virtio: skip redundant memory check

[ihciah]

Changes

Remove redundant memory check for DescriptorChain::new.

Reason

Since we already validated the queue layout and desc index, there's no need to check it again.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• If a specific issue led to this PR, this PR closes the issue.
• The description of changes is clear and encompassing.
• Any required documentation changes (code and docs) are included in this
  PR.
• API changes follow the Runbook for Firecracker API changes.
• User-facing changes are mentioned in CHANGELOG.md.
• All added/changed functionality is tested.
• New TODOs link to an issue.
• Commits meet
  contribution quality standards.

---

• This functionality cannot be added in rust-vmm.

[roypat]

You're right, this check is superfluous and can be omitted without marking the function as unsafe. The same range checks on guest memory are also performed by mem.read_obj a few lines down, and as long as the caller validated index to be less than queue_size (happens in DescriptorChain::has_next), and that the in-memory layout of the virtio queues is valid (happens in Queue::is_valid), we are even guaranteed to read from inside the virtio queue structure. However, reading from inside the queue structure is just a functional requirement, not a safety one in Rust's sense.

I think we should still add a doc comment to the function that notes this additional requirement (e.g. callers need to make sure that index and queue layout are valid). All current callers do indeed guarantee this, so no further code changes are needed.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.00%. Comparing base (b9f4c6c) to head (dca8801).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4723      +/-   ##
==========================================
+ Coverage   81.99%   82.00%   +0.01%     
==========================================
  Files         254      254              
  Lines       31193    31195       +2     
==========================================
+ Hits        25576    25581       +5     
+ Misses       5617     5614       -3     

Flag	Coverage Δ
5.10-c5n.metal	82.01% <100.00%> (+0.01%)	⬆️
5.10-m5n.metal	82.00% <100.00%> (+0.01%)	⬆️
5.10-m6a.metal	81.30% <100.00%> (+<0.01%)	⬆️
5.10-m6g.metal	79.05% <100.00%> (+0.01%)	⬆️
5.10-m6i.metal	82.00% <100.00%> (+0.01%)	⬆️
5.10-m7g.metal	79.05% <100.00%> (+0.01%)	⬆️
6.1-c5n.metal	82.01% <100.00%> (+0.01%)	⬆️
6.1-m5n.metal	82.00% <100.00%> (+0.01%)	⬆️
6.1-m6a.metal	81.31% <100.00%> (+0.01%)	⬆️
6.1-m6g.metal	79.05% <100.00%> (+0.01%)	⬆️
6.1-m6i.metal	82.00% <100.00%> (+0.01%)	⬆️
6.1-m7g.metal	79.05% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ShadowCurse]

Good change. Just couple of things to fix:

• Add body to the commit. Smth like: Remove redundant memory check in descriptor chain creation.
• Run cargo fmt or just manually fix: https://buildkite.com/firecracker/firecracker-pr/builds/10597#0191367a-6c71-4977-90f5-3df557e5a8a4/62-194.