diff options
author | adrian <adrian@FreeBSD.org> | 2011-09-15 08:42:06 +0000 |
---|---|---|
committer | adrian <adrian@FreeBSD.org> | 2011-09-15 08:42:06 +0000 |
commit | f23b1f625d09ffd3a8da3c62c0b6305e9c42119d (patch) | |
tree | f2172f5c1ff46d006888811bb7b1f7265455d37c /sys/kern | |
parent | b3c2a1450629f5cb9384bf41c77bd7011a6eba5e (diff) | |
download | FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.zip FreeBSD-src-f23b1f625d09ffd3a8da3c62c0b6305e9c42119d.tar.gz |
Ensure that ta_pending doesn't overflow u_short by capping its value at USHRT_MAX.
If it overflows before the taskqueue can run, the task will be
re-added to the taskqueue and cause a loop in the task list.
Reported by: Arnaud Lacombe <lacombar@gmail.com>
Submitted by: Ryan Stone <rysto32@gmail.com>
Reviewed by: jhb
Approved by: re (kib)
MFC after: 1 day
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/subr_taskqueue.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/subr_taskqueue.c b/sys/kern/subr_taskqueue.c index 4c45899..31ea52d 100644 --- a/sys/kern/subr_taskqueue.c +++ b/sys/kern/subr_taskqueue.c @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); #include <sys/interrupt.h> #include <sys/kernel.h> #include <sys/kthread.h> +#include <sys/limits.h> #include <sys/lock.h> #include <sys/malloc.h> #include <sys/mutex.h> @@ -173,7 +174,8 @@ taskqueue_enqueue_locked(struct taskqueue *queue, struct task *task) * Count multiple enqueues. */ if (task->ta_pending) { - task->ta_pending++; + if (task->ta_pending < USHRT_MAX) + task->ta_pending++; return (0); } |