[QUICK] talloc bugs
idra at samba.org
Fri Jun 26 08:17:33 MDT 2009
On Fri, 2009-06-26 at 15:07 +0100, Sam Liddicott wrote:
> Cc: to specific talloc committers and stakeholders
> We've discussed this at length before, without conclusion, so I'll
> be quick:
> The talloc ideal model is broken due to promoting references to parent
> inside talloc_free.
> The main problem is that if a reference is promoted to owner, it can
> be removed accidentally by talloc_steal. This results in risks of
> dangling references.
> Which particular reference is removed depends on the runtime order of
> references taken/released, but the unpredictability of this is dwarfed
> by possible subsequent memory trampling which can destroy the talloc
> tree. This scenario is quite likely in a program where there are
> loadable modules and hooks, and the outcome could be network timing
> There is/has been other talloc problems but I'd rather bring them up
> later or you can read about them in 
> However, to me, the main evidence of the degree of the problem is VL's
> preference to implement his own reference counting rather than rely on
> talloc. (Apologies to VL for using him to make a point that he himself
> may not actually support).
> We should either:
> 1. get rid of talloc_free and talloc_steal
> (replace with talloc_unref(old_ref) and
> talloc_change_ref(old_ref, new_ref)
> This breaks the API so the sooner we consider it the better.
> 2. stop promoting reference to parent after talloc_free
> This doesn't break the API and causes talloc to follow the
> documentation. I've been running choice 2 in Samba4 for some
> time, by means of a submitted patch which introduces the
> concept of "no owner" which is not enough to prevent an object
> being freed when it's references all go away, but which can
> quite safely be stolen from with talloc_steal.
Simpler method, DON'T mix talloc_steal and talloc_reference usage.
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical