New submission from Mark Williams: Registering a file descriptor with EpollSelector.register that epoll(7) refuses results in the selector retaining a SelectorKey for that file descriptor, even though it's not monitored.
The following program attempts to register a file on the filesystem with an EpollSelector. epoll_ctl(2) returns EPERM when given a such a file descriptor, so it shouldn't be registered with the selector, but it is registered. import selectors import tempfile import traceback sel = selectors.EpollSelector() with tempfile.TemporaryFile() as f: try: sel.register(f, selectors.EVENT_READ) except PermissionError: traceback.print_exc() print("This should have raised a KeyError:", sel.get_key(f)) It produces this output on Pythons 3.4-3.6: Traceback (most recent call last): File "/tmp/sel.py", line 9, in <module> sel.register(f, selectors.EVENT_READ) File "/usr/lib/python3.4/selectors.py", line 402, in register self._epoll.register(key.fd, epoll_events) PermissionError: [Errno 1] Operation not permitted This should have raised a KeyError: SelectorKey(fileobj=<_io.BufferedRandom name=8>, fd=8, events=1, data=None) A similar problem exists with KqueueSelector. Consider the following program: import selectors import tempfile import traceback sel = selectors.KqueueSelector() f = tempfile.TemporaryFile() filedescriptor = f.fileno() f.close() try: sel.register(filedescriptor, selectors.EVENT_READ) except OSError: traceback.print_exc() print("This should have raised a KeyError:", sel.get_key(filedescriptor)) In this case selectors._fileobj_to_fd doesn't detect that the integer file descriptor is closed. Note that _fileobj_to_fd should not be changed! Attempting to use, say, fcntl(fd, fcntl.GET_FD) to detect a closed file descriptor introduces a TOCTTOU bug. Another thread (or another process, if the file descriptor refers to a socket shared between two or more processes and one calls shutdown(2) on it) can change the state of the file descriptor between the time it's checked and the time it's registered. A new file might even be opened and given the previous file descriptor. The attached patch catches any exception raised by EpollSelector.register or KqueueSelector.register, removes the SelectorKey from BaseSelector's table, and then re-raises the exception. Note that I've included asyncio as an affected component, because asyncio wraps the selectors module. ---------- components: asyncio files: selectors.patch keywords: patch messages: 272626 nosy: Mark.Williams, gvanrossum, haypo, yselivanov priority: normal severity: normal status: open title: selectors incorrectly retain invalid file descriptors versions: Python 3.4, Python 3.5, Python 3.6 Added file: http://bugs.python.org/file44100/selectors.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27759> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com