ARM64: Add bounds checks on device reads/writes

JBYoshi · JonathanWoollett-Light · commit fd0a564e77a3 · 2023-10-09T18:31:31.000+01:00
Errors here appear to just emit warnings, so I added a check here to
ensure the offset is in bounds.

I've done this in a separate commit because my dev setup doesn't use
ARM. In case something ARM-specific breaks in CI, I'd like to be able to
keep those changes in their own commits so I can debug more easily.

Signed-off-by: Jonathan Browne &lt;12983479+JBYoshi@users.noreply.github.com&gt;
diff --git a/src/vmm/src/devices/legacy/rtc_pl031.rs b/src/vmm/src/devices/legacy/rtc_pl031.rs
@@ -26,27 +26,29 @@ impl std::ops::DerefMut for RTCDevice {
 // Implements Bus functions for AMBA PL031 RTC device
 impl RTCDevice {
     pub fn bus_read(&mut self, offset: u64, data: &mut [u8]) {
-        if data.len() == 4 {
+        if let (Ok(offset), 4) = (u16::try_from(offset), data.len()) {
             // read() function from RTC implementation expects a slice of
             // len 4, and we just validated that this is the data lengt
-            self.read(offset as u16, data.try_into().unwrap())
+            self.read(offset, data.try_into().unwrap())
         } else {
             warn!(
-                "Found invalid data length while trying to read from the RTC: {}",
+                "Found invalid data offset/length while trying to read from the RTC: {}, {}",
+                offset,
                 data.len()
             );
             METRICS.rtc.error_count.inc();
         }
     }
 
     pub fn bus_write(&mut self, offset: u64, data: &[u8]) {
-        if data.len() == 4 {
+        if let (Ok(offset), 4) = (u16::try_from(offset), data.len()) {
             // write() function from RTC implementation expects a slice of
             // len 4, and we just validated that this is the data length
-            self.write(offset as u16, data.try_into().unwrap())
+            self.write(offset, data.try_into().unwrap())
         } else {
             warn!(
-                "Found invalid data length while trying to write to the RTC: {}",
+                "Found invalid data offset/length while trying to write to the RTC: {}, {}",
+                offset,
                 data.len()
             );
             METRICS.rtc.error_count.inc();
