TALLOC: Discussion of destructor processing

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue May 1 13:38:53 MDT 2012

On Mon, Apr 30, 2012 at 01:38:35PM -0400, Stephen Gallagher wrote:
> 1) The results of the destructors for the children are not considered
> when determining whether to report success or failure for the
> talloc_free(). This means that if any part of the hierarchy except the
> top-most context is freed, there will be a memory leak (with probably
> unreachable memory).

Failing destructors is BAD BAD BAD. Sometimes you might not
be able to avoid it, but I try to think very hard about the
destructor failure modes and how to avoid them. The hardest
that I found no reasonable workaround is close() failing.
Another one that is difficult but I think not unsurmountable
is the destructor of a ncacn_np stream that needs to
explicitly send a smb-level close.

> 2) It strikes me as strange that we're calling the destructor before
> we're we're handling the destructors of the children. It's contrary to
> (at least my) expectations about the order that destructors should
> execute. Freeing of memory and execution of destructors should be
> happening from the "bottom-up" of the hierarchy.

I think the way it is right now is exactly right, but that
came after some thinking. A destructor might need to do work
for which it requires functional children. Just imagine the
named pipe destructor that needs a functional smb connection
that is a child. I bet we have cases like that in our code.

With best regards,

Volker Lendecke

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list