From nobody Wed Mar 29 07:52:30 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pmf0b2wJLz429hw;
	Wed, 29 Mar 2023 07:52:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Pmf0Z6Sckz3Ptf;
	Wed, 29 Mar 2023 07:52:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1680076350;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0Ulz0NcIqw/wcMZpJSPRotFBO5n4FREDBKdjTebVqVA=;
	b=J14P0hkS4xput48WEk0ovaOchE+rC38hLH7zngf0gT1Ek+5Dp0ZOMqFSFhhLtoNkb9p5ny
	ztXWKEP9AzMJnVKJYQ13b7WHhGzra4HmeFqV+sq3G/sMDi1zc4O0VJu7Ds6s4BUv2p4Q0w
	IC/XfWNafICQsT1ew5xcZz1NVoDdmzcLrDd52fy6PkyNpV3DsG3AfOtbCm7QbN5f9lJeVG
	GWF0tCkEx5nBboGH8K6LXvpucjr7sBPx00OEItxBncz8OLY7Pzk+6VKLRz/sIUu8cyQmDV
	/4ccuvvF0nknP36DM9b3TuKw62Yq6vKZYJiJsAQhbn9VS1a96tcZkKSPMH8Ubg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1680076350;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0Ulz0NcIqw/wcMZpJSPRotFBO5n4FREDBKdjTebVqVA=;
	b=A21QNQ2aLQn2yiybiwogkNQda+Gjoj07bHcgqT1eLstq+Xj6tWtsXWfmO33DFspze/TCbn
	RBmwTFoYqTuCUMTkMWwKc6H3NPv0a1P4GImIOZOO00SABe8Cb9WOMk2NUYHb1XQ88Uv8tg
	23qox3y+HrKf9F2eecoeWgbUN3oyNcvuIAvfwK/pRK1sBbkayt+NkLSRFmrOKoviGE0AAR
	vwQ+FP+6hHGPyKb2Um/VZLGeIYfFOTPLF/2qHK7BLlQ9dBy110A3xpDmeGkGRBRGRd7WHq
	RvpQRBdiQjVDmWwc2c6y77wRapJxLBhfyzAxY/SayCsy7ztUnPcswaP8mjZG/A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680076350; a=rsa-sha256; cv=none;
	b=QvdOBcRBrEc1swPbyVx7dBFn5gSexuq/54wSOymN6xvXfe3q14M3H/PfxGjSeUnBnHhe3A
	NBDIuGPwEcW2+PcycIHBWtxT0s2OvA/SRNup6x/bAGOmot9KnVyBF01Bzo9sniEm+FR7Bv
	eMOlvV8Jh/2Qay5x/2yS6lZNKbvOwHzxULGJ1fZ1UZlj/xPgK9E2VnILdM1+5mjqDz5xXL
	v01elycQU50SCUnt5z/3gX3esKMXKFzoYaZk0O9GaFVA/RWKfm8Q34KiudKuNr/4Qqmjy3
	bvBD4Qv9RlIKwXkx3lwL1EGPfqEhHtT4uGoikXvaEAbSeJKnqghB9X6GY3gPKQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pmf0Z5YVFzMgn;
	Wed, 29 Mar 2023 07:52:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32T7qUQX052038;
	Wed, 29 Mar 2023 07:52:30 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32T7qU1t052037;
	Wed, 29 Mar 2023 07:52:30 GMT
	(envelope-from git)
Date: Wed, 29 Mar 2023 07:52:30 GMT
Message-Id: <202303290752.32T7qU1t052037@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: =?utf-8?Q?Roger=20Pau=20Monn=C3=A9?= <royger@FreeBSD.org>
Subject: git: 49ca3167b7be - main - xen/intr: add check for intr_register_source() errors
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: royger
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 49ca3167b7be6145b238588573673a0f14f9e7e2
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by royger:

URL: https://cgit.FreeBSD.org/src/commit/?id=49ca3167b7be6145b238588573673a0f14f9e7e2

commit 49ca3167b7be6145b238588573673a0f14f9e7e2
Author:     Elliott Mitchell <ehem+freebsd@m5p.com>
AuthorDate: 2021-09-13 06:12:08 +0000
Commit:     Roger Pau Monné <royger@FreeBSD.org>
CommitDate: 2023-03-29 07:51:41 +0000

    xen/intr: add check for intr_register_source() errors
    
    While unusual, intr_register_source() can return failure.  A likely
    cause might be another device grabbing from Xen's interrupt range.
    This should NOT happen, but could happen due to a bug.  As such check
    for this and fail if it occurs.
    
    This theoretical situation also effects xen_intr_find_unused_isrc().
    There, .is_pic must be tested to ensure such an intrusion doesn't cause
    misbehavior.
    
    Reviewed by: royger
    MFC after: 1 week
    Differential Revision: https://reviews.freebsd.org/D31995
---
 sys/x86/xen/xen_intr.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/sys/x86/xen/xen_intr.c b/sys/x86/xen/xen_intr.c
index 3a053b10f915..cf4560b6b5fb 100644
--- a/sys/x86/xen/xen_intr.c
+++ b/sys/x86/xen/xen_intr.c
@@ -285,8 +285,16 @@ xen_intr_find_unused_isrc(enum evtchn_type type)
 
 		vector = first_evtchn_irq + isrc_idx;
 		isrc = (struct xenisrc *)intr_lookup_source(vector);
-		if (isrc != NULL
-		 && isrc->xi_type == EVTCHN_TYPE_UNBOUND) {
+		/*
+		 * Since intr_register_source() must be called while unlocked,
+		 * isrc == NULL *will* occur, though very infrequently.
+		 *
+		 * This also allows a very small gap where a foreign intrusion
+		 * into Xen's interrupt range could be examined by this test.
+		 */
+		if (__predict_true(isrc != NULL) &&
+		    __predict_true(isrc->xi_intsrc.is_pic == &xen_intr_pic) &&
+		    isrc->xi_type == EVTCHN_TYPE_UNBOUND) {
 			KASSERT(isrc->xi_intsrc.is_handlers == 0,
 			    ("Free evtchn still has handlers"));
 			isrc->xi_type = type;
@@ -310,6 +318,7 @@ xen_intr_alloc_isrc(enum evtchn_type type)
 	static int warned;
 	struct xenisrc *isrc;
 	unsigned int vector;
+	int error;
 
 	KASSERT(mtx_owned(&xen_intr_isrc_lock), ("Evtchn alloc lock not held"));
 
@@ -332,7 +341,10 @@ xen_intr_alloc_isrc(enum evtchn_type type)
 	isrc->xi_intsrc.is_pic = &xen_intr_pic;
 	isrc->xi_vector = vector;
 	isrc->xi_type = type;
-	intr_register_source(&isrc->xi_intsrc);
+	error = intr_register_source(&isrc->xi_intsrc);
+	if (error != 0)
+		panic("%s(): failed registering interrupt %u, error=%d\n",
+		    __func__, vector, error);
 	mtx_lock(&xen_intr_isrc_lock);
 
 	return (isrc);