kern/intr: declare interrupt vectors unsigned
ClosedPublic
Actions

Authored by ehem_freebsd_m5p.com on Mar 18 2021, 5:06 PM.

Details

Reviewers

mmel
gonzo
markj
kib
mhorne

Commits

rG8a4f990338fe: kern/intr: declare interrupt vectors unsigned
rGa3c7da3d08ee: kern/intr: declare interrupt vectors unsigned

Summary

These should never get values large enough for sign to matter, but one
of them becoming negative could cause problems.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 37949
Build 34838: arc lint + arc unit

Event Timeline

ehem_freebsd_m5p.com created this revision.Mar 18 2021, 5:06 PM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptMar 18 2021, 5:06 PM

ehem_freebsd_m5p.com requested review of this revision.Mar 18 2021, 5:06 PM

Harbormaster completed remote builds in B37916: Diff 85971.Mar 18 2021, 5:06 PM

With a handy build complete, now I know of an extra instance. The
access in sys/arm64/arm64/gic_v3.c seems likely to be uneffected.

Harbormaster completed remote builds in B37922: Diff 85979.Mar 18 2021, 7:44 PM

Hmm, that title was less than wonderful.

Harbormaster completed remote builds in B37949: Diff 86036.Mar 19 2021, 8:38 PM

ehem_freebsd_m5p.com retitled this revision from kern/intr: declare many variables unsigned to kern/intr: declare interrupt vectors unsigned.Mar 19 2021, 8:42 PM

ehem_freebsd_m5p.com added reviewers: mmel, gonzo, markj, kib, mhorne.

ehem_freebsd_m5p.com changed the repository for this revision from rS FreeBSD src repository - subversion to rG FreeBSD src repository.

There actually aren't (yet) many places where this matters. One place it does matter is isrc_alloc_irq() which deals with the situation by having the "maxirqs" variable shadow intr_nirq. Since intr_nirq will never sensibly be negative it seems better for INTR_IRQ_INVALID to be a large positive value and testing whether an interrupt has a valid value be >= intr_nirq.

I note the isrc_irq entry of struct intr_irqsrc is unsigned. This actually effects D29310, since it means the test used needs a slight adjustment. This also allows D29326, which is getting rid of the shadow variable isrc_alloc_irq() has.

Any chance of review of D29327 and D29310? Presently I'm simply waiting doing nothing...

The 1 month anniversary of D29327. I think I've got appropriate people as reviewers, but no action...

I think this change is fine. I will tinderbox and commit it in a couple of days if no one objects.

With respect to D29310, I suspect it's not getting attention because it does indeed seems like a bikeshed. If the table is full, the problem will manifest as drivers not being able to attach, probably during boot, resulting in an unambiguous failure mode. Interrupt allocation isn't a dynamic operation, its performance is not important and doesn't warrant much scrutiny. Much more so for the unlikely case of interrupt allocation _after_ the table has been filled and some interrupts are freed.

This revision is now accepted and ready to land.Apr 19 2021, 9:19 PM

ehem_freebsd_m5p.com mentioned this in D29310: kern/intr: switch to allocating handles forward.Apr 20 2021, 3:19 AM

Closed by commit rGa3c7da3d08ee: kern/intr: declare interrupt vectors unsigned (authored by ehem_freebsd_m5p.com, committed by markj). · Explain WhyMay 3 2021, 5:56 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGa3c7da3d08ee: kern/intr: declare interrupt vectors unsigned.

markj added a commit: rG8a4f990338fe: kern/intr: declare interrupt vectors unsigned.May 10 2021, 1:51 PM