virtio: enhance for better comformance to virtio spec

The VirtIO queue code in queue.rs assumes all data structures, including
the descriptor table, available ring and used ring, are consistent and
legal once Queue::is_valid() returns true for an queue. If this assumption
is broken, it may cause panic.

On the other hand, most fields in a working queue object, including size,
ready, desc_table, avail_ring and used_ring, could be modified by the
MmioDevice::write() method. That means an untrusted guest kernel could
easily break the assumption made by queue.rs, and then cause the firecracker
hypervisor panic.

So enhance the VirtIO MMIO transport driver to strictly follow the state
machine defined in the VirtIO Spec IO. It closes the way for an untrusted
guest kernel to modify firecracker internal data structures.

Signed-off-by: Liu Jiang <[email protected]>

Author: jiangliu