Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Jan 4 08:34:11 GMT 2000
andrew, it would be _extremely_ good if you could write one of these. the
problem with memory allocation in dce/rpc is this:
make a function call requesting an info level.
[marshall request.. ship it... unmasrhall]
function call locally mallocs memory to service the request.
[marshall response... ship it (large) ... unmarshall].
the unmarshall at the receiving end locally mallocs memory to
provide the request.
how do you free these bits of memory?
NT has NetApiBufferFree() on a per-pipe basis this is implemented to free
up lcocal memory.
remote malloc'd memory is easier to deal with, however local malloc'd
memory is a different matter. the unmarshalling at receiving end code is
responsible for doing the mallocs, so the caller has _no_ idea how to
properly handle frees.
if you can create a talloc(MEMORY_STORE *store, size_t size),and provide
MEMORY_STORE *init_talloc(), free_talloc(MEMORY_STORE *store) as
base-level functions, then i can use it to trash locally-malloced memory
on a per-function call basis, without having to worry about memory leaks
and per-msrpc-function-call specific freeing routines.
On Tue, 4 Jan 2000, Andrew Tridgell wrote:
> We have a bit of a problem with memory allocation in Samba. It is best
> shown by the following tcpdump capture that I just got:
> 18:51:46.249115 192.168.114.1.3697 > 192.168.114.255.netbios-ns:
> >>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> Name=/USR/LOCAL/SAMB NameType=0x1C (Unknown)
> notice the name? That comes from our domain client code in
> password.c. There is a call like this:
> if (!get_dc_list(lp_workgroup(), &ip_list, &count))
> return False;
> the lp_workgroup() call grabs a static string from a ring buffer of 10
> strings (see lp_string() in param/loadparm.c). This is done to prevent
> all the mess of alloc/free calls every time we use a lp_*() string
> function, but the technique is coming back to bite us. What happens in
> this case is there are more than 10 lp_*() string calls deep inside
> that get_dc_list() call and that results in the lp_workgroup() string
> getting overwritten, so we end up sending the name query to the
> lp_lockdir() string!
> the real problem is the lack of a good temporary memory allocater/free
> system in Samba. We can't use alloca() as it ain't portable enough.
> before i build a new memory allocation (pool) system for Samba, can
> someone point me at a good one? Note that I'm not interested in just a
> malloc library, those are trivial to write and don't meet our needs
> anyway. What we need is something that allows us to allocate temporary
> memory and free it in one fell swoop in the main event loop. I can
> probably write one in a day or so, but if there is a good one out
> there then please point it out so I can save some time.
> of course, the simple fix is ot up the number of static strings, but
> for Samba 3.0 I'm trying to fix the really fundamental design flaws,
> not exacerbate them :)
> Cheers, Tridge
More information about the samba-technical