Author: adrian
Date: Thu Sep 15 08:42:06 2011
New Revision: 225570
URL: http://svn.freebsd.org/changeset/base/225570
Log:
Ensure that ta_pending doesn't overflow u_short by capping its value at
USHRT_MAX.
If it overflows before the taskqueue can run, the task will be
re-added to the taskqueue and cause a loop in the task list.
Reported by: Arnaud Lacombe <lacom...@gmail.com>
Submitted by: Ryan Stone <ryst...@gmail.com>
Reviewed by: jhb
Approved by: re (kib)
MFC after: 1 day
Modified:
head/share/man/man9/taskqueue.9
head/sys/kern/subr_taskqueue.c
Modified: head/share/man/man9/taskqueue.9
==============================================================================
--- head/share/man/man9/taskqueue.9 Thu Sep 15 06:42:06 2011
(r225569)
+++ head/share/man/man9/taskqueue.9 Thu Sep 15 08:42:06 2011
(r225570)
@@ -133,7 +133,7 @@ If the task's
.Va ta_pending
field is non-zero,
then it is simply incremented to reflect the number of times the task
-was enqueued.
+was enqueued, up to a cap of USHRT_MAX.
Otherwise,
the task is added to the list before the first task which has a lower
.Va ta_priority
Modified: head/sys/kern/subr_taskqueue.c
==============================================================================
--- head/sys/kern/subr_taskqueue.c Thu Sep 15 06:42:06 2011
(r225569)
+++ head/sys/kern/subr_taskqueue.c Thu Sep 15 08:42:06 2011
(r225570)
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
#include <sys/interrupt.h>
#include <sys/kernel.h>
#include <sys/kthread.h>
+#include <sys/limits.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
@@ -173,7 +174,8 @@ taskqueue_enqueue_locked(struct taskqueu
* Count multiple enqueues.
*/
if (task->ta_pending) {
- task->ta_pending++;
+ if (task->ta_pending < USHRT_MAX)
+ task->ta_pending++;
return (0);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
