Add a u64_to_usize function for safe conversions

JBYoshi · JonathanWoollett-Light · commit ff92a9736ce2 · 2023-10-09T18:31:31.000+01:00
Clippy warns about conversions from u64 to usize types because they may
break on 32-bit systems. However, Firecracker only supports 64-bit
systems, so they're safe in our case. To minimize the number of places
we need to suppress the Clippy warning, I've extracted those to a single
function.

Signed-off-by: Jonathan Browne &lt;12983479+JBYoshi@users.noreply.github.com&gt;
diff --git a/src/rebase-snap/src/main.rs b/src/rebase-snap/src/main.rs
@@ -8,6 +8,7 @@ use std::os::unix::io::AsRawFd;
 
 use utils::arg_parser::{ArgParser, Argument, Arguments, Error as ArgError};
 use utils::seek_hole::SeekHole;
+use utils::u64_to_usize;
 
 const REBASE_SNAP_VERSION: &str = env!("CARGO_PKG_VERSION");
 const BASE_FILE: &str = "base-file";
@@ -101,7 +102,7 @@ fn rebase(base_file: &mut File, diff_file: &mut File) -> Result<(), FileError> {
                     base_file.as_raw_fd(),
                     diff_file.as_raw_fd(),
                     (&mut cursor as *mut u64).cast::<i64>(),
-                    block_end.saturating_sub(cursor) as usize,
+                    u64_to_usize(block_end.saturating_sub(cursor)),
                 )
             };
             if num_transferred_bytes < 0 {
diff --git a/src/snapshot-editor/src/edit_memory.rs b/src/snapshot-editor/src/edit_memory.rs
@@ -8,6 +8,7 @@ use std::path::PathBuf;
 
 use clap::Subcommand;
 use fc_utils::seek_hole::SeekHole;
+use fc_utils::u64_to_usize;
 
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 pub enum EditMemoryError {
@@ -89,7 +90,7 @@ fn rebase(memory_path: PathBuf, diff_path: PathBuf) -> Result<(), EditMemoryErro
                     base_file.as_raw_fd(),
                     diff_file.as_raw_fd(),
                     (&mut cursor as *mut u64).cast::<i64>(),
-                    block_end.saturating_sub(cursor) as usize,
+                    u64_to_usize(block_end.saturating_sub(cursor)),
                 )
             };
             if num_transferred_bytes < 0 {
diff --git a/src/snapshot-editor/src/utils.rs b/src/snapshot-editor/src/utils.rs
@@ -4,6 +4,7 @@
 use std::fs::{File, OpenOptions};
 use std::path::PathBuf;
 
+use fc_utils::u64_to_usize;
 use snapshot::Snapshot;
 use vmm::persist::MicrovmState;
 use vmm::version_map::VERSION_MAP;
@@ -29,7 +30,7 @@ pub fn open_vmstate(snapshot_path: &PathBuf) -> Result<(MicrovmState, u16), Util
     let version_map = VERSION_MAP.clone();
     let mut snapshot_reader = File::open(snapshot_path).map_err(UtilsError::VmStateFileOpen)?;
     let metadata = std::fs::metadata(snapshot_path).map_err(UtilsError::VmStateFileMeta)?;
-    let snapshot_len = metadata.len() as usize;
+    let snapshot_len = u64_to_usize(metadata.len());
     Snapshot::load(&mut snapshot_reader, snapshot_len, version_map).map_err(UtilsError::VmStateLoad)
 }
 
diff --git a/src/utils/src/lib.rs b/src/utils/src/lib.rs
@@ -31,3 +31,12 @@ pub fn get_page_size() -> Result<usize, errno::Error> {
         ps => Ok(usize::try_from(ps).unwrap()),
     }
 }
+
+/// Safely converts a u64 value to a usize value.
+/// This bypasses the Clippy lint check because we only support 64-bit platforms.
+#[cfg(target_pointer_width = "64")]
+#[inline]
+#[allow(clippy::cast_possible_truncation)]
+pub const fn u64_to_usize(num: u64) -> usize {
+    num as usize
+}
diff --git a/src/utils/src/vm_memory.rs b/src/utils/src/vm_memory.rs
@@ -18,6 +18,8 @@ pub use vm_memory::{
     VolatileMemory, VolatileMemoryError, VolatileSlice,
 };
 
