[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #28669 [Core Tor/Tor]: Bug: ../src/feature/hs/hs_client.c:280: retry_all_socks_conn_waiting_for_desc

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #28669 [Core Tor/Tor]: Bug: ../src/feature/hs/hs_client.c:280: retry_all_socks_conn_waiting_for_desc
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 30 Nov 2018 14:34:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Nov 2018 09:34:51 -0500
In-reply-to: <051.221d63cbcee37e4f9a742d41a5d89964@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.221d63cbcee37e4f9a742d41a5d89964@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28669: Bug: ../src/feature/hs/hs_client.c:280:
retry_all_socks_conn_waiting_for_desc
--------------------------+------------------------------------
 Reporter:  traumschule   |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by dgoulet):

 I've stated that theory in part in #27410 but now I do think this is a
 code path creating this issue:

 1. Tor gets a descriptor and tries to connect to it but intro points all
 fail so the descriptor ends up unusable that is
 `hs_client_any_intro_points_usable()` returns false.

 2. A SOCKS request is made to the .onion and because the intro points
 aren't usuable, a refetch is triggered, see `connection_ap_handle_onion()`
 which put the connection in `AP_CONN_STATE_RENDDESC_WAIT`

 3. While (2) is happening, computer goes in suspend mode for more than 30
 minutes.

 4. When waking up, the `rend_cache_failure_clean()` callback is triggered
 which makes all the intro point usable all the sudden.

 5. Everything is stalled until we get a live consensus which, when it
 arrives, the HS subsystem is informed with `hs_client_dir_info_changed()`
 that calls `retry_all_socks_conn_waiting_for_desc()` (from the stacktrace
 we have in the ticket).

 6. And boom, for `hs_client_refetch_hsdesc()` to return
 `HS_CLIENT_FETCH_HAVE_DESC`, we need a descriptor in the cache with usable
 intro points. We have that because (4) made the intro points usable and
 the descriptor from (1) is still in the cache. The BUG() is hit because we
 still have that pending SOCKS connection that is waiting for its
 descriptor from (2).

 The solution is that for this particular condition where we do have a
 descriptor in our cache but we have a connection waiting for a descriptor,
 instead of BUG(), we need to mark it as "pending for a circuit" like we do
 in `hs_client_desc_has_arrived()` which will trigger the connection to be
 attached to a circuit and thus the HS dance to start.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28669#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #28669 [Core Tor/Tor]: Bug: ../src/feature/hs/hs_client.c:280: retry_all_socks_conn_waiting_for_desc
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #28350 [Internal Services]: Request for a Tor Circuit site which appears to be in the USA
Next by Author: Re: [tor-bugs] #27443 [Applications/Tor Browser]: Update Firefox RBM config and build for Android
Previous by thread: Re: [tor-bugs] #28669 [Core Tor/Tor]: Bug: ../src/feature/hs/hs_client.c:280: retry_all_socks_conn_waiting_for_desc
Next by thread: Re: [tor-bugs] #25164 [Applications/Tor Browser]: Reproducible Tor Browser for Android builds
Index(es):
- Author
- Thread