commit a0aa6d969c4c86971ac65bacb89749a9ce15a105
parent 38d2ec897014739af16b93f127f578c0d2ba6bf8
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 7 May 2025 21:19:40 -0400
Compute total_ooo_q_bytes correctly.
Closes #41071; bug not in any released Tor.
Diffstat:
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/core/or/conflux.c b/src/core/or/conflux.c
@@ -35,7 +35,9 @@ static inline uint64_t cwnd_sendable(const circuit_t *on_circ,
uint64_t in_usec, uint64_t our_usec);
/* Track the total number of bytes used by all ooo_q so it can be used by the
- * OOM handler to assess. */
+ * OOM handler to assess.
+ *
+ * When adding or subtracting to this value, use conflux_msg_alloc_cost(). */
static uint64_t total_ooo_q_bytes = 0;
/**
@@ -823,6 +825,15 @@ conflux_process_switch_command(circuit_t *in_circ,
}
/**
+ * Return the total number of required allocated to store `msg`.
+ */
+static inline size_t
+conflux_msg_alloc_cost(conflux_msg_t *msg)
+{
+ return msg->msg->length + sizeof(conflux_msg_t) + sizeof(relay_msg_t);
+}
+
+/**
* Process an incoming relay cell for conflux. Called from
* connection_edge_process_relay_cell().
*
@@ -879,7 +890,8 @@ conflux_process_relay_msg(conflux_t *cfx, circuit_t *in_circ,
smartlist_pqueue_add(cfx->ooo_q, conflux_queue_cmp,
offsetof(conflux_msg_t, heap_idx), c_msg);
- total_ooo_q_bytes += sizeof(msg->length);
+
+ total_ooo_q_bytes += conflux_msg_alloc_cost(c_msg);
/* This cell should not be processed yet, and the queue is not ready
* to process because the next absolute seqnum has not yet arrived */
@@ -907,7 +919,7 @@ conflux_dequeue_relay_msg(conflux_t *cfx)
if (top->seq == cfx->last_seq_delivered+1) {
smartlist_pqueue_pop(cfx->ooo_q, conflux_queue_cmp,
offsetof(conflux_msg_t, heap_idx));
- total_ooo_q_bytes -= sizeof(top->msg->length);
+ total_ooo_q_bytes -= conflux_msg_alloc_cost(top);
cfx->last_seq_delivered++;
return top;
} else {