+use crate::u64_to_usize;
+
 pub type GuestMemoryMmap = vm_memory::GuestMemoryMmap<Option<AtomicBitmap>>;
 pub type GuestRegionMmap = vm_memory::GuestRegionMmap<Option<AtomicBitmap>>;
 pub type GuestMmapRegion = vm_memory::MmapRegion<Option<AtomicBitmap>>;
@@ -136,7 +138,7 @@ pub fn create_guest_memory(
 pub fn mark_dirty_mem(mem: &GuestMemoryMmap, addr: GuestAddress, len: usize) {
     let _ = mem.try_access(len, addr, |_total, count, caddr, region| {
         if let Some(bitmap) = region.bitmap() {
-            bitmap.mark_dirty(caddr.0 as usize, count);
+            bitmap.mark_dirty(u64_to_usize(caddr.0), count);
         }
         Ok(count)
     });
@@ -692,7 +694,7 @@ mod tests {
                     *len,
                     GuestAddress(*addr as u64),
                     |_total, count, caddr, region| {
-                        let offset = caddr.0 as usize;
+                        let offset = usize::try_from(caddr.0).unwrap();
                         let bitmap = region.bitmap().as_ref().unwrap();
                         for i in offset..offset + count {
                             assert_eq!(bitmap.dirty_at(i), *dirty);
diff --git a/src/vmm/src/arch/x86_64/mod.rs b/src/vmm/src/arch/x86_64/mod.rs
@@ -21,6 +21,7 @@ pub mod regs;
 use linux_loader::configurator::linux::LinuxBootConfigurator;
 use linux_loader::configurator::{BootConfigurator, BootParams};
 use linux_loader::loader::bootparam::boot_params;
+use utils::u64_to_usize;
 use utils::vm_memory::{Address, GuestAddress, GuestMemory, GuestMemoryMmap, GuestMemoryRegion};
 
 use crate::arch::InitrdConfig;
@@ -89,8 +90,7 @@ pub fn initrd_load_addr(
     let first_region = guest_mem
         .find_region(GuestAddress::new(0))
         .ok_or(ConfigurationError::InitrdAddress)?;
-    // It's safe to cast to usize because the size of a region can't be greater than usize.
-    let lowmem_size = first_region.len() as usize;
+    let lowmem_size = u64_to_usize(first_region.len());
 
     if lowmem_size < initrd_size {
         return Err(ConfigurationError::InitrdAddress);
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -22,6 +22,7 @@ use snapshot::Persist;
 use userfaultfd::Uffd;
 use utils::eventfd::EventFd;
 use utils::time::TimestampUs;
+use utils::u64_to_usize;
 use utils::vm_memory::{GuestAddress, GuestMemory, GuestMemoryMmap, ReadVolatile};
 #[cfg(target_arch = "aarch64")]
 use vm_superio::Rtc;
@@ -491,7 +492,7 @@ pub fn build_microvm_from_snapshot(
 
