[Midnightbsd-cvs] [MidnightBSD/src] 54c965: pf: limit ioctl to a reasonable and tuneable numbe...
Lucas Holt
noreply at github.com
Sat Nov 14 15:16:00 EST 2020
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 54c965b94abad0ad4bb6670507463412b3a96b95
https://github.com/MidnightBSD/src/commit/54c965b94abad0ad4bb6670507463412b3a96b95
Author: Lucas Holt <luke at foolishgames.com>
Date: 2020-11-14 (Sat, 14 Nov 2020)
Changed paths:
M sys/netpfil/pf/pf.c
M sys/netpfil/pf/pf_ioctl.c
Log Message:
-----------
pf: limit ioctl to a reasonable and tuneable number of elements
pf ioctls frequently take a variable number of elements as argument.
This can potentially allow users to request very large allocations.
These will fail, but even a failing M_NOWAIT might tie up resources
and result in concurrent M_WAITOK allocations entering vm_wait and
inducing reclamation of caches.
Limit these ioctls to what should be a reasonable value, but allow
users to tune it should they need to.
More information about the Midnightbsd-cvs
mailing list