src/devices/bin/driver_host2/driver_host.cc - fuchsia - Git at Google

 // Copyright 2020 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "src/devices/bin/driver_host2/driver_host.h"

 #include <fidl/fuchsia.io/cpp/fidl.h>
 #include <lib/async/cpp/task.h>
 #include <lib/driver2/start_args.h>
 #include <lib/fdf/cpp/dispatcher.h>
 #include <lib/fdf/cpp/internal.h>
 #include <lib/fdio/directory.h>
 #include <lib/fit/defer.h>
 #include <lib/fit/function.h>
 #include <lib/sys/component/llcpp/outgoing_directory.h>
 #include <lib/syslog/cpp/macros.h>
 #include <zircon/dlfcn.h>

 #include "src/lib/storage/vfs/cpp/service.h"

 // The driver runtime libraries use the fdf namespace, but we would also like to use fdf
 // as an alias for the fdf FIDL library.
 namespace fdf {
 using namespace fuchsia_driver_framework;
 }  // namespace fdf

 namespace fio = fuchsia_io;
 namespace frunner = fuchsia_component_runner;
 namespace fdh = fuchsia_driver_host;

 namespace {

 class FileEventHandler : public fidl::AsyncEventHandler<fio::File> {
  public:
   explicit FileEventHandler(std::string url) : url_(std::move(url)) {}

   void on_fidl_error(fidl::UnbindInfo info) override {
     FX_SLOG(ERROR, "Failed to start driver; could not open library", KV("url", url_.data()),
             KV("status_str", info.FormatDescription().data()));
   }

  private:
   std::string url_;
 };

 std::string_view GetManifest(std::string_view url) {
   auto i = url.rfind('/');
   return i == std::string_view::npos ? url : url.substr(i + 1);
 }

 // TODO(fxbug.dev/99679): This logic needs to be kept in sync with |driver::NsValue|.
 // Once we have the ability to produce a const view from FIDL natural types, we can
 // directly use |driver::NsValue| and delete this function.
 zx::status<fidl::UnownedClientEnd<fuchsia_io::Directory>> NsValue(
     const std::vector<fuchsia_component_runner::ComponentNamespaceEntry>& entries,
     std::string_view path) {
   for (auto& entry : entries) {
     if (!entry.path() || !entry.directory()) {
       continue;
     }
     if (path == *entry.path()) {
       return zx::ok<fidl::UnownedClientEnd<fuchsia_io::Directory>>(*entry.directory());
     }
   }
   return zx::error(ZX_ERR_NOT_FOUND);
 }

 }  // namespace

 zx::status<fbl::RefPtr<Driver>> Driver::Load(std::string url, zx::vmo vmo) {
   void* library = dlopen_vmo(vmo.get(), RTLD_NOW);
   if (library == nullptr) {
     FX_SLOG(ERROR, "Failed to start driver; could not load library", KV("url", url.data()),
             KV("status_str", dlerror()));
     return zx::error(ZX_ERR_INTERNAL);
   }
   auto record = static_cast<const DriverRecordV1*>(dlsym(library, "__fuchsia_driver_record__"));
   if (record == nullptr) {
     FX_SLOG(ERROR, "Failed to start driver; driver record not found", KV("url", url.data()));
     return zx::error(ZX_ERR_NOT_FOUND);
   }
   if (record->version != 1) {
     FX_SLOG(ERROR, "Failed to start driver; unknown driver record version", KV("url", url.data()),
             KV("version", record->version));
     return zx::error(ZX_ERR_WRONG_TYPE);
   }
   return zx::ok(fbl::MakeRefCounted<Driver>(std::move(url), library, record));
 }

 Driver::Driver(std::string url, void* library, const DriverRecordV1* record)
     : url_(std::move(url)), library_(library), record_(record) {}

