1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203
// Copyright 2022 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//! C bindings for wlansoftmac-rust crate.
use {
diagnostics_log::PublishOptions,
fidl_fuchsia_wlan_softmac as fidl_softmac,
fuchsia_async::SendExecutor,
fuchsia_zircon as zx,
std::{
ffi::c_void,
sync::{atomic::AtomicPtr, Once},
},
tracing::error,
wlan_mlme::{
buffer::CBufferProvider,
device::{completers::StopCompleter, CDeviceInterface, CFrameSender, Device},
},
wlansoftmac_rust::WlanSoftmacHandle,
};
static LOGGER_ONCE: Once = Once::new();
/// Start and run a bridged wlansoftmac driver hosting an MLME server and an SME server.
///
/// The driver is "bridged" in the sense that it requires a bridge to a Fuchsia driver to
/// communicate with other Fuchsia drivers over the FDF transport. When initialization of the
/// bridged driver completes, `run_init_completer` will be called.
///
/// # Safety
///
/// There are two layers of safety documentation for this function. The first layer is for this
/// function itself, and the second is for the `run_init_completer` function.
///
/// ## For this function itself
///
/// This function is unsafe for the following reasons:
///
/// - This function cannot guarantee `run_init_completer` is thread-safe, i.e., that it's safe to
/// to call at any time from any thread.
/// - This function cannot guarantee `init_completer` points to a valid object when
/// `run_init_completer` is called.
/// - This function cannot guarantee `wlan_softmac_bridge_client_handle` is a valid handle.
///
/// By calling this function, the caller promises the following:
///
/// - The `run_init_completer` function is thread-safe.
/// - The `init_completer` pointer will point to a valid object at least until
/// `run_init_completer` is called.
/// - The `wlan_softmac_bridge_client_handle` is a valid handle.
///
/// ## For `run_init_completer`
///
/// The `run_init_completer` function is unsafe because it cannot guarantee the `init_completer`
/// argument will be the same `init_completer` passed to `start_and_run_bridged_wlansoftmac`, and
/// cannot guarantee it will be called exactly once.
///
/// The caller of `run_init_completer` must promise to pass the same `init_completer` from
/// `start_and_run_bridged_wlansoftmac` to `run_init_completer` and call `run_init_completer`
/// exactly once.
#[no_mangle]
pub unsafe extern "C" fn start_and_run_bridged_wlansoftmac(
init_completer: *mut c_void,
run_init_completer: unsafe extern "C" fn(
init_completer: *mut c_void,
status: zx::zx_status_t,
wlan_softmac_handle: *mut WlanSoftmacHandle,
),
device: CDeviceInterface,
frame_sender: CFrameSender,
buffer_provider: CBufferProvider,
wlan_softmac_bridge_client_handle: zx::sys::zx_handle_t,
) -> zx::sys::zx_status_t {
// The Fuchsia syslog must not be initialized from Rust more than once per process. In the case
// of MLME, that means we can only call it once for both the client and ap modules. Ensure this
// by using a shared `Once::call_once()`.
LOGGER_ONCE.call_once(|| {
// Initialize logging with a tag that can be used to filter for forwarding to console
diagnostics_log::initialize_sync(
PublishOptions::default()
.tags(&["wlan"])
.enable_metatag(diagnostics_log::Metatag::Target),
);
});
let wlan_softmac_bridge_proxy = {
// Safety: This is safe because the caller promises `wlan_softmac_bridge_client_handle`
// is a valid handle.
let handle = unsafe { fidl::Handle::from_raw(wlan_softmac_bridge_client_handle) };
let channel = fidl::Channel::from(handle);
fidl_softmac::WlanSoftmacBridgeSynchronousProxy::new(channel)
};
let device = Device::new(device.into(), wlan_softmac_bridge_proxy, frame_sender.into());
// The `AtomicPtr` type wraps the pointer so that `init_completer` implements
// `Send` and `Sync`. Note that `AtomicPtr` only wraps the pointer and
// dereferencing the pointer is still unsafe. However, Rust code cannot
// meaningfully dereference a `*mut c_void` and the FFI contract supports sending
// the `*mut c_void` between threads. Thus, wrapping this field so that it
// implements `Send` and `Sync` is safe.
