1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Rust entry point.
16
17 use crate::{
18 bionic, console, heap,
19 layout::{UART_ADDRESSES, UART_PAGE_ADDR},
20 logger,
21 memory::{switch_to_dynamic_page_tables, PAGE_SIZE, SIZE_16KB, SIZE_4KB},
22 power::{reboot, shutdown},
23 rand,
24 };
25 use core::mem::size_of;
26 use hypervisor_backends::{get_mmio_guard, Error};
27 use static_assertions::const_assert_eq;
28
try_console_init() -> Result<(), Error>29 fn try_console_init() -> Result<(), Error> {
30 if let Some(mmio_guard) = get_mmio_guard() {
31 mmio_guard.enroll()?;
32
33 // TODO(ptosi): Use MmioSharer::share() to properly track this MMIO_GUARD_MAP.
34 //
35 // The following call shares the UART but also anything else present in 0..granule.
36 //
37 // For 4KiB, that's only the UARTs. For 16KiB, it also covers the RTC and watchdog but, as
38 // neither is used by vmbase clients (and as both are outside of the UART page), they
39 // will never have valid stage-1 mappings to those devices. As a result, this
40 // MMIO_GUARD_MAP isn't affected by the granule size in any visible way. Larger granule
41 // sizes will need to be checked separately, if needed.
42 assert!({
43 let granule = mmio_guard.granule()?;
44 granule == SIZE_4KB || granule == SIZE_16KB
45 });
46 // Validate the assumption above by ensuring that the UART is not moved to another page:
47 const_assert_eq!(UART_PAGE_ADDR, 0);
48 mmio_guard.map(UART_PAGE_ADDR)?;
49 }
50
51 // SAFETY: UART_PAGE is mapped at stage-1 (see entry.S) and was just MMIO-guarded.
52 unsafe { console::init(&UART_ADDRESSES) };
53
54 Ok(())
55 }
56
57 /// This is the entry point to the Rust code, called from the binary entry point in `entry.S`.
58 #[no_mangle]
rust_entry(x0: u64, x1: u64, x2: u64, x3: u64) -> !59 extern "C" fn rust_entry(x0: u64, x1: u64, x2: u64, x3: u64) -> ! {
60 heap::init();
61
62 if try_console_init().is_err() {
63 // Don't panic (or log) here to avoid accessing the console.
64 reboot()
65 }
66
67 logger::init().expect("Failed to initialize the logger");
68 // We initialize the logger to Off (like the log crate) and clients should log::set_max_level.
69
70 const SIZE_OF_STACK_GUARD: usize = size_of::<u64>();
71 let mut stack_guard = [0u8; SIZE_OF_STACK_GUARD];
72 // We keep a null byte at the top of the stack guard to act as a string terminator.
73 let random_guard = &mut stack_guard[..(SIZE_OF_STACK_GUARD - 1)];
74
75 if let Err(e) = rand::init() {
76 panic!("Failed to initialize a source of entropy: {e}");
77 }
78
79 if let Err(e) = rand::fill_with_entropy(random_guard) {
80 panic!("Failed to get stack canary entropy: {e}");
81 }
82
83 bionic::__get_tls().stack_guard = u64::from_ne_bytes(stack_guard);
84
85 switch_to_dynamic_page_tables();
86
87 // Note: If rust_entry ever returned (which it shouldn't by being -> !), the compiler-injected
88 // stack guard comparison would detect a mismatch and call __stack_chk_fail.
89
90 // SAFETY: `main` is provided by the application using the `main!` macro, and we make sure it
91 // has the right type.
92 unsafe {
93 main(x0, x1, x2, x3);
94 }
95 shutdown();
96 }
97
98 extern "Rust" {
99 /// Main function provided by the application using the `main!` macro.
main(arg0: u64, arg1: u64, arg2: u64, arg3: u64)100 fn main(arg0: u64, arg1: u64, arg2: u64, arg3: u64);
101 }
102
103 /// Marks the main function of the binary.
104 ///
105 /// Once main is entered, it can assume that:
106 /// - The panic_handler has been configured and panic!() and friends are available;
107 /// - The global_allocator has been configured and heap memory is available;
108 /// - The logger has been configured and the log::{info, warn, error, ...} macros are available.
109 ///
110 /// Example:
111 ///
112 /// ```rust
113 /// use vmbase::main;
114 /// use log::{info, LevelFilter};
115 ///
116 /// main!(my_main);
117 ///
118 /// fn my_main() {
119 /// log::set_max_level(LevelFilter::Info);
120 /// info!("Hello world");
121 /// }
122 /// ```
123 #[macro_export]
124 macro_rules! main {
125 ($name:path) => {
126 // Export a symbol with a name matching the extern declaration above.
127 #[export_name = "main"]
128 fn __main(arg0: u64, arg1: u64, arg2: u64, arg3: u64) {
129 // Ensure that the main function provided by the application has the correct type.
130 $name(arg0, arg1, arg2, arg3)
131 }
132 };
133 }
134
135 /// Prepends a Linux kernel header to the generated binary image.
136 ///
137 /// See https://docs.kernel.org/arch/arm64/booting.html
138 /// ```
139 #[macro_export]
140 macro_rules! generate_image_header {
141 () => {
142 #[cfg(not(target_endian = "little"))]
143 compile_error!("Image header uses wrong endianness: bootloaders expect LE!");
144
145 core::arch::global_asm!(
146 // This section gets linked at the start of the image.
147 ".section .init.head, \"ax\"",
148 // This prevents the macro from being called more than once.
149 ".global image_header",
150 "image_header:",
151 // Linux uses a special NOP to be ELF-compatible; we're not.
152 "nop", // code0
153 "b entry", // code1
154 ".quad 0", // text_offset
155 ".quad bin_end - image_header", // image_size
156 ".quad (1 << 1)", // flags (PAGE_SIZE=4KiB)
157 ".quad 0", // res2
158 ".quad 0", // res3
159 ".quad 0", // res4
160 ".ascii \"ARM\x64\"", // magic
161 ".long 0", // res5
162 );
163 };
164 }
165
166 // If this fails, the image header flags are out-of-sync with PAGE_SIZE!
167 static_assertions::const_assert_eq!(PAGE_SIZE, SIZE_4KB);
168