max/embassy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net: don't use UnsafeCell.

Browse Source 
The "must not be called reentrantly" invariant is too "global" to
maintain comfortably, and the cost of the RefCell is negligible,
so this was a case of premature optimization.
This commit is contained in:
Dario Nieuwenhuis 2022-12-03 00:56:16 +01:00
parent f109e73c6d
commit 02abe00439
3 changed files with 57 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
embassy-net/src/stack.rs
View File

@ -1,4 +1,4 @@
use core::cell::UnsafeCell; use core::cell::RefCell;
use core::future::{poll_fn, Future}; use core::future::{poll_fn, Future};
use core::task::{Context, Poll}; use core::task::{Context, Poll};
@ -62,8 +62,8 @@ pub enum ConfigStrategy {
} }
pub struct Stack<D: Device> { pub struct Stack<D: Device> {
pub(crate) socket: UnsafeCell<SocketStack>, pub(crate) socket: RefCell<SocketStack>,
inner: UnsafeCell<Inner<D>>, inner: RefCell<Inner<D>>,
} }
struct Inner<D: Device> { struct Inner<D: Device> {
@ -81,8 +81,6 @@ pub(crate) struct SocketStack {
next_local_port: u16, next_local_port: u16,
} }
unsafe impl<D: Device> Send for Stack<D> {}
impl<D: Device + 'static> Stack<D> { impl<D: Device + 'static> Stack<D> {
pub fn new<const ADDR: usize, const SOCK: usize, const NEIGH: usize>( pub fn new<const ADDR: usize, const SOCK: usize, const NEIGH: usize>(
device: D, device: D,
@ -143,40 +141,38 @@ impl<D: Device + 'static> Stack<D> {
} }
Self { Self {
socket: UnsafeCell::new(socket), socket: RefCell::new(socket),
inner: UnsafeCell::new(inner), inner: RefCell::new(inner),
} }
} }
/// SAFETY: must not call reentrantly. fn with<R>(&self, f: impl FnOnce(&SocketStack, &Inner<D>) -> R) -> R {
unsafe fn with<R>(&self, f: impl FnOnce(&SocketStack, &Inner<D>) -> R) -> R { f(&*self.socket.borrow(), &*self.inner.borrow())
f(&*self.socket.get(), &*self.inner.get())
} }
/// SAFETY: must not call reentrantly. fn with_mut<R>(&self, f: impl FnOnce(&mut SocketStack, &mut Inner<D>) -> R) -> R {
unsafe fn with_mut<R>(&self, f: impl FnOnce(&mut SocketStack, &mut Inner<D>) -> R) -> R { f(&mut *self.socket.borrow_mut(), &mut *self.inner.borrow_mut())
f(&mut *self.socket.get(), &mut *self.inner.get())
} }
pub fn ethernet_address(&self) -> [u8; 6] { pub fn ethernet_address(&self) -> [u8; 6] {
unsafe { self.with(|_s, i| i.device.device.ethernet_address()) } self.with(|_s, i| i.device.device.ethernet_address())
} }
pub fn is_link_up(&self) -> bool { pub fn is_link_up(&self) -> bool {
unsafe { self.with(|_s, i| i.link_up) } self.with(|_s, i| i.link_up)
} }
pub fn is_config_up(&self) -> bool { pub fn is_config_up(&self) -> bool {
unsafe { self.with(|_s, i| i.config.is_some()) } self.with(|_s, i| i.config.is_some())
} }
pub fn config(&self) -> Option<Config> { pub fn config(&self) -> Option<Config> {
unsafe { self.with(|_s, i| i.config.clone()) } self.with(|_s, i| i.config.clone())
} }
pub async fn run(&self) -> ! { pub async fn run(&self) -> ! {
poll_fn(|cx| { poll_fn(|cx| {
unsafe { self.with_mut(|s, i| i.poll(cx, s)) } self.with_mut(|s, i| i.poll(cx, s));
Poll::<()>::Pending Poll::<()>::Pending
}) })
.await; .await;

59
embassy-net/src/tcp.rs
View File

@ -1,4 +1,4 @@
use core::cell::UnsafeCell; use core::cell::RefCell;
use core::future::poll_fn; use core::future::poll_fn;
use core::mem; use core::mem;
use core::task::Poll; use core::task::Poll;
@ -68,8 +68,7 @@ impl<'a> TcpWriter<'a> {
