From a0aa6d969c4c86971ac65bacb89749a9ce15a105 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 7 May 2025 21:19:40 -0400 Subject: [PATCH] Compute total_ooo_q_bytes correctly. Closes #41071; bug not in any released Tor. --- src/core/or/conflux.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/core/or/conflux.c b/src/core/or/conflux.c index c444f690dc..140d15e7b7 100644 --- a/src/core/or/conflux.c +++ b/src/core/or/conflux.c @@ -35,7 +35,9 @@ static inline uint64_t cwnd_sendable(const circuit_t *on_circ, uint64_t in_usec, uint64_t our_usec); /* Track the total number of bytes used by all ooo_q so it can be used by the - * OOM handler to assess. */ + * OOM handler to assess. + * + * When adding or subtracting to this value, use conflux_msg_alloc_cost(). */ static uint64_t total_ooo_q_bytes = 0; /** @@ -822,6 +824,15 @@ conflux_process_switch_command(circuit_t *in_circ, return 0; } +/** + * Return the total number of required allocated to store `msg`. + */ +static inline size_t +conflux_msg_alloc_cost(conflux_msg_t *msg) +{ + return msg->msg->length + sizeof(conflux_msg_t) + sizeof(relay_msg_t); +} + /** * Process an incoming relay cell for conflux. Called from * connection_edge_process_relay_cell(). @@ -879,7 +890,8 @@ conflux_process_relay_msg(conflux_t *cfx, circuit_t *in_circ, smartlist_pqueue_add(cfx->ooo_q, conflux_queue_cmp, offsetof(conflux_msg_t, heap_idx), c_msg); - total_ooo_q_bytes += sizeof(msg->length); + + total_ooo_q_bytes += conflux_msg_alloc_cost(c_msg); /* This cell should not be processed yet, and the queue is not ready * to process because the next absolute seqnum has not yet arrived */ @@ -907,7 +919,7 @@ conflux_dequeue_relay_msg(conflux_t *cfx) if (top->seq == cfx->last_seq_delivered+1) { smartlist_pqueue_pop(cfx->ooo_q, conflux_queue_cmp, offsetof(conflux_msg_t, heap_idx)); - total_ooo_q_bytes -= sizeof(top->msg->length); + total_ooo_q_bytes -= conflux_msg_alloc_cost(top); cfx->last_seq_delivered++; return top; } else { -- 2.47.2