init: refactor pconf pool memory allocation handling, part 1

should result in less memory allocation over graceful restarts

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

ChangeLog

@@ -1,3 +1,7 @@
+11/22/2025
+- init: refactor pconf pool memory allocation handling, part 1
+  should result in less memory allocation over graceful restarts
+
 11/19/2025
 - request: set the OIDC_ERROR variables when PAR is configured but not enabled by the Provider
 

src/cache/cache.h

@@ -59,12 +59,12 @@
 #define OIDC_CACHE_KEY_SIZE_MAX 512
 
 typedef void *(*oidc_cache_cfg_create)(apr_pool_t *pool);
-typedef int (*oidc_cache_post_config_function)(server_rec *s);
+typedef int (*oidc_cache_post_config_function)(apr_pool_t *pool, server_rec *s);
 typedef int (*oidc_cache_child_init_function)(apr_pool_t *p, server_rec *s);
 typedef apr_byte_t (*oidc_cache_get_function)(request_rec *r, const char *section, const char *key, char **value);
 typedef apr_byte_t (*oidc_cache_set_function)(request_rec *r, const char *section, const char *key, const char *value,
 					      apr_time_t expiry);
-typedef int (*oidc_cache_destroy_function)(server_rec *s);
+typedef int (*oidc_cache_destroy_function)(apr_pool_t *pool, server_rec *s);
 
 typedef struct oidc_cache_t {
 	const char *name;
@@ -86,7 +86,7 @@ typedef struct oidc_cache_mutex_t {
 
 oidc_cache_mutex_t *oidc_cache_mutex_create(apr_pool_t *pool, apr_byte_t global);
 char *oidc_cache_status2str(apr_pool_t *p, apr_status_t statcode);
-apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m, const char *type);
+apr_byte_t oidc_cache_mutex_post_config(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m, const char *type);
 apr_status_t oidc_cache_mutex_child_init(apr_pool_t *p, server_rec *s, oidc_cache_mutex_t *m);
 apr_byte_t oidc_cache_mutex_lock(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m);
 apr_byte_t oidc_cache_mutex_unlock(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m);

src/cache/common.c

@@ -80,21 +80,22 @@ char *oidc_cache_status2str(apr_pool_t *p, apr_status_t statcode) {
 	return apr_pstrdup(p, buf);
 }
 
-static apr_byte_t oidc_cache_mutex_global_create(server_rec *s, oidc_cache_mutex_t *m, const char *type) {
+static apr_byte_t oidc_cache_mutex_global_create(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m,
+						 const char *type) {
 
 	apr_status_t rv = APR_SUCCESS;
 	const char *dir;
 
 	/* construct the mutex filename */
-	rv = apr_temp_dir_get(&dir, s->process->pool);
+	rv = apr_temp_dir_get(&dir, pool);
 	if (rv != APR_SUCCESS) {
 		oidc_serror(s, "apr_temp_dir_get failed: could not find a temp dir: %s",
-			    oidc_cache_status2str(s->process->pool, rv));
+			    oidc_cache_status2str(pool, rv));
 		return FALSE;
 	}
 
 	m->mutex_filename =
-	    apr_psprintf(s->process->pool, "%s/mod_auth_openidc_%s_mutex.%ld.%pp", dir, type, (long int)getpid(), s);
+	    apr_psprintf(pool, "%s/mod_auth_openidc_%s_mutex.%ld.%pp", dir, type, (long int)getpid(), s);
 
 	/* set the lock type */
 	apr_lockmech_e mech =
@@ -108,11 +109,11 @@ static apr_byte_t oidc_cache_mutex_global_create(server_rec *s, oidc_cache_mutex
 	    ;
 
 	/* create the mutex lock */
-	rv = apr_global_mutex_create(&m->gmutex, (const char *)m->mutex_filename, mech, s->process->pool);
+	rv = apr_global_mutex_create(&m->gmutex, (const char *)m->mutex_filename, mech, pool);
 
 	if (rv != APR_SUCCESS) {
 		oidc_serror(s, "apr_global_mutex_create failed to create mutex (%d) on file %s: %s (%d)", mech,
-			    m->mutex_filename, oidc_cache_status2str(s->process->pool, rv), rv);
+			    m->mutex_filename, oidc_cache_status2str(pool, rv), rv);
 		return FALSE;
 	}
 