impl<'a> TcpSocket<'a> { impl<'a> TcpSocket<'a> {
pub fn new<D: Device>(stack: &'a Stack<D>, rx_buffer: &'a mut [u8], tx_buffer: &'a mut [u8]) -> Self { pub fn new<D: Device>(stack: &'a Stack<D>, rx_buffer: &'a mut [u8], tx_buffer: &'a mut [u8]) -> Self {
// safety: not accessed reentrantly. let s = &mut *stack.socket.borrow_mut();
let s = unsafe { &mut *stack.socket.get() };
let rx_buffer: &'static mut [u8] = unsafe { mem::transmute(rx_buffer) }; let rx_buffer: &'static mut [u8] = unsafe { mem::transmute(rx_buffer) };
let tx_buffer: &'static mut [u8] = unsafe { mem::transmute(tx_buffer) }; let tx_buffer: &'static mut [u8] = unsafe { mem::transmute(tx_buffer) };
let handle = s.sockets.add(tcp::Socket::new( let handle = s.sockets.add(tcp::Socket::new(
@ -93,17 +92,15 @@ impl<'a> TcpSocket<'a> {
where where
T: Into<IpEndpoint>, T: Into<IpEndpoint>,
{ {
// safety: not accessed reentrantly. let local_port = self.io.stack.borrow_mut().get_local_port();
let local_port = unsafe { &mut *self.io.stack.get() }.get_local_port();
// safety: not accessed reentrantly. match { self.io.with_mut(|s, i| s.connect(i, remote_endpoint, local_port)) } {
match unsafe { self.io.with_mut(|s, i| s.connect(i, remote_endpoint, local_port)) } {
Ok(()) => {} Ok(()) => {}
Err(tcp::ConnectError::InvalidState) => return Err(ConnectError::InvalidState), Err(tcp::ConnectError::InvalidState) => return Err(ConnectError::InvalidState),
Err(tcp::ConnectError::Unaddressable) => return Err(ConnectError::NoRoute), Err(tcp::ConnectError::Unaddressable) => return Err(ConnectError::NoRoute),
} }
poll_fn(|cx| unsafe { poll_fn(|cx| {
self.io.with_mut(|s, _| match s.state() { self.io.with_mut(|s, _| match s.state() {
tcp::State::Closed | tcp::State::TimeWait => Poll::Ready(Err(ConnectError::ConnectionReset)), tcp::State::Closed | tcp::State::TimeWait => Poll::Ready(Err(ConnectError::ConnectionReset)),
tcp::State::Listen => unreachable!(), tcp::State::Listen => unreachable!(),
@ -121,14 +118,13 @@ impl<'a> TcpSocket<'a> {
where where
T: Into<IpListenEndpoint>, T: Into<IpListenEndpoint>,
{ {
// safety: not accessed reentrantly. match self.io.with_mut(|s, _| s.listen(local_endpoint)) {
match unsafe { self.io.with_mut(|s, _| s.listen(local_endpoint)) } {
Ok(()) => {} Ok(()) => {}
Err(tcp::ListenError::InvalidState) => return Err(AcceptError::InvalidState), Err(tcp::ListenError::InvalidState) => return Err(AcceptError::InvalidState),
Err(tcp::ListenError::Unaddressable) => return Err(AcceptError::InvalidPort), Err(tcp::ListenError::Unaddressable) => return Err(AcceptError::InvalidPort),
} }
poll_fn(|cx| unsafe { poll_fn(|cx| {
self.io.with_mut(|s, _| match s.state() { self.io.with_mut(|s, _| match s.state() {
tcp::State::Listen | tcp::State::SynSent | tcp::State::SynReceived => { tcp::State::Listen | tcp::State::SynSent | tcp::State::SynReceived => {
s.register_send_waker(cx.waker()); s.register_send_waker(cx.waker());
@ -149,51 +145,49 @@ impl<'a> TcpSocket<'a> {
} }
pub fn set_timeout(&mut self, duration: Option<Duration>) { pub fn set_timeout(&mut self, duration: Option<Duration>) {
unsafe { self.io.with_mut(|s, _| s.set_timeout(duration)) } self.io.with_mut(|s, _| s.set_timeout(duration))
} }
pub fn set_keep_alive(&mut self, interval: Option<Duration>) { pub fn set_keep_alive(&mut self, interval: Option<Duration>) {
unsafe { self.io.with_mut(|s, _| s.set_keep_alive(interval)) } self.io.with_mut(|s, _| s.set_keep_alive(interval))
