watchdog_vmgs_format/
lib.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

//! The watchdog state VMGS data format, as used in Hyper-V.
//!
//! At the moment, the format is dead simple: it's just a single byte - either a
//! 1 or a 0 - tha represents if the previous boot failed.

#![forbid(unsafe_code)]

use thiserror::Error;
use vmcore::non_volatile_store::NonVolatileStore;

/// Watchdog VMGS formatted buffer contained invalid data.
#[derive(Debug, Error)]
#[error("expected single byte (0 or 1), got {0} bytes, starting with {1:?}")]
pub struct InvalidFormatError(usize, Option<u8>);

/// Data format used to persist watchdog state to VMGS.
struct WatchdogVmgsFormat {
    boot_failure: bool,
}

impl WatchdogVmgsFormat {
    /// Return a new instance [`WatchdogVmgsFormat`].
    fn new() -> Self {
        Self {
            boot_failure: false,
        }
    }

    /// Update existing existing instance of [`WatchdogVmgsFormat`] with the data
    /// stored in the provided buffer.
    fn update_from_slice(&mut self, buf: &[u8]) -> Result<(), InvalidFormatError> {
        let boot_status = match buf {
            [] => return Err(InvalidFormatError(0, None)),
            [0] => false,
            [1] => true,
            [other, ..] => return Err(InvalidFormatError(buf.len(), Some(*other))),
        };

        self.boot_failure = boot_status;

        Ok(())
    }

    /// Return a slice to persist to VMGS.
    fn as_slice(&self) -> &[u8] {
        if self.boot_failure { &[1] } else { &[0] }
    }
}

/// Errors which may occur as part of [`WatchdogVmgsFormatStore`]
/// operations.
#[derive(Debug, Error)]
#[expect(missing_docs)] // self-explanatory variants
pub enum WatchdogVmgsFormatStoreError {
    #[error("could not access non-volatile store")]
    NonVolatileStoreAccessError(#[source] vmcore::non_volatile_store::NonVolatileStoreError),
    #[error("invalid data pull from non-volatile store")]
    InvalidFormat(#[source] InvalidFormatError),
}

/// Persist and restore watchdog data into a [`NonVolatileStore`] using the VMGS
/// watchdog data format.
pub struct WatchdogVmgsFormatStore {
    store: Box<dyn NonVolatileStore>,
    state: WatchdogVmgsFormat,
}

impl WatchdogVmgsFormatStore {
    /// Construct a new instance of [`WatchdogVmgsFormatStore`], populated
    /// with data from the provided store.
    pub async fn new(
        mut store: Box<dyn NonVolatileStore>,
    ) -> Result<Self, WatchdogVmgsFormatStoreError> {
        use WatchdogVmgsFormatStoreError as Error;

        let buf = store
            .restore()
            .await
            .map_err(Error::NonVolatileStoreAccessError)?;

        let mut state = WatchdogVmgsFormat::new();

        if let Some(buf) = buf {
            state
                .update_from_slice(&buf)
                .map_err(Error::InvalidFormat)?;
        }

        Ok(Self { store, state })
    }

    async fn flush(&mut self) -> Result<(), WatchdogVmgsFormatStoreError> {
        use WatchdogVmgsFormatStoreError as Error;

        self.store
            .persist(self.state.as_slice().to_vec())
            .await
            .map_err(Error::NonVolatileStoreAccessError)?;

        Ok(())
    }

    /// Enable the boot status flag.
    pub async fn set_boot_failure(&mut self) -> Result<(), WatchdogVmgsFormatStoreError> {
        let prev = self.state.boot_failure;
        self.state.boot_failure = true;

        // only flush if data has changed
        if !prev {
            self.flush().await?;
        }

        Ok(())
    }

    /// Read the boot status flag, returning it's value, while simultaneously
    /// resetting it.
    pub async fn read_and_clear_boot_status(
        &mut self,
    ) -> Result<bool, WatchdogVmgsFormatStoreError> {
        let prev = self.state.boot_failure;
        self.state.boot_failure = false;

        // only flush if data has changed
        if prev {
            self.flush().await?;
        }

        Ok(prev)
    }
}