Ensure that ta_pending doesn't overflow u_short by capping its value at USHRT_MAX.

If it overflows before the taskqueue can run, the task will be re-added to the taskqueue and cause a loop in the task list. Reported by: Arnaud Lacombe <lacombar@gmail.com> Submitted by: Ryan Stone <rysto32@gmail.com> Reviewed by: jhb Approved by: re (kib) MFC after: 1 day
author: adrian <adrian@FreeBSD.org> 2011-09-15 08:42:06 +0000
committer: adrian <adrian@FreeBSD.org> 2011-09-15 08:42:06 +0000
commit: f23b1f625d09ffd3a8da3c62c0b6305e9c42119d (patch)
tree: f2172f5c1ff46d006888811bb7b1f7265455d37c /sys/kern
parent: b3c2a1450629f5cb9384bf41c77bd7011a6eba5e (diff)
download: FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.zip
FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/subr_taskqueue.c b/sys/kern/subr_taskqueue.c
index 4c45899..31ea52d 100644
--- a/sys/kern/subr_taskqueue.c
+++ b/sys/kern/subr_taskqueue.c
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/interrupt.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
+#include <sys/limits.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
@@ -173,7 +174,8 @@ taskqueue_enqueue_locked(struct taskqueue *queue, struct task *task)
 	 * Count multiple enqueues.
 	 */
 	if (task->ta_pending) {
-		task->ta_pending++;
+		if (task->ta_pending < USHRT_MAX)
+			task->ta_pending++;
 		return (0);
 	}
author	adrian <adrian@FreeBSD.org>	2011-09-15 08:42:06 +0000
committer	adrian <adrian@FreeBSD.org>	2011-09-15 08:42:06 +0000
commit	f23b1f625d09ffd3a8da3c62c0b6305e9c42119d (patch)
tree	f2172f5c1ff46d006888811bb7b1f7265455d37c /sys/kern
parent	b3c2a1450629f5cb9384bf41c77bd7011a6eba5e (diff)
download	FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.zip FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.tar.gz