Epoll Correctness #331
Description
I found a bug with epoll where fds aren't getting properly removed from the an epollfds registered fd set.
According to the manpage, these should be removed from the set when an fd is closed and its last reference is removed.
Originally we didn't do that, but another bug was masking it from returning an error in that scenario. When that bug was fixed we ran into a problem here where it was trying to check a non-existent fd. My fix checks if the fd exists before we poll the fds, and if not removes that fd.
This isn't exactly "removing from the set when the last reference is closed", and could be a possible problem in a scenario where an fd is added to a set, closed, and then a new fd is opened with the same number. This is certainly a TOCCTOU and could possibly be used maliciously?
We'll need to design some new infrastructure to handle this correctly.