Merge branch 'maint-0.4.4' into release-0.4.4

3 files changed, 30 insertions, 7 deletions

diff --git a/changes/ticket24308 b/changes/ticket24308
new file mode 100644
index 0000000000..e614785265
--- /dev/null
+++ b/changes/ticket24308
@@ -0,0 +1,6 @@
+  o Minor features (denial-of-service memory limiter):
+    - Allow the user to configure even lower values for the MaxMemInQueues
+      parameter.  Relays now enforce a minimum of 64 MB, when previously
+      the minimum was 256 MB.  On clients, there is no minimum. Relays and
+      clients will both warn if the value is set so low that Tor is likely
+      to stop working. Closes ticket 24308.
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 930986483d..a0c188adc4 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -3911,8 +3911,11 @@ options_validate_cb(const void *old_options_, void *options_, char **msg)
  * actual maximum value.  We clip this value if it's too low, and autodetect
  * it if it's set to 0. */
 STATIC uint64_t
-compute_real_max_mem_in_queues(const uint64_t val, int log_guess)
+compute_real_max_mem_in_queues(const uint64_t val, bool is_server)
 {
+#define MIN_SERVER_MB 64
+#define MIN_UNWARNED_SERVER_MB 256
+#define MIN_UNWARNED_CLIENT_MB 64
   uint64_t result;
 
   if (val == 0) {
@@ -3970,7 +3973,7 @@ compute_real_max_mem_in_queues(const uint64_t val, int log_guess)
         result = avail;
       }
     }
-    if (log_guess && ! notice_sent) {
+    if (is_server && ! notice_sent) {
       log_notice(LD_CONFIG, "%sMaxMemInQueues is set to %"PRIu64" MB. "
                  "You can override this by setting MaxMemInQueues by hand.",
                  ram ? "Based on detected system memory, " : "",
@@ -3978,10 +3981,24 @@ compute_real_max_mem_in_queues(const uint64_t val, int log_guess)
       notice_sent = 1;
     }
     return result;
-  } else if (val < ONE_GIGABYTE / 4) {
-    log_warn(LD_CONFIG, "MaxMemInQueues must be at least 256 MB for now. "
-             "Ideally, have it as large as you can afford.");
-    return ONE_GIGABYTE / 4;
+  } else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) {
+    /* We can't configure less than this much on a server.  */
+    log_warn(LD_CONFIG, "MaxMemInQueues must be at least %d MB on servers "
+             "for now. Ideally, have it as large as you can afford.",
+             MIN_SERVER_MB);
+    return MIN_SERVER_MB * ONE_MEGABYTE;
+  } else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) {
+    /* On a server, if it's less than this much, we warn that things
+     * may go badly. */
+    log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your "
+             "relay doesn't work, this may be the reason why.");
+    return val;
+  } else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) {
+    /* On a client, if it's less than this much, we warn that things
+     * may go badly. */
+    log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your "
+             "client doesn't work, this may be the reason why.");
+    return val;
   } else {
     /* The value was fine all along */
     return val;
diff --git a/src/app/config/config.h b/src/app/config/config.h
index 17caa0e3ff..1ba10d1d37 100644
--- a/src/app/config/config.h
+++ b/src/app/config/config.h
@@ -294,7 +294,7 @@ STATIC int parse_dir_authority_line(const char *line,
 STATIC int parse_dir_fallback_line(const char *line, int validate_only);
 
 STATIC uint64_t compute_real_max_mem_in_queues(const uint64_t val,
-                                               int log_guess);
+                                               bool is_server);
 STATIC int open_and_add_file_log(const log_severity_list_t *severity,
                                  const char *fname,
                                  int truncate_log);