Use more memory poisoning and better asserts around ewma code

Attempt to diagnose 32464; fixes 33290.
2024-11-10 05:03:43 +01:00 · 2020-02-12 14:17:19 -05:00 · 2020-02-12 14:17:19 -05:00 · 80e3dc4727
commit 80e3dc4727
parent 5298113da9
3 changed files with 18 additions and 5 deletions
--- a/changes/ticket33290
+++ b/changes/ticket33290
@ -0,0 +1,4 @@
+  o Minor features (diagnostic):
+    - Improve assertions and add some memory-poisoning code to try to track
+      down possible causes of a rare crash (32564) in the EWMA code.
+      Closes ticket 33290.
--- a/src/core/or/circuitmux.c
+++ b/src/core/or/circuitmux.c
@ -79,6 +79,8 @@
 #include "core/or/destroy_cell_queue_st.h"
 #include "core/or/or_circuit_st.h"

+#include "lib/crypt_ops/crypto_util.h"
+
 /*
 * Private typedefs for circuitmux.c
 */
@ -973,7 +975,10 @@ circuitmux_detach_circuit,(circuitmux_t *cmux, circuit_t *circ))
    /* Now remove it from the map */
    HT_REMOVE(chanid_circid_muxinfo_map, cmux->chanid_circid_map, hashent);

-    /* Free the hash entry */
+    /* Wipe and free the hash entry */
+    // This isn't sensitive, but we want to be sure to know if we're accessing
+    // this accidentally.
+    memwipe(hashent, 0xef, sizeof(hashent));
    tor_free(hashent);
  }
 }
@ -1334,4 +1339,3 @@ circuitmux_compare_muxes, (circuitmux_t *cmux_1, circuitmux_t *cmux_2))
    return 0;
  }
 }
-
--- a/src/core/or/circuitmux_ewma.c
+++ b/src/core/or/circuitmux_ewma.c
@ -147,7 +147,9 @@ TO_EWMA_POL_DATA(circuitmux_policy_data_t *pol)
 {
  if (!pol) return NULL;
  else {
-    tor_assert(pol->magic == EWMA_POL_DATA_MAGIC);
+    tor_assertf(pol->magic == EWMA_POL_DATA_MAGIC,
+                "Mismatch: %"PRIu32" != %"PRIu32,
+                pol->magic, EWMA_POL_DATA_MAGIC);
    return DOWNCAST(ewma_policy_data_t, pol);
  }
 }
@ -162,7 +164,9 @@ TO_EWMA_POL_CIRC_DATA(circuitmux_policy_circ_data_t *pol)
 {
  if (!pol) return NULL;
  else {
-    tor_assert(pol->magic == EWMA_POL_CIRC_DATA_MAGIC);
+    tor_assertf(pol->magic == EWMA_POL_CIRC_DATA_MAGIC,
+                "Mismatch: %"PRIu32" != %"PRIu32,
+                pol->magic, EWMA_POL_CIRC_DATA_MAGIC);
    return DOWNCAST(ewma_policy_circ_data_t, pol);
  }
 }
@ -295,6 +299,7 @@ ewma_free_cmux_data(circuitmux_t *cmux,
  pol = TO_EWMA_POL_DATA(pol_data);

  smartlist_free(pol->active_circuit_pqueue);
+  pol->base_.magic = 0xDEAD901C;
  tor_free(pol);
 }

@ -361,7 +366,7 @@ ewma_free_circ_data(circuitmux_t *cmux,
  if (!pol_circ_data) return;

  cdata = TO_EWMA_POL_CIRC_DATA(pol_circ_data);
-
+  cdata->base_.magic = 0xDEADC14C;
  tor_free(cdata);
 }