 Driver::~Driver() {
   if (opaque_.has_value()) {
     zx_status_t status = record_->stop(*opaque_);
     if (status != ZX_OK) {
       FX_SLOG(ERROR, "Failed to stop driver", KV("url", url_.data()),
               KV("status_str", zx_status_get_string(status)));
     }
   }
   dlclose(library_);
 }

 void Driver::set_binding(fidl::ServerBindingRef<fdh::Driver> binding) {
   binding_.emplace(std::move(binding));
 }

 void Driver::Stop(StopRequest& request, StopCompleter::Sync& completer) { binding_->Unbind(); }

 zx::status<> Driver::Start(fuchsia_driver_framework::DriverStartArgs start_args,
                            fdf::Dispatcher dispatcher) {
   initial_dispatcher_ = std::move(dispatcher);

   fidl::OwnedEncodeResult encoded = fidl::Encode(std::move(start_args));
   if (!encoded.message().ok()) {
     FX_SLOG(ERROR, "Failed to start driver, could not encode start args",
             KV("status_str", encoded.message().FormatDescription().data()));
     return zx::error(encoded.message().status());
   }
   fidl_opaque_wire_format_metadata_t wire_format_metadata =
       encoded.wire_format_metadata().ToOpaque();

   // We convert the outgoing message into an incoming message to provide to the
   // driver on start.
   fidl::OutgoingToIncomingMessage converted_message{encoded.message()};
   if (!converted_message.ok()) {
     FX_SLOG(ERROR, "Failed to start driver, could not convert start args",
             KV("status_str", converted_message.FormatDescription().data()));
     return zx::error(converted_message.status());
   }

   // After calling |record_->start|, we assume it has taken ownership of
   // the handles from |start_args|, and can therefore relinquish ownership.
   fidl_incoming_msg_t c_msg =
       std::move(converted_message.incoming_message()).ReleaseToEncodedCMessage();
   void* opaque = nullptr;
   zx_status_t status =
       record_->start({&c_msg, wire_format_metadata}, initial_dispatcher_.get(), &opaque);
   if (status != ZX_OK) {
     return zx::error(status);
   }
   opaque_.emplace(opaque);
   return zx::ok();
 }

 DriverHost::DriverHost(inspect::Inspector& inspector, async::Loop& loop) : loop_(loop) {
   inspector.GetRoot().CreateLazyNode(
       "drivers", [this] { return Inspect(); }, &inspector);
 }

 fpromise::promise<inspect::Inspector> DriverHost::Inspect() {
   inspect::Inspector inspector;
   auto& root = inspector.GetRoot();
   size_t i = 0;

   std::lock_guard<std::mutex> lock(mutex_);
   for (auto& driver : drivers_) {
     auto child = root.CreateChild("driver-" + std::to_string(++i));
     child.CreateString("url", driver.url(), &inspector);
     inspector.emplace(std::move(child));
   }

   return fpromise::make_ok_promise(std::move(inspector));
 }

 zx::status<> DriverHost::PublishDriverHost(component::OutgoingDirectory& outgoing_directory) {
   const auto service = [this](fidl::ServerEnd<fdh::DriverHost> request) {
     fidl::BindServer(loop_.dispatcher(), std::move(request), this);
   };
   auto status = outgoing_directory.AddProtocol<fdh::DriverHost>(std::move(service));
   if (status.is_error()) {
     FX_SLOG(ERROR, "Failed to add directory entry",
             KV("name", fidl::DiscoverableProtocolName<fdh::DriverHost>),
             KV("status_str", status.status_string()));
   }

   return status;
 }

 uint32_t DriverHost::ExtractDefaultDispatcherOpts(const fuchsia_data::wire::Dictionary& program) {
   auto default_dispatcher_opts = driver::ProgramValueAsVector(program, "default_dispatcher_opts");

   uint32_t opts = 0;
   if (default_dispatcher_opts.is_ok()) {
     for (auto opt : *default_dispatcher_opts) {
       if (opt == "allow_sync_calls") {
         opts |= FDF_DISPATCHER_OPTION_ALLOW_SYNC_CALLS;
       } else {
         FX_SLOG(WARNING, "Ignoring unknown default_dispatcher_opt", KV("opt", opt.data()));
       }
     }
   }
   return opts;
 }

 void DriverHost::Start(StartRequest& request, StartCompleter::Sync& completer) {
   if (!request.start_args().url()) {
     FX_SLOG(ERROR, "Failed to start driver, missing 'url' argument");
     completer.Close(ZX_ERR_INVALID_ARGS);
     return;
   }
   const std::string& url = *request.start_args().url();
   const auto& ns = request.start_args().ns();
   auto pkg = ns ? NsValue(*ns, "/pkg") : zx::error(ZX_ERR_INVALID_ARGS);
   if (pkg.is_error()) {
     FX_SLOG(ERROR, "Failed to start driver, missing '/pkg' directory",
             KV("status_str", zx_status_get_string(pkg.error_value())));
     completer.Close(pkg.error_value());
     return;
   }