} }
pub fn set_hop_limit(&mut self, hop_limit: Option<u8>) { pub fn set_hop_limit(&mut self, hop_limit: Option<u8>) {
unsafe { self.io.with_mut(|s, _| s.set_hop_limit(hop_limit)) } self.io.with_mut(|s, _| s.set_hop_limit(hop_limit))
} }
pub fn local_endpoint(&self) -> Option<IpEndpoint> { pub fn local_endpoint(&self) -> Option<IpEndpoint> {
unsafe { self.io.with(|s, _| s.local_endpoint()) } self.io.with(|s, _| s.local_endpoint())
} }
pub fn remote_endpoint(&self) -> Option<IpEndpoint> { pub fn remote_endpoint(&self) -> Option<IpEndpoint> {
unsafe { self.io.with(|s, _| s.remote_endpoint()) } self.io.with(|s, _| s.remote_endpoint())
} }
pub fn state(&self) -> tcp::State { pub fn state(&self) -> tcp::State {
unsafe { self.io.with(|s, _| s.state()) } self.io.with(|s, _| s.state())
} }
pub fn close(&mut self) { pub fn close(&mut self) {
unsafe { self.io.with_mut(|s, _| s.close()) } self.io.with_mut(|s, _| s.close())
} }
pub fn abort(&mut self) { pub fn abort(&mut self) {
unsafe { self.io.with_mut(|s, _| s.abort()) } self.io.with_mut(|s, _| s.abort())
} }
pub fn may_send(&self) -> bool { pub fn may_send(&self) -> bool {
unsafe { self.io.with(|s, _| s.may_send()) } self.io.with(|s, _| s.may_send())
} }
pub fn may_recv(&self) -> bool { pub fn may_recv(&self) -> bool {
unsafe { self.io.with(|s, _| s.may_recv()) } self.io.with(|s, _| s.may_recv())
} }
} }
impl<'a> Drop for TcpSocket<'a> { impl<'a> Drop for TcpSocket<'a> {
fn drop(&mut self) { fn drop(&mut self) {
// safety: not accessed reentrantly. self.io.stack.borrow_mut().sockets.remove(self.io.handle);
let s = unsafe { &mut *self.io.stack.get() };
s.sockets.remove(self.io.handle);
} }
} }
@ -201,21 +195,19 @@ impl<'a> Drop for TcpSocket<'a> {
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
struct TcpIo<'a> { struct TcpIo<'a> {
stack: &'a UnsafeCell<SocketStack>, stack: &'a RefCell<SocketStack>,
handle: SocketHandle, handle: SocketHandle,
} }
impl<'d> TcpIo<'d> { impl<'d> TcpIo<'d> {
/// SAFETY: must not call reentrantly. fn with<R>(&self, f: impl FnOnce(&tcp::Socket, &Interface) -> R) -> R {
unsafe fn with<R>(&self, f: impl FnOnce(&tcp::Socket, &Interface) -> R) -> R { let s = &*self.stack.borrow();
let s = &*self.stack.get();
let socket = s.sockets.get::<tcp::Socket>(self.handle); let socket = s.sockets.get::<tcp::Socket>(self.handle);
f(socket, &s.iface) f(socket, &s.iface)
} }
/// SAFETY: must not call reentrantly. fn with_mut<R>(&mut self, f: impl FnOnce(&mut tcp::Socket, &mut Interface) -> R) -> R {
unsafe fn with_mut<R>(&mut self, f: impl FnOnce(&mut tcp::Socket, &mut Interface) -> R) -> R { let s = &mut *self.stack.borrow_mut();
let s = &mut *self.stack.get();
let socket = s.sockets.get_mut::<tcp::Socket>(self.handle); let socket = s.sockets.get_mut::<tcp::Socket>(self.handle);
let res = f(socket, &mut s.iface); let res = f(socket, &mut s.iface);
s.waker.wake(); s.waker.wake();
@ -223,7 +215,7 @@ impl<'d> TcpIo<'d> {
} }
async fn read(&mut self, buf: &mut [u8]) -> Result<usize, Error> { async fn read(&mut self, buf: &mut [u8]) -> Result<usize, Error> {
poll_fn(move |cx| unsafe { poll_fn(move |cx| {
// CAUTION: smoltcp semantics around EOF are different to what you'd expect // CAUTION: smoltcp semantics around EOF are different to what you'd expect
// from posix-like IO, so we have to tweak things here. // from posix-like IO, so we have to tweak things here.
