From c6ac29bcc49cd3c3934706d7440651d24df31661 Mon Sep 17 00:00:00 2001 From: James Tucker Date: Thu, 7 Apr 2022 17:21:45 -0700 Subject: [PATCH] wgengine/netstack: disable refsvfs2 leak tracking (#4378) In addition an envknob (TS_DEBUG_NETSTACK_LEAK_MODE) now provides access to set leak tracking to more useful values. Fixes #4309 Signed-off-by: James Tucker --- cmd/tailscaled/depaware.txt | 2 +- wgengine/netstack/netstack.go | 16 ++++++++++++++++ wgengine/netstack/netstack_test.go | 10 ++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index 04710e868..52d2d591b 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -130,7 +130,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de gvisor.dev/gvisor/pkg/linewriter from gvisor.dev/gvisor/pkg/log gvisor.dev/gvisor/pkg/log from gvisor.dev/gvisor/pkg/context+ gvisor.dev/gvisor/pkg/rand from gvisor.dev/gvisor/pkg/tcpip/network/hash+ - gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/refsvfs2 + gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/refsvfs2+ gvisor.dev/gvisor/pkg/refsvfs2 from gvisor.dev/gvisor/pkg/tcpip/stack 💣 gvisor.dev/gvisor/pkg/sleep from gvisor.dev/gvisor/pkg/tcpip/transport/tcp 💣 gvisor.dev/gvisor/pkg/state from gvisor.dev/gvisor/pkg/atomicbitops+ diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go index 4a92d98dc..9d2bd59e9 100644 --- a/wgengine/netstack/netstack.go +++ b/wgengine/netstack/netstack.go @@ -21,6 +21,7 @@ import ( "sync/atomic" "time" + "gvisor.dev/gvisor/pkg/refs" "gvisor.dev/gvisor/pkg/tcpip" "gvisor.dev/gvisor/pkg/tcpip/adapters/gonet" "gvisor.dev/gvisor/pkg/tcpip/buffer" @@ -54,6 +55,21 @@ const debugPackets = false var debugNetstack = envknob.Bool("TS_DEBUG_NETSTACK") +func init() { + var debugNetstackLeakMode = envknob.String("TS_DEBUG_NETSTACK_LEAK_MODE") + // Note: netstacks refsvfs2 package that will eventually replace refs + // consumes the refs.LeakMode setting, but enables some checks when set to + // UninitializedLeakChecking which is what empty string becomes. This mode + // is largely un-useful, so it is explicitly disabled here, and more useful + // modes can be set via the envknob. See #4309 for more references. + if debugNetstackLeakMode == "" { + debugNetstackLeakMode = "disabled" + } + var lm refs.LeakMode + lm.Set(debugNetstackLeakMode) + refs.SetLeakMode(lm) +} + // Impl contains the state for the netstack implementation, // and implements wgengine.FakeImpl to act as a userspace network // stack when Tailscale is running in fake mode. diff --git a/wgengine/netstack/netstack_test.go b/wgengine/netstack/netstack_test.go index c1a9594de..a21d832c6 100644 --- a/wgengine/netstack/netstack_test.go +++ b/wgengine/netstack/netstack_test.go @@ -8,6 +8,7 @@ import ( "runtime" "testing" + "gvisor.dev/gvisor/pkg/refs" "inet.af/netaddr" "tailscale.com/net/packet" "tailscale.com/net/tsdial" @@ -74,3 +75,12 @@ func getMemStats() (ms runtime.MemStats) { runtime.ReadMemStats(&ms) return } + +func TestNetstackLeakMode(t *testing.T) { + // See the comments in init(), and/or in issue #4309. + // Influenced by an envknob that may be useful in tests, so just check that + // it's not the oddly behaving zero value. + if refs.GetLeakMode() == 0 { + t.Fatalf("refs.leakMode is 0, want a non-zero value") + } +}