// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package binder implements Android Binder IPC module.
package binder

import (
	"sync"

	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
	"gvisor.googlesource.com/gvisor/pkg/sentry/fs/fsutil"
	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel/time"
	"gvisor.googlesource.com/gvisor/pkg/sentry/memmap"
	"gvisor.googlesource.com/gvisor/pkg/sentry/platform"
	"gvisor.googlesource.com/gvisor/pkg/sentry/usage"
	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
	"gvisor.googlesource.com/gvisor/pkg/syserror"
)

const (
	currentProtocolVersion = 8

	// mmapSizeLimit is the upper limit for mapped memory size in Binder.
	mmapSizeLimit = 4 * 1024 * 1024 // 4MB
)

// Device implements fs.InodeOperations.
//
// +stateify savable
type Device struct {
	fsutil.InodeNoExtendedAttributes `state:"nosave"`
	fsutil.InodeNotDirectory         `state:"nosave"`
	fsutil.InodeNotRenameable        `state:"nosave"`
	fsutil.InodeNotSocket            `state:"nosave"`
	fsutil.InodeNotSymlink           `state:"nosave"`
	fsutil.NoMappable                `state:"nosave"`
	fsutil.NoopWriteOut              `state:"nosave"`
	fsutil.DeprecatedFileOperations  `state:"nosave"`

	// mu protects unstable.
	mu       sync.Mutex `state:"nosave"`
	unstable fs.UnstableAttr
}

// NewDevice creates and intializes a Device structure.
func NewDevice(ctx context.Context, owner fs.FileOwner, fp fs.FilePermissions) *Device {
	return &Device{
		unstable: fs.WithCurrentTime(ctx, fs.UnstableAttr{
			Owner: owner,
			Perms: fp,
			Links: 1,
		}),
	}
}

// Release implements fs.InodeOperations.Release.
func (bd *Device) Release(context.Context) {}

// GetFile implements fs.InodeOperations.GetFile.
//
// TODO: Add functionality to GetFile: Additional fields will be
// needed in the Device structure, initialize them here. Also, Device will need
// to keep track of the created Procs in order to implement BINDER_READ_WRITE
// ioctl.
func (bd *Device) GetFile(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
	return fs.NewFile(ctx, d, flags, &Proc{
		bd:       bd,
		task:     kernel.TaskFromContext(ctx),
		platform: platform.FromContext(ctx),
	}), nil
}

// UnstableAttr implements fs.InodeOperations.UnstableAttr.
func (bd *Device) UnstableAttr(ctx context.Context, inode *fs.Inode) (fs.UnstableAttr, error) {
	bd.mu.Lock()
	defer bd.mu.Unlock()
	return bd.unstable, nil
}

// Check implements fs.InodeOperations.Check.
func (bd *Device) Check(ctx context.Context, inode *fs.Inode, p fs.PermMask) bool {
	return fs.ContextCanAccessFile(ctx, inode, p)
}

// SetPermissions implements fs.InodeOperations.SetPermissions.
func (bd *Device) SetPermissions(ctx context.Context, inode *fs.Inode, fp fs.FilePermissions) bool {
	bd.mu.Lock()
	defer bd.mu.Unlock()
	bd.unstable.Perms = fp
	bd.unstable.StatusChangeTime = time.NowFromContext(ctx)
	return true
}

// SetOwner implements fs.InodeOperations.SetOwner.
func (bd *Device) SetOwner(ctx context.Context, inode *fs.Inode, owner fs.FileOwner) error {
	bd.mu.Lock()
	defer bd.mu.Unlock()
	if owner.UID.Ok() {
		bd.unstable.Owner.UID = owner.UID
	}
	if owner.GID.Ok() {
		bd.unstable.Owner.GID = owner.GID
	}
	return nil
}

// SetTimestamps implements fs.InodeOperations.SetTimestamps.
func (bd *Device) SetTimestamps(ctx context.Context, inode *fs.Inode, ts fs.TimeSpec) error {
	if ts.ATimeOmit && ts.MTimeOmit {
		return nil
	}

	bd.mu.Lock()
	defer bd.mu.Unlock()

	now := time.NowFromContext(ctx)
	if !ts.ATimeOmit {
		if ts.ATimeSetSystemTime {
			bd.unstable.AccessTime = now
		} else {
			bd.unstable.AccessTime = ts.ATime
		}
	}
	if !ts.MTimeOmit {
		if ts.MTimeSetSystemTime {
			bd.unstable.ModificationTime = now
		} else {
			bd.unstable.ModificationTime = ts.MTime
		}
	}
	bd.unstable.StatusChangeTime = now
	return nil
}

// Truncate implements fs.InodeOperations.WriteOut.
//
// Ignored for a character device, such as Binder.
func (bd *Device) Truncate(ctx context.Context, inode *fs.Inode, size int64) error {
	return nil
}

// AddLink implements fs.InodeOperations.AddLink.
//
// Binder doesn't support links, no-op.
func (bd *Device) AddLink() {}

// DropLink implements fs.InodeOperations.DropLink.
//
// Binder doesn't support links, no-op.
func (bd *Device) DropLink() {}

// NotifyStatusChange implements fs.InodeOperations.NotifyStatusChange.
func (bd *Device) NotifyStatusChange(ctx context.Context) {
	bd.mu.Lock()
	defer bd.mu.Unlock()
	now := time.NowFromContext(ctx)
	bd.unstable.ModificationTime = now
	bd.unstable.StatusChangeTime = now
}

// IsVirtual implements fs.InodeOperations.IsVirtual.
//
// Binder is virtual.
func (bd *Device) IsVirtual() bool {
	return true
}