   fidl::Arena arena;
   zx::status<std::string> binary = zx::error(ZX_ERR_INVALID_ARGS);
   fuchsia_data::wire::Dictionary wire_program;
   if (request.start_args().program().has_value()) {
     wire_program = fidl::ToWire(arena, *request.start_args().program());
     binary = driver::ProgramValue(wire_program, "binary");
   }
   if (binary.is_error()) {
     FX_SLOG(ERROR, "Failed to start driver, missing 'binary' argument",
             KV("status_str", zx_status_get_string(binary.error_value())));
     completer.Close(binary.error_value());
     return;
   }
   // Open the driver's binary within the driver's package.
   auto endpoints = fidl::CreateEndpoints<fio::File>();
   if (endpoints.is_error()) {
     completer.Close(endpoints.error_value());
     return;
   }
   zx_status_t status = fdio_open_at(
       pkg->channel()->get(), binary->data(),
       static_cast<uint32_t>(fio::OpenFlags::kRightReadable | fio::OpenFlags::kRightExecutable),
       endpoints->server.TakeChannel().release());
   if (status != ZX_OK) {
     FX_SLOG(ERROR, "Failed to start driver; could not open library", KV("url", url.data()),
             KV("status_str", zx_status_get_string(status)));
     completer.Close(status);
     return;
   }

   uint32_t default_dispatcher_opts = ExtractDefaultDispatcherOpts(wire_program);

   // Once we receive the VMO from the call to GetBuffer, we can load the driver
   // into this driver host. We move the storage and encoded for start_args into
   // this callback to extend its lifetime.
   fidl::SharedClient file(std::move(endpoints->client), loop_.dispatcher(),
                           std::make_unique<FileEventHandler>(url));
   auto callback = [this, request = std::move(request.driver()), completer = completer.ToAsync(),
                    start_args = std::move(request.start_args()),
                    default_dispatcher_opts = default_dispatcher_opts,
                    _ = file.Clone()](fidl::Result<fio::File::GetBackingMemory>& result) mutable {
     const std::string& url = *start_args.url();
     if (!result.is_ok()) {
       FX_SLOG(ERROR, "Failed to start driver, could not get library VMO", KV("url", url.data()),
               KV("status_str", result.error_value().FormatDescription().data()));
       zx_status_t status = result.error_value().is_application_error()
                                ? result.error_value().application_error()
                                : result.error_value().transport_error().status();
       completer.Close(status);
       return;
     }
     zx::vmo vmo = std::move(result->vmo());

     // Give the driver's VMO a name. We can't fit the entire URL in the name, so
     // use the name of the manifest from the URL.
     auto manifest = GetManifest(url);
     zx_status_t status = vmo.set_property(ZX_PROP_NAME, manifest.data(), manifest.size());
     if (status != ZX_OK) {
       FX_SLOG(ERROR, "Failed to start driver, could not name library VMO", KV("url", url.data()),
               KV("status_str", zx_status_get_string(status)));
       completer.Close(status);
       return;
     }
     auto driver = Driver::Load(url, std::move(vmo));
     if (driver.is_error()) {
       completer.Close(driver.error_value());
       return;
     }

     fdf::Dispatcher driver_dispatcher;
     {
       // Let the driver runtime know which driver this dispatcher is for.
       // Since we haven't entered the driver yet, the runtime cannot detect
       // which driver this dispatcher is associated with.
       fdf_internal_push_driver((*driver).get());
       auto pop_driver = fit::defer([]() { fdf_internal_pop_driver(); });

       // The dispatcher must be shutdown before the dispatcher is destroyed.
       // Usually we will wait for the callback from |fdf_internal::DriverShutdown| before destroying
       // the driver object (and hence the dispatcher).
       // In the case where we fail to start the driver, the driver object would be destructed
       // immediately, so here we hold an extra reference to the driver object to ensure the
       // dispatcher will not be destructed until shutdown completes.
       //
       // We do not destroy the dispatcher in the shutdown callback, to prevent crashes that
       // would happen if the driver attempts to access the dispatcher in its Stop hook.
       uint32_t options = default_dispatcher_opts;

       auto dispatcher =
           fdf::Dispatcher::Create(options, [driver_ref = *driver](fdf_dispatcher_t* dispatcher) {});
       if (dispatcher.is_error()) {
         completer.Close(dispatcher.status_value());
         return;
       }
       driver_dispatcher = *std::move(dispatcher);
     }
     async_dispatcher_t* driver_async_dispatcher = driver_dispatcher.async_dispatcher();

     // Task to start the driver. Post this to the driver dispatcher thread.
     auto start_task = [this, request = std::move(request), completer = std::move(completer),
                        start_args = std::move(start_args), driver = std::move(*driver),
                        driver_dispatcher = std::move(driver_dispatcher)]() mutable {
       // We have to add the driver to this list before calling Start in order to have an accurate
       // count of how many drivers exist in this driver host.
       {
         std::lock_guard<std::mutex> lock(mutex_);
         drivers_.push_back(driver);
       }
       auto remove_driver = fit::defer([this, driver = driver.get()]() {
         std::lock_guard<std::mutex> lock(mutex_);
         drivers_.erase(*driver);
       });

       // Save a ptr to the dispatcher so we can shut it down if starting the driver fails.
       fdf::UnownedDispatcher unowned_dispatcher = driver_dispatcher.borrow();
       auto start = driver->Start(std::move(start_args), std::move(driver_dispatcher));
       if (start.is_error()) {
         FX_SLOG(ERROR, "Failed to start driver", KV("url", driver->url().data()),
                 KV("status_str", start.status_string()));
         completer.Close(start.error_value());
         // If we fail to start the driver, we need to initiate shutting down the dispatcher.
         unowned_dispatcher->ShutdownAsync();
         // The dispatcher will be destroyed in the shutdown callback, when the last driver reference
         // is released.
         return;
       }
       FX_SLOG(INFO, "Started driver", KV("url", driver->url().data()));

       auto unbind_callback = [this](Driver* driver, fidl::UnbindInfo info,
                                     fidl::ServerEnd<fdh::Driver> server) {
         if (!info.is_user_initiated()) {
           FX_SLOG(WARNING, "Unexpected stop of driver", KV("url", driver->url().data()),
                   KV("status_str", info.FormatDescription()).data());
         }

         // Request the driver runtime shutdown all dispatchers owned by the driver.
         // Once we get the callback, we will stop the driver.
         auto driver_shutdown = std::make_unique<fdf_internal::DriverShutdown>();
         auto driver_shutdown_ptr = driver_shutdown.get();
         auto shutdown_callback = [this, driver_shutdown = std::move(driver_shutdown), driver,
                                   server = std::move(server)](const void* shutdown_driver) mutable {
           ZX_ASSERT(driver == shutdown_driver);

           std::lock_guard<std::mutex> lock(mutex_);
           // This removes the driver's unique_ptr from the list, which will
           // run the destructor and call the driver's Stop hook.
           drivers_.erase(*driver);

           // Send the epitaph to the driver runner letting it know we stopped
           // the driver correctly.
           server.Close(ZX_OK);

           // If this is the last driver, shutdown the driver host.
           if (drivers_.is_empty()) {
             loop_.Quit();
           }
         };
         // We always expect this call to succeed, as we should be the only entity
         // that attempts to forcibly shutdown drivers.
         ZX_ASSERT(ZX_OK == driver_shutdown_ptr->Begin(driver, std::move(shutdown_callback)));
       };
       auto bind = fidl::BindServer(loop_.dispatcher(), std::move(request), driver.get(),
                                    std::move(unbind_callback));
       driver->set_binding(std::move(bind));
       remove_driver.cancel();
     };
     async::PostTask(driver_async_dispatcher, std::move(start_task));
   };
   file->GetBackingMemory(fio::VmoFlags::kRead | fio::VmoFlags::kExecute |
                          fio::VmoFlags::kPrivateClone)
       .ThenExactlyOnce(std::move(callback));
 }

 void DriverHost::GetProcessKoid(GetProcessKoidRequest& request,
                                 GetProcessKoidCompleter::Sync& completer) {
   zx_info_handle_basic_t info;
   zx_status_t status =
       zx::process::self()->get_info(ZX_INFO_HANDLE_BASIC, &info, sizeof(info), nullptr, nullptr);
   if (status != ZX_OK) {
     FX_SLOG(ERROR, "Failed to get info about process handle",
             KV("status_str", zx_status_get_string(status)));
     completer.Reply(zx::error(status));
   }
   completer.Reply(zx::ok(info.koid));
 }
	// Copyright 2020 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "src/devices/bin/driver_host2/driver_host.h"

