From 79c234e0e3fa22d76029bd3b5e2c52072709cff3 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 12 Feb 2014 13:09:02 -0500
Subject: On OOM, also log N circuits remaining

---
 src/or/circuitlist.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index ffb5e0cd0..45fc95b56 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1589,9 +1589,11 @@ circuits_handle_oom(size_t current_allocation)
   buf_shrink_freelists(1); /* This is necessary to actually release buffer
                               chunks. */
 
-  log_notice(LD_GENERAL, "Removed "U64_FORMAT" bytes by killing %d circuits.",
+  log_notice(LD_GENERAL, "Removed "U64_FORMAT" bytes by killing %d circuits; "
+             "%d circuits remain alive.",
              U64_PRINTF_ARG(mem_recovered),
-             n_circuits_killed);
+             n_circuits_killed,
+             smartlist_len(circlist) - n_circuits_killed);
 
   smartlist_free(circlist);
 }
-- 
cgit v1.2.3


From 833d027778ba97020fb5ded1d94e4b21fbcab766 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 26 Feb 2014 09:51:30 -0500
Subject: Monotonize the OOM-killer data timers

In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
---
 src/common/compat_libevent.c | 30 ++++++++++++++++++++++++++++++
 src/common/compat_libevent.h |  1 +
 src/or/buffers.c             |  2 +-
 src/or/circuitlist.c         |  2 +-
 src/or/relay.c               |  2 +-
 5 files changed, 34 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 6655ca87d..77f8495e5 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -724,3 +724,33 @@ tor_gettimeofday_cache_clear(void)
 }
 #endif
 
+/**
+ * As tor_gettimeofday_cached, but can never move backwards in time.
+ *
+ * The returned value may diverge from wall-clock time, since wall-clock time
+ * can trivially be adjusted backwards, and this can't.  Don't mix wall-clock
+ * time with these values in the same calculation.
+ *
+ * Depending on implementation, this function may or may not "smooth out" huge
+ * jumps forward in wall-clock time.  It may or may not keep its results
+ * advancing forward (as opposed to stalling) if the wall-clock time goes
+ * backwards.  The current implementation does neither of of these.
+ *
+ * This function is not thread-safe; do not call it outside the main thread.
+ *
+ * In future versions of Tor, this may return a time does not have its
+ * origin at the Unix epoch.
+ */
+void
+tor_gettimeofday_cached_monotonic(struct timeval *tv)
+{
+  struct timeval last_tv = { 0, 0 };
+
+  tor_gettimeofday_cached(tv);
+  if (timercmp(tv, &last_tv, <)) {
+    memcpy(tv, &last_tv, sizeof(struct timeval));
+  } else {
+    memcpy(&last_tv, tv, sizeof(struct timeval));
+  }
+}
+
diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h
index 56285ef80..3190f1300 100644
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@@ -90,6 +90,7 @@ int tor_add_bufferevent_to_rate_limit_group(struct bufferevent *bev,
 
 void tor_gettimeofday_cached(struct timeval *tv);
 void tor_gettimeofday_cache_clear(void);
+void tor_gettimeofday_cached_monotonic(struct timeval *tv);
 
 #endif
 
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 352e60a97..b16ee6efa 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -632,7 +632,7 @@ buf_add_chunk_with_capacity(buf_t *buf, size_t capacity, int capped)
     chunk = chunk_new_with_alloc_size(preferred_chunk_size(capacity));
   }
 
-  tor_gettimeofday_cached(&now);
+  tor_gettimeofday_cached_monotonic(&now);
   chunk->inserted_time = (uint32_t)tv_to_msec(&now);
 
   if (buf->tail) {
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 45fc95b56..0534e3555 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1551,7 +1551,7 @@ circuits_handle_oom(size_t current_allocation)
     mem_to_recover = current_allocation - mem_target;
   }
 
-  tor_gettimeofday_cached(&now);
+  tor_gettimeofday_cached_monotonic(&now);
   now_ms = (uint32_t)tv_to_msec(&now);
 
   /* This algorithm itself assumes that you've got enough memory slack
diff --git a/src/or/relay.c b/src/or/relay.c
index e6d0f50ac..4cbc8fa47 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1906,7 +1906,7 @@ cell_queue_append_packed_copy(cell_queue_t *queue, const cell_t *cell)
 {
   struct timeval now;
   packed_cell_t *copy = packed_cell_copy(cell);
-  tor_gettimeofday_cached(&now);
+  tor_gettimeofday_cached_monotonic(&now);
   copy->inserted_time = (uint32_t)tv_to_msec(&now);
 
   /* Remember the time when this cell was put in the queue. */
-- 
cgit v1.2.3