mpd/src/event/SocketEvent.cxx

// SPDX-License-Identifier: BSD-2-Clause
// author: Max Kellermann <max.kellermann@gmail.com>

#include "SocketEvent.hxx"
#include "Loop.hxx"
#include "event/Features.h"

#include <cassert>
#include <utility>

#ifdef USE_EPOLL
#include <cerrno>
#endif

void
SocketEvent::Open(SocketDescriptor _fd) noexcept
{
	assert(_fd.IsDefined());
	assert(!fd.IsDefined());
	assert(GetScheduledFlags() == 0);

	fd = _fd;
}

void
SocketEvent::Close() noexcept
{
	if (!fd.IsDefined())
		return;

	/* closing the socket automatically unregisters it from epoll,
	   so we can omit the epoll_ctl(EPOLL_CTL_DEL) call and save
	   one system call */
	if (std::exchange(scheduled_flags, 0) != 0) {
#ifdef HAVE_THREADED_EVENT_LOOP
		/* can't use this optimization in multi-threaded
		   programs, because all file descriptors get
		   duplicated in forked processes, leaving them
		   registered in epoll, which could cause the parent
		   to crash */
		loop.RemoveFD(fd.Get(), *this);
#else
		loop.AbandonFD(*this);
#endif
	}
	fd.Close();
}

void
SocketEvent::Abandon() noexcept
{
	if (std::exchange(scheduled_flags, 0) != 0)
		loop.AbandonFD(*this);

	fd = SocketDescriptor::Undefined();
}

bool
SocketEvent::Schedule(unsigned flags) noexcept
{
	if (flags != 0)
		flags |= IMPLICIT_FLAGS;

	if (flags == GetScheduledFlags())
		return true;

	assert(IsDefined());

	bool success;
	if (scheduled_flags == 0)
		success = loop.AddFD(fd.Get(), flags, *this);
	else if (flags == 0)
		success = loop.RemoveFD(fd.Get(), *this);
	else
		success = loop.ModifyFD(fd.Get(), flags, *this);

	if (success)
		scheduled_flags = flags;
#ifdef USE_EPOLL
	else if (errno == EBADF || errno == ENOENT)
		/* the socket was probably closed by somebody else
		   (EBADF) or a new file descriptor with the same
		   number was created but not registered already
		   (ENOENT) - we can assume that there are no
		   scheduled events */
		/* note that when this happens, we're actually lucky
		   that it has failed - imagine another thread may
		   meanwhile have created something on the same file
		   descriptor number, and has registered it; the
		   epoll_ctl() call above would then have succeeded,
		   but broke the other thread's epoll registration */
		scheduled_flags = 0;
#endif

	return success;
}

void
SocketEvent::Dispatch() noexcept
{
	const unsigned flags = std::exchange(ready_flags, 0) &
		GetScheduledFlags();

	if (flags != 0)
		callback(flags);
}
event/Chrono, ...: relicense to BSD-2 2023-03-12 19:57:20 +01:00			`// SPDX-License-Identifier: BSD-2-Clause`
			`// author: Max Kellermann <max.kellermann@gmail.com>`
event/SocketMonitor: wrapper class for GSource + GPollFD 2013-01-10 19:05:47 +01:00
event/SocketMonitor: refactor to SocketEvent Similar to commits 1686f4e857769650474498de40f12b13a5889ba1 and 30a5dd267b6cb9ee21106d5d949de2f04781c6e7 2020-10-14 14:24:16 +02:00			`#include "SocketEvent.hxx"`
event/SocketMonitor: wrapper class for GSource + GPollFD 2013-01-10 19:05:47 +01:00			`#include "Loop.hxx"`
meson.build: move macros to event/Features.h 2020-10-13 16:11:57 +02:00			`#include "event/Features.h"`
event/SocketMonitor: wrapper class for GSource + GPollFD 2013-01-10 19:05:47 +01:00
replace assert.h with cassert The former was deprecated with C++14. According to the C++11 and C++17 standards, both files are identical. Signed-off-by: Rosen Penev <rosenp@gmail.com> 2020-03-12 23:20:59 +01:00			`#include <cassert>`
include cleanups (powered by iwyu) 2019-07-05 09:59:00 +02:00			`#include <utility>`
event/SocketMonitor: wrapper class for GSource + GPollFD 2013-01-10 19:05:47 +01:00
event/SocketMonitor: handle epoll_ctl()=EBADF/ENOENT in Schedule() This fixes a freeze bug in the NFS input/storage plugins: when libnfs auto-reconnets after a failure, it installs the new socket on the same file descriptor number. MPD's attempt to unregister the old socket by calling SocketMonitor::Steal() from NfsConnection::ScheduleSocket() fails because the new/old socket number is not registered in epoll, so epoll_ctl() returns ENOENT. The problem is that it left `scheduled_flags`, and so subsequent Schedule() calls will use `EPOLL_CTL_MOD`, which will fail again and again. Instead, we need to use `EPOLL_CTL_ADD` to register the new socket. Closes https://github.com/MusicPlayerDaemon/MPD/issues/806 Closes https://github.com/MusicPlayerDaemon/MPD/issues/756 2020-04-23 16:48:10 +02:00			`#ifdef USE_EPOLL`
			`#include <cerrno>`
			`#endif`