	#include <fidl/fuchsia.io/cpp/fidl.h>
	#include <lib/async/cpp/task.h>
	#include <lib/driver2/start_args.h>
	#include <lib/fdf/cpp/dispatcher.h>
	#include <lib/fdf/cpp/internal.h>
	#include <lib/fdio/directory.h>
	#include <lib/fit/defer.h>
	#include <lib/fit/function.h>
	#include <lib/sys/component/llcpp/outgoing_directory.h>
	#include <lib/syslog/cpp/macros.h>
	#include <zircon/dlfcn.h>

	#include "src/lib/storage/vfs/cpp/service.h"

	// The driver runtime libraries use the fdf namespace, but we would also like to use fdf
	// as an alias for the fdf FIDL library.
	namespace fdf {
	using namespace fuchsia_driver_framework;
	} // namespace fdf

	namespace fio = fuchsia_io;
	namespace frunner = fuchsia_component_runner;
	namespace fdh = fuchsia_driver_host;

	namespace {

	class FileEventHandler : public fidl::AsyncEventHandler<fio::File> {
	public:
	explicit FileEventHandler(std::string url) : url_(std::move(url)) {}

	void on_fidl_error(fidl::UnbindInfo info) override {
	FX_SLOG(ERROR, "Failed to start driver; could not open library", KV("url", url_.data()),
	KV("status_str", info.FormatDescription().data()));
	}

	private:
	std::string url_;
	};

	std::string_view GetManifest(std::string_view url) {
	auto i = url.rfind('/');
	return i == std::string_view::npos ? url : url.substr(i + 1);
	}

	// TODO(fxbug.dev/99679): This logic needs to be kept in sync with \|driver::NsValue\|.
	// Once we have the ability to produce a const view from FIDL natural types, we can
	// directly use \|driver::NsValue\| and delete this function.
	zx::status<fidl::UnownedClientEnd<fuchsia_io::Directory>> NsValue(
	const std::vector<fuchsia_component_runner::ComponentNamespaceEntry>& entries,
	std::string_view path) {
	for (auto& entry : entries) {
	if (!entry.path() \|\| !entry.directory()) {
	continue;
	}
	if (path == *entry.path()) {
	return zx::ok<fidl::UnownedClientEnd<fuchsia_io::Directory>>(*entry.directory());
	}
	}
	return zx::error(ZX_ERR_NOT_FOUND);
	}

	} // namespace

	zx::status<fbl::RefPtr<Driver>> Driver::Load(std::string url, zx::vmo vmo) {
	void* library = dlopen_vmo(vmo.get(), RTLD_NOW);
	if (library == nullptr) {
	FX_SLOG(ERROR, "Failed to start driver; could not load library", KV("url", url.data()),
	KV("status_str", dlerror()));
	return zx::error(ZX_ERR_INTERNAL);
	}
	auto record = static_cast<const DriverRecordV1*>(dlsym(library, "__fuchsia_driver_record__"));
	if (record == nullptr) {
	FX_SLOG(ERROR, "Failed to start driver; driver record not found", KV("url", url.data()));
	return zx::error(ZX_ERR_NOT_FOUND);
	}
	if (record->version != 1) {
	FX_SLOG(ERROR, "Failed to start driver; unknown driver record version", KV("url", url.data()),
	KV("version", record->version));
	return zx::error(ZX_ERR_WRONG_TYPE);
	}
	return zx::ok(fbl::MakeRefCounted<Driver>(std::move(url), library, record));
	}

	Driver::Driver(std::string url, void* library, const DriverRecordV1* record)
	: url_(std::move(url)), library_(library), record_(record) {}

