[PATCH] talloc_free_for_exit() and targeted write protection for talloc destructor

Uri Simchoni uri at samba.org
Tue Nov 29 05:29:52 UTC 2016

On 11/28/2016 08:13 PM, Andrew Bartlett wrote:
> In a hope of getting more attention and being more transparent, here is
> the talloc changes I included in my previous patch set.
> As background, I want to make our LDAP server multi-process, and
> running a connect()/bind()/close() loop against the LDAP server showed
> a significant cost in talloc_free(ev) and talloc_autofree() just before
> exit.
> This made me think about a way to make Samba 'forget' to call free() or
> inspect talloc children that did not have a destructor to fire. 
If I understand correctly, enabling talloc leak reporting reverts to
"old" behavior. This should be emphasized in the release notes, because
it affects how you run an application with a mem checker (e.g. valgrind).


> It also has very useful security implications, as if we don't
> universally call the destructor, then a targeted overwrite of a
> destructor is not nearly as useful.  This follows on from my magic
> hardening work. 
> The cost is that talloc_steal(), the implicit talloc_steal() when a
> reference becomes a parent and talloc_add_destructor() become O(log(n))
> or so, not O(1) as they were. 
> Please carefully examine.  I'll also see if I can squeeze some more
> performance out of it, eg dropping patch 33, as every single branch in
> talloc has quite a cost.
> Thanks,
> Andrew Bartlett

More information about the samba-technical mailing list