Try making all memory pool and freelist code off by default, or clear-on-alloc

changed milestone to %Tor: 0.2.5.x-final

added 025-triaged component::core tor/tor milestone::Tor: 0.2.5.x-final owner::andrea priority::medium resolution::implemented security status::closed tor-relay type::defect labels

Trac:
Keywords: tor-relay security 024-backport deleted, 024-backport, security, tor-relay, 025-triaged added

Just merged Andrea's "bug11476" branch to 0.2.5.x to fix #11623 (moved). As it stood, it only implemented #11623 (moved) (fixing --disable-buf-freelists), but that's a good start.

Current plan on these is to investigate the bug, try to finish writing the patch on each, and then evaluate whether the patch is 0.2.5 or 0.2.6 material in terms of simplicity and importance.

Trac:
Status: new to assigned
Owner: N/A to andrea

Trac:
Keywords: 024-backport deleted, N/A added

Query: should I also consider adding a configure toggle for memarea.c/memarea.h in this?

Hmm, I guess not, since we rely on memarea_drop_all() to free a bunch of stuff at once in routerparse.c and it'd be a huge refactor not to.

See my completed bug11476 branch; this works well as a relay and client in testing and seems valgrind-clean. We should still do performance comparisons, though.

Trac:
Status: assigned to needs_review

Suggestion:

Rather than scattering ENABLE_MEMPOOLS items through our code, why not instead make the code in mempool.h just wrap malloc_zero() and free() when we're running in with mempools disabled? That way, the rest of the code stays pretty.

Trac:
Status: needs_review to needs_revision

Replying to nickm:

Suggestion:

Rather than scattering ENABLE_MEMPOOLS items through our code, why not instead make the code in mempool.h just wrap malloc_zero() and free() when we're running in with mempools disabled? That way, the rest of the code stays pretty.

Okay, will do.

Replying to nickm:

Suggestion:

Rather than scattering ENABLE_MEMPOOLS items through our code, why not instead make the code in mempool.h just wrap malloc_zero() and free() when we're running in with mempools disabled? That way, the rest of the code stays pretty.

...actually, because mp_pool_get() takes a cell pool as an argument, so I'd also have to leave 'static mp_pool_t *cell_pool = NULL;' in relay.c outside the #ifdef if I were keeping the call to mp_pool_get() but making it wrap tor_malloc_zero().

Counter-suggestion: replace mp_pool_get() calls in relay.c with relay_alloc_cell() or something like that, which is #defined to either mp_pool_get(cell_pool) or tor_malloc_zero() as appropriate?

because mp_pool_get() takes a cell pool as an argument, so I'd also have to leave 'static mp_pool_t *cell_pool = NULL;' in relay.c outside the #ifdef if I were keeping the call to mp_pool_get() but making it wrap tor_malloc_zero().

That's not so bad IMO; you'd just need to have mp_pool_t be semantically "This is a memory pool if ENABLE_MEMPOOLS is set; this is a placeholder object if it isn't."

Counter-suggestion: replace mp_pool_get() calls in relay.c with relay_alloc_cell() or something like that, which is #defined to either mp_pool_get(cell_pool) or tor_malloc_zero() as appropriate?

I think that approach is okay too. The thing I don't want to have happen is multiple instances of

#ifdef ENABLE_MEMPOOLS
  foo();
#else
  bar();
#endif

scattered throughout the codebase. That's a recipe for hard-to-maintain code IMO. Ideally, when there's an ENABLE_foo, its effects should be isolated by a function abstraction at some level, though IMO the exact level is not super critical.

Replying to nickm:

because mp_pool_get() takes a cell pool as an argument, so I'd also have to leave 'static mp_pool_t *cell_pool = NULL;' in relay.c outside the #ifdef if I were keeping the call to mp_pool_get() but making it wrap tor_malloc_zero().

That's not so bad IMO; you'd just need to have mp_pool_t be semantically "This is a memory pool if ENABLE_MEMPOOLS is set; this is a placeholder object if it isn't."

Counter-suggestion: replace mp_pool_get() calls in relay.c with relay_alloc_cell() or something like that, which is #defined to either mp_pool_get(cell_pool) or tor_malloc_zero() as appropriate?

I think that approach is okay too. The thing I don't want to have happen is multiple instances of

{{{ #ifdef ENABLE_MEMPOOLS foo(); #else bar(); #endif }}}

scattered throughout the codebase. That's a recipe for hard-to-maintain code IMO. Ideally, when there's an ENABLE_foo, its effects should be isolated by a function abstraction at some level, though IMO the exact level is not super critical.

Okay, fine by me.

Replying to nickm:

because mp_pool_get() takes a cell pool as an argument, so I'd also have to leave 'static mp_pool_t *cell_pool = NULL;' in relay.c outside the #ifdef if I were keeping the call to mp_pool_get() but making it wrap tor_malloc_zero().

That's not so bad IMO; you'd just need to have mp_pool_t be semantically "This is a memory pool if ENABLE_MEMPOOLS is set; this is a placeholder object if it isn't."

Counter-suggestion: replace mp_pool_get() calls in relay.c with relay_alloc_cell() or something like that, which is #defined to either mp_pool_get(cell_pool) or tor_malloc_zero() as appropriate?

I think that approach is okay too. The thing I don't want to have happen is multiple instances of

{{{ #ifdef ENABLE_MEMPOOLS foo(); #else bar(); #endif }}}

scattered throughout the codebase. That's a recipe for hard-to-maintain code IMO. Ideally, when there's an ENABLE_foo, its effects should be isolated by a function abstraction at some level, though IMO the exact level is not super critical.

Updated branch eliminates the #ifdefs around the alloc/free stuff in relay.c How do you feel about the init_cell_pool()/cleanup_cell_pool() calls in main.c and circuitlist.c?

Trac:
Status: needs_revision to needs_review

Okay; this looks better, and doesn't cause any craziness from coverity or clang-scan. Merged to master.

Trac:
Resolution: N/A to implemented
Status: needs_review to closed

closed

mentioned in issue #11477 (moved)

Try making all memory pool and freelist code off by default, or clear-on-alloc

Child items 0

Activity