vsock:avoid overflow on computing packet used len

Signed-off-by: Luminita Voicu <[email protected]>

Author: luminitavoicu

src/devices/src/virtio/vsock/csm/connection.rs

@@ -237,7 +237,7 @@ where
                     if err.kind() == ErrorKind::WouldBlock =>
                 {
                     // This shouldn't actually happen (receiving EWOULDBLOCK after EPOLLIN), but
-                    // apparently it does, so we need to handle it greacefully.
+                    // apparently it does, so we need to handle it gracefully.
                     warn!(
                         "vsock: unexpected EWOULDBLOCK while reading from backing stream: \
                          lp={}, pp={}, err={:?}",

src/devices/src/virtio/vsock/device.rs

@@ -148,10 +148,14 @@ where
                 Ok(mut pkt) => {
                     if self.backend.recv_pkt(&mut pkt, mem).is_ok() {
                         match pkt.commit_hdr(mem) {
+                            // This addition cannot overflow, because packet length
+                            // is previously validated against `MAX_PKT_BUF_SIZE`
+                            // bound as part of `commit_hdr()`.
                             Ok(()) => VSOCK_PKT_HDR_SIZE as u32 + pkt.len(),
                             Err(e) => {
                                 warn!(
-                                    "vsock: Error writing packet header to guest memory: {:?}",
+                                    "vsock: Error writing packet header to guest memory: {:?}.\
+                                     Discarding the package.",
                                     e
                                 );
                                 0
@@ -165,7 +169,7 @@ where
                     }
                 }
                 Err(e) => {
-                    warn!("vsock: RX queue error: {:?}", e);
+                    warn!("vsock: RX queue error: {:?}. Discarding the package.", e);
                     0
                 }
             };

src/devices/src/virtio/vsock/packet.rs

@@ -176,10 +176,7 @@ impl VsockPacket {
         }
 
         // Reject weirdly-sized packets.
-        //
-        if pkt.len() > defs::MAX_PKT_BUF_SIZE as u32 {
-            return Err(VsockError::InvalidPktLen(pkt.len()));
-        }
+        pkt.check_len()?;
 
         pkt.init_buf(hdr_desc, false)?;
 
@@ -222,10 +219,22 @@ impl VsockPacket {
 
     /// Writes the local copy of the packet header to the guest memory.
     pub fn commit_hdr(&self, mem: &GuestMemoryMmap) -> Result<()> {
+        // Reject weirdly-sized packets.
+        self.check_len()?;
+
         mem.write_obj(self.hdr, self.hdr_addr)
             .map_err(VsockError::GuestMemoryMmap)
     }
 
+    /// Verifies packet length against `MAX_PKT_BUF_SIZE` limit.
+    pub fn check_len(&self) -> Result<()> {
+        if self.len() > defs::MAX_PKT_BUF_SIZE as u32 {
+            return Err(VsockError::InvalidPktLen(self.len()));
+        }
+
+        Ok(())
+    }
+
     pub fn buf_size(&self) -> usize {
         self.buf_size
     }