	Driver::~Driver() {
	if (opaque_.has_value()) {
	zx_status_t status = record_->stop(*opaque_);
	if (status != ZX_OK) {
	FX_SLOG(ERROR, "Failed to stop driver", KV("url", url_.data()),
	KV("status_str", zx_status_get_string(status)));
	}
	}
	dlclose(library_);
	}

	void Driver::set_binding(fidl::ServerBindingRef<fdh::Driver> binding) {
	binding_.emplace(std::move(binding));
	}

	void Driver::Stop(StopRequest& request, StopCompleter::Sync& completer) { binding_->Unbind(); }

	zx::status<> Driver::Start(fuchsia_driver_framework::DriverStartArgs start_args,
	fdf::Dispatcher dispatcher) {
	initial_dispatcher_ = std::move(dispatcher);

	fidl::OwnedEncodeResult encoded = fidl::Encode(std::move(start_args));
	if (!encoded.message().ok()) {
	FX_SLOG(ERROR, "Failed to start driver, could not encode start args",
	KV("status_str", encoded.message().FormatDescription().data()));
	return zx::error(encoded.message().status());
	}
	fidl_opaque_wire_format_metadata_t wire_format_metadata =
	encoded.wire_format_metadata().ToOpaque();

	// We convert the outgoing message into an incoming message to provide to the
	// driver on start.
	fidl::OutgoingToIncomingMessage converted_message{encoded.message()};
	if (!converted_message.ok()) {
	FX_SLOG(ERROR, "Failed to start driver, could not convert start args",
	KV("status_str", converted_message.FormatDescription().data()));
	return zx::error(converted_message.status());
	}

	// After calling \|record_->start\|, we assume it has taken ownership of
	// the handles from \|start_args\|, and can therefore relinquish ownership.
	fidl_incoming_msg_t c_msg =
	std::move(converted_message.incoming_message()).ReleaseToEncodedCMessage();
	void* opaque = nullptr;
	zx_status_t status =
	record_->start({&c_msg, wire_format_metadata}, initial_dispatcher_.get(), &opaque);
	if (status != ZX_OK) {
	return zx::error(status);
	}
	opaque_.emplace(opaque);
	return zx::ok();
	}

	DriverHost::DriverHost(inspect::Inspector& inspector, async::Loop& loop) : loop_(loop) {
	inspector.GetRoot().CreateLazyNode(
	"drivers", [this] { return Inspect(); }, &inspector);
	}

	fpromise::promise<inspect::Inspector> DriverHost::Inspect() {
	inspect::Inspector inspector;
	auto& root = inspector.GetRoot();
	size_t i = 0;

	std::lock_guard<std::mutex> lock(mutex_);
	for (auto& driver : drivers_) {
	auto child = root.CreateChild("driver-" + std::to_string(++i));
	child.CreateString("url", driver.url(), &inspector);
	inspector.emplace(std::move(child));
	}

	return fpromise::make_ok_promise(std::move(inspector));
	}

	zx::status<> DriverHost::PublishDriverHost(component::OutgoingDirectory& outgoing_directory) {
	const auto service = [this](fidl::ServerEnd<fdh::DriverHost> request) {
	fidl::BindServer(loop_.dispatcher(), std::move(request), this);
	};
	auto status = outgoing_directory.AddProtocol<fdh::DriverHost>(std::move(service));
	if (status.is_error()) {
	FX_SLOG(ERROR, "Failed to add directory entry",
	KV("name", fidl::DiscoverableProtocolName<fdh::DriverHost>),
	KV("status_str", status.status_string()));
	}

	return status;
	}

	uint32_t DriverHost::ExtractDefaultDispatcherOpts(const fuchsia_data::wire::Dictionary& program) {
	auto default_dispatcher_opts = driver::ProgramValueAsVector(program, "default_dispatcher_opts");

	uint32_t opts = 0;
	if (default_dispatcher_opts.is_ok()) {
	for (auto opt : *default_dispatcher_opts) {
	if (opt == "allow_sync_calls") {
	opts \|= FDF_DISPATCHER_OPTION_ALLOW_SYNC_CALLS;
	} else {
	FX_SLOG(WARNING, "Ignoring unknown default_dispatcher_opt", KV("opt", opt.data()));
	}
	}
	}
	return opts;
	}

	void DriverHost::Start(StartRequest& request, StartCompleter::Sync& completer) {
	if (!request.start_args().url()) {
	FX_SLOG(ERROR, "Failed to start driver, missing 'url' argument");
	completer.Close(ZX_ERR_INVALID_ARGS);
	return;
	}
	const std::string& url = *request.start_args().url();
	const auto& ns = request.start_args().ns();
	auto pkg = ns ? NsValue(*ns, "/pkg") : zx::error(ZX_ERR_INVALID_ARGS);
	if (pkg.is_error()) {
	FX_SLOG(ERROR, "Failed to start driver, missing '/pkg' directory",
	KV("status_str", zx_status_get_string(pkg.error_value())));
	completer.Close(pkg.error_value());
	return;
	}

