chore(vmm): Add pointer alignment check for Queue

read_volatile() method is called on avail_ring_ptr and used_ring_ptr of
Queue and it assumes a pointer of interest is aligned properly;
otherwise results in a panic. Such an unalignment is possible when
restored from a broken/fuzzed snapshot. Both must be aligned at least
for u16 (2-byte alignment) as documented in Queue. Add pointer alignment
check and exit with an error instead of panic.

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

src/vmm/src/devices/virtio/queue.rs

@@ -34,6 +34,8 @@ pub enum QueueError {
     DescIndexOutOfBounds(u16),
     /// Failed to write value into the virtio queue used ring: {0}
     MemoryError(#[from] vm_memory::GuestMemoryError),
+    /// Pointer is not aligned properly: {0}
+    PointerNotAligned(String),
 }
 
 /// A virtio descriptor constraints with C representative.
@@ -323,6 +325,20 @@ impl Queue {
             .get_slice_ptr(mem, self.used_ring_address, self.used_ring_size())?
             .cast();
 
+        // read_volatile() method is called on avail_ring_ptr and used_ring_ptr and it assumes that
+        // a pointer of interest is aligned properly; otherwise results in a panic. Such an
+        // unalignment is possible when restored from a broken/fuzzed snapshot. Both
+        // `avail_ring_ptr` and `used_ring_ptr` must be aligned at least for u16 (2-byte alignment)
+        // as documented in `struct Queue`.
+        if !self.avail_ring_ptr.is_aligned() {
+            return Err(QueueError::PointerNotAligned(
+                "Queue::avail_ring_ptr".into(),
+            ));
+        }
+        if !self.used_ring_ptr.cast::<u16>().is_aligned() {
+            return Err(QueueError::PointerNotAligned("Queue::used_ring_ptr".into()));
+        }
+
         // Disable it for kani tests, otherwise it will hit this assertion
         // and fail.
         #[cfg(not(kani))]