1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 //! Rust entry point.
16 
17 use crate::{
18     bionic, console, heap, hyp, logger,
19     memory::{page_4kb_of, SIZE_16KB, SIZE_4KB},
20     power::{reboot, shutdown},
21     rand,
22 };
23 use core::mem::size_of;
24 use static_assertions::const_assert_eq;
25 
try_console_init() -> Result<(), hyp::Error>26 fn try_console_init() -> Result<(), hyp::Error> {
27     console::init();
28 
29     if let Some(mmio_guard) = hyp::get_mmio_guard() {
30         mmio_guard.enroll()?;
31 
32         // TODO(ptosi): Use MmioSharer::share() to properly track this MMIO_GUARD_MAP.
33         //
34         // The following call shares the UART but also anything else present in 0..granule.
35         //
36         // For 4KiB, that's only the UARTs. For 16KiB, it also covers the RTC and watchdog but, as
37         // neither is used by vmbase clients (and as both are outside of the UART page), they
38         // will never have valid stage-1 mappings to those devices. As a result, this
39         // MMIO_GUARD_MAP isn't affected by the granule size in any visible way. Larger granule
40         // sizes will need to be checked separately, if needed.
41         assert!({
42             let granule = mmio_guard.granule()?;
43             granule == SIZE_4KB || granule == SIZE_16KB
44         });
45         // Validate the assumption above by ensuring that the UART is not moved to another page:
46         const_assert_eq!(page_4kb_of(console::BASE_ADDRESS), 0);
47         mmio_guard.map(console::BASE_ADDRESS)?;
48     }
49 
50     Ok(())
51 }
52 
53 /// This is the entry point to the Rust code, called from the binary entry point in `entry.S`.
54 #[no_mangle]
rust_entry(x0: u64, x1: u64, x2: u64, x3: u64) -> !55 extern "C" fn rust_entry(x0: u64, x1: u64, x2: u64, x3: u64) -> ! {
56     // SAFETY: Only called once, from here, and inaccessible to client code.
57     unsafe { heap::init() };
58 
59     if try_console_init().is_err() {
60         // Don't panic (or log) here to avoid accessing the console.
61         reboot()
62     }
63 
64     logger::init().expect("Failed to initialize the logger");
65     // We initialize the logger to Off (like the log crate) and clients should log::set_max_level.
66 
67     const SIZE_OF_STACK_GUARD: usize = size_of::<u64>();
68     let mut stack_guard = [0u8; SIZE_OF_STACK_GUARD];
69     // We keep a null byte at the top of the stack guard to act as a string terminator.
70     let random_guard = &mut stack_guard[..(SIZE_OF_STACK_GUARD - 1)];
71 
72     if let Err(e) = rand::init() {
73         panic!("Failed to initialize a source of entropy: {e}");
74     }
75 
76     if let Err(e) = rand::fill_with_entropy(random_guard) {
77         panic!("Failed to get stack canary entropy: {e}");
78     }
79 
80     bionic::__get_tls().stack_guard = u64::from_ne_bytes(stack_guard);
81 
82     // Note: If rust_entry ever returned (which it shouldn't by being -> !), the compiler-injected
83     // stack guard comparison would detect a mismatch and call __stack_chk_fail.
84 
85     // SAFETY: `main` is provided by the application using the `main!` macro, and we make sure it
86     // has the right type.
87     unsafe {
88         main(x0, x1, x2, x3);
89     }
90     shutdown();
91 }
92 
93 extern "Rust" {
94     /// Main function provided by the application using the `main!` macro.
main(arg0: u64, arg1: u64, arg2: u64, arg3: u64)95     fn main(arg0: u64, arg1: u64, arg2: u64, arg3: u64);
96 }
97 
98 /// Marks the main function of the binary.
99 ///
100 /// Once main is entered, it can assume that:
101 /// - The panic_handler has been configured and panic!() and friends are available;
102 /// - The global_allocator has been configured and heap memory is available;
103 /// - The logger has been configured and the log::{info, warn, error, ...} macros are available.
104 ///
105 /// Example:
106 ///
107 /// ```rust
108 /// use vmbase::main;
109 /// use log::{info, LevelFilter};
110 ///
111 /// main!(my_main);
112 ///
113 /// fn my_main() {
114 ///     log::set_max_level(LevelFilter::Info);
115 ///     info!("Hello world");
116 /// }
117 /// ```
118 #[macro_export]
119 macro_rules! main {
120     ($name:path) => {
121         // Export a symbol with a name matching the extern declaration above.
122         #[export_name = "main"]
123         fn __main(arg0: u64, arg1: u64, arg2: u64, arg3: u64) {
124             // Ensure that the main function provided by the application has the correct type.
125             $name(arg0, arg1, arg2, arg3)
126         }
127     };
128 }
129