// Copyright 2017 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <dirent.h>
#include <fcntl.h>
#include <lib/zx/channel.h>
#include <lib/zx/event.h>
#include <lib/zx/process.h>
#include <lib/zx/suspend_token.h>
#include <lib/zx/thread.h>
#include <lib/zx/time.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <zircon/process.h>
#include <zircon/processargs.h>
#include <zircon/syscalls.h>
#include <zircon/syscalls/exception.h>
#include <zircon/syscalls/port.h>

#include <test-utils/test-utils.h>
#include <zxtest/zxtest.h>

namespace {

const char* process_bin;

// SYSCALL_zx_channel_call_noretry is an internal system call used in the
// vDSO's implementation of zx_channel_call.  It's not part of the ABI and
// so it's not exported from the vDSO.  It's hard to test the kernel's
// invariants without calling this directly.  So use some chicanery to
// find its address in the vDSO despite it not being public.
//
// The vdso-code.h header file is generated from the vDSO binary.  It gives
// the offsets of the internal functions.  So take a public vDSO function,
// subtract its offset to discover the vDSO base (could do this other ways,
// but this is the simplest), and then add the offset of the internal
// SYSCALL_zx_channel_call_noretry function we want to call.
#include "vdso-code.h"
zx_status_t zx_channel_call_noretry(zx_handle_t handle, uint32_t options, zx_time_t deadline,
                                    const zx_channel_call_args_t* args, uint32_t* actual_bytes,
                                    uint32_t* actual_handles) {
  uintptr_t vdso_base = (uintptr_t)&zx_handle_close - VDSO_SYSCALL_zx_handle_close;
  uintptr_t fnptr = vdso_base + VDSO_SYSCALL_zx_channel_call_noretry;
  return (*(__typeof(zx_channel_call_noretry)*)fnptr)(handle, options, deadline, args, actual_bytes,
                                                      actual_handles);
}

// This runs in a separate process, since the expected outcome of running this
// function is that the process is shot by the kernel.  It is launched by the
// bad_channel_call_contract_violation test.
void bad_channel_call() {
  char msg[8] = {
      0,
  };

  zx_channel_call_args_t args = {
      .wr_bytes = msg,
      .wr_handles = nullptr,
      .rd_bytes = nullptr,
      .rd_handles = nullptr,
      .wr_num_bytes = sizeof(msg),
      .wr_num_handles = 0,
      .rd_num_bytes = 0,
      .rd_num_handles = 0,
  };

  uint32_t act_bytes = UINT32_MAX;
  uint32_t act_handles = UINT32_MAX;

  zx::channel chan{zx_take_startup_handle(PA_HND(PA_USER0, 0))};
  zx::event event{zx_take_startup_handle(PA_HND(PA_USER0, 1))};

  // Send a copy of the thread handle to the parent, so the parent can suspend
  // this thread.
  zx::thread thread;
  zx_status_t status = zx::thread::self()->duplicate(ZX_RIGHT_SAME_RIGHTS, &thread);
  if (status != ZX_OK) {
    event.signal(0, ZX_USER_SIGNAL_0);
    __builtin_trap();
  }
  zx_handle_t handles[] = {thread.release()};
  status = chan.write(0, nullptr, 0, handles, 1);
  if (status != ZX_OK) {
    event.signal(0, ZX_USER_SIGNAL_0);
    __builtin_trap();
  }

  status =
      zx_channel_call_noretry(chan.get(), 0, ZX_TIME_INFINITE, &args, &act_bytes, &act_handles);
  if (status != ZX_ERR_INTERNAL_INTR_RETRY) {
    event.signal(0, ZX_USER_SIGNAL_0);
    __builtin_trap();
  }

  event.signal(0, ZX_USER_SIGNAL_1);

  // Doing another channel call at this point violates the VDSO contract,
  // since we haven't called SYSCALL_zx_channel_call_finish().
  zx_channel_call_noretry(chan.get(), 0, ZX_TIME_INFINITE, &args, &act_bytes, &act_handles);
  event.signal(0, ZX_USER_SIGNAL_0);
  __builtin_trap();
}

// Verify that if an interrupted channel call does not retry and instead a new
// channel call happens, the process dies.
TEST(ChannelFatalTestCase, BadChannelCallContractViolation) {
  zx::channel chan, remote;
  zx::event event, event_copy;
  ASSERT_OK(zx::channel::create(0, &chan, &remote));
  ASSERT_OK(zx::event::create(0, &event));
  ASSERT_OK(event.duplicate(ZX_RIGHT_SAME_RIGHTS, &event_copy));

  const char* args[] = {
      process_bin,
      "child",
  };
  zx_handle_t handles[] = {
      remote.release(),
      event_copy.release(),
  };
  uint32_t handle_ids[] = {
      PA_HND(PA_USER0, 0),
      PA_HND(PA_USER0, 1),
  };
  int environ_count = 0;
  for (char** i = environ; *i; i++) {
    environ_count++;
  }
  zx::process proc(tu_launch_process(zx_job_default(), NULL, 2, args, environ_count, environ,
                                     std::size(handles), handles, handle_ids));

  uint32_t act_bytes = UINT32_MAX;
  uint32_t act_handles = UINT32_MAX;
  zx::thread thread;

  // Get the thread handle from our child
  ASSERT_OK(chan.wait_one(ZX_CHANNEL_READABLE, zx::time::infinite(), nullptr));
  ASSERT_OK(chan.read(0, nullptr, thread.reset_and_get_address(), 0, 1, &act_bytes, &act_handles));
  ASSERT_EQ(act_handles, 1u);

  // Wait for the channel call and pull its message out of the pipe.  This
  // relies on an implementation detail of suspend and channel_call,
  // which is that once the syscall starts, suspend will not be acknowledged
  // until it reaches the wait.  So if we see the message written to the
  // channel, we know the other thread is in the call, and so when we see
  // it has suspended, it will have attempted the wait first.
  EXPECT_OK(chan.wait_one(ZX_CHANNEL_READABLE, zx::time::infinite(), nullptr));
  char msg[8] = {0};
  ASSERT_OK(chan.read(0, msg, nullptr, sizeof(msg), 0, &act_bytes, &act_handles));

  {
    zx::suspend_token suspend_token;
    ASSERT_OK(thread.suspend(&suspend_token));

    // Wait for the thread to suspend
    zx_signals_t observed = 0u;
    ASSERT_OK(thread.wait_one(ZX_THREAD_SUSPENDED, zx::time::infinite(), &observed));

    // Resume the thread
  }

  // Wait for signal 0 or 1, meaning either it's going to try its second call,
  // or something unexpected happened.
  zx_signals_t observed = 0u;
  ASSERT_OK(event.wait_one(ZX_USER_SIGNAL_0 | ZX_USER_SIGNAL_1, zx::time::infinite(), &observed));
  ASSERT_TRUE(observed & ZX_USER_SIGNAL_1);
  ASSERT_FALSE(observed & ZX_USER_SIGNAL_0);

  // Process should have been shot
  ASSERT_OK(proc.wait_one(ZX_PROCESS_TERMINATED, zx::time::infinite(), nullptr));
  // Make sure we don't see the "unexpected thing happened" signal.
  ASSERT_EQ(event.wait_one(ZX_USER_SIGNAL_0, zx::time(), &observed), ZX_ERR_TIMED_OUT);
}

}  // namespace

int main(int argc, char** argv) {
  process_bin = argv[0];
  if (argc > 1 && !strcmp(argv[1], "child")) {
    bad_channel_call();
    return 0;
  }
  return RUN_ALL_TESTS(argc, argv);
}