event/SocketMonitor: add method Open() Allow creating a closed SocketMonitor instance. 2013-01-15 22:48:38 +01:00			`void`
event/SocketMonitor: refactor to SocketEvent Similar to commits 1686f4e857769650474498de40f12b13a5889ba1 and 30a5dd267b6cb9ee21106d5d949de2f04781c6e7 2020-10-14 14:24:16 +02:00			`SocketEvent::Open(SocketDescriptor _fd) noexcept`
event/SocketMonitor: add method Open() Allow creating a closed SocketMonitor instance. 2013-01-15 22:48:38 +01:00			`{`
event/SocketMonitor: use class SocketDescriptor 2017-08-10 18:25:22 +02:00			`assert(_fd.IsDefined());`
event/SocketEvent: add another assert() to Open() 2020-12-04 09:23:56 +01:00			`assert(!fd.IsDefined());`
			`assert(GetScheduledFlags() == 0);`
event/SocketMonitor: add method Open() Allow creating a closed SocketMonitor instance. 2013-01-15 22:48:38 +01:00
			`fd = _fd;`
			`}`

event/SocketMonitor: add method Steal() 2013-01-27 22:37:01 +01:00			`void`
event/SocketMonitor: refactor to SocketEvent Similar to commits 1686f4e857769650474498de40f12b13a5889ba1 and 30a5dd267b6cb9ee21106d5d949de2f04781c6e7 2020-10-14 14:24:16 +02:00			`SocketEvent::Close() noexcept`
event/SocketMonitor: add method Steal() 2013-01-27 22:37:01 +01:00			`{`
event/SocketEvent: allow Close() without socket 2020-10-14 16:23:13 +02:00			`if (!fd.IsDefined())`
			`return;`