@@ -121,7 +122,7 @@ static apr_byte_t oidc_cache_mutex_global_create(server_rec *s, oidc_cache_mutex
 	rv = ap_unixd_set_global_mutex_perms(m->gmutex);
 	if (rv != APR_SUCCESS) {
 		oidc_serror(s, "unixd_set_global_mutex_perms failed; could not set permissions: %s (%d)",
-			    oidc_cache_status2str(s->process->pool, rv), rv);
+			    oidc_cache_status2str(pool, rv), rv);
 		return FALSE;
 	}
 #endif
@@ -131,17 +132,16 @@ static apr_byte_t oidc_cache_mutex_global_create(server_rec *s, oidc_cache_mutex
 	return TRUE;
 }
 
-apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m, const char *type) {
+apr_byte_t oidc_cache_mutex_post_config(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m, const char *type) {
 
 	apr_status_t rv = APR_SUCCESS;
 
 	if (m->is_global)
-		return oidc_cache_mutex_global_create(s, m, type);
+		return oidc_cache_mutex_global_create(s->process->pool, s, m, type);
 
 	rv = apr_thread_mutex_create(&m->tmutex, APR_THREAD_MUTEX_DEFAULT, s->process->pool);
 	if (rv != APR_SUCCESS) {
-		oidc_serror(s, "apr_thread_mutex_create failed: %s (%d)", oidc_cache_status2str(s->process->pool, rv),
-			    rv);
+		oidc_serror(s, "apr_thread_mutex_create failed: %s (%d)", oidc_cache_status2str(pool, rv), rv);
 		return FALSE;
 	}
 
@@ -162,7 +162,7 @@ apr_status_t oidc_cache_mutex_child_init(apr_pool_t *p, server_rec *s, oidc_cach
 	apr_status_t rv = APR_SUCCESS;
 
 	if (m->is_global) {
-		rv = apr_global_mutex_child_init(&m->gmutex, (const char *)m->mutex_filename, p);
+		rv = apr_global_mutex_child_init(&m->gmutex, (const char *)m->mutex_filename, s->process->pool);
 		if (rv != APR_SUCCESS) {
 			oidc_serror(s,
 				    "apr_global_mutex_child_init failed to reopen mutex on "

src/cache/file.c

@@ -63,15 +63,15 @@ typedef struct {
 #define OIDC_CACHE_FILE_PREFIX "mod-auth-openidc-"
 
 /* post config routine */
-int oidc_cache_file_post_config(server_rec *s) {
+int oidc_cache_file_post_config(apr_pool_t *pool, server_rec *s) {
 	apr_status_t rv = APR_SUCCESS;
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 	if (cfg->cache.file_dir == NULL) {
 		/* by default we'll use the OS specified /tmp dir for cache files */
-		rv = apr_temp_dir_get((const char **)&cfg->cache.file_dir, s->process->pool);
+		rv = apr_temp_dir_get((const char **)&cfg->cache.file_dir, pool);
 		if (rv != APR_SUCCESS) {
 			oidc_serror(s, "apr_temp_dir_get failed: could not find a temp dir: %s",
-				    oidc_cache_status2str(s->process->pool, rv));
+				    oidc_cache_status2str(pool, rv));
 			return HTTP_INTERNAL_SERVER_ERROR;
 		}
 	}

src/cache/memcache.c

@@ -69,19 +69,19 @@ static void *oidc_cache_memcache_cfg_create(apr_pool_t *pool) {
 /*
  * initialize the memcache struct to a number of memcache servers
  */
-static int oidc_cache_memcache_post_config(server_rec *s) {
+static int oidc_cache_memcache_post_config(apr_pool_t *pool, server_rec *s) {
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 
 	if (cfg->cache.cfg != NULL)
 		return APR_SUCCESS;
-	oidc_cache_cfg_memcache_t *context = oidc_cache_memcache_cfg_create(s->process->pool);
+	oidc_cache_cfg_memcache_t *context = oidc_cache_memcache_cfg_create(pool);
 	cfg->cache.cfg = context;
 
 	apr_status_t rv = APR_SUCCESS;
 	apr_uint16_t nservers = 0;
 	char *split;
 	char *tok;
-	apr_pool_t *p = s->process->pool;
+	apr_pool_t *p = pool;
 	APR_OPTIONAL_FN_TYPE(http2_get_num_workers) * get_h2_num_workers;
 	int max_threads = 0;
 	int minw = 0;

src/cache/redis.c

@@ -70,8 +70,8 @@ static oidc_cache_cfg_redis_t *oidc_cache_redis_cfg_create(apr_pool_t *pool) {
 	return context;
 }
 
