diff options
| author | Mike Perry <mikeperry-git@torproject.org> | 2023-03-23 20:52:13 +0000 |
|---|---|---|
| committer | Mike Perry <mikeperry-git@torproject.org> | 2023-04-06 15:57:11 +0000 |
| commit | 7c70f713c31c0989a0008c7d0d92a1f12d498e32 (patch) | |
| tree | 1d89a778d3b659f59e82a90aa7a7bbedefc3762d /src/core/or/circuituse.c | |
| parent | 731a50c8c490c0d838605c2664ced3f68bb3d488 (diff) | |
| download | tor-7c70f713c31c0989a0008c7d0d92a1f12d498e32.tar.gz tor-7c70f713c31c0989a0008c7d0d92a1f12d498e32.zip | |
Avoid closing dirty circs with active half-edges
In https://gitlab.torproject.org/tpo/core/tor/-/issues/40623, we changed the
DESTROY propogation to ensure memory was freed quickly at relays. This was a
good move, but it exacerbates the condition where a stream is closed on a
circuit, and then it is immediately closed because it is dirty. This creates a
race between the DESTROY and the last data sent on the stream. This race is
visible in shadow, and does happen.
This could be backported. A better solution to these kinds of problems is to
create an ENDED cell, and not close any circuits until the ENDED comes back.
But this will also require thinking, since this ENDED cell can also get lost,
so some kind of timeout may be needed either way. The ENDED cell could just
allow us to have much longer timeouts for this case.
Diffstat (limited to 'src/core/or/circuituse.c')
| -rw-r--r-- | src/core/or/circuituse.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index b10c140253..6956cf9849 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -1458,6 +1458,7 @@ circuit_expire_old_circuits_clientside(void) if (circ->timestamp_dirty && circ->timestamp_dirty + get_options()->MaxCircuitDirtiness < now.tv_sec && + !connection_half_edges_waiting(TO_ORIGIN_CIRCUIT(circ)) && !TO_ORIGIN_CIRCUIT(circ)->p_streams /* nothing attached */ ) { log_debug(LD_CIRC, "Closing n_circ_id %u (dirty %ld sec ago, " "purpose %d)", |