event/SocketEvent: add comment 2020-12-04 09:55:01 +01:00			`/* closing the socket automatically unregisters it from epoll,`
			`so we can omit the epoll_ctl(EPOLL_CTL_DEL) call and save`
			`one system call */`
event/SocketEvent: remove FD before closing socket SocketEvent knows the FD is still open and is about to close it, so it's unnecessary to rely on the kernel (via AbandonFD) to clean up the epoll_wait list. ### Why this is relevant - `AbandonFD` assumes that upon closing the socket, the FD will be automatically removed from the epoll list. That fd is associated with a reference to the `SocketEvent`, so this is an important and dangerous assumption to get wrong. In the case that the FD isn't immediately removed from the list by the kernel, the event loop can crash due to the `SocketEvent` being destroyed and it being a use-after-free bug at that point. - If a socket FD happens to be duplicated, then closing the SocketEvent FD will not automatically remove it from epoll, and will trigger said bug/crash. It is only automatically removed when all FD references to the underlying socket/resource are closed? - A `fork()` is one example where a socket FD can be duplicated and result in this situation. - `CLOEXEC` might be considered mitigation for this but also introduces a race condition where the crash can occur between a `fork()` and `exec()` without additional synchronization to freeze the event loop. One could argue the mpd event loop isn't fork-safe, and thus should be allowed to use `AbandonFD` however it likes. A decision on whether this is intended should probably be declared; but either way this fix seems appropriate in cases where `Abandon` isn't actually necessary. It also might be possible to fix `AbandonFD` to mark the `SocketEvent` as removed without using `EPOLL_CTL_DEL`? [edit: made this dependent on HAVE_THREADED_EVENT_LOOP which is always true for MPD, but not for ncmpc, for example - mk] 2020-11-09 19:50:54 +01:00			`if (std::exchange(scheduled_flags, 0) != 0) {`
			`#ifdef HAVE_THREADED_EVENT_LOOP`
			`/* can't use this optimization in multi-threaded`
			`programs, because all file descriptors get`
			`duplicated in forked processes, leaving them`
			`registered in epoll, which could cause the parent`
			`to crash */`
			`loop.RemoveFD(fd.Get(), *this);`
			`#else`
event/Loop: pass SocketEvent& to AbandonFD() 2020-10-28 14:58:23 +01:00			`loop.AbandonFD(*this);`
event/SocketEvent: remove FD before closing socket SocketEvent knows the FD is still open and is about to close it, so it's unnecessary to rely on the kernel (via AbandonFD) to clean up the epoll_wait list. ### Why this is relevant - `AbandonFD` assumes that upon closing the socket, the FD will be automatically removed from the epoll list. That fd is associated with a reference to the `SocketEvent`, so this is an important and dangerous assumption to get wrong. In the case that the FD isn't immediately removed from the list by the kernel, the event loop can crash due to the `SocketEvent` being destroyed and it being a use-after-free bug at that point. - If a socket FD happens to be duplicated, then closing the SocketEvent FD will not automatically remove it from epoll, and will trigger said bug/crash. It is only automatically removed when all FD references to the underlying socket/resource are closed? - A `fork()` is one example where a socket FD can be duplicated and result in this situation. - `CLOEXEC` might be considered mitigation for this but also introduces a race condition where the crash can occur between a `fork()` and `exec()` without additional synchronization to freeze the event loop. One could argue the mpd event loop isn't fork-safe, and thus should be allowed to use `AbandonFD` however it likes. A decision on whether this is intended should probably be declared; but either way this fix seems appropriate in cases where `Abandon` isn't actually necessary. It also might be possible to fix `AbandonFD` to mark the `SocketEvent` as removed without using `EPOLL_CTL_DEL`? [edit: made this dependent on HAVE_THREADED_EVENT_LOOP which is always true for MPD, but not for ncmpc, for example - mk] 2020-11-09 19:50:54 +01:00			`#endif`
			`}`
event/SocketEvent: use EventLoop::AbandonFD() in Close() 2020-10-14 16:29:24 +02:00			`fd.Close();`
event/SocketMonitor: wrapper class for GSource + GPollFD 2013-01-10 19:05:47 +01:00			`}`
event/SocketMonitor: add methods Read(), Write() 2013-01-30 10:39:17 +01:00
event/SocketEvent: move Abandon() up 2020-10-15 16:59:27 +02:00			`void`
			`SocketEvent::Abandon() noexcept`
			`{`
			`if (std::exchange(scheduled_flags, 0) != 0)`
event/Loop: pass SocketEvent& to AbandonFD() 2020-10-28 14:58:23 +01:00			`loop.AbandonFD(*this);`
event/SocketEvent: move Abandon() up 2020-10-15 16:59:27 +02:00
			`fd = SocketDescriptor::Undefined();`
			`}`

event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`bool`
event/SocketMonitor: refactor to SocketEvent Similar to commits 1686f4e857769650474498de40f12b13a5889ba1 and 30a5dd267b6cb9ee21106d5d949de2f04781c6e7 2020-10-14 14:24:16 +02:00			`SocketEvent::Schedule(unsigned flags) noexcept`
event/SocketMonitor: un-inline Schedule() Merge with CommitEventFlags(). 2013-08-07 23:57:30 +02:00			`{`
event/SocketEvent: allow Schedule() with IMPLICIT_FLAGS Relax the API (instead of tightening it further like commit 7bc1c9925b0e tried to do unsuccessfully). 2020-12-04 09:14:59 +01:00			`if (flags != 0)`
			`flags \|= IMPLICIT_FLAGS;`