self.with_mut(|s, _| match s.recv_slice(buf) { self.with_mut(|s, _| match s.recv_slice(buf) {
@ -244,7 +236,7 @@ impl<'d> TcpIo<'d> {
} }
async fn write(&mut self, buf: &[u8]) -> Result<usize, Error> { async fn write(&mut self, buf: &[u8]) -> Result<usize, Error> {
poll_fn(move |cx| unsafe { poll_fn(move |cx| {
self.with_mut(|s, _| match s.send_slice(buf) { self.with_mut(|s, _| match s.send_slice(buf) {
// Not ready to send (no space in the tx buffer) // Not ready to send (no space in the tx buffer)
Ok(0) => { Ok(0) => {
@ -332,6 +324,7 @@ mod embedded_io_impls {
#[cfg(all(feature = "unstable-traits", feature = "nightly"))] #[cfg(all(feature = "unstable-traits", feature = "nightly"))]
pub mod client { pub mod client {
use core::cell::UnsafeCell;
use core::mem::MaybeUninit; use core::mem::MaybeUninit;
use core::ptr::NonNull; use core::ptr::NonNull;

41
embassy-net/src/udp.rs
View File

@ -1,4 +1,4 @@
use core::cell::UnsafeCell; use core::cell::RefCell;
use core::future::poll_fn; use core::future::poll_fn;
use core::mem; use core::mem;
use core::task::Poll; use core::task::Poll;
@ -27,7 +27,7 @@ pub enum Error {
} }
pub struct UdpSocket<'a> { pub struct UdpSocket<'a> {
stack: &'a UnsafeCell<SocketStack>, stack: &'a RefCell<SocketStack>,
handle: SocketHandle, handle: SocketHandle,
} }
@ -39,8 +39,7 @@ impl<'a> UdpSocket<'a> {
tx_meta: &'a mut [PacketMetadata], tx_meta: &'a mut [PacketMetadata],
tx_buffer: &'a mut [u8], tx_buffer: &'a mut [u8],
) -> Self { ) -> Self {
// safety: not accessed reentrantly. let s = &mut *stack.socket.borrow_mut();
let s = unsafe { &mut *stack.socket.get() };
let rx_meta: &'static mut [PacketMetadata] = unsafe { mem::transmute(rx_meta) }; let rx_meta: &'static mut [PacketMetadata] = unsafe { mem::transmute(rx_meta) };
let rx_buffer: &'static mut [u8] = unsafe { mem::transmute(rx_buffer) }; let rx_buffer: &'static mut [u8] = unsafe { mem::transmute(rx_buffer) };
@ -63,30 +62,26 @@ impl<'a> UdpSocket<'a> {
{ {
let mut endpoint = endpoint.into(); let mut endpoint = endpoint.into();
// safety: not accessed reentrantly.
if endpoint.port == 0 { if endpoint.port == 0 {
// If user didn't specify port allocate a dynamic port. // If user didn't specify port allocate a dynamic port.
