Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / e0945ad0e4bb5cd0a9fd5061ac36d6bccdca601e^! / . / compos / src / compsvc_main.rs
commite0945ad0e4bb5cd0a9fd5061ac36d6bccdca601e[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Thu Nov 24 13:29:57 2022 +0000
committerAlan Stokes <alanstokes@google.com>Fri Nov 25 10:14:14 2022 +0000
tree08e4de14fde72e2e28cacc94dbe0f4e5074238bf
parenta5f11e0e881e0268d95bdab1b1db5183ca2c8ddf [diff] [blame]
RPC Server never returns

In normal operation AVmPayload_runVsockRpcServer should never return -
the calling thread joins the server's thread pool, and we provide no
way to shut down the server. If the server does exit, that indicates a
failure somewhere.

If there is a failure of any sort (including unexepected server exit)
there is nothing the caller can do, so we panic rather than returning
a bool.

Update callers to not expect a return value.

I got slightly carried away and also:
- Modified compsvc to use AVmPayload_runVsockRpcServer rather than
  rolling its own.
- Turned on unsafe_op_in_unsafe_fn in the API implementation. That
  requires us to explicitly mark unsafe blocks in unsafe functions, so
  I've gone through and done that. I checked that all the top-level
  functions that should be marked unsafe are.

Bug: 243512108
Test: atest MicrodroidTests
Test: composd_cmd test-compile
Change-Id: I447ce0baa09d6a244ffe2ba7ab08092be3cd0f82

diff --git a/compos/src/compsvc_main.rs b/compos/src/compsvc_main.rs
index 206dd4b..77e2daa 100644
--- a/compos/src/compsvc_main.rs
+++ b/compos/src/compsvc_main.rs

@@ -23,11 +23,13 @@
 mod fsverity;
 
 use anyhow::Result;
+use binder::unstable_api::AsNative;
 use compos_common::COMPOS_VSOCK_PORT;
 use log::{debug, error};
-use rpcbinder::RpcServer;
+use std::os::raw::c_void;
 use std::panic;
-use vm_payload_bindgen::AVmPayload_notifyPayloadReady;
+use std::ptr;
+use vm_payload_bindgen::{AIBinder, AVmPayload_notifyPayloadReady, AVmPayload_runVsockRpcServer};
 
 fn main() {
     if let Err(e) = try_main() {
@@ -46,10 +48,20 @@
     }));
 
     debug!("compsvc is starting as a rpc service.");
-    let service = compsvc::new_binder()?.as_binder();
-    let server = RpcServer::new_vsock(service, COMPOS_VSOCK_PORT)?;
-    // SAFETY: Invokes a method from the bindgen library `vm_payload_bindgen`.
-    unsafe { AVmPayload_notifyPayloadReady() };
-    server.join();
+    let param = ptr::null_mut();
+    let mut service = compsvc::new_binder()?.as_binder();
+    unsafe {
+        // SAFETY: We hold a strong pointer, so the raw pointer remains valid. The bindgen AIBinder
+        // is the same type as sys::AIBinder.
+        let service = service.as_native_mut() as *mut AIBinder;
+        // SAFETY: It is safe for on_ready to be invoked at any time, with any parameter.
+        AVmPayload_runVsockRpcServer(service, COMPOS_VSOCK_PORT, Some(on_ready), param);
+    }
     Ok(())
 }
+
+extern "C" fn on_ready(_param: *mut c_void) {
+    // SAFETY: Invokes a method from the bindgen library `vm_payload_bindgen` which is safe to
+    // call at any time.
+    unsafe { AVmPayload_notifyPayloadReady() };
+}