Subject: Re: kauth_cred design needs work
To: Elad Efrat <elad@NetBSD.org>
From: Darren Reed <darrenr@NetBSD.org>
Date: 03/22/2006 13:46:48
On Tue, Mar 21, 2006 at 08:22:55PM +0200, Elad Efrat wrote:
> YAMAMOTO Takashi wrote:
> > why you don't want to use kauth_cred_free? micro optimization?
> Actually, no, I just want to provide the ability to a function
> to do whatever it wants with a kauth_cred_t and then just free it.
> If we'll see this is something that isn't used a lot (or at all)
> we can always remove it from the interface.
Even if it is used, its use is wrong and will lead to bugs.
If you have the mind that "it is mine, so I do with it what I want
then destroy when I am done", if you call another function and pass
it through, if it calls kauth_cred_hold(), you're no longer allowed
to call _destroy(). Rather than complicate the calling code to deal
with both situations, it should always just call kauth_cred_free().
If there is something that kauth_cred_destroy() will do differently
to what calling kauth_cred_free() would do, in the exact same code,
then there are bugs in the code.
The only function that should call kauth_cred_destroy() is
kauth_cred_free(). Nothing else.