     vm_resources.update_vm_config(&MachineConfigUpdate {
         vcpu_count: Some(vcpu_count),
-        mem_size_mib: Some(microvm_state.vm_info.mem_size_mib as usize),
+        mem_size_mib: Some(u64_to_usize(microvm_state.vm_info.mem_size_mib)),
         smt: Some(microvm_state.vm_info.smt),
         cpu_template: Some(microvm_state.vm_info.cpu_template),
         track_dirty_pages: Some(track_dirty_pages),
@@ -626,7 +627,7 @@ where
                 "Initrd image seek returned a size of zero",
             )))
         }
-        Ok(s) => size = s as usize,
+        Ok(s) => size = u64_to_usize(s),
     };
     // Go back to the image start
     image.seek(SeekFrom::Start(0)).map_err(InitrdRead)?;
diff --git a/src/vmm/src/devices/virtio/balloon/device.rs b/src/vmm/src/devices/virtio/balloon/device.rs
@@ -11,6 +11,7 @@ use log::error;
 use serde::Serialize;
 use timerfd::{ClockId, SetTimeFlags, TimerFd, TimerState};
 use utils::eventfd::EventFd;
+use utils::u64_to_usize;
 use utils::vm_memory::{Address, ByteValued, Bytes, GuestAddress, GuestMemoryMmap};
 use virtio_gen::virtio_blk::VIRTIO_F_VERSION_1;
 
@@ -600,7 +601,7 @@ impl VirtioDevice for Balloon {
         if let Some(end) = offset.checked_add(data.len() as u64) {
             // This write can't fail, offset and end are checked against config_len.
             data.write_all(
-                &config_space_bytes[offset as usize..cmp::min(end, config_len) as usize],
+                &config_space_bytes[u64_to_usize(offset)..u64_to_usize(cmp::min(end, config_len))],
             )
             .unwrap();
         }
diff --git a/src/vmm/src/devices/virtio/balloon/util.rs b/src/vmm/src/devices/virtio/balloon/util.rs
@@ -3,6 +3,7 @@
 
 use std::io;
 
+use utils::u64_to_usize;
 use utils::vm_memory::{GuestAddress, GuestMemory, GuestMemoryMmap, GuestMemoryRegion};
 
 use super::{RemoveRegionError, MAX_PAGE_COMPACT_BUFFER};
@@ -88,7 +89,7 @@ pub(crate) fn remove_range(
             let ret = unsafe {
                 libc::mmap(
                     phys_address.cast(),
-                    range_len as usize,
+                    u64_to_usize(range_len),
                     libc::PROT_READ | libc::PROT_WRITE,
                     libc::MAP_FIXED | libc::MAP_ANONYMOUS | libc::MAP_PRIVATE,
                     -1,
@@ -103,7 +104,7 @@ pub(crate) fn remove_range(
         // Madvise the region in order to mark it as not used.
         // SAFETY: The address and length are known to be valid.
         let ret = unsafe {
-            let range_len = range_len as usize;
+            let range_len = u64_to_usize(range_len);
             libc::madvise(phys_address.cast(), range_len, libc::MADV_DONTNEED)
         };
         if ret < 0 {
diff --git a/src/vmm/src/devices/virtio/block/device.rs b/src/vmm/src/devices/virtio/block/device.rs
@@ -18,6 +18,7 @@ use block_io::FileEngine;
 use serde::{Deserialize, Serialize};
 use utils::eventfd::EventFd;
 use utils::kernel_version::{min_kernel_version_for_io_uring, KernelVersion};
+use utils::u64_to_usize;
 use utils::vm_memory::GuestMemoryMmap;
 use virtio_gen::virtio_blk::{
     VIRTIO_BLK_F_FLUSH, VIRTIO_BLK_F_RO, VIRTIO_BLK_ID_BYTES, VIRTIO_F_VERSION_1,
@@ -583,8 +584,10 @@ impl VirtioDevice for Block {
         }
         if let Some(end) = offset.checked_add(data.len() as u64) {
             // This write can't fail, offset and end are checked against config_len.
-            data.write_all(&self.config_space[offset as usize..cmp::min(end, config_len) as usize])
-                .unwrap();
+            data.write_all(
+                &self.config_space[u64_to_usize(offset)..u64_to_usize(cmp::min(end, config_len))],
+            )
+            .unwrap();
         }
     }
 
