Add try_from()/unwrap() in cases where it's safe

Some places in the code don't allow us to re-type values to let the
compiler verify that those conversions are safe, particularly with
length values. All of these are marked with comments justifying why
they are safe.

Signed-off-by: Jonathan Browne <[email protected]>

Author: JBYoshi

src/vmm/src/devices/virtio/net/device.rs

@@ -390,7 +390,8 @@ impl Net {
             METRICS.net.rx_fails.inc();
             0
         } else {
-            self.rx_bytes_read as u32
+            // Safe to unwrap because a frame must be smaller than 2^16 bytes.
+            u32::try_from(self.rx_bytes_read).unwrap()
         };
         queue.add_used(mem, head_index, used_len).map_err(|err| {
             error!("Failed to add available descriptor {}: {}", head_index, err);

src/vmm/src/devices/virtio/vsock/csm/connection.rs

@@ -232,7 +232,10 @@ where
                     } else {
                         // On a successful data read, we fill in the packet with the RW op, and
                         // length of the read data.
-                        pkt.set_op(uapi::VSOCK_OP_RW).set_len(read_cnt as u32);
+                        // Safe to unwrap because read_cnt is no more than max_len, which is bounded
+                        // by self.peer_avail_credit(), a u32 internally.
+                        pkt.set_op(uapi::VSOCK_OP_RW)
+                            .set_len(u32::try_from(read_cnt).unwrap());
                         METRICS.vsock.rx_bytes_count.add(read_cnt as u64);
                     }
                     self.rx_cnt += Wrapping(pkt.len());

src/vmm/src/dumbo/pdu/ipv4.rs

@@ -239,7 +239,8 @@ impl<'a, T: NetworkBytes + Debug> IPv4Packet<'a, T> {
             sum = (sum & 0xffff) + (sum >> 16);
         }
 
-        !(sum as u16)
+        // Safe to unwrap due to the while loop.
+        !u16::try_from(sum).unwrap()
     }
 
     /// Computes and returns the packet header checksum.

src/vmm/src/dumbo/pdu/mod.rs

@@ -105,7 +105,8 @@ fn compute_checksum<T: NetworkBytes + Debug>(
         sum = (sum & 0xffff) + (sum >> 16);
     }
 
-    let mut csum = !(sum as u16);
+    // Safe to unwrap due to the while loop above
+    let mut csum = !u16::try_from(sum).unwrap();
     // If a UDP packet checksum is 0, an all ones value is transmitted
     if protocol == ChecksumProto::Udp && csum == 0x0 {
         csum = !csum;

src/vmm/src/dumbo/tcp/connection.rs

@@ -348,11 +348,7 @@ impl Connection {
     fn local_rwnd(&self) -> u16 {
         let rwnd = (self.local_rwnd_edge - self.ack_to_send).0;
 
-        if rwnd > u32::from(u16::max_value()) {
-            u16::max_value()
-        } else {
-            rwnd as u16
-        }
+        u16::try_from(rwnd).unwrap_or(u16::max_value())
     }
 
     // Will actually become meaningful when/if we implement window scaling.

src/vmm/src/io_uring/mod.rs

@@ -282,7 +282,7 @@ impl IoUring {
         .map_err(IoUringError::RegisterFile)?;
 
         // Safe to truncate since files.len() < IORING_MAX_FIXED_FILES
-        self.registered_fds_count += files.len() as u32;
+        self.registered_fds_count += u32::try_from(files.len()).unwrap();
         Ok(())
     }