Ensure that ta_pending doesn't overflow u_short by capping its value at USHRT_MAX.
If it overflows before the taskqueue can run, the task will be re-added to the taskqueue and cause a loop in the task list. Reported by: Arnaud Lacombe <lacombar@gmail.com> Submitted by: Ryan Stone <rysto32@gmail.com> Reviewed by: jhb Approved by: re (kib) MFC after: 1 day
This commit is contained in:
parent
b3c2a14506
commit
f23b1f625d
@ -133,7 +133,7 @@ If the task's
|
||||
.Va ta_pending
|
||||
field is non-zero,
|
||||
then it is simply incremented to reflect the number of times the task
|
||||
was enqueued.
|
||||
was enqueued, up to a cap of USHRT_MAX.
|
||||
Otherwise,
|
||||
the task is added to the list before the first task which has a lower
|
||||
.Va ta_priority
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/interrupt.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kthread.h>
|
||||
#include <sys/limits.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -173,7 +174,8 @@ taskqueue_enqueue_locked(struct taskqueue *queue, struct task *task)
|
||||
* Count multiple enqueues.
|
||||
*/
|
||||
if (task->ta_pending) {
|
||||
task->ta_pending++;
|
||||
if (task->ta_pending < USHRT_MAX)
|
||||
task->ta_pending++;
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user