TEST: update queue impl to do less memory checks

Signed-off-by: Egor Lazarchuk <[email protected]>

Author: ShadowCurse

src/vmm/src/devices/virtio/iovec.rs

@@ -10,7 +10,9 @@ use vm_memory::{
 };
 
 use crate::devices::virtio::queue::DescriptorChain;
-use crate::vstate::memory::{Bitmap, GuestMemory};
+use crate::vstate::memory::{Bitmap, GuestMemory, GuestMemoryMmap};
+
+use super::queue::DescriptorChainOpt;
 
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 pub enum IoVecError {
@@ -270,6 +272,46 @@ impl IoVecBufferMut {
         Ok(())
     }
 
+    pub unsafe fn load_descriptor_chain_opt(
+        &mut self,
+        head: DescriptorChainOpt,
+        mem: &GuestMemoryMmap,
+    ) -> Result<(), IoVecError> {
+        self.clear();
+        self.head_index = head.index;
+
+        let mut next_descriptor = Some(head);
+        while let Some(desc) = next_descriptor {
+            if !desc.is_write_only() {
+                return Err(IoVecError::ReadOnlyDescriptor);
+            }
+
+            // We use get_slice instead of `get_host_address` here in order to have the whole
+            // range of the descriptor chain checked, i.e. [addr, addr + len) is a valid memory
+            // region in the GuestMemoryMmap.
+            let slice = mem.get_slice(desc.addr, desc.len as usize)?;
+
+            // We need to mark the area of guest memory that will be mutated through this
+            // IoVecBufferMut as dirty ahead of time, as we loose access to all
+            // vm-memory related information after converting down to iovecs.
+            slice.bitmap().mark_dirty(0, desc.len as usize);
+
+            let iov_base = slice.ptr_guard_mut().as_ptr().cast::<c_void>();
+            self.vecs.push(iovec {
+                iov_base,
+                iov_len: desc.len as size_t,
+            });
+            self.len = self
+                .len
+                .checked_add(desc.len)
+                .ok_or(IoVecError::OverflowedDescriptor)?;
+
+            next_descriptor = desc.next_descriptor();
+        }
+
+        Ok(())
+    }
+
     /// Create an `IoVecBuffer` from a `DescriptorChain`
     ///
     /// # Safety

