chore(vmm): Add pointer alignment check for Queue

Raw pointers of `struct Queue` is assumed to be aligned properly;
otherwise some methods (e.g. `read_volatile()`) will panic. Such an
alignment is possible when restored from a broken/fuzzed snapshot. Add
pointer alignment check and exit with an error early instead of panic.

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

src/vmm/src/devices/virtio/queue.rs

@@ -34,6 +34,8 @@ pub enum QueueError {
     DescIndexOutOfBounds(u16),
     /// Failed to write value into the virtio queue used ring: {0}
     MemoryError(#[from] vm_memory::GuestMemoryError),
+    /// Pointer is not aligned properly: {0}
+    PointerNotAligned(String),
 }
 
 /// A virtio descriptor constraints with C representative.
@@ -323,6 +325,25 @@ impl Queue {
             .get_slice_ptr(mem, self.used_ring_address, self.used_ring_size())?
             .cast();
 
+        // All the above pointers is expected to be aligned properly; otherwise some methods (e.g.
+        // `read_volatile()`) will panic. Such an unalignment is possible when restored from a
+        // broken/fuzzed snapshot. Note that the type of `used_ring_ptr` is `*mut u8` since it is
+        // a mix of `u16` and `u32` as documented in `struct Queue`, but at least must be aligned
+        // for `u16` (maybe strictly `u32`?).
+        if !self.desc_table_ptr.is_aligned() {
+            return Err(QueueError::PointerNotAligned(
+                "Queue::desc_table_ptr".into(),
+            ));
+        }
+        if !self.avail_ring_ptr.is_aligned() {
+            return Err(QueueError::PointerNotAligned(
+                "Queue::avail_ring_ptr".into(),
+            ));
+        }
+        if !self.used_ring_ptr.cast::<u16>().is_aligned() {
+            return Err(QueueError::PointerNotAligned("Queue::used_ring_ptr".into()));
+        }
+
         // Disable it for kani tests, otherwise it will hit this assertion
         // and fail.
         #[cfg(not(kani))]