diff options
author | Nick Mathewson <nickm@torproject.org> | 2016-09-21 19:01:12 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-09-22 15:16:07 -0400 |
commit | e4aaf7666028c30866ad63053ad9f6eb6bf16bf7 (patch) | |
tree | 55bef18ed302697fe3e52f59c2ef66e188c38dce /src | |
parent | 11edbf480870975a354ec13ee67958492a0fd690 (diff) | |
download | tor-e4aaf7666028c30866ad63053ad9f6eb6bf16bf7.tar.gz tor-e4aaf7666028c30866ad63053ad9f6eb6bf16bf7.zip |
When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.
Additionally, replace that assert with a test and a log message.
Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee902fb7fa0776 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/circuitlist.c | 10 | ||||
-rw-r--r-- | src/or/relay.c | 9 |
2 files changed, 17 insertions, 2 deletions
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 716024df6a..5fb8be54b6 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -1836,8 +1836,14 @@ marked_circuit_free_cells(circuit_t *circ) return; } cell_queue_clear(&circ->n_chan_cells); - if (! CIRCUIT_IS_ORIGIN(circ)) - cell_queue_clear(& TO_OR_CIRCUIT(circ)->p_chan_cells); + if (circ->n_mux) + circuitmux_clear_num_cells(circ->n_mux, circ); + if (! CIRCUIT_IS_ORIGIN(circ)) { + or_circuit_t *orcirc = TO_OR_CIRCUIT(circ); + cell_queue_clear(&orcirc->p_chan_cells); + if (orcirc->p_mux) + circuitmux_clear_num_cells(orcirc->p_mux, circ); + } } static size_t diff --git a/src/or/relay.c b/src/or/relay.c index eddad6a0cb..33191e1e89 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2619,6 +2619,15 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) } /* Circuitmux told us this was active, so it should have cells */ + if (/*BUG(*/ queue->n == 0 /*)*/) { + log_warn(LD_BUG, "Found a supposedly active circuit with no cells " + "to send. Trying to recover."); + circuitmux_set_num_cells(cmux, circ, 0); + if (! circ->marked_for_close) + circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL); + continue; + } + tor_assert(queue->n > 0); /* |