event/SocketMonitor: un-inline Schedule() Merge with CommitEventFlags(). 2013-08-07 23:57:30 +02:00			`if (flags == GetScheduledFlags())`
event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`return true;`
event/SocketMonitor: un-inline Schedule() Merge with CommitEventFlags(). 2013-08-07 23:57:30 +02:00
event/SocketEvent: allow Cancel() without socket 2020-10-14 16:19:08 +02:00			`assert(IsDefined());`

event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`bool success;`
EventLoop: new implementation using epoll Implement an event loop without GLib. 2013-08-07 22:16:59 +02:00			`if (scheduled_flags == 0)`
event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`success = loop.AddFD(fd.Get(), flags, *this);`
EventLoop: new implementation using epoll Implement an event loop without GLib. 2013-08-07 22:16:59 +02:00			`else if (flags == 0)`
event/Loop: manage all SocketEvents in a linked list Not only those which are "ready". 2020-10-18 19:39:21 +02:00			`success = loop.RemoveFD(fd.Get(), *this);`
EventLoop: new implementation using epoll Implement an event loop without GLib. 2013-08-07 22:16:59 +02:00			`else`
event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`success = loop.ModifyFD(fd.Get(), flags, *this);`

			`if (success)`
			`scheduled_flags = flags;`
event/SocketMonitor: handle epoll_ctl()=EBADF/ENOENT in Schedule() This fixes a freeze bug in the NFS input/storage plugins: when libnfs auto-reconnets after a failure, it installs the new socket on the same file descriptor number. MPD's attempt to unregister the old socket by calling SocketMonitor::Steal() from NfsConnection::ScheduleSocket() fails because the new/old socket number is not registered in epoll, so epoll_ctl() returns ENOENT. The problem is that it left `scheduled_flags`, and so subsequent Schedule() calls will use `EPOLL_CTL_MOD`, which will fail again and again. Instead, we need to use `EPOLL_CTL_ADD` to register the new socket. Closes https://github.com/MusicPlayerDaemon/MPD/issues/806 Closes https://github.com/MusicPlayerDaemon/MPD/issues/756 2020-04-23 16:48:10 +02:00			`#ifdef USE_EPOLL`
			`else if (errno == EBADF \|\| errno == ENOENT)`
			`/* the socket was probably closed by somebody else`
			`(EBADF) or a new file descriptor with the same`
			`number was created but not registered already`
			`(ENOENT) - we can assume that there are no`
			`scheduled events */`
			`/* note that when this happens, we're actually lucky`
			`that it has failed - imagine another thread may`
			`meanwhile have created something on the same file`
			`descriptor number, and has registered it; the`
			`epoll_ctl() call above would then have succeeded,`
			`but broke the other thread's epoll registration */`
			`scheduled_flags = 0;`
			`#endif`
EventLoop: new implementation using epoll Implement an event loop without GLib. 2013-08-07 22:16:59 +02:00
event/SocketMonitor: Schedule() returns bool 2019-12-18 17:46:33 +01:00			`return success;`
event/SocketMonitor: un-inline Schedule() Merge with CommitEventFlags(). 2013-08-07 23:57:30 +02:00			`}`
event/SocketEvent: move Dispatch() down 2020-10-14 16:21:33 +02:00
			`void`
			`SocketEvent::Dispatch() noexcept`
			`{`
			`const unsigned flags = std::exchange(ready_flags, 0) &`
event/SocketEvent: allow Schedule() with IMPLICIT_FLAGS Relax the API (instead of tightening it further like commit 7bc1c9925b0e tried to do unsuccessfully). 2020-12-04 09:14:59 +01:00			`GetScheduledFlags();`
event/SocketEvent: move Dispatch() down 2020-10-14 16:21:33 +02:00
			`if (flags != 0)`
			`callback(flags);`
			`}`