chore(vmm): Add pointer alignment check for Queue

Raw pointers of `struct Queue` are assumed to be aligned properly;
otherwise some methods (e.g. `read_volatile()`) will panic. Such an
alignment is possible when restored from a broken/fuzzed snapshot. Add
pointer alignment check and exit with an error early instead of panic.

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

src/vmm/src/devices/virtio/queue.rs

@@ -34,6 +34,8 @@ pub enum QueueError {
     DescIndexOutOfBounds(u16),
     /// Failed to write value into the virtio queue used ring: {0}
     MemoryError(#[from] vm_memory::GuestMemoryError),
+    /// Pointer is not aligned properly: {0:p} misaligned for u{1}
+    PointerNotAligned(*const u8, u8),
 }
 
 /// A virtio descriptor constraints with C representative.
@@ -323,11 +325,33 @@ impl Queue {
             .get_slice_ptr(mem, self.used_ring_address, self.used_ring_size())?
             .cast();
 
-        // Disable it for kani tests, otherwise it will hit this assertion
-        // and fail.
-        #[cfg(not(kani))]
-        if self.actual_size() < self.len() {
-            return Err(QueueError::InvalidQueueSize(self.len(), self.actual_size()));
+        // All the above pointers are expected to be aligned properly; otherwise some methods (e.g.
+        // `read_volatile()`) will panic. Such an unalignment is possible when restored from a
+        // broken/fuzzed snapshot.
+        //
+        // Specification of those pointers' alignments
+        // https://docs.oasis-open.org/virtio/virtio/v1.2/csd01/virtio-v1.2-csd01.html#x1-350007
+        // > ================ ==========
+        // > Virtqueue Part    Alignment
+        // > ================ ==========
+        // > Descriptor Table 16
+        // > Available Ring   2
+        // > Used Ring        4
+        // > ================ ==========
+        if !self.desc_table_ptr.cast::<u128>().is_aligned() {
+            return Err(QueueError::PointerNotAligned(
+                self.desc_table_ptr.cast(),
+                128,
+            ));
+        }
+        if !self.avail_ring_ptr.is_aligned() {
+            return Err(QueueError::PointerNotAligned(
+                self.avail_ring_ptr.cast(),
+                16,
+            ));
+        }
+        if !self.used_ring_ptr.cast::<u32>().is_aligned() {
+            return Err(QueueError::PointerNotAligned(self.used_ring_ptr.cast(), 32));
         }
 
         Ok(())