[RFC] Making talloc_reference() safer.
Volker.Lendecke at SerNet.DE
Mon Oct 24 00:54:42 MDT 2011
On Mon, Oct 24, 2011 at 04:41:42PM +1030, Rusty Russell wrote:
> Hi all,
> git://git.samba.org/rusty/samba.git #talloc-reference-check-wip
> I had the fun of re-arguing talloc_reference() safety with
> Tridge last Thursday. We agree that talloc_reference fills a real need,
> but we can make it safer by expanding the checks which differentiate
> normal from refcounted objects.
> Firstly, note that talloc_reference() has several real use cases:
> anywhere that reference counts would normally be used. The patterns
> I've seen are:
> 1) A "cache" of objects, where the cache may evict objects. The cache
> wants to hold a reference, as do the callers, and the object is freed
> if it's evicted from the cache *and* noone else has referenced it.
> 2) A "dealer" of single objects, such as the tdb_wrap code which will
> keeps track of all tdbs and avoids reopening the same tdb by handing
> back a referenced tdb.
> In both cases, talloc_reference() is appropriate, but like any explicit
> reference counting, it's a bug to simply free the object. The usability
> problem is that talloc_reference() greatly hides this bug (though less
> than it used to, now talloc_steal and talloc_free are mainly banned).
> Thus, the following patches:
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical