[RFC] Making talloc_reference() safer.

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Oct 24 00:54:42 MDT 2011

On Mon, Oct 24, 2011 at 04:41:42PM +1030, Rusty Russell wrote:
> Hi all,
>         git://git.samba.org/rusty/samba.git #talloc-reference-check-wip
>         I had the fun of re-arguing talloc_reference() safety with
> Tridge last Thursday.  We agree that talloc_reference fills a real need,
> but we can make it safer by expanding the checks which differentiate
> normal from refcounted objects.
> Firstly, note that talloc_reference() has several real use cases:
> anywhere that reference counts would normally be used.  The patterns
> I've seen are:
> 1) A "cache" of objects, where the cache may evict objects.  The cache
>    wants to hold a reference, as do the callers, and the object is freed
>    if it's evicted from the cache *and* noone else has referenced it.
> 2) A "dealer" of single objects, such as the tdb_wrap code which will
>    keeps track of all tdbs and avoids reopening the same tdb by handing
>    back a referenced tdb.
> In both cases, talloc_reference() is appropriate, but like any explicit
> reference counting, it's a bug to simply free the object.  The usability
> problem is that talloc_reference() greatly hides this bug (though less
> than it used to, now talloc_steal and talloc_free are mainly banned).
> Thus, the following patches:



SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen

More information about the samba-technical mailing list