV_EEXIST);
+#endif
+
+  /* After stopping the other polling handle, we now should be able to poll */
+  ASSERT(0 == uv_poll_stop(&first_poll_handle));
+  ASSERT(0 == uv_poll_start(&second_poll_handle, UV_READABLE, poll_cb));
+
+  /* Closing an already stopped polling handle is safe in any case */
+  uv_close((uv_handle_t*) &first_poll_handle, close_cb);
+
+  ASSERT(1 == uv_run(uv_default_loop(), UV_RUN_ONCE));
+  ASSERT(close_cb_called == 1);
+
+  ASSERT(uv_is_active((uv_handle_t*) &second_poll_handle));
+  uv_close((uv_handle_t*) &second_poll_handle, close_cb);
+
+  ASSERT(0 == uv_run(uv_default_loop(), UV_RUN_DEFAULT));
+  ASSERT(close_cb_called == 2);
+
+  MAKE_VALGRIND_HAPPY();
+  return 0;
+}
diff --git a/test/test.gyp b/test/test.gyp
@@ -86,6 +86,7 @@
         'test-poll-close.c',
         'test-poll-close-doesnt-corrupt-stack.c',
         'test-poll-closesocket.c',
+        'test-poll-multiple-handles.c',
         'test-poll-oob.c',
         'test-process-priority.c',
         'test-process-title.c',
