commit 3cf78706400715cf41ae53bd29c1234ce62b1aeb
parent 7cfe3b29722983fa58dca691ad64394304946f70
Author: David Goulet <dgoulet@torproject.org>
Date: Thu, 6 Nov 2025 13:29:18 -0500
conflux: Never launch new legs under memory pressure
We can end up in a feedback loop of creating a new leg, getting it closed by
the OOM, creating a new leg again, and so on ...
Under memory pressure, we let the OOM do its thing and even with a grace period
after that to make sure things stabilize again.
Related to #41155
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/core/or/conflux_pool.c b/src/core/or/conflux_pool.c
@@ -1489,8 +1489,11 @@ unlinked_circuit_closed(circuit_t *circ)
/* If no more legs, opportunistically free the unlinked set. */
if (smartlist_len(unlinked->legs) == 0) {
unlinked_pool_del_and_free(unlinked, is_client);
- } else if (!shutting_down) {
- /* Launch a new leg for this set to recover. */
+ } else if (!shutting_down && !have_been_under_memory_pressure()) {
+ /* Launch a new leg for this set to recover if we are not shutting down or
+ * if we are not under memory pressure. We must not launch legs under
+ * memory pressure else it can just create a feedback loop of being closed
+ * by the OOM handler and relaunching, rinse and repeat. */
if (CIRCUIT_IS_ORIGIN(circ)) {
conflux_launch_leg(nonce);
}
