--- src/sys/kern/kern_usched.c	2007/02/03 17:05:58	1.8
+++ src/sys/kern/kern_usched.c	2007/07/02 17:06:55	1.9
@@ -44,6 +44,8 @@
 
 static TAILQ_HEAD(, usched) usched_list = TAILQ_HEAD_INITIALIZER(usched_list);
 
+cpumask_t usched_mastermask = -1;
+
 /*
  * Called from very low level boot code, i386/i386/machdep.c/init386().
  * We cannot do anything fancy.  no malloc's, no nothing other then 
@@ -202,6 +204,10 @@ sys_usched_set(struct usched_set_args *u
 		error = copyin(uap->data, &cpuid, sizeof(int));
 		if (error)
 			break;
+		if (cpuid < 0 || cpuid >= ncpus) {
+			error = EFBIG;
+			break;
+		}
 		if ((smp_active_mask & (1 << cpuid)) == 0) {
 			error = EINVAL;
 			break;
@@ -216,6 +222,10 @@ sys_usched_set(struct usched_set_args *u
 		error = copyin(uap->data, &cpuid, sizeof(int));
 		if (error)
 			break;
+		if (cpuid < 0 || cpuid >= ncpus) {
+			error = EFBIG;
+			break;
+		}
 		if (!(smp_active_mask & (1 << cpuid))) {
 			error = EINVAL;
 			break;
@@ -228,6 +238,10 @@ sys_usched_set(struct usched_set_args *u
 		error = copyin(uap->data, &cpuid, sizeof(int));
 		if (error)
 			break;
+		if (cpuid < 0 || cpuid >= ncpus) {
+			error = EFBIG;
+			break;
+		}
 		lp = curthread->td_lwp;
 		mask = lp->lwp_cpumask & smp_active_mask & ~(1 << cpuid);
 		if (mask == 0)