src/vmm/src/devices/virtio/net/device.rs

@@ -156,68 +156,74 @@ impl AvailableDescriptors {
 
     /// Read new descriptor chains from the queue.
     pub fn read_new_desc_chains(&mut self, queue: &mut Queue, mem: &GuestMemoryMmap) {
-        #[repr(C)]
-        struct AvailRing {
-            flags: u16,
-            idx: u16,
-            ring: [u16; 256],
-            used_event: u16,
-        }
-        #[repr(C)]
-        #[derive(Default, Clone, Copy)]
-        struct Descriptor {
-            addr: u64,
-            len: u32,
-            flags: u16,
-            next: u16,
-        }
-
-        // SAFETY:
-        // avail_ring in the queue is a valid guest address
-        let avail_ring: &AvailRing =
-            unsafe { std::mem::transmute(mem.get_host_address(queue.avail_ring).unwrap()) };
-
-        // SAFETY:
-        // desc_table in the queue is a valid guest address
-        let desc_table: &[Descriptor; 256] =
-            unsafe { std::mem::transmute(mem.get_host_address(queue.desc_table).unwrap()) };
-
-        let avail_idx = queue.avail_idx(mem);
-        let actual_size = queue.actual_size();
-
-        while queue.next_avail.0 != avail_idx.0 {
-            let Some(next_iovec_buf) = self.iov_ring.next_available() else {
-                break;
-            };
-
-            let avail_index = queue.next_avail.0 % actual_size;
-            queue.next_avail += Wrapping(1);
-
-            let desc_index = avail_ring.ring[avail_index as usize];
-            let mut desc = &desc_table[desc_index as usize];
-
-            next_iovec_buf.clear();
-            next_iovec_buf.head_index = desc_index;
-
-            let iov = libc::iovec {
-                iov_base: mem.get_host_address(GuestAddress(desc.addr)).unwrap().cast(),
-                iov_len: desc.len as usize,
-            };
-            next_iovec_buf.vecs.push(iov);
-            next_iovec_buf.len += desc.len;
-            self.valid_ring.push(true);
-
-            while desc.flags & crate::devices::virtio::queue::VIRTQ_DESC_F_NEXT != 0 {
-                desc = &desc_table[desc.next as usize];
-                let iov = libc::iovec {
-                    iov_base: mem.get_host_address(GuestAddress(desc.addr)).unwrap().cast(),
-                    iov_len: desc.len as usize,
-                };
-                next_iovec_buf.vecs.push(iov);
-                next_iovec_buf.len += desc.len;
-                self.valid_ring.push(true);
-            }
-        }
+        // #[repr(C)]
+        // struct AvailRing {
+        //     flags: u16,
+        //     idx: u16,
+        //     ring: [u16; 256],
+        //     used_event: u16,
+        // }
+        // #[repr(C)]
+        // #[derive(Default, Clone, Copy)]
+        // struct Descriptor {
+        //     addr: u64,
+        //     len: u32,
+        //     flags: u16,
+        //     next: u16,
+        // }
+        //
+        // // SAFETY:
+        // // avail_ring in the queue is a valid guest address
+        // let avail_ring: &AvailRing =
+        //     unsafe { std::mem::transmute(mem.get_host_address(queue.avail_ring).unwrap()) };
+        //
+        // // SAFETY:
+        // // desc_table in the queue is a valid guest address
+        // let desc_table: &[Descriptor; 256] =
+        //     unsafe { std::mem::transmute(mem.get_host_address(queue.desc_table).unwrap()) };
+        //
+        // let avail_idx = queue.avail_idx(mem);
+        // let actual_size = queue.actual_size();
+        //
+        // while queue.next_avail.0 != avail_idx.0 {
+        //     let Some(next_iovec_buf) = self.iov_ring.next_available() else {
+        //         break;
+        //     };
+        //
+        //     let avail_index = queue.next_avail.0 % actual_size;
+        //     queue.next_avail += Wrapping(1);
+        //
+        //     let desc_index = avail_ring.ring[avail_index as usize];
+        //     let mut desc = &desc_table[desc_index as usize];
+        //
+        //     next_iovec_buf.clear();
+        //     next_iovec_buf.head_index = desc_index;
+        //
+        //     let iov = libc::iovec {
+        //         iov_base: mem
+        //             .get_host_address(GuestAddress(desc.addr))
+        //             .unwrap()
+        //             .cast(),
+        //         iov_len: desc.len as usize,
+        //     };
+        //     next_iovec_buf.vecs.push(iov);
+        //     next_iovec_buf.len += desc.len;
+        //     self.valid_ring.push(true);
+        //
+        //     while desc.flags & crate::devices::virtio::queue::VIRTQ_DESC_F_NEXT != 0 {
+        //         desc = &desc_table[desc.next as usize];
+        //         let iov = libc::iovec {
+        //             iov_base: mem
+        //                 .get_host_address(GuestAddress(desc.addr))
+        //                 .unwrap()
+        //                 .cast(),
+        //             iov_len: desc.len as usize,
+        //         };
+        //         next_iovec_buf.vecs.push(iov);
+        //         next_iovec_buf.len += desc.len;
+        //         self.valid_ring.push(true);
+        //     }
+        // }
 
         // for _ in 0..queue.len(mem) {
         //     let Some(next_iovec_buf) = self.iov_ring.next_available() else {
@@ -236,6 +242,28 @@ impl AvailableDescriptors {
         //         }
         //     }
         // }
+
+        for _ in 0..queue.len_opt() {
+            let Some(next_iovec_buf) = self.iov_ring.next_available() else {
+                break;
+            };
+
+            match queue.do_pop_unchecked_opt() {
+                Some(desc_chain) => {
+                    // SAFETY:
+                    // This descriptor chain is only processed once.
+                    let valid = unsafe {
+                        next_iovec_buf
+                            .load_descriptor_chain_opt(desc_chain, mem)
+                            .is_ok()
+                    };
+                    self.valid_ring.push(valid);
+                }
+                None => {
+                    self.valid_ring.push(false);
+                }
+            }
+        }
     }
 
