diff options
author | David Goulet <dgoulet@torproject.org> | 2017-11-08 14:36:04 -0500 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2017-11-08 14:46:49 -0500 |
commit | fa70aabb62652aa49537a6730eb4a3a95f9219c3 (patch) | |
tree | 9f3045fae75f961223edd39469c2f1f15fa1c26d /src | |
parent | 61330f40a50e304b7d7f386ab86a27292a4aa543 (diff) | |
download | tor-fa70aabb62652aa49537a6730eb4a3a95f9219c3.tar.gz tor-fa70aabb62652aa49537a6730eb4a3a95f9219c3.zip |
dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb2646368e3e7cb1bcee403667b786f0 introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:
if (!voting_schedule.voting_starts) {
...
dirvote_recalculate_timing(options, now);
}
The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.
That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.
This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.
Fixes #24186
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/or/dirvote.c | 9 | ||||
-rw-r--r-- | src/or/dirvote.h | 7 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/or/dirvote.c b/src/or/dirvote.c index f2194ed6e6..ce82a5ef4a 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -2865,6 +2865,7 @@ dirvote_get_next_valid_after_time(void) if (tor_mem_is_zero((const char *) &voting_schedule, sizeof(voting_schedule))) { dirvote_recalculate_timing(get_options(), time(NULL)); + voting_schedule.created_on_demand = 1; } return voting_schedule.interval_starts; } @@ -2892,7 +2893,13 @@ dirvote_act(const or_options_t *options, time_t now) { if (!authdir_mode_v3(options)) return; - if (!voting_schedule.voting_starts) { + tor_assert_nonfatal(voting_schedule.voting_starts); + /* If we haven't initialized this object through this codeflow, we need to + * recalculate the timings to match our vote. The reason to do that is if we + * have a voting schedule initialized 1 minute ago, the voting timings might + * not be aligned to what we should expect with "now". This is especially + * true for TestingTorNetwork using smaller timings. */ + if (voting_schedule.created_on_demand) { char *keys = list_v3_auth_ids(); authority_cert_t *c = get_my_v3_authority_cert(); log_notice(LD_DIR, "Scheduling voting. Known authority IDs are %s. " diff --git a/src/or/dirvote.h b/src/or/dirvote.h index f8eb52de81..72a35fea6d 100644 --- a/src/or/dirvote.h +++ b/src/or/dirvote.h @@ -168,6 +168,13 @@ typedef struct { int have_fetched_missing_signatures; /* True iff we have published our consensus. */ int have_published_consensus; + + /* True iff this voting schedule was set on demand meaning not through the + * normal vote operation of a dirauth or when a consensus is set. This only + * applies to a directory authority that needs to recalculate the voting + * timings only for the first vote even though this object was initilized + * prior to voting. */ + int created_on_demand; } voting_schedule_t; void dirvote_get_preferred_voting_intervals(vote_timing_t *timing_out); |