[rialto][fdt] Map and validate FDT range in memory before parsing

Bug: 284462758
Test: atest rialto_test
Change-Id: I50c081ad806a59da9a3965dd6787b9a1f0c9795e
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index 44e83ee..45bda1b 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -24,6 +24,7 @@
 
 use crate::error::{Error, Result};
 use buddy_system_allocator::LockedHeap;
+use core::num::NonZeroUsize;
 use core::slice;
 use fdtpci::PciInfo;
 use hyp::get_hypervisor;
@@ -84,12 +85,6 @@
 /// * The `fdt_addr` must be a valid pointer and points to a valid `Fdt`.
 unsafe fn try_main(fdt_addr: usize) -> Result<()> {
     info!("Welcome to Rialto!");
-    // SAFETY: The caller ensures that `fdt_addr` is valid.
-    let fdt = unsafe { slice::from_raw_parts(fdt_addr as *mut u8, crosvm::FDT_MAX_SIZE) };
-    let fdt = libfdt::Fdt::from_slice(fdt)?;
-    let pci_info = PciInfo::from_fdt(fdt)?;
-    debug!("PCI: {:#x?}", pci_info);
-
     let page_table = new_page_table()?;
 
     MEMORY.lock().replace(MemoryTracker::new(
@@ -98,6 +93,18 @@
         crosvm::MMIO_RANGE,
         None, // Rialto doesn't have any payload for now.
     ));
+
+    let fdt_range = MEMORY
+        .lock()
+        .as_mut()
+        .unwrap()
+        .alloc(fdt_addr, NonZeroUsize::new(crosvm::FDT_MAX_SIZE).unwrap())?;
+    // SAFETY: The tracker validated the range to be in main memory, mapped, and not overlap.
+    let fdt = unsafe { slice::from_raw_parts(fdt_range.start as *mut u8, fdt_range.len()) };
+    let fdt = libfdt::Fdt::from_slice(fdt)?;
+    let pci_info = PciInfo::from_fdt(fdt)?;
+    debug!("PCI: {pci_info:#x?}");
+
     Ok(())
 }