[avalanche] Fix a data race where updating availability scores can coincide with initialization of the state container
AbandonedPublic
Actions

Authored by sdulfari on Oct 20 2022, 20:04.

Details

Reviewers

Group Reviewers

Restricted Project

Summary

There is a data race where UpdateAvalancheStatistics() may be called while
receiving an AVAHELLO message, where m_avalanche_state is initialized.
A similar race exists if addavalanchenode is called during
UpdateAvalancheStatistics().

This patch fixes the race and also fixes the design flaw that enabled it. The
design flaw resulted in:

No lock around the m_avalanche_state structure since it resided within the structure itself.
Initialization of m_avalanche_state on receipt of AVAHELLO instead of first use (attempt to poll the peer for the first time), resulting in unused memory initialized for poll-only peers.
Unclear intent of m_avalanche_state since it was also used to determine whether a peer had avalanche enabled.

With this patch, the intent is now more clear and the state is only initialized
for peers where it will be used.

Depends on D12325

Test Plan

ninja check check-functional

Diff Detail

Repository

rABC Bitcoin ABC

Branch

ava-state-data-race

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 20656
Build 40976: Build Diff	build-without-wallet · build-debug · lint-circular-dependencies · build-diff · build-clang-tidy · build-clang
Build 40975: arc lint + arc unit

Event Timeline

sdulfari created this revision.Oct 20 2022, 20:04

Herald added a reviewer: Restricted Project. · View Herald TranscriptOct 20 2022, 20:04

sdulfari requested review of this revision.Oct 20 2022, 20:04

sdulfari edited the summary of this revision. (Show Details)Oct 20 2022, 20:04

sdulfari added a parent revision: D12325: [avalanche] Record peers that have avalanche enabled.

Harbormaster completed remote builds in B20656: Diff 35903.Oct 20 2022, 20:16

I think a better approach is to remove the state altogether, or make it a POD.

keep the cs_statistics with a nice comment explaining how it's used only for logical block locks over several variables
update GetAvalailabilityScore() to return 0 if m_avalanche_enabled is false (or use an optional, but not sure it's better in this case)

This was not possible before and will greatly simplify the code.