From 431dcc42e028e1b56f60131e3e153296ff73c25e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 11 Aug 2020 12:59:07 -0400 Subject: Rename argument to compute_real_max_mem_in_queues() --- src/app/config/config.c | 4 ++-- src/app/config/config.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/app') diff --git a/src/app/config/config.c b/src/app/config/config.c index 1d61b76310..8e21d67f23 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -4583,7 +4583,7 @@ options_validate(or_options_t *old_options, or_options_t *options, * actual maximum value. We clip this value if it's too low, and autodetect * it if it's set to 0. */ STATIC uint64_t -compute_real_max_mem_in_queues(const uint64_t val, int log_guess) +compute_real_max_mem_in_queues(const uint64_t val, bool is_server) { uint64_t result; @@ -4642,7 +4642,7 @@ compute_real_max_mem_in_queues(const uint64_t val, int log_guess) result = avail; } } - if (log_guess && ! notice_sent) { + if (is_server && ! notice_sent) { log_notice(LD_CONFIG, "%sMaxMemInQueues is set to %"PRIu64" MB. " "You can override this by setting MaxMemInQueues by hand.", ram ? "Based on detected system memory, " : "", diff --git a/src/app/config/config.h b/src/app/config/config.h index 301faf7067..35905ef767 100644 --- a/src/app/config/config.h +++ b/src/app/config/config.h @@ -290,7 +290,7 @@ STATIC int parse_port_config(smartlist_t *out, STATIC int check_bridge_distribution_setting(const char *bd); STATIC uint64_t compute_real_max_mem_in_queues(const uint64_t val, - int log_guess); + bool is_server); STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *fname, int truncate_log); -- cgit v1.2.3-54-g00ecf From a02002dc9915d4f26d374f0784c7cbf916a653b0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 11 Aug 2020 17:01:49 -0400 Subject: Lower the minimum value for MaxMemInQueues to 64 MB for relays. For clients, there is no minimum value; in both cases, we warn if the value seems too low. Closes ticket 24308. --- changes/ticket24308 | 6 ++++++ src/app/config/config.c | 25 +++++++++++++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 changes/ticket24308 (limited to 'src/app') diff --git a/changes/ticket24308 b/changes/ticket24308 new file mode 100644 index 0000000000..e614785265 --- /dev/null +++ b/changes/ticket24308 @@ -0,0 +1,6 @@ + o Minor features (denial-of-service memory limiter): + - Allow the user to configure even lower values for the MaxMemInQueues + parameter. Relays now enforce a minimum of 64 MB, when previously + the minimum was 256 MB. On clients, there is no minimum. Relays and + clients will both warn if the value is set so low that Tor is likely + to stop working. Closes ticket 24308. diff --git a/src/app/config/config.c b/src/app/config/config.c index 8e21d67f23..94971e3bfd 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -4585,6 +4585,9 @@ options_validate(or_options_t *old_options, or_options_t *options, STATIC uint64_t compute_real_max_mem_in_queues(const uint64_t val, bool is_server) { +#define MIN_SERVER_MB 64 +#define MIN_UNWARNED_SERVER_MB 256 +#define MIN_UNWARNED_CLIENT_MB 64 uint64_t result; if (val == 0) { @@ -4650,10 +4653,24 @@ compute_real_max_mem_in_queues(const uint64_t val, bool is_server) notice_sent = 1; } return result; - } else if (val < ONE_GIGABYTE / 4) { - log_warn(LD_CONFIG, "MaxMemInQueues must be at least 256 MB for now. " - "Ideally, have it as large as you can afford."); - return ONE_GIGABYTE / 4; + } else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) { + /* We can't configure less than this much on a server. */ + log_warn(LD_CONFIG, "MaxMemInQueues must be at least %d MB on servers " + "for now. Ideally, have it as large as you can afford.", + MIN_SERVER_MB); + return MIN_SERVER_MB * ONE_MEGABYTE; + } else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) { + /* On a server, if it's less than this much, we warn that things + * may go badly. */ + log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your " + "relay doesn't work, this may be the reason why."); + return val; + } else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) { + /* On a client, if it's less than this much, we warn that things + * may go badly. */ + log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your " + "client doesn't work, this may be the reason why."); + return val; } else { /* The value was fine all along */ return val; -- cgit v1.2.3-54-g00ecf