diff --git a/src/vmm/src/devices/virtio/net/device.rs b/src/vmm/src/devices/virtio/net/device.rs
@@ -15,6 +15,7 @@ use libc::EAGAIN;
 use log::{error, warn};
 use utils::eventfd::EventFd;
 use utils::net::mac::MacAddr;
+use utils::u64_to_usize;
 use utils::vm_memory::{ByteValued, Bytes, GuestMemoryError, GuestMemoryMmap};
 use virtio_gen::virtio_net::{
     virtio_net_hdr_v1, VIRTIO_F_VERSION_1, VIRTIO_NET_F_CSUM, VIRTIO_NET_F_GUEST_CSUM,
@@ -802,7 +803,7 @@ impl VirtioDevice for Net {
         if let Some(end) = offset.checked_add(data.len() as u64) {
             // This write can't fail, offset and end are checked against config_len.
             data.write_all(
-                &config_space_bytes[offset as usize..cmp::min(end, config_len) as usize],
+                &config_space_bytes[u64_to_usize(offset)..u64_to_usize(cmp::min(end, config_len))],
             )
             .unwrap();
         }
diff --git a/src/vmm/src/lib.rs b/src/vmm/src/lib.rs
@@ -121,6 +121,7 @@ use userfaultfd::Uffd;
 use utils::epoll::EventSet;
 use utils::eventfd::EventFd;
 use utils::terminal::Terminal;
+use utils::u64_to_usize;
 use utils::vm_memory::{GuestMemory, GuestMemoryMmap, GuestMemoryRegion};
 use vstate::vcpu::{self, KvmVcpuConfigureError, StartThreadedError, VcpuSendEventError};
 
@@ -602,7 +603,7 @@ impl Vmm {
                 let bitmap_region = self
                     .vm
                     .fd()
-                    .get_dirty_log(slot as u32, region.len() as usize)?;
+                    .get_dirty_log(u32::try_from(slot).unwrap(), u64_to_usize(region.len()))?;
                 bitmap.insert(slot, bitmap_region);
                 Ok(())
             })
diff --git a/src/vmm/src/memory_snapshot.rs b/src/vmm/src/memory_snapshot.rs
@@ -10,7 +10,7 @@ use utils::vm_memory::{
     Bitmap, FileOffset, GuestAddress, GuestMemory, GuestMemoryError, GuestMemoryMmap,
     GuestMemoryRegion, MemoryRegionAddress, WriteVolatile,
 };
-use utils::{errno, get_page_size};
+use utils::{errno, get_page_size, u64_to_usize};
 use versionize::{VersionMap, Versionize, VersionizeResult};
 use versionize_derive::Versionize;
 
@@ -85,7 +85,7 @@ impl SnapshotMemory for GuestMemoryMmap {
         self.iter().for_each(|region| {
             guest_memory_state.regions.push(GuestMemoryRegionState {
                 base_address: region.start_addr().0,
-                size: region.len() as usize,
+                size: u64_to_usize(region.len()),
                 offset,
             });
 
