Add check_range() to validate guest address range

Current implementation of GuestMemory::checked_offset() validates
the GuestAddress(base + offset) is valid. By auditting invocations of
GuestMemory::checked_offset(), most callers expect that the whole range
[base, base + offset) is valid. So add a new interface check_range()
to validate the address range.

Signed-off-by: Liu Jiang <[email protected]>

Author: jiangliu

CHANGELOG.md

@@ -8,6 +8,8 @@
 ### Added
 - [[#109]](https://github.com/rust-vmm/vm-memory/pull/109): Added `build_raw` to
   `MmapRegion` which can be used to operate on externally created mappings.
+- [[#101]](https://github.com/rust-vmm/vm-memory/pull/101): Added `check_range` for
+  GuestMemory which could be used to validate a range of guest memory.
 
 ## [v0.2.0]
 

src/guest_memory.rs

@@ -515,6 +515,14 @@ pub trait GuestMemory {
         self.find_region(addr).map(|_| addr)
     }
 
+    /// Check whether the range [base, base + len) is valid.
+    fn check_range(&self, base: GuestAddress, len: usize) -> bool {
+        match self.try_access(len, base, |_, count, _, _| -> Result<usize> { Ok(count) }) {
+            Ok(count) if count == len => true,
+            _ => false,
+        }
+    }
+
     /// Returns the address plus the offset if it is present within the memory of the guest.
     fn checked_offset(&self, base: GuestAddress, offset: usize) -> Option<GuestAddress> {
         base.checked_add(offset as u64)

src/mmap.rs

@@ -1394,4 +1394,54 @@ mod tests {
         assert!(guest_mem.get_slice(GuestAddress(0x600), 0x100).is_err());
         assert!(guest_mem.get_slice(GuestAddress(0xc00), 0x100).is_err());
     }
+
+    #[test]
+    fn test_checked_offset() {
+        let start_addr1 = GuestAddress(0);
+        let start_addr2 = GuestAddress(0x800);
+        let start_addr3 = GuestAddress(0xc00);
+        let guest_mem = GuestMemoryMmap::from_ranges(&[
+            (start_addr1, 0x400),
+            (start_addr2, 0x400),
+            (start_addr3, 0x400),
+        ])
+        .unwrap();
+
+        assert_eq!(
+            guest_mem.checked_offset(start_addr1, 0x200),
+            Some(GuestAddress(0x200))
+        );
+        assert_eq!(
+            guest_mem.checked_offset(start_addr1, 0xa00),
+            Some(GuestAddress(0xa00))
+        );
+        assert_eq!(
+            guest_mem.checked_offset(start_addr2, 0x7ff),
+            Some(GuestAddress(0xfff))
+        );
+        assert_eq!(guest_mem.checked_offset(start_addr2, 0xc00), None);
+        assert_eq!(guest_mem.checked_offset(start_addr1, std::usize::MAX), None);
+    }
+
+    #[test]
+    fn test_check_range() {
+        let start_addr1 = GuestAddress(0);
+        let start_addr2 = GuestAddress(0x800);
+        let start_addr3 = GuestAddress(0xc00);
+        let guest_mem = GuestMemoryMmap::from_ranges(&[
+            (start_addr1, 0x400),
+            (start_addr2, 0x400),
+            (start_addr3, 0x400),
+        ])
+        .unwrap();
+
+        assert_eq!(guest_mem.check_range(start_addr1, 0x0), true);
+        assert_eq!(guest_mem.check_range(start_addr1, 0x200), true);
+        assert_eq!(guest_mem.check_range(start_addr1, 0xa00), false);
+        assert_eq!(guest_mem.check_range(start_addr2, 0x7ff), true);
+        assert_eq!(guest_mem.check_range(start_addr2, 0x800), true);
+        assert_eq!(guest_mem.check_range(start_addr2, 0x801), false);
+        assert_eq!(guest_mem.check_range(start_addr2, 0xc00), false);
+        assert_eq!(guest_mem.check_range(start_addr1, std::usize::MAX), false);
+    }
 }