upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Andrew Gallatin bf2a85f4e3 Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues 
When ip_output_send() returns EAGAIN due to issues with send tags (route
change, lagg failover, etc), it must free the mbuf. This is because
ip_output_send() was written as a wrapper/replacement for a direct
call to  if_output(), and the contract with if_output() has
historically been that it owns the mbufs once called. When
ip_output_send() failed to free mbufs, it violated this assumption
and lead to leaked mbufs.

This was noticed when using NIC TLS in combination with hardware
rate-limited connections. When seeing lots of NIC output drops
triggered ratelimit send tag changes, we noticed we were leaking
ktls_sessions, send tags and mbufs. This was due ip_output_send()
leaking mbufs which held references to ktls_sessions, which in
turn held references to send tags.

Many thanks to jbh, rrs, hselasky and markj for their help in
debugging this.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34054
Reviewed by: hselasky, jhb, rrs
MFC after: 2 weeks

(cherry picked from commit 9ba117960e)
2022-02-10 15:39:22 -05:00
..
amd64 amd64: micro-optimize vptopte()/vtopde() further 2022-02-09 02:42:44 +02:00
arm tegra: Fix a common typo in source code comments 2022-02-09 07:20:05 +01:00
arm64 tegra: Fix a common typo in source code comments 2022-02-09 07:20:05 +01:00
bsm Add aio_writev and aio_readv 2021-01-02 19:57:58 -07:00
cam cam: don't lock while handling an AC_UNIT_ATTENTION 2022-02-10 10:43:18 -09:00
cddl sys/cddl: remove extraneous semicolons 2022-02-08 15:04:31 -05:00
compat Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
conf mlx5: Implement flow steering helper functions for TCP sockets. 2022-02-08 16:08:53 +01:00
contrib zfs: Remove zfs-images submodule 2022-02-09 12:39:50 -05:00
crypto Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
ddb ddb: reliably fail with ambiguous commands 2021-07-02 14:13:24 -07:00
dev rtwn(4): Add new USB ID. 2022-02-10 16:11:07 +01:00
dts add overlay for enabling i2c1 on allwinner h3 2022-02-09 11:35:59 +02:00
fs nfsclient: Delete unused function nfscl_getcookie() 2022-02-09 19:39:00 -08:00
gdb gdb(4): Do not use run length encoding for 3-symbol repetitions 2022-02-04 20:58:34 -05:00
geom shsec: Allocate data blocks only for BIO_READ/WRITE requests 2022-02-10 08:46:12 -05:00
gnu Remove the old dts imported tree. 2021-01-15 20:09:55 +01:00
i386 Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
isa Remove more remnants of sio(4) 2021-04-14 09:19:49 -04:00
kern execve: disallow argc == 0 2022-02-10 14:21:59 -06:00
kgssapi State kgssapi dependency on xdr. 2020-09-17 22:29:38 +00:00
libkern Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
mips Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
modules add overlay for enabling i2c1 on allwinner h3 2022-02-09 11:35:59 +02:00
net pflog: align header to 4 bytes, not 8 2022-02-09 10:40:58 +01:00
net80211 Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
netgraph Add ETHER_ALIGN support to ng_device(4). 2022-01-14 14:28:43 +01:00
netinet Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues 2022-02-10 15:39:22 -05:00
netinet6 Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues 2022-02-10 15:39:22 -05:00
netipsec syncache: accept packet with no SA when TCP_MD5SIG is set 2022-02-10 10:31:33 -09:00
netpfil pf: Initialize pf_kpool mutexes earlier 2022-02-07 09:10:16 -05:00
netsmb netsmb: Avoid a read-after-free in smb_t2_request_int() 2021-06-02 09:34:47 -04:00
nfs nfs: don't truncate directory cookies to 32-bits in the NFS server 2022-01-02 20:09:15 -07:00
nfsclient
nfsserver nfs: Mark unused statistics variable as reserved 2020-11-18 04:35:49 +00:00
nlm nlm: clean up empty lines in .c and .h files 2020-09-01 22:14:52 +00:00
ofed socket: Rename sb(un)lock() and interlock with listen(2) 2021-10-07 09:56:47 -04:00
opencrypto Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
powerpc sysent: Add a sv_psstringssz field to struct sysentvec 2022-01-31 09:48:11 -05:00
riscv Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
rpc rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values 2021-12-29 17:23:30 -08:00
security Thread creation privilege for realtime group 2021-12-19 04:42:52 +02:00
sys mbuf(9): Assert receive mbufs don't carry a send tag. 2022-02-10 16:11:22 +01:00
teken loader: implement framebuffer console 2021-01-02 21:41:36 +02:00
tests routing: add IPv6 fib validation procedure. 2021-09-07 21:02:58 +00:00
tools Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
ufs ufs, msdosfs: do not record witness order when creating vnode 2022-02-07 11:38:50 +02:00
vm Revert "vm_pageout_scans: correct detection of active object" 2022-02-10 16:56:15 +02:00
x86 Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
xdr xdr: clean up empty lines in .c and .h files 2020-09-01 22:13:28 +00:00
xen xen(4): Fix a common typo in a source code comments 2022-02-09 07:20:31 +01:00
Makefile