[Mod-security-developers] mod_security mis-uses apr_allocator_create
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] mod_security mis-uses apr_allocator_create
|
From: Stefan F. <sf...@sf...> - 2014-08-15 19:28:34
|
Hi, mod_security creates a new apr_allocator for every request which is then destroyed again after the request finishes. This seems to cause bad performance when used with a threaded mpms and apr's --enable-allocator-uses-mmap because it causes lots of mmap() and munmap()s for each request. The allocator-uses-mmap option has been in use by Debian/Ubuntu's apr packages for over three years. More information is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758068 Why does mod_security do this? Why does it create its own per-request pool msr->mp at all? It does not seem to clear or destroy it before the end of request and so there does not seem to be any advantage over using r->pool directly. Cheers, Stefan |