-int oidc_cache_redis_post_config(server_rec *s, oidc_cfg_t *cfg, const char *name) {
-	oidc_cache_cfg_redis_t *context = oidc_cache_redis_cfg_create(s->process->pool);
+int oidc_cache_redis_post_config(apr_pool_t *pool, server_rec *s, oidc_cfg_t *cfg, const char *name) {
+	oidc_cache_cfg_redis_t *context = oidc_cache_redis_cfg_create(pool);
 	cfg->cache.cfg = context;
 
 	/* parse the host:post tuple from the configuration */
@@ -82,10 +82,10 @@ int oidc_cache_redis_post_config(server_rec *s, oidc_cfg_t *cfg, const char *nam
 	}
 
 	if (cfg->cache.redis_username != NULL) {
-		context->username = apr_pstrdup(s->process->pool, cfg->cache.redis_username);
+		context->username = apr_pstrdup(pool, cfg->cache.redis_username);
 	}
 	if (cfg->cache.redis_password != NULL) {
-		context->passwd = apr_pstrdup(s->process->pool, cfg->cache.redis_password);
+		context->passwd = apr_pstrdup(pool, cfg->cache.redis_password);
 	}
 
 	if (oidc_cfg_cache_redis_database_get(cfg) != OIDC_CONFIG_POS_INT_UNSET)
@@ -100,7 +100,7 @@ int oidc_cache_redis_post_config(server_rec *s, oidc_cfg_t *cfg, const char *nam
 	if (oidc_cfg_cache_redis_timeout_get(cfg) != OIDC_CONFIG_POS_INT_UNSET)
 		context->timeout.tv_sec = oidc_cfg_cache_redis_timeout_get(cfg);
 
-	if (oidc_cache_mutex_post_config(s, context->mutex, name) == FALSE)
+	if (oidc_cache_mutex_post_config(pool, s, context->mutex, name) == FALSE)
 		return HTTP_INTERNAL_SERVER_ERROR;
 
 	return OK;
@@ -122,15 +122,15 @@ apr_status_t oidc_cache_redis_disconnect(oidc_cache_cfg_redis_t *context) {
 /*
  * initialize the Redis struct the specified Redis server
  */
-static int oidc_cache_redis_post_config_impl(server_rec *s) {
+static int oidc_cache_redis_post_config_impl(apr_pool_t *pool, server_rec *s) {
 	apr_status_t rv = APR_SUCCESS;
 	oidc_cache_cfg_redis_t *context = NULL;
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 
 	if (cfg->cache.cfg != NULL)
 		return OK;
 
-	if (oidc_cache_redis_post_config(s, cfg, "redis") != OK)
+	if (oidc_cache_redis_post_config(pool, s, cfg, "redis") != OK)
 		return HTTP_INTERNAL_SERVER_ERROR;
 
 	context = (oidc_cache_cfg_redis_t *)cfg->cache.cfg;
@@ -143,8 +143,7 @@ static int oidc_cache_redis_post_config_impl(server_rec *s) {
 	}
 
 	char *scope_id;
-	rv = apr_parse_addr_port(&context->host_str, &scope_id, &context->port, cfg->cache.redis_server,
-				 s->process->pool);
+	rv = apr_parse_addr_port(&context->host_str, &scope_id, &context->port, cfg->cache.redis_server, pool);
 	if (rv != APR_SUCCESS) {
 		oidc_serror(s, "failed to parse cache server: '%s'", cfg->cache.redis_server);
 		return HTTP_INTERNAL_SERVER_ERROR;
@@ -524,14 +523,14 @@ apr_byte_t oidc_cache_redis_set(request_rec *r, const char *section, const char
 	return rv;
 }
 
-static int oidc_cache_redis_destroy_impl(server_rec *s) {
+static int oidc_cache_redis_destroy_impl(apr_pool_t *pool, server_rec *s) {
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 	oidc_cache_cfg_redis_t *context = (oidc_cache_cfg_redis_t *)cfg->cache.cfg;
 
 	if (context != NULL) {
-		oidc_cache_mutex_lock(s->process->pool, s, context->mutex);
+		oidc_cache_mutex_lock(pool, s, context->mutex);
 		context->disconnect(context);
-		oidc_cache_mutex_unlock(s->process->pool, s, context->mutex);
+		oidc_cache_mutex_unlock(pool, s, context->mutex);
 		if (oidc_cache_mutex_destroy(s, context->mutex) != TRUE) {
 			oidc_serror(s, "oidc_cache_mutex_destroy on refresh mutex failed");
 		}

src/cache/redis.h

@@ -72,7 +72,7 @@ typedef struct oidc_cache_cfg_redis_t {
 	oidc_cache_redis_disconnect_function_t disconnect;
 } oidc_cache_cfg_redis_t;
 