let init_completer = AtomicPtr::new(init_completer);
// Use two worker threads so the `Task` serving SME and MLME can synchronously block without
// blocking the `Task` for sending new `DriverEvent` values to the `DriverEventSink`.
let mut executor = SendExecutor::new(2);
let result = executor.run(wlansoftmac_rust::start_and_serve(
move |result: Result<WlanSoftmacHandle, zx::Status>| match result {
Ok(handle) => {
// Safety: This is safe because the caller of this function promised
// `run_init_completer` is thread-safe and `init_completer` is valid until
// its called.
unsafe {
run_init_completer(
init_completer.into_inner(),
zx::Status::OK.into_raw(),
Box::into_raw(Box::new(handle)),
);
}
}
Err(status) => {
// Safety: This is safe because the caller of this function promised
// `run_init_completer` is thread-safe and `init_completer` is valid until
// its called.
unsafe {
run_init_completer(
init_completer.into_inner(),
status.into_raw(),
std::ptr::null_mut(),
);
}
}
},
device,
buffer_provider,
));
zx::Status::from(result).into_raw()
}
/// Stop the bridged wlansoftmac driver associated with `softmac`.
///
/// This function takes ownership of the `WlanSoftmacHandle` that `softmac` points to and destroys
/// it. When the bridged driver stops, `run_stop_completer` will be called.
///
/// # Safety
///
/// There are two layers of safety documentation for this function. The first layer is for this
/// function itself, and the second is for the `run_stop_completer` function.
///
/// ## For this function itself
///
/// This function is unsafe for the following reasons:
///
/// - This function cannot guarantee `run_stop_completer` is thread-safe, i.e., that it's safe to
/// to call at any time from any thread.
/// - This function cannot guarantee `stop_completer` points to a valid object when
/// `run_stop_completer` is called.
/// - This function cannot guarantee `softmac` is a valid pointer, and the only pointer, to a
/// `WlanSoftmacHandle`.
///
/// By calling this function, the caller promises the following:
///
/// - The `run_stop_completer` function is thread-safe.
/// - The `stop_completer` pointer will point to a valid object at least until
/// `run_stop_completer` is called.
/// - The `softmac` pointer is the same pointer received from `run_init_completer` (called as
/// a consequence of the startup initiated by calling `start_and_run_bridged_wlansoftmac`.
///
/// ## For `run_stop_completer`
///
/// The `run_stop_completer` function is unsafe because it cannot guarantee the `stop_completer`
/// argument will be the same `stop_completer` passed to `stop_bridged_wlansoftmac`, and cannot
/// guarantee it will be called exactly once.
///
/// The caller of `run_stop_completer` must promise to pass the same `stop_completer` from
/// `stop_bridged_wlansoftmac` to `run_stop_completer` and call `run_stop_completer` exactly once.
#[no_mangle]
pub unsafe extern "C" fn stop_bridged_wlansoftmac(
stop_completer: *mut c_void,
run_stop_completer: unsafe extern "C" fn(stop_completer: *mut c_void),
softmac: *mut WlanSoftmacHandle,
) {
if softmac.is_null() {
error!("Call to stop_bridged_wlansoftmac() with NULL pointer!");
return;
}
// Safety: The caller promises `softmac` is a `WlanSoftmacHandle`.
let softmac = unsafe { Box::from_raw(softmac) };
// The `AtomicPtr` type wraps the pointer so that `stop_completer` implements
// `Send` and `Sync`. Note that `AtomicPtr` only wraps the pointer and
// dereferencing the pointer is still unsafe. However, Rust code cannot
// meaningfully dereference a `*mut c_void` and the FFI contract supports sending
// the `*mut c_void` between threads. Thus, wrapping this field so that it
// implements `Send` and `Sync` is safe.
let stop_completer = AtomicPtr::new(stop_completer);
softmac.stop(StopCompleter::new(Box::new(move ||
// Safety: This is safe because the caller of this function promised
// `run_stop_completer` is thread-safe and `stop_completer` is valid until its
// called.
unsafe { run_stop_completer(stop_completer.into_inner()) })));
}