The branch releng/13.0 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5b789e0c92a7c363b36111b1f75519f2acd21f97
commit 5b789e0c92a7c363b36111b1f75519f2acd21f97 Author: Mark Johnston <[email protected]> AuthorDate: 2022-04-05 23:26:02 +0000 Commit: Ed Maste <[email protected]> CommitDate: 2022-04-05 23:26:02 +0000 pf: Initialize the table entry zone limit at initialization time The limit may later be updated by the "set limit" directive in pf.conf. UMA does not permit a limit to be set on a zone after any items have been allocated from a zone. Other UMA zones used by pf do not appear to be susceptible to this problem: they either set a limit at zone creation time or never set one at all. PR: 260406 Reviewed by: kp Sponsored by: The FreeBSD Foundation (cherry picked from commit 7d1ab866911a2b29e041d64bc83a93638533f957) (cherry picked from commit 1487f84223ce1341ebdfc87e50fbcddedc6d1de8) Approved by: so Security: FreeBSD-EN-22:15.pf --- sys/netpfil/pf/pf_table.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index af2f614c9e8c..6d81f57096be 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -209,6 +209,7 @@ pfr_initialize(void) V_pfr_kentry_z = uma_zcreate("pf table entries", sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); + uma_zone_set_max(V_pfr_kentry_z, PFR_KENTRY_HIWAT); V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT; }
