Clear buffer before recursive panics

adamperlin · adamperlin · commit 65d167659ccf · 2025-08-28T15:10:41.000-07:00
Add some docstrings

Signed-off-by: adamperlin &lt;adamp@nanosoft.com&gt;
diff --git a/src/hyperlight_common/src/fixed_buf.rs b/src/hyperlight_common/src/fixed_buf.rs
@@ -2,6 +2,9 @@ use core::fmt;
 use core::result::Result;
 use core::ffi::{CStr, FromBytesUntilNulError};
 
+/// FixedStringBuf is a buffer that can hold a fixed-size string.
+/// It is meant to be used with a slice that the user has pre-allocated
+/// to avoid extra allocations during string formatting.
 pub struct FixedStringBuf<'a> {
     pub buf: &'a mut [u8],
     pub pos: usize,
@@ -10,7 +13,7 @@ pub struct FixedStringBuf<'a> {
 impl<'a> fmt::Write for FixedStringBuf<'a> {
     fn write_str(&mut self, s: &str) -> fmt::Result {
         // we always reserve 1 byte for the null terminator, 
-        // as the buffer must be convertible to a CStr.
+        // as the buffer must be convertible to CStr.
         let buf_end = self.buf.len() - 1;
         if self.pos + s.len() > buf_end {
             return Err(fmt::Error)
@@ -35,10 +38,17 @@ impl <'a> FixedStringBuf<'a> {
         }
     }
 
+    pub fn reset(&mut self) {
+        self.pos = 0;
+    }
+
+    /// Null terminates the underlying buffer,
+    /// and converts to a CStr which borrows the underlying buffer's slice.
     pub fn as_c_str(&mut self) -> Result<&CStr, FromBytesUntilNulError> {
-        // null terminate buffer. 
+        // null terminate the buffer. 
         // we are guaranteed to have enough space since we always reserve one extra
-        // byte for null in write_str
+        // byte for null in write_str, and assert buf.len() > 0 in the constructor.
+        assert!(self.buf.len() > 0 && self.pos < self.buf.len());
         self.buf[self.pos] = 0;
         CStr::from_bytes_until_nul(&self.buf[..self.pos + 1])
     }
diff --git a/src/hyperlight_guest_bin/src/lib.rs b/src/hyperlight_guest_bin/src/lib.rs
@@ -36,7 +36,7 @@ use hyperlight_guest::exit::{abort_with_code_and_message, halt};
 use hyperlight_guest::guest_handle::handle::GuestHandle;
 use hyperlight_guest_tracing::{trace, trace_function};
 use log::LevelFilter;
-use spin::{Once};
+use spin::{Once, Mutex, MutexGuard};
 
 // === Modules ===
 #[cfg(target_arch = "x86_64")]
@@ -144,34 +144,37 @@ fn panic(info: &core::panic::PanicInfo) -> ! {
     _panic_handler(info)
 }
 
-
 static mut PANIC_MSG: [u8; 512] = [0u8; 512];
 
 #[allow(static_mut_refs)]
-static mut PANIC_BUF: FixedStringBuf = FixedStringBuf{
+static PANIC_BUF: Mutex<FixedStringBuf> = Mutex::new(FixedStringBuf{
     buf: unsafe { &mut PANIC_MSG },
     pos: 0,
-};
-
+});
 
 #[inline(always)]
-#[allow(static_mut_refs)]
 fn _panic_handler(info: &core::panic::PanicInfo) -> ! {
-    let panic_buf: &mut FixedStringBuf = unsafe { &mut PANIC_BUF };
-    write!(panic_buf, "{}", info).expect("panic: message format failed");
-
-    // create a CStr from the underlying array in panic_buf.
-    // Note that we do NOT use CString here to avoid allocating
-    let c_string = panic_buf.as_c_str().expect("panic: failed to convert to CStr");
-    unsafe { abort_with_code_and_message(&[ErrorCode::UnknownError as u8], c_string.as_ptr()) }
-}
-
-fn _panic_handler_old(info: &core::panic::PanicInfo) {
-let msg = info.to_string();
-    let c_string = alloc::ffi::CString::new(msg)
-        .unwrap_or_else(|_| alloc::ffi::CString::new("panic (invalid utf8)").unwrap());
+    let mut panic_buf_guard: MutexGuard<'_, FixedStringBuf<'static>> = PANIC_BUF.lock();
+    let write_res = write!(panic_buf_guard, "{}", info);
+    if let Err(_) = write_res {
+        // reset the buffer to ensure there is space
+        // for the new panic message below
+        panic_buf_guard.reset();
+        panic!("panic: message format failed");
+    }
 
-    unsafe { abort_with_code_and_message(&[ErrorCode::UnknownError as u8], c_string.as_ptr()) }
+    // create a CStr from the underlying array in PANIC_BUF using the as_cstr method.
+    // this wraps CStr::from_bytes_until_nul which takes a borrowed byte slice
+    // and does not allocate. 
+    let c_string_res = panic_buf_guard.as_c_str();
+    if let Err(_) = c_string_res {
+        // reset the buffer here as well, to ensure there is space
+        // in the buffer to write the new panic message below.
+        panic_buf_guard.reset();
+        panic!("panic: failed to convert to CStr");
+    }
+    
+    unsafe { abort_with_code_and_message(&[ErrorCode::UnknownError as u8], c_string_res.unwrap().as_ptr()) }
 }
 
 // === Entrypoint ===