-int oidc_cache_redis_post_config(server_rec *s, oidc_cfg_t *cfg, const char *name);
+int oidc_cache_redis_post_config(apr_pool_t *pool, server_rec *s, oidc_cfg_t *cfg, const char *name);
 int oidc_cache_redis_child_init(apr_pool_t *p, server_rec *s);
 redisReply *oidc_cache_redis_command(request_rec *r, oidc_cache_cfg_redis_t *context, char **errstr, const char *format,
 				     va_list ap);

src/cache/shm.c

@@ -85,18 +85,17 @@ static void *oidc_cache_shm_cfg_create(apr_pool_t *pool) {
 /*
  * initialized the shared memory block in the parent process
  */
-int oidc_cache_shm_post_config(server_rec *s) {
+static int oidc_cache_shm_post_config(apr_pool_t *pool, server_rec *s) {
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 
 	if (cfg->cache.cfg != NULL)
 		return OK;
-	oidc_cache_cfg_shm_t *context = oidc_cache_shm_cfg_create(s->process->pconf);
+	oidc_cache_cfg_shm_t *context = oidc_cache_shm_cfg_create(pool);
 	cfg->cache.cfg = context;
 
 	/* create the shared memory segment */
-	apr_status_t rv =
-	    apr_shm_create(&context->shm, (apr_size_t)cfg->cache.shm_entry_size_max * cfg->cache.shm_size_max, NULL,
-			   s->process->pconf);
+	apr_status_t rv = apr_shm_create(
+	    &context->shm, (apr_size_t)cfg->cache.shm_entry_size_max * cfg->cache.shm_size_max, NULL, s->process->pool);
 	if (rv != APR_SUCCESS) {
 		oidc_serror(s, "apr_shm_create failed to create shared memory segment");
 		return HTTP_INTERNAL_SERVER_ERROR;
@@ -109,7 +108,7 @@ int oidc_cache_shm_post_config(server_rec *s) {
 		t->access = 0;
 	}
 
-	if (oidc_cache_mutex_post_config(s, context->mutex, "shm") == FALSE)
+	if (oidc_cache_mutex_post_config(pool, s, context->mutex, "shm") == FALSE)
 		return HTTP_INTERNAL_SERVER_ERROR;
 
 	oidc_sdebug(
@@ -125,7 +124,7 @@ int oidc_cache_shm_post_config(server_rec *s) {
 /*
  * initialize the shared memory segment in a child process
  */
-int oidc_cache_shm_child_init(apr_pool_t *p, server_rec *s) {
+static int oidc_cache_shm_child_init(apr_pool_t *p, server_rec *s) {
 	oidc_cfg_t *cfg = ap_get_module_config(s->module_config, &auth_openidc_module);
 	oidc_cache_cfg_shm_t *context = (oidc_cache_cfg_shm_t *)cfg->cache.cfg;
 
@@ -319,7 +318,7 @@ static apr_byte_t oidc_cache_shm_set(request_rec *r, const char *section, const
 	return TRUE;
 }
 
-static int oidc_cache_shm_destroy(server_rec *s) {
+static int oidc_cache_shm_destroy(apr_pool_t *pool, server_rec *s) {
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 	oidc_cache_cfg_shm_t *context = (oidc_cache_cfg_shm_t *)cfg->cache.cfg;
 	apr_status_t rv = APR_SUCCESS;
@@ -328,11 +327,11 @@ static int oidc_cache_shm_destroy(server_rec *s) {
 		  context ? context->is_parent : -1);
 
 	if (context && (context->is_parent == TRUE) && (context->shm) && (context->mutex)) {
-		oidc_cache_mutex_lock(s->process->pool, s, context->mutex);
+		oidc_cache_mutex_lock(pool, s, context->mutex);
 		rv = apr_shm_destroy(context->shm);
 		oidc_sdebug(s, "apr_shm_destroy returned: %d", rv);
 		context->shm = NULL;
-		oidc_cache_mutex_unlock(s->process->pool, s, context->mutex);
+		oidc_cache_mutex_unlock(pool, s, context->mutex);
 	}
 
 	if (context && (context->mutex)) {