talloc: talloc_set_memlimit causes all reallocs to fail when used on pools. talloc_set_memlimit not enforced correctly on pools.

[Jeremy Allison]

On Fri, Oct 16, 2020 at 02:51:39PM -0500, Arran Cudbard-Bell via samba-technical wrote:
> > On Oct 16, 2020, at 2:44 PM, Jeremy Allison <jra at samba.org> wrote:
> > 
> > OK, looking at this more closely, I think this is
> > a fundemental misunderstanding of what a talloc_pool
> > is.
> > 
> > A talloc_pool() is pre-allocated memory, that can
> > then be further divided without having to call
> > into malloc.
> 
> Yes, we use them for slab allocation and for creating
> read only regions of memory with mprotect.  We have a
> special wrapper that ensures the first child allocated in the pool is page aligned.
> 
> When we do this, we don't want to allow allocations to
> occur outside of the pool so set a memlimit on the pool.
> I know this is a really weird use case, but it's ended up being quite a useful debugging tool.

To do that, allocate the pool as a child of
a talloc pointer, then set the memlimit on
the parent pointer to be the size of the
allocated pool.

What you're asking for is a feature enhancement,
not a bug-fix I think.

> > It's ALREADY allocated memory, so setting a memlimit size
> > smaller than the pool size makes no sense - once you've
> > done that all allocations should fail.
> 
> In addition to preventing allocations outside of the pool,
> It would still be useful to be able to apply limits to pools
> so that a pool passed into a function cannot be entirely
> consumed by allocations by that function. i.e. if you want to reserve some space in the pool.

Again, that's a feature enhancement - you want a
sub-pool allocator limit.