Skip to content

Commit d6ea377

Browse files
JBYoshiJonathanWoollett-Light
authored andcommitted
Add try_from()/unwrap() in cases where it's safe
Some places in the code don't allow us to re-type values to let the compiler verify that those conversions are safe, particularly with length values. All of these are marked with comments justifying why they are safe. Signed-off-by: Jonathan Browne <[email protected]>
1 parent 0c20beb commit d6ea377

File tree

6 files changed

+12
-10
lines changed

6 files changed

+12
-10
lines changed

src/vmm/src/devices/virtio/net/device.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -390,7 +390,8 @@ impl Net {
390390
METRICS.net.rx_fails.inc();
391391
0
392392
} else {
393-
self.rx_bytes_read as u32
393+
// Safe to unwrap because a frame must be smaller than 2^16 bytes.
394+
u32::try_from(self.rx_bytes_read).unwrap()
394395
};
395396
queue.add_used(mem, head_index, used_len).map_err(|err| {
396397
error!("Failed to add available descriptor {}: {}", head_index, err);

src/vmm/src/devices/virtio/vsock/csm/connection.rs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,7 +232,10 @@ where
232232
} else {
233233
// On a successful data read, we fill in the packet with the RW op, and
234234
// length of the read data.
235-
pkt.set_op(uapi::VSOCK_OP_RW).set_len(read_cnt as u32);
235+
// Safe to unwrap because read_cnt is no more than max_len, which is bounded
236+
// by self.peer_avail_credit(), a u32 internally.
237+
pkt.set_op(uapi::VSOCK_OP_RW)
238+
.set_len(u32::try_from(read_cnt).unwrap());
236239
METRICS.vsock.rx_bytes_count.add(read_cnt as u64);
237240
}
238241
self.rx_cnt += Wrapping(pkt.len());

src/vmm/src/dumbo/pdu/ipv4.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -239,7 +239,8 @@ impl<'a, T: NetworkBytes + Debug> IPv4Packet<'a, T> {
239239
sum = (sum & 0xffff) + (sum >> 16);
240240
}
241241

242-
!(sum as u16)
242+
// Safe to unwrap due to the while loop.
243+
!u16::try_from(sum).unwrap()
243244
}
244245

245246
/// Computes and returns the packet header checksum.

src/vmm/src/dumbo/pdu/mod.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,8 @@ fn compute_checksum<T: NetworkBytes + Debug>(
105105
sum = (sum & 0xffff) + (sum >> 16);
106106
}
107107

108-
let mut csum = !(sum as u16);
108+
// Safe to unwrap due to the while loop above
109+
let mut csum = !u16::try_from(sum).unwrap();
109110
// If a UDP packet checksum is 0, an all ones value is transmitted
110111
if protocol == ChecksumProto::Udp && csum == 0x0 {
111112
csum = !csum;

src/vmm/src/dumbo/tcp/connection.rs

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -348,11 +348,7 @@ impl Connection {
348348
fn local_rwnd(&self) -> u16 {
349349
let rwnd = (self.local_rwnd_edge - self.ack_to_send).0;
350350

351-
if rwnd > u32::from(u16::max_value()) {
352-
u16::max_value()
353-
} else {
354-
rwnd as u16
355-
}
351+
u16::try_from(rwnd).unwrap_or(u16::max_value())
356352
}
357353

358354
// Will actually become meaningful when/if we implement window scaling.

src/vmm/src/io_uring/mod.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -282,7 +282,7 @@ impl IoUring {
282282
.map_err(IoUringError::RegisterFile)?;
283283

284284
// Safe to truncate since files.len() < IORING_MAX_FIXED_FILES
285-
self.registered_fds_count += files.len() as u32;
285+
self.registered_fds_count += u32::try_from(files.len()).unwrap();
286286
Ok(())
287287
}
288288

0 commit comments

Comments
 (0)