	fidl::Arena arena;
	zx::status<std::string> binary = zx::error(ZX_ERR_INVALID_ARGS);
	fuchsia_data::wire::Dictionary wire_program;
	if (request.start_args().program().has_value()) {
	wire_program = fidl::ToWire(arena, *request.start_args().program());
	binary = driver::ProgramValue(wire_program, "binary");
	}
	if (binary.is_error()) {
	FX_SLOG(ERROR, "Failed to start driver, missing 'binary' argument",
	KV("status_str", zx_status_get_string(binary.error_value())));
	completer.Close(binary.error_value());
	return;
	}
	// Open the driver's binary within the driver's package.
	auto endpoints = fidl::CreateEndpoints<fio::File>();
	if (endpoints.is_error()) {
	completer.Close(endpoints.error_value());
	return;
	}
	zx_status_t status = fdio_open_at(
	pkg->channel()->get(), binary->data(),
	static_cast<uint32_t>(fio::OpenFlags::kRightReadable \| fio::OpenFlags::kRightExecutable),
	endpoints->server.TakeChannel().release());
	if (status != ZX_OK) {
	FX_SLOG(ERROR, "Failed to start driver; could not open library", KV("url", url.data()),
	KV("status_str", zx_status_get_string(status)));
	completer.Close(status);
	return;
	}

	uint32_t default_dispatcher_opts = ExtractDefaultDispatcherOpts(wire_program);

	// Once we receive the VMO from the call to GetBuffer, we can load the driver
	// into this driver host. We move the storage and encoded for start_args into
	// this callback to extend its lifetime.
	fidl::SharedClient file(std::move(endpoints->client), loop_.dispatcher(),
	std::make_unique<FileEventHandler>(url));
	auto callback = [this, request = std::move(request.driver()), completer = completer.ToAsync(),
	start_args = std::move(request.start_args()),
	default_dispatcher_opts = default_dispatcher_opts,
	_ = file.Clone()](fidl::Result<fio::File::GetBackingMemory>& result) mutable {
	const std::string& url = *start_args.url();
	if (!result.is_ok()) {
	FX_SLOG(ERROR, "Failed to start driver, could not get library VMO", KV("url", url.data()),
	KV("status_str", result.error_value().FormatDescription().data()));
	zx_status_t status = result.error_value().is_application_error()
	? result.error_value().application_error()
	: result.error_value().transport_error().status();
	completer.Close(status);
	return;
	}
	zx::vmo vmo = std::move(result->vmo());

	// Give the driver's VMO a name. We can't fit the entire URL in the name, so
	// use the name of the manifest from the URL.
	auto manifest = GetManifest(url);
	zx_status_t status = vmo.set_property(ZX_PROP_NAME, manifest.data(), manifest.size());
	if (status != ZX_OK) {
	FX_SLOG(ERROR, "Failed to start driver, could not name library VMO", KV("url", url.data()),
	KV("status_str", zx_status_get_string(status)));
	completer.Close(status);
	return;
	}
	auto driver = Driver::Load(url, std::move(vmo));
	if (driver.is_error()) {
	completer.Close(driver.error_value());
	return;
	}

	fdf::Dispatcher driver_dispatcher;
	{
	// Let the driver runtime know which driver this dispatcher is for.
	// Since we haven't entered the driver yet, the runtime cannot detect
	// which driver this dispatcher is associated with.
	fdf_internal_push_driver((*driver).get());
	auto pop_driver = fit::defer([]() { fdf_internal_pop_driver(); });

	// The dispatcher must be shutdown before the dispatcher is destroyed.
	// Usually we will wait for the callback from \|fdf_internal::DriverShutdown\| before destroying
	// the driver object (and hence the dispatcher).
	// In the case where we fail to start the driver, the driver object would be destructed
	// immediately, so here we hold an extra reference to the driver object to ensure the
	// dispatcher will not be destructed until shutdown completes.
	//
	// We do not destroy the dispatcher in the shutdown callback, to prevent crashes that
	// would happen if the driver attempts to access the dispatcher in its Stop hook.
	uint32_t options = default_dispatcher_opts;

	auto dispatcher =
	fdf::Dispatcher::Create(options, [driver_ref = driver](fdf_dispatcher_t dispatcher) {});
	if (dispatcher.is_error()) {
	completer.Close(dispatcher.status_value());
	return;
	}
	driver_dispatcher = *std::move(dispatcher);
	}
	async_dispatcher_t* driver_async_dispatcher = driver_dispatcher.async_dispatcher();

