Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues
ClosedPublic
Actions

Authored by gallatin on Jan 26 2022, 9:19 PM.

Details

Reviewers

jhb
rrs
• hselasky
ae

Commits

rGbf2a85f4e304: Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues
rG9ba117960e17: Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues

Summary

When ip_output_send() returns EAGAIN due to issues with send tags (route change, lagg failover, etc), it must free the mbuf. This is because ip_output_send() was written as a replacement for a direct call to if_output(), and the contract with if_output() has historically been that it owns the mbufs once called. When ip_output_send() failed to free mbufs, it violated this assumption and lead to leaked mbufs.

This was noticed when using NIC TLS in combination with hardware rate-limited connections. When seeing lots of NIC output drops triggered ratelimit send tag changes, we noticed we were leaking tls_sessions, send tags and mbufs. This was due ip_output_send() leaking mbufs which held references to ktls_sessions, which in turn held references to send tags.

Many thanks to @jhb @rrs @hselasky and @markj for helping to debug this at various stages