1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Project Rialto main source file.
16
17 #![no_main]
18 #![no_std]
19
20 mod communication;
21 mod error;
22 mod exceptions;
23 mod fdt;
24
25 extern crate alloc;
26
27 use crate::communication::VsockStream;
28 use crate::error::{Error, Result};
29 use crate::fdt::{read_dice_range_from, read_is_strict_boot, read_vendor_hashtree_root_digest};
30 use alloc::boxed::Box;
31 use ciborium_io::Write;
32 use core::num::NonZeroUsize;
33 use core::slice;
34 use diced_open_dice::{bcc_handover_parse, DiceArtifacts};
35 use log::{debug, error, info};
36 use service_vm_comm::{ServiceVmRequest, VmType};
37 use service_vm_fake_chain::service_vm;
38 use service_vm_requests::{process_request, RequestContext};
39 use virtio_drivers::{
40 device::socket::{VsockAddr, VMADDR_CID_HOST},
41 transport::{pci::bus::PciRoot, DeviceType, Transport},
42 Hal,
43 };
44 use vmbase::{
45 configure_heap,
46 fdt::pci::PciInfo,
47 fdt::SwiotlbInfo,
48 generate_image_header,
49 layout::crosvm,
50 main,
51 memory::{
52 init_shared_pool, map_rodata, map_rodata_outside_main_memory, resize_available_memory,
53 SIZE_128KB,
54 },
55 power::reboot,
56 virtio::{
57 pci::{self, PciTransportIterator, VirtIOSocket},
58 HalImpl,
59 },
60 };
61
host_addr(fdt: &libfdt::Fdt) -> Result<VsockAddr>62 fn host_addr(fdt: &libfdt::Fdt) -> Result<VsockAddr> {
63 Ok(VsockAddr { cid: VMADDR_CID_HOST, port: vm_type(fdt)?.port() })
64 }
65
vm_type(fdt: &libfdt::Fdt) -> Result<VmType>66 fn vm_type(fdt: &libfdt::Fdt) -> Result<VmType> {
67 if read_is_strict_boot(fdt)? {
68 Ok(VmType::ProtectedVm)
69 } else {
70 Ok(VmType::NonProtectedVm)
71 }
72 }
73
74 /// # Safety
75 ///
76 /// Behavior is undefined if any of the following conditions are violated:
77 /// * The `fdt_addr` must be a valid pointer and points to a valid `Fdt`.
try_main(fdt_addr: usize) -> Result<()>78 unsafe fn try_main(fdt_addr: usize) -> Result<()> {
79 info!("Welcome to Rialto!");
80
81 let fdt_size = NonZeroUsize::new(crosvm::FDT_MAX_SIZE).unwrap();
82 map_rodata(fdt_addr, fdt_size)?;
83 // SAFETY: The tracker validated the range to be in main memory, mapped, and not overlap.
84 let fdt = unsafe { slice::from_raw_parts(fdt_addr as *mut u8, fdt_size.into()) };
85 // We do not need to validate the DT since it is already validated in pvmfw.
86 let fdt = libfdt::Fdt::from_slice(fdt)?;
87
88 let memory_range = fdt.first_memory_range()?;
89 resize_available_memory(&memory_range).inspect_err(|_| {
90 error!("Failed to use memory range value from DT: {memory_range:#x?}");
91 })?;
92
93 let swiotlb_range = SwiotlbInfo::new_from_fdt(fdt)
94 .inspect_err(|_| {
95 error!("Rialto failed when access swiotlb");
96 })?
97 .and_then(|info| info.fixed_range());
98 init_shared_pool(swiotlb_range).inspect_err(|_| {
99 error!("Failed to initialize shared pool.");
100 })?;
101
102 let bcc_handover: Box<dyn DiceArtifacts> = match vm_type(fdt)? {
103 VmType::ProtectedVm => {
104 let dice_range = read_dice_range_from(fdt)?;
105 info!("DICE range: {dice_range:#x?}");
106 let dice_size = dice_range.len().try_into().unwrap();
107 // SAFETY: The DICE memory region has been generated by pvmfw and doesn't overlap.
108 unsafe { map_rodata_outside_main_memory(dice_range.start, dice_size) }.inspect_err(
109 |_| {
110 error!("Failed to use DICE range from DT: {dice_range:#x?}");
111 },
112 )?;
113 let dice_start = dice_range.start as *const u8;
114 // SAFETY: There's no memory overlap and the region is mapped as read-only data.
115 let bcc_handover = unsafe { slice::from_raw_parts(dice_start, dice_range.len()) };
116 Box::new(bcc_handover_parse(bcc_handover)?)
117 }
118 // Currently, a sample DICE data is used for non-protected VMs, as these VMs only run
119 // in tests at the moment.
120 VmType::NonProtectedVm => Box::new(service_vm::fake_service_vm_dice_artifacts()?),
121 };
122
123 let pci_info = PciInfo::from_fdt(fdt)?;
124 debug!("PCI: {pci_info:#x?}");
125 let mut pci_root = pci::initialize(pci_info).map_err(Error::PciInitializationFailed)?;
126 debug!("PCI root: {pci_root:#x?}");
127 let socket_device = find_socket_device::<HalImpl>(&mut pci_root)?;
128 debug!("Found socket device: guest cid = {:?}", socket_device.guest_cid());
129 let vendor_hashtree_root_digest = read_vendor_hashtree_root_digest(fdt)?;
130 let request_context =
131 RequestContext { dice_artifacts: bcc_handover.as_ref(), vendor_hashtree_root_digest };
132
133 let mut vsock_stream = VsockStream::new(socket_device, host_addr(fdt)?)?;
134 while let ServiceVmRequest::Process(req) = vsock_stream.read_request()? {
135 info!("Received request: {}", req.name());
136 let response = process_request(req, &request_context);
137 info!("Sending response: {}", response.name());
138 vsock_stream.write_response(&response)?;
139 vsock_stream.flush()?;
140 }
141 vsock_stream.shutdown()?;
142
143 Ok(())
144 }
145
find_socket_device<T: Hal>(pci_root: &mut PciRoot) -> Result<VirtIOSocket<T>>146 fn find_socket_device<T: Hal>(pci_root: &mut PciRoot) -> Result<VirtIOSocket<T>> {
147 PciTransportIterator::<T>::new(pci_root)
148 .find(|t| DeviceType::Socket == t.device_type())
149 .map(VirtIOSocket::<T>::new)
150 .transpose()
151 .map_err(Error::VirtIOSocketCreationFailed)?
152 .ok_or(Error::MissingVirtIOSocketDevice)
153 }
154
155 /// Entry point for Rialto.
main(fdt_addr: u64, _a1: u64, _a2: u64, _a3: u64)156 pub fn main(fdt_addr: u64, _a1: u64, _a2: u64, _a3: u64) {
157 log::set_max_level(log::LevelFilter::Debug);
158 // SAFETY: `fdt_addr` is supposed to be a valid pointer and points to
159 // a valid `Fdt`.
160 if let Err(e) = unsafe { try_main(fdt_addr as usize) } {
161 error!("Rialto failed with {e}");
162 reboot()
163 }
164 }
165
166 generate_image_header!();
167 main!(main);
168 configure_heap!(SIZE_128KB * 2);
169