	// Task to start the driver. Post this to the driver dispatcher thread.
	auto start_task = [this, request = std::move(request), completer = std::move(completer),
	start_args = std::move(start_args), driver = std::move(*driver),
	driver_dispatcher = std::move(driver_dispatcher)]() mutable {
	// We have to add the driver to this list before calling Start in order to have an accurate
	// count of how many drivers exist in this driver host.
	{
	std::lock_guard<std::mutex> lock(mutex_);
	drivers_.push_back(driver);
	}
	auto remove_driver = fit::defer([this, driver = driver.get()]() {
	std::lock_guard<std::mutex> lock(mutex_);
	drivers_.erase(*driver);
	});

	// Save a ptr to the dispatcher so we can shut it down if starting the driver fails.
	fdf::UnownedDispatcher unowned_dispatcher = driver_dispatcher.borrow();
	auto start = driver->Start(std::move(start_args), std::move(driver_dispatcher));
	if (start.is_error()) {
	FX_SLOG(ERROR, "Failed to start driver", KV("url", driver->url().data()),
	KV("status_str", start.status_string()));
	completer.Close(start.error_value());
	// If we fail to start the driver, we need to initiate shutting down the dispatcher.
	unowned_dispatcher->ShutdownAsync();
	// The dispatcher will be destroyed in the shutdown callback, when the last driver reference
	// is released.
	return;
	}
	FX_SLOG(INFO, "Started driver", KV("url", driver->url().data()));

	auto unbind_callback = [this](Driver* driver, fidl::UnbindInfo info,
	fidl::ServerEnd<fdh::Driver> server) {
	if (!info.is_user_initiated()) {
	FX_SLOG(WARNING, "Unexpected stop of driver", KV("url", driver->url().data()),
	KV("status_str", info.FormatDescription()).data());
	}

	// Request the driver runtime shutdown all dispatchers owned by the driver.
	// Once we get the callback, we will stop the driver.
	auto driver_shutdown = std::make_unique<fdf_internal::DriverShutdown>();
	auto driver_shutdown_ptr = driver_shutdown.get();
	auto shutdown_callback = [this, driver_shutdown = std::move(driver_shutdown), driver,
	server = std::move(server)](const void* shutdown_driver) mutable {
	ZX_ASSERT(driver == shutdown_driver);

	std::lock_guard<std::mutex> lock(mutex_);
	// This removes the driver's unique_ptr from the list, which will
	// run the destructor and call the driver's Stop hook.
	drivers_.erase(*driver);

	// Send the epitaph to the driver runner letting it know we stopped
	// the driver correctly.
	server.Close(ZX_OK);

	// If this is the last driver, shutdown the driver host.
	if (drivers_.is_empty()) {
	loop_.Quit();
	}
	};
	// We always expect this call to succeed, as we should be the only entity
	// that attempts to forcibly shutdown drivers.
	ZX_ASSERT(ZX_OK == driver_shutdown_ptr->Begin(driver, std::move(shutdown_callback)));
	};
	auto bind = fidl::BindServer(loop_.dispatcher(), std::move(request), driver.get(),
	std::move(unbind_callback));
	driver->set_binding(std::move(bind));
	remove_driver.cancel();
	};
	async::PostTask(driver_async_dispatcher, std::move(start_task));
	};
	file->GetBackingMemory(fio::VmoFlags::kRead \| fio::VmoFlags::kExecute \|
	fio::VmoFlags::kPrivateClone)
	.ThenExactlyOnce(std::move(callback));
	}

	void DriverHost::GetProcessKoid(GetProcessKoidRequest& request,
	GetProcessKoidCompleter::Sync& completer) {
	zx_info_handle_basic_t info;
	zx_status_t status =
	zx::process::self()->get_info(ZX_INFO_HANDLE_BASIC, &info, sizeof(info), nullptr, nullptr);
	if (status != ZX_OK) {
	FX_SLOG(ERROR, "Failed to get info about process handle",
	KV("status_str", zx_status_get_string(status)));
	completer.Reply(zx::error(status));
	}
	completer.Reply(zx::ok(info.koid));
	}