qiurui
/
asterinas
mirror of https://github.com/asterinas/asterinas.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mark `call_ostd_main` as unsafe

This commit is contained in:
Ruihan Li 2026-02-10 23:45:43 +08:00 committed by Tate, Hongliang Tian
parent e6104161b7
commit 195ff99138
6 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ostd/src/arch/loongarch/boot/mod.rs
View File

@ -136,5 +136,7 @@ unsafe extern "C" fn loongarch_boot(
memory_regions: parse_memory_regions(), memory_regions: parse_memory_regions(),
}); });
call_ostd_main(); // SAFETY: The safety is guaranteed by the safety preconditions and the fact that we call it
// once after setting up necessary resources.
unsafe { call_ostd_main() };
} }

4
ostd/src/arch/riscv/boot/mod.rs
View File

@ -139,5 +139,7 @@ unsafe extern "C" fn riscv_boot(hart_id: usize, device_tree_paddr: usize) -> ! {
memory_regions: parse_memory_regions(), memory_regions: parse_memory_regions(),
}); });
call_ostd_main(); // SAFETY: The safety is guaranteed by the safety preconditions and the fact that we call it
// once after setting up necessary resources.
unsafe { call_ostd_main() };
} }

5
ostd/src/arch/x86/boot/linux_boot/mod.rs
View File

@ -198,6 +198,7 @@ fn parse_memory_regions(boot_params: &BootParams) -> MemoryRegionArray {
/// ///
/// - This function must be called only once at a proper timing in the BSP's boot assembly code. /// - This function must be called only once at a proper timing in the BSP's boot assembly code.
/// - The caller must follow C calling conventions and put the right arguments in registers. /// - The caller must follow C calling conventions and put the right arguments in registers.
/// - If this function is called, entry points of other boot protocols must never be called.
// SAFETY: The name does not collide with other symbols. // SAFETY: The name does not collide with other symbols.
#[unsafe(no_mangle)] #[unsafe(no_mangle)]
unsafe extern "sysv64" fn __linux_boot(params_ptr: *const BootParams) -> ! { unsafe extern "sysv64" fn __linux_boot(params_ptr: *const BootParams) -> ! {
@ -218,5 +219,7 @@ unsafe extern "sysv64" fn __linux_boot(params_ptr: *const BootParams) -> ! {
memory_regions: parse_memory_regions(params), memory_regions: parse_memory_regions(params),
}); });
call_ostd_main(); // SAFETY: The safety is guaranteed by the safety preconditions and the fact that we call it
// once after setting up necessary resources.
unsafe { call_ostd_main() };
} }

5
ostd/src/arch/x86/boot/multiboot/mod.rs
View File

@ -368,6 +368,7 @@ impl Iterator for MemoryEntryIter {
/// ///
/// - This function must be called only once at a proper timing in the BSP's boot assembly code. /// - This function must be called only once at a proper timing in the BSP's boot assembly code.
/// - The caller must follow C calling conventions and put the right arguments in registers. /// - The caller must follow C calling conventions and put the right arguments in registers.
/// - If this function is called, entry points of other boot protocols must never be called.
// SAFETY: The name does not collide with other symbols. // SAFETY: The name does not collide with other symbols.
#[unsafe(no_mangle)] #[unsafe(no_mangle)]
unsafe extern "sysv64" fn __multiboot_entry(boot_magic: u32, boot_params: u64) -> ! { unsafe extern "sysv64" fn __multiboot_entry(boot_magic: u32, boot_params: u64) -> ! {
@ -386,5 +387,7 @@ unsafe extern "sysv64" fn __multiboot_entry(boot_magic: u32, boot_params: u64) -
memory_regions: parse_memory_regions(mb1_info), memory_regions: parse_memory_regions(mb1_info),
}); });
call_ostd_main(); // SAFETY: The safety is guaranteed by the safety preconditions and the fact that we call it
// once after setting up necessary resources.
unsafe { call_ostd_main() };
} }

5
ostd/src/arch/x86/boot/multiboot2/mod.rs
View File

@ -143,6 +143,7 @@ fn parse_memory_regions(mb2_info: &BootInformation) -> MemoryRegionArray {
/// ///
/// - This function must be called only once at a proper timing in the BSP's boot assembly code. /// - This function must be called only once at a proper timing in the BSP's boot assembly code.
/// - The caller must follow C calling conventions and put the right arguments in registers. /// - The caller must follow C calling conventions and put the right arguments in registers.
/// - If this function is called, entry points of other boot protocols must never be called.
// SAFETY: The name does not collide with other symbols. // SAFETY: The name does not collide with other symbols.
#[unsafe(no_mangle)] #[unsafe(no_mangle)]
unsafe extern "sysv64" fn __multiboot2_entry(boot_magic: u32, boot_params: u64) -> ! { unsafe extern "sysv64" fn __multiboot2_entry(boot_magic: u32, boot_params: u64) -> ! {
@ -161,5 +162,7 @@ unsafe extern "sysv64" fn __multiboot2_entry(boot_magic: u32, boot_params: u64)
memory_regions: parse_memory_regions(&mb2_info), memory_regions: parse_memory_regions(&mb2_info),
}); });
call_ostd_main(); // SAFETY: The safety is guaranteed by the safety preconditions and the fact that we call it
// once after setting up necessary resources.
unsafe { call_ostd_main() };
} }

17
ostd/src/boot/mod.rs
View File

@ -113,13 +113,18 @@ pub(crate) fn init_after_heap() {
}); });
} }
/// Calls the OSTD-user defined entrypoint of the actual kernel. /// Initializes OSTD and then jumps to the `#[ostd::main]` entry point.
/// ///
/// Any kernel that uses the `ostd` crate should define a function marked with /// Any kernel that uses the `ostd` crate should define a function marked with
/// `ostd::main` as the entrypoint. /// `#[ostd::main]` as the kernel's entry function.
/// ///
/// This function should be only called from the bootloader-specific module. /// # Safety
pub(crate) fn call_ostd_main() -> ! { ///
/// This function must be called only once at a proper timing on the BSP by the
/// [`arch::boot`] module.
///
/// [`arch::boot`]: crate::arch::boot
pub(crate) unsafe fn call_ostd_main() -> ! {
// The entry point of kernel code, which should be defined by the package that // The entry point of kernel code, which should be defined by the package that
// uses OSTD. // uses OSTD.
unsafe extern "Rust" { unsafe extern "Rust" {
@ -131,7 +136,5 @@ pub(crate) fn call_ostd_main() -> ! {
// SAFETY: This external function is defined by the package that uses OSTD, // SAFETY: This external function is defined by the package that uses OSTD,
// which should be generated by the `ostd::main` macro. So it is safe. // which should be generated by the `ostd::main` macro. So it is safe.
unsafe { unsafe { __ostd_main() };
__ostd_main();
}
} }