     /// Pop first descriptor chain.
@@ -503,7 +531,8 @@ impl Net {
         // This is safe since we checked in the event handler that the device is activated.
         let mem = self.device_state.mem().unwrap();
 
-        if self.rx_avail_desc.is_empty() && self.queues[RX_INDEX].is_empty(mem) {
+        // if self.rx_avail_desc.is_empty() && self.queues[RX_INDEX].is_empty(mem) {
+        if self.rx_avail_desc.is_empty() && self.queues[RX_INDEX].is_empty_opt() {
             self.metrics.no_rx_avail_buffer.inc();
             return Err(FrontendError::EmptyQueue);
         }
@@ -582,8 +611,12 @@ impl Net {
             // SAFETY:
             // This should never panic as we provide index in
             // correct bounds.
+            // self.queues[RX_INDEX]
+            //     .write_used_ring(mem, next_used_index.0, used_element)
+            //     .unwrap();
+
             self.queues[RX_INDEX]
-                .write_used_ring(mem, next_used_index.0, used_element)
+                .write_used_ring_opt(next_used_index.0, used_element)
                 .unwrap();
 
             used_heads += 1;
@@ -604,9 +637,13 @@ impl Net {
             // about descriptor heads used for partialy written packets.
             // Otherwise guest will see that we used those descriptors and
             // will try to process them.
-            self.queues[RX_INDEX].advance_used_ring(mem, used_heads);
+            // self.queues[RX_INDEX].advance_used_ring(mem, used_heads);
+            // let next_avail = self.queues[RX_INDEX].next_avail.0;
+            // self.queues[RX_INDEX].set_used_ring_avail_event(next_avail, mem);
+
+            self.queues[RX_INDEX].advance_used_ring_opt(used_heads);
             let next_avail = self.queues[RX_INDEX].next_avail.0;
-            self.queues[RX_INDEX].set_used_ring_avail_event(next_avail, mem);
+            *self.queues[RX_INDEX].ur.avail_event() = next_avail;
 
             // Clear partial write info if there was one
             self.rx_partial_write = None;
@@ -620,7 +657,9 @@ impl Net {
 
             // We used `used_heads` descriptors to process the packet.
             // Because this is an error case, we discard those descriptors.
-            self.queues[RX_INDEX].discard_used(mem, used_heads);
+            // self.queues[RX_INDEX].discard_used(mem, used_heads);
+
+            self.queues[RX_INDEX].discard_used_opt(used_heads);
 
             Err(err)
         } else if slice.is_empty() {
@@ -1149,6 +1188,8 @@ impl VirtioDevice for Net {
     }
 
     fn activate(&mut self, mem: GuestMemoryMmap) -> Result<(), ActivateError> {
+        self.queues[RX_INDEX].set_pointers(&mem);
+
         let event_idx = self.has_feature(u64::from(VIRTIO_RING_F_EVENT_IDX));
         if event_idx {
             for queue in &mut self.queues {

src/vmm/src/devices/virtio/persist.rs

@@ -16,6 +16,8 @@ use crate::devices::virtio::queue::Queue;
 use crate::snapshot::Persist;
 use crate::vstate::memory::{GuestAddress, GuestMemoryMmap};
 
+use super::queue::DescTable;
+
 /// Errors thrown during restoring virtio state.
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 pub enum PersistError {
@@ -78,6 +80,11 @@ impl Persist<'_> for Queue {
             desc_table: GuestAddress(state.desc_table),
             avail_ring: GuestAddress(state.avail_ring),
             used_ring: GuestAddress(state.used_ring),
+
+            dt: Default::default(),
+            ar: Default::default(),
+            ur: Default::default(),
+
             next_avail: state.next_avail,
             next_used: state.next_used,
             uses_notif_suppression: false,