External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-02 11:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

hypervisor: add a few safety comments

Browse Source 
Signed-off-by: Wei Liu <liuwe@microsoft.com>
This commit is contained in:
Wei Liu 2021-11-18 12:51:51 +00:00 committed by Rob Bradford
parent dd3c086a0a
commit 58d984f6b8
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hypervisor/src/kvm/mod.rs
View File

@ -238,6 +238,9 @@ impl vm::Vm for KvmVm {
irq_routing[0].nr = entries.len() as u32;
irq_routing[0].flags = 0;
// SAFETY: irq_routing initialized with entries.len() and now it is being turned into
// entries_slice with entries.len() again. It is guaranteed to be large enough to hold
// everything from entries.
unsafe {
let entries_slice: &mut [kvm_irq_routing_entry] =
irq_routing[0].entries.as_mut_slice(entries.len());
@ -302,7 +305,7 @@ impl vm::Vm for KvmVm {
region.flags = 0;
}
// Safe because guest regions are guaranteed not to overlap.
// SAFETY: Safe because guest regions are guaranteed not to overlap.
unsafe {
self.fd
.set_user_memory_region(region)
@ -320,7 +323,7 @@ impl vm::Vm for KvmVm {
// Setting the size to 0 means "remove"
region.memory_size = 0;
// Safe because guest regions are guaranteed not to overlap.
// SAFETY: Safe because guest regions are guaranteed not to overlap.
unsafe {
self.fd
.set_user_memory_region(region)
@ -434,7 +437,7 @@ impl vm::Vm for KvmVm {
userspace_addr: s.userspace_addr,
flags: KVM_MEM_LOG_DIRTY_PAGES,
};
// Safe because guest regions are guaranteed not to overlap.
// SAFETY: Safe because guest regions are guaranteed not to overlap.
unsafe {
self.fd
.set_user_memory_region(region)
@ -458,7 +461,7 @@ impl vm::Vm for KvmVm {
userspace_addr: s.userspace_addr,
flags: 0,
};
// Safe because guest regions are guaranteed not to overlap.
// SAFETY: Safe because guest regions are guaranteed not to overlap.
unsafe {
self.fd
.set_user_memory_region(region)
@ -574,6 +577,7 @@ fn tdx_command(
metadata,
data,
};
// SAFETY: FFI call. All input parameters are valid.
let ret = unsafe {
ioctl_with_val(
fd,

6
hypervisor/src/mshv/mod.rs
View File

@ -302,6 +302,7 @@ impl cpu::Vcpu for MshvVcpu {
hv_message_type_HVMSG_X64_IO_PORT_INTERCEPT => {
let info = x.to_ioport_info().unwrap();
let access_info = info.access_info;
// SAFETY: access_info is valid, otherwise we won't be here
let len = unsafe { access_info.__bindgen_anon_1.access_size() } as usize;
let is_write = info.header.intercept_access_type == 1;
let port = info.port_number;
@ -342,6 +343,7 @@ impl cpu::Vcpu for MshvVcpu {
_ => {}
}
// SAFETY: access_info is valid, otherwise we won't be here
assert!(
!(unsafe { access_info.__bindgen_anon_1.string_op() } == 1),
"String IN/OUT not supported"
@ -629,6 +631,7 @@ impl<'a> MshvEmulatorContext<'a> {
.translate_gva(gva, flags.into())
.map_err(|e| PlatformError::TranslateVirtualAddress(anyhow!(e)))?;
// SAFETY: r is valid, otherwise this function will have returned
let result_code = unsafe { r.1.__bindgen_anon_1.result_code };
match result_code {
hv_translate_gva_result_code_HV_TRANSLATE_GVA_SUCCESS => Ok(r.0),
@ -950,6 +953,9 @@ impl vm::Vm for MshvVm {
vec_with_array_field::<mshv_msi_routing, mshv_msi_routing_entry>(entries.len());
msi_routing[0].nr = entries.len() as u32;
// SAFETY: msi_routing initialized with entries.len() and now it is being turned into
// entries_slice with entries.len() again. It is guaranteed to be large enough to hold
// everything from entries.
unsafe {
let entries_slice: &mut [mshv_msi_routing_entry] =
msi_routing[0].entries.as_mut_slice(entries.len());