I'm running Ubuntu 12.04 in a VM. After a recent kernel upgrade, I'm finding that I can reliably put the system in a position where the inotify_init() syscall returns -EMFILE, but /proc/*/fd shows fewer "anon_inode:inotify" entries than /proc/sys/fs/inotify/max_user_instances. Unfortunately the only way I know how to reproduce this is to run some internal Python unit tests that exercise pyinotify. But after a few such invokations, there appears to be a leak.
Perhaps a regression of CVE-2010-4250?
adar@adar-dev:~$ for foo in /proc/*/fd/*; do readlink -f $foo; done | grep inotify | sort | wc -l
24
I'm running Ubuntu 12.04 in a VM. After a recent kernel upgrade, I'm finding that I can reliably put the system in a position where the inotify_init() syscall returns -EMFILE, but /proc/*/fd shows fewer "anon_inode: inotify" entries than /proc/sys/ fs/inotify/ max_user_ instances. Unfortunately the only way I know how to reproduce this is to run some internal Python unit tests that exercise pyinotify. But after a few such invokations, there appears to be a leak.
Perhaps a regression of CVE-2010-4250?
adar@adar-dev:~$ for foo in /proc/*/fd/*; do readlink -f $foo; done | grep inotify | sort | wc -l
24
adar@adar-dev:~$ cat /proc/sys/ fs/inotify/ max_user_ instances
128
adar@adar-dev:~$ cat inotify_test.c
#include <stdio.h>
#include <sys/inotify.h>
void main(int argc, char *argv[]) { "inotify_ init");
int err = inotify_init();
if (err == -1) {
perror(
}
}
adar@adar-dev:~$ gcc inotify_test.c -o inotify_test
adar@adar-dev:~$ ./inotify_test
inotify_init: Too many open files