[tor-bugs] #23603 [Core Tor/Tor]: hs: Cleanup race between circuit close and free with the HS circuitmap

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 28 11:26:28 UTC 2017 

#23603: hs: Cleanup race between circuit close and free with the HS circuitmap
--------------------------+------------------------------------
 Reporter:  dgoulet       |          Owner:  dgoulet
     Type:  defect        |         Status:  needs_revision
 Priority:  High          |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by asn):

 I pushed `bug23603_test` with a draft unittest here. It needs
 improvements.

 David, I did not understand your suggested fix for `cleanup_intro_points`
 to make it cleanup intro points that will get cleaned up anyway. I think
 my confusion stems from the fact that we cound intro point retries when we
 launch a circuit and not when we fail circuits.

 This means that there are cases (say network down) where we will launch a
 4th retry on an intro point, the retry will succeed, and then we will
 still clean it up since it reached 4 retries. I think the right way to do
 this is to increase the retry counter when we fail the circuit in
 `hs_service_intro_circ_has_closed()`. No?

 I think the suggested fix also creates confusion over the semantics of
 `MAX_INTRO_POINT_CIRCUIT_RETRIES` since we would then have in
 `cleanup_intro_points`:
 {{{
 if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
    clean intro point
 }

 if (ip->circuit_retries >= MAX_INTRO_POINT_CIRCUIT_RETRIES &&
     no_active_intro_circuit_for_this_ip) {
    clean intro point
 }
 }}}
 This logic looks confusing to me. What's the meaning of max after all? I
 think all this confusion stems from the fact that `circuit_retries` gets
 incremented on launch and not on fail.

 What do you think?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23603#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list