msix: relax assertion on data accesses from guest

It is true that writes/reads of an MSI-X table are either 32 or 64 bits
long. However, we do check for this invariant in the `match` expression
just after the assertion. If the invariant is not held (the guest tried
to read/write with an invalid length) we just print an error and
continue. This branch of the `match` block is never reached due to the
assertion itself.

To simplify things, just remove the assertion and let the `match` block
logic handle invalid memory accesses. This should also help us better
fuzz the bus accesses.

Do add a check that the data access is up to 8 bytes long. These are
all MMIO or Port IO accesses and they can't be bigger than 8 bytes. So
this assertion should never fail in production (unless there's a KVM
bug or we try to run Firecracker in some architecture that allows more
than 64bit memory accesses).

Signed-off-by: Babis Chalios <[email protected]>

Author: bchalios

src/pci/src/msix.rs

@@ -219,7 +219,7 @@ impl MsixConfig {
     }
 
     pub fn read_table(&self, offset: u64, data: &mut [u8]) {
-        assert!((data.len() == 4 || data.len() == 8));
+        assert!(data.len() <= 8);
 
         let index: usize = (offset / MSIX_TABLE_ENTRIES_MODULO) as usize;
         let modulo_offset = offset % MSIX_TABLE_ENTRIES_MODULO;
@@ -272,7 +272,7 @@ impl MsixConfig {
     }
 
     pub fn write_table(&mut self, offset: u64, data: &[u8]) {
-        assert!((data.len() == 4 || data.len() == 8));
+        assert!(data.len() <= 8);
 
         let index: usize = (offset / MSIX_TABLE_ENTRIES_MODULO) as usize;
         let modulo_offset = offset % MSIX_TABLE_ENTRIES_MODULO;
@@ -368,7 +368,7 @@ impl MsixConfig {
     }
 
     pub fn read_pba(&mut self, offset: u64, data: &mut [u8]) {
-        assert!((data.len() == 4 || data.len() == 8));
+        assert!(data.len() <= 8);
 
         let index: usize = (offset / MSIX_PBA_ENTRIES_MODULO) as usize;
         let modulo_offset = offset % MSIX_PBA_ENTRIES_MODULO;