diff --git a/src/vmm/src/persist.rs b/src/vmm/src/persist.rs
@@ -17,6 +17,7 @@ use serde::Serialize;
 use snapshot::Snapshot;
 use userfaultfd::{FeatureFlags, Uffd, UffdBuilder};
 use utils::sock_ctrl_msg::ScmSocket;
+use utils::u64_to_usize;
 use utils::vm_memory::{GuestMemory, GuestMemoryMmap};
 use versionize::{VersionMap, Versionize, VersionizeResult};
 use versionize_derive::Versionize;
@@ -545,7 +546,7 @@ fn snapshot_state_from_file(
     let mut snapshot_reader =
         File::open(snapshot_path).map_err(SnapshotStateFromFileError::Open)?;
     let metadata = std::fs::metadata(snapshot_path).map_err(SnapshotStateFromFileError::Meta)?;
-    let snapshot_len = metadata.len() as usize;
+    let snapshot_len = u64_to_usize(metadata.len());
     let (state, _) = Snapshot::load(&mut snapshot_reader, snapshot_len, version_map)
         .map_err(SnapshotStateFromFileError::Load)?;
     Ok(state)
diff --git a/src/vmm/src/signal_handler.rs b/src/vmm/src/signal_handler.rs
@@ -68,7 +68,6 @@ fn log_sigsys_err(si_code: c_int, info: *mut siginfo_t) {
     // SAFETY: Other signals which might do async unsafe things incompatible with the rest of this
     // function are blocked due to the sa_mask used when registering the signal handler.
     let syscall = unsafe { *(info as *const i32).offset(SI_OFF_SYSCALL) };
-    let syscall = usize::try_from(syscall).unwrap();
     error!(
         "Shutting down VM after intercepting a bad syscall ({}).",
         syscall
diff --git a/src/vmm/src/vstate/vm.rs b/src/vmm/src/vstate/vm.rs
@@ -16,6 +16,8 @@ use kvm_bindings::{
 };
 use kvm_bindings::{kvm_userspace_memory_region, KVM_API_VERSION, KVM_MEM_LOG_DIRTY_PAGES};
 use kvm_ioctls::{Kvm, VmFd};
+#[cfg(target_arch = "x86_64")]
+use utils::u64_to_usize;
 use utils::vm_memory::{Address, GuestMemory, GuestMemoryMmap, GuestMemoryRegion};
 use versionize::{VersionMap, Versionize, VersionizeResult};
 use versionize_derive::Versionize;
@@ -241,7 +243,7 @@ impl Vm {
         self.set_kvm_memory_regions(guest_mem, track_dirty_pages)?;
         #[cfg(target_arch = "x86_64")]
         self.fd
-            .set_tss_address(crate::arch::x86_64::layout::KVM_TSS_ADDRESS as usize)
+            .set_tss_address(u64_to_usize(crate::arch::x86_64::layout::KVM_TSS_ADDRESS))
             .map_err(VmError::VmSetup)?;
 
         Ok(())

Original file line number	Diff line number	Diff line change
`@@ -31,3 +31,12 @@ pub fn get_page_size() -> Result<usize, errno::Error> {`
`31`	`31`	`ps => Ok(usize::try_from(ps).unwrap()),`
`32`	`32`	`}`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+/// Safely converts a u64 value to a usize value.`
	`36`	`+/// This bypasses the Clippy lint check because we only support 64-bit platforms.`
	`37`	`+#[cfg(target_pointer_width = "64")]`
	`38`	`+#[inline]`
	`39`	`+#[allow(clippy::cast_possible_truncation)]`
	`40`	`+pub const fn u64_to_usize(num: u64) -> usize {`
	`41`	`+ num as usize`
	`42`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ use block_io::FileEngine;`
`18`	`18`	`use serde::{Deserialize, Serialize};`
`19`	`19`	`use utils::eventfd::EventFd;`
`20`	`20`	`use utils::kernel_version::{min_kernel_version_for_io_uring, KernelVersion};`
	`21`	`+use utils::u64_to_usize;`
`21`	`22`	`use utils::vm_memory::GuestMemoryMmap;`
`22`	`23`	`use virtio_gen::virtio_blk::{`
`23`	`24`	`VIRTIO_BLK_F_FLUSH, VIRTIO_BLK_F_RO, VIRTIO_BLK_ID_BYTES, VIRTIO_F_VERSION_1,`
`@@ -583,8 +584,10 @@ impl VirtioDevice for Block {`
`583`	`584`	`}`
`584`	`585`	`if let Some(end) = offset.checked_add(data.len() as u64) {`
`585`	`586`	`// This write can't fail, offset and end are checked against config_len.`
`586`		`- data.write_all(&self.config_space[offset as usize..cmp::min(end, config_len) as usize])`
`587`		`- .unwrap();`
	`587`	`+ data.write_all(`
	`588`	`+ &self.config_space[u64_to_usize(offset)..u64_to_usize(cmp::min(end, config_len))],`
	`589`	`+ )`
	`590`	`+ .unwrap();`
`588`	`591`	`}`
`589`	`592`	`}`
`590`	`593`