New talloc feature: memlimits

idra at idra at
Sun Sep 23 00:10:18 MDT 2012

Hello list,

during the recent SDC Conference we had the Samba4 LDAP server hammered by
the Codenomicon guys. A few bugs were found where we ended up allocating huge
amounts of memory.

These bugs will need fixing, but the situation reminded me that we still have
little or no control on what users can do over ldap. In particular we have no
good way to limit resources, and it is relatively easy to DoS the LDAP server
by making it allocate huge amounts of memory.

So I had the idea of limiting memory allocation to arbitrarily settable sizes
based on talloc contextes.

Attached you can find an initial implementation of this feature with basic

By using talloc_set_memlimit() on a context we can decide the maximum amount
of memory that can be used by any alloction on that context or any of its
children. Attempting to allocate more memory than allowed results in a failed
Stealing memory under a memlimited hierarchy does not fail even if the new
total use exceed the limit, but any further allocation on the context will
fail. This means we'll need to be careful on how we create temporary contexts
and then steal data.

Memory limits can nest and any allocation will reflect in the parents memory
limits as well. This allows for a context to have larger limits and then
have individual smaller limits for childrens down the hierarchy.

Well, enough said, if there are any objections on committin gthis change please
speak up, otherwise I will push by the end of the week.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-memory-limiting-capability-to-talloc.patch
Type: text/x-diff
Size: 8587 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Add-tests-for-talloc_memlimit.patch
Type: text/x-diff
Size: 2129 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list