From 2d017ad7b742a10d7ac057fda23f6f748542603c Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Tue, 22 Jun 2021 11:38:39 +0200
Subject: [PATCH] nic_router: guard against exception in free_ip

Adds try-catch-statement with diagnostic errors in Dhcp_server::free_ip in
order to guard against exceptions from the underlying bit allocator. These
exceptions should never happen given that the router is programmed correctly
and always feeds Dhcp_server::free_ip with sane arguments (which it should).
However, should this not be the case, we can assume that the failed IP freeing
indicates that the IP isn't allocated anyway and it's fine to continue using
the router. Furthermore, IP allocations are a mere client service and not
relevant for the integrity or safety of the router.

Ref #4200
---
 repos/os/src/server/nic_router/dhcp_server.cc | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/repos/os/src/server/nic_router/dhcp_server.cc b/repos/os/src/server/nic_router/dhcp_server.cc
index 9344f091a0..29170f0a02 100644
--- a/repos/os/src/server/nic_router/dhcp_server.cc
+++ b/repos/os/src/server/nic_router/dhcp_server.cc
@@ -153,23 +153,23 @@ void Dhcp_server::alloc_ip(Ipv4_address const &ip)
 void Dhcp_server::free_ip(Domain       const &domain,
                           Ipv4_address const &ip)
 {
+	/*
+	 * The messages in the catch directives are printed as errors and
+	 * independent from the routers verbosity configuration because the
+	 * exceptions they indicate should never be thrown.
+	 */
 	try {
 		_ip_alloc.free(ip.to_uint32_little_endian() - _ip_first_raw);
 	}
 	catch (Bit_allocator_dynamic::Out_of_indices) {
 
-		/*
-		 * This message is printed independent from the routers
-		 * verbosity configuration in order to track down an exception
-		 * of type Bit_allocator_dynamic::Out_of_indices that was
-		 * previously not caught. We have observed this exception once,
-		 * but without a specific use pattern that would
-		 * enable for a systematic reproduction of the issue.
-		 * The uncaught exception was observed in a 21.03 Sculpt OS
-		 * with a manually configured router, re-configuration involved.
-		 */
-		log("[", domain, "] DHCP server: failed to free IP ",
-		    ip, " (IP range: first ", _ip_first, " last ", _ip_last, ")");
+		error("[", domain, "] DHCP server: out of indices while freeing IP ",
+		      ip, " (IP range: first ", _ip_first, " last ", _ip_last, ")");
+	}
+	catch (Bit_array_dynamic::Invalid_index_access) {
+
+		error("[", domain, "] DHCP server: invalid index while freeing IP ",
+		      ip, " (IP range: first ", _ip_first, " last ", _ip_last, ")");
 	}
 }