[PATCH] talloc_free_for_exit() and targeted write protection for talloc destructor
Uri Simchoni
uri at samba.org
Tue Nov 29 05:29:52 UTC 2016
On 11/28/2016 08:13 PM, Andrew Bartlett wrote:
> In a hope of getting more attention and being more transparent, here is
> the talloc changes I included in my previous patch set.
>
> As background, I want to make our LDAP server multi-process, and
> running a connect()/bind()/close() loop against the LDAP server showed
> a significant cost in talloc_free(ev) and talloc_autofree() just before
> exit.
>
> This made me think about a way to make Samba 'forget' to call free() or
> inspect talloc children that did not have a destructor to fire.
>
If I understand correctly, enabling talloc leak reporting reverts to
"old" behavior. This should be emphasized in the release notes, because
it affects how you run an application with a mem checker (e.g. valgrind).
Thanks,
Uri.
> It also has very useful security implications, as if we don't
> universally call the destructor, then a targeted overwrite of a
> destructor is not nearly as useful. This follows on from my magic
> hardening work.
>
> The cost is that talloc_steal(), the implicit talloc_steal() when a
> reference becomes a parent and talloc_add_destructor() become O(log(n))
> or so, not O(1) as they were.
>
> Please carefully examine. I'll also see if I can squeeze some more
> performance out of it, eg dropping patch 33, as every single branch in
> talloc has quite a cost.
>
> Thanks,
>
> Andrew Bartlett
>
More information about the samba-technical
mailing list