git: 5b789e0c92a7 - releng/13.0 - pf: Initialize the table entry zone limit at initialization time
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Apr 2022 03:04:11 UTC
The branch releng/13.0 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=5b789e0c92a7c363b36111b1f75519f2acd21f97
commit 5b789e0c92a7c363b36111b1f75519f2acd21f97
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-04-05 23:26:02 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-05 23:26:02 +0000
pf: Initialize the table entry zone limit at initialization time
The limit may later be updated by the "set limit" directive in pf.conf.
UMA does not permit a limit to be set on a zone after any items have
been allocated from a zone.
Other UMA zones used by pf do not appear to be susceptible to this
problem: they either set a limit at zone creation time or never set one
at all.
PR: 260406
Reviewed by: kp
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7d1ab866911a2b29e041d64bc83a93638533f957)
(cherry picked from commit 1487f84223ce1341ebdfc87e50fbcddedc6d1de8)
Approved by: so
Security: FreeBSD-EN-22:15.pf
---
sys/netpfil/pf/pf_table.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c
index af2f614c9e8c..6d81f57096be 100644
--- a/sys/netpfil/pf/pf_table.c
+++ b/sys/netpfil/pf/pf_table.c
@@ -209,6 +209,7 @@ pfr_initialize(void)
V_pfr_kentry_z = uma_zcreate("pf table entries",
sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
0);
+ uma_zone_set_max(V_pfr_kentry_z, PFR_KENTRY_HIWAT);
V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z;
V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT;
}