endpoint.port = unsafe { &mut *self.stack.get() }.get_local_port(); endpoint.port = self.stack.borrow_mut().get_local_port();
} }
// safety: not accessed reentrantly. match self.with_mut(|s, _| s.bind(endpoint)) {
match unsafe { self.with_mut(|s, _| s.bind(endpoint)) } {
Ok(()) => Ok(()), Ok(()) => Ok(()),
Err(udp::BindError::InvalidState) => Err(BindError::InvalidState), Err(udp::BindError::InvalidState) => Err(BindError::InvalidState),
Err(udp::BindError::Unaddressable) => Err(BindError::NoRoute), Err(udp::BindError::Unaddressable) => Err(BindError::NoRoute),
} }
} }
/// SAFETY: must not call reentrantly. fn with<R>(&self, f: impl FnOnce(&udp::Socket, &Interface) -> R) -> R {
unsafe fn with<R>(&self, f: impl FnOnce(&udp::Socket, &Interface) -> R) -> R { let s = &*self.stack.borrow();
let s = &*self.stack.get();
let socket = s.sockets.get::<udp::Socket>(self.handle); let socket = s.sockets.get::<udp::Socket>(self.handle);
f(socket, &s.iface) f(socket, &s.iface)
} }
/// SAFETY: must not call reentrantly. fn with_mut<R>(&self, f: impl FnOnce(&mut udp::Socket, &mut Interface) -> R) -> R {
unsafe fn with_mut<R>(&self, f: impl FnOnce(&mut udp::Socket, &mut Interface) -> R) -> R { let s = &mut *self.stack.borrow_mut();
let s = &mut *self.stack.get();
let socket = s.sockets.get_mut::<udp::Socket>(self.handle); let socket = s.sockets.get_mut::<udp::Socket>(self.handle);
let res = f(socket, &mut s.iface); let res = f(socket, &mut s.iface);
s.waker.wake(); s.waker.wake();
@ -94,7 +89,7 @@ impl<'a> UdpSocket<'a> {
} }
pub async fn recv_from(&self, buf: &mut [u8]) -> Result<(usize, IpEndpoint), Error> { pub async fn recv_from(&self, buf: &mut [u8]) -> Result<(usize, IpEndpoint), Error> {
poll_fn(move |cx| unsafe { poll_fn(move |cx| {
self.with_mut(|s, _| match s.recv_slice(buf) { self.with_mut(|s, _| match s.recv_slice(buf) {
Ok(x) => Poll::Ready(Ok(x)), Ok(x) => Poll::Ready(Ok(x)),
// No data ready // No data ready
@ -113,7 +108,7 @@ impl<'a> UdpSocket<'a> {
T: Into<IpEndpoint>, T: Into<IpEndpoint>,
{ {
let remote_endpoint = remote_endpoint.into(); let remote_endpoint = remote_endpoint.into();
poll_fn(move |cx| unsafe { poll_fn(move |cx| {
self.with_mut(|s, _| match s.send_slice(buf, remote_endpoint) { self.with_mut(|s, _| match s.send_slice(buf, remote_endpoint) {
// Entire datagram has been sent // Entire datagram has been sent
Ok(()) => Poll::Ready(Ok(())), Ok(()) => Poll::Ready(Ok(())),
@ -128,30 +123,28 @@ impl<'a> UdpSocket<'a> {
} }
pub fn endpoint(&self) -> IpListenEndpoint { pub fn endpoint(&self) -> IpListenEndpoint {
unsafe { self.with(|s, _| s.endpoint()) } self.with(|s, _| s.endpoint())
} }
pub fn is_open(&self) -> bool { pub fn is_open(&self) -> bool {
unsafe { self.with(|s, _| s.is_open()) } self.with(|s, _| s.is_open())
} }
pub fn close(&mut self) { pub fn close(&mut self) {
unsafe { self.with_mut(|s, _| s.close()) } self.with_mut(|s, _| s.close())
} }
pub fn may_send(&self) -> bool { pub fn may_send(&self) -> bool {
unsafe { self.with(|s, _| s.can_send()) } self.with(|s, _| s.can_send())
} }
pub fn may_recv(&self) -> bool { pub fn may_recv(&self) -> bool {
unsafe { self.with(|s, _| s.can_recv()) } self.with(|s, _| s.can_recv())
} }
} }
impl Drop for UdpSocket<'_> { impl Drop for UdpSocket<'_> {
fn drop(&mut self) { fn drop(&mut self) {
// safety: not accessed reentrantly. self.stack.borrow_mut().sockets.remove(self.handle);
let s = unsafe { &mut *self.stack.get() };
s.sockets.remove(self.handle);
} }
} }