Unwraps bounded by device spec limitations

In this commit, I changed several places that refer to memory addresses
that we generate and that are bounded by limitations of the system to
use explicit unwraps.

Signed-off-by: Jonathan Browne <[email protected]>

Author: JBYoshi

src/vmm/src/arch/x86_64/mod.rs

@@ -66,12 +66,12 @@ pub const MMIO_MEM_SIZE: u64 = MEM_32BIT_GAP_SIZE;
 pub fn arch_memory_regions(size: usize) -> Vec<(GuestAddress, usize)> {
     // It's safe to cast MMIO_MEM_START to usize because it fits in a u32 variable
     // (It points to an address in the 32 bit space).
-    match size.checked_sub(MMIO_MEM_START as usize) {
+    match size.checked_sub(usize::try_from(MMIO_MEM_START).unwrap()) {
         // case1: guest memory fits before the gap
         None | Some(0) => vec![(GuestAddress(0), size)],
         // case2: guest memory extends beyond the gap
         Some(remaining) => vec![
-            (GuestAddress(0), MMIO_MEM_START as usize),
+            (GuestAddress(0), usize::try_from(MMIO_MEM_START).unwrap()),
             (GuestAddress(FIRST_ADDR_PAST_32BITS), remaining),
         ],
     }
@@ -133,12 +133,12 @@ pub fn configure_system(
     params.hdr.type_of_loader = KERNEL_LOADER_OTHER;
     params.hdr.boot_flag = KERNEL_BOOT_FLAG_MAGIC;
     params.hdr.header = KERNEL_HDR_MAGIC;
-    params.hdr.cmd_line_ptr = cmdline_addr.raw_value() as u32;
-    params.hdr.cmdline_size = cmdline_size as u32;
+    params.hdr.cmd_line_ptr = u32::try_from(cmdline_addr.raw_value()).unwrap();
+    params.hdr.cmdline_size = u32::try_from(cmdline_size).unwrap();
     params.hdr.kernel_alignment = KERNEL_MIN_ALIGNMENT_BYTES;
     if let Some(initrd_config) = initrd {
-        params.hdr.ramdisk_image = initrd_config.address.raw_value() as u32;
-        params.hdr.ramdisk_size = initrd_config.size as u32;
+        params.hdr.ramdisk_image = u32::try_from(initrd_config.address.raw_value()).unwrap();
+        params.hdr.ramdisk_size = u32::try_from(initrd_config.size).unwrap();
     }
 
     add_e820_entry(&mut params, 0, EBDA_START, E820_RAM)?;

src/vmm/src/arch/x86_64/mptable.rs

@@ -140,7 +140,7 @@ pub fn setup_mptable(mem: &GuestMemoryMmap, num_cpus: u8) -> Result<(), MptableE
         let size = mem::size_of::<mpspec::mpf_intel>() as u64;
         let mut mpf_intel = mpspec::mpf_intel {
             signature: SMP_MAGIC_IDENT,
-            physptr: (base_mp.raw_value() + size) as u32,
+            physptr: u32::try_from(base_mp.raw_value() + size).unwrap(),
             length: 1,
             specification: 4,
             ..mpspec::mpf_intel::default()
@@ -263,7 +263,10 @@ pub fn setup_mptable(mem: &GuestMemoryMmap, num_cpus: u8) -> Result<(), MptableE
             signature: MPC_SIGNATURE,
             // it's safe to use unchecked_offset_from because
             // table_end > table_base
-            length: table_end.unchecked_offset_from(table_base) as u16,
+            length: table_end
+                .unchecked_offset_from(table_base)
+                .try_into()
+                .unwrap(),
             spec: MPC_SPEC,
             oem: MPC_OEM,
             productid: MPC_PRODUCT_ID,

src/vmm/src/device_manager/mmio.rs

@@ -150,7 +150,7 @@ impl MMIODeviceManager {
                 let io_addr = IoEventAddress::Mmio(
                     device_info.addr + u64::from(crate::devices::virtio::NOTIFY_REG_OFFSET),
                 );
-                vm.register_ioevent(queue_evt, &io_addr, i as u32)
+                vm.register_ioevent(queue_evt, &io_addr, u32::try_from(i).unwrap())
                     .map_err(MmioError::RegisterIoEvent)?;
             }
             vm.register_irqfd(locked_device.interrupt_evt(), device_info.irqs[0])

src/vmm/src/vstate/vm.rs

@@ -263,7 +263,7 @@ impl Vm {
             .enumerate()
             .try_for_each(|(index, region)| {
                 let memory_region = kvm_userspace_memory_region {
-                    slot: index as u32,
+                    slot: u32::try_from(index).unwrap(),
                     guest_phys_addr: region.start_addr().raw_value(),
                     memory_size: region.len(),
                     // It's safe to unwrap because the guest address is valid.