// StatFS implements fs.InodeOperations.StatFS.
//
// Binder doesn't support querying for filesystem info.
func (bd *Device) StatFS(context.Context) (fs.Info, error) {
	return fs.Info{}, syserror.ENOSYS
}

// Proc implements fs.FileOperations and fs.IoctlGetter.
//
// +stateify savable
type Proc struct {
	fsutil.NoFsync                  `state:"nosave"`
	fsutil.DeprecatedFileOperations `state:"nosave"`
	fsutil.NotDirReaddir            `state:"nosave"`

	bd       *Device
	task     *kernel.Task
	platform platform.Platform

	// mu protects fr.
	mu sync.Mutex `state:"nosave"`

	// mapped is memory allocated from platform.Memory() by AddMapping.
	mapped platform.FileRange
}

// Release implements fs.FileOperations.Release.
func (bp *Proc) Release() {
	bp.mu.Lock()
	defer bp.mu.Unlock()
	if bp.mapped.Length() != 0 {
		bp.platform.Memory().DecRef(bp.mapped)
	}
}

// Seek implements fs.FileOperations.Seek.
//
// Binder doesn't support seek operation (unless in debug mode).
func (bp *Proc) Seek(ctx context.Context, file *fs.File, whence fs.SeekWhence, offset int64) (int64, error) {
	return offset, syserror.EOPNOTSUPP
}

// Read implements fs.FileOperations.Read.
//
// Binder doesn't support read operation (unless in debug mode).
func (bp *Proc) Read(ctx context.Context, file *fs.File, dst usermem.IOSequence, offset int64) (int64, error) {
	return 0, syserror.EOPNOTSUPP
}

// Write implements fs.FileOperations.Write.
//
// Binder doesn't support write operation.
func (bp *Proc) Write(ctx context.Context, file *fs.File, src usermem.IOSequence, offset int64) (int64, error) {
	return 0, syserror.EOPNOTSUPP
}

// Flush implements fs.FileOperations.Flush.
//
// TODO: Implement.
func (bp *Proc) Flush(ctx context.Context, file *fs.File) error {
	return nil
}

// ConfigureMMap implements fs.FileOperations.ConfigureMMap.
func (bp *Proc) ConfigureMMap(ctx context.Context, file *fs.File, opts *memmap.MMapOpts) error {
	// Compare drivers/android/binder.c:binder_mmap().
	if caller := kernel.TaskFromContext(ctx); caller != bp.task {
		return syserror.EINVAL
	}
	if opts.Length > mmapSizeLimit {
		opts.Length = mmapSizeLimit
	}
	opts.MaxPerms.Write = false

	// TODO: Binder sets VM_DONTCOPY, preventing the created vma
	// from being copied across fork(), but we don't support this yet. As
	// a result, MMs containing a Binder mapping cannot be forked (MM.Fork will
	// fail when AddMapping returns EBUSY).

	return fsutil.GenericConfigureMMap(file, bp, opts)
}

// Ioctl implements fs.FileOperations.Ioctl.
//
// TODO: Implement.
func (bp *Proc) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArguments) (uintptr, error) {
	// Switch on ioctl request.
	switch uint32(args[1].Int()) {
	case linux.BinderVersionIoctl:
		ver := &linux.BinderVersion{
			ProtocolVersion: currentProtocolVersion,
		}
		// Copy result to user-space.
		_, err := usermem.CopyObjectOut(ctx, io, args[2].Pointer(), ver, usermem.IOOpts{
			AddressSpaceActive: true,
		})
		return 0, err
	case linux.BinderWriteReadIoctl:
		// TODO: Implement.
		fallthrough
	case linux.BinderSetIdleTimeoutIoctl:
		// TODO: Implement.
		fallthrough
	case linux.BinderSetMaxThreadsIoctl:
		// TODO: Implement.
		fallthrough
	case linux.BinderSetIdlePriorityIoctl:
		// TODO: Implement.
		fallthrough
	case linux.BinderSetContextMgrIoctl:
		// TODO: Implement.
		fallthrough
	case linux.BinderThreadExitIoctl:
		// TODO: Implement.
		return 0, syserror.ENOSYS
	default:
		// Ioctls irrelevant to Binder.
		return 0, syserror.EINVAL
	}
}

// AddMapping implements memmap.Mappable.AddMapping.
func (bp *Proc) AddMapping(ctx context.Context, ms memmap.MappingSpace, ar usermem.AddrRange, offset uint64) error {
	bp.mu.Lock()
	defer bp.mu.Unlock()
	if bp.mapped.Length() != 0 {
		// mmap has been called before, which binder_mmap() doesn't like.
		return syserror.EBUSY
	}
	// Binder only allocates and maps a single page up-front
	// (drivers/android/binder.c:binder_mmap() => binder_update_page_range()).
	fr, err := bp.platform.Memory().Allocate(usermem.PageSize, usage.Anonymous)
	if err != nil {
		return err
	}
	bp.mapped = fr
	return nil
}

// RemoveMapping implements memmap.Mappable.RemoveMapping.
func (bp *Proc) RemoveMapping(ctx context.Context, ms memmap.MappingSpace, ar usermem.AddrRange, offset uint64) {
	// Nothing to do. Notably, we don't free bp.mapped to allow another mmap.
}

// CopyMapping implements memmap.Mappable.CopyMapping.
func (bp *Proc) CopyMapping(ctx context.Context, ms memmap.MappingSpace, srcAR, dstAR usermem.AddrRange, offset uint64) error {
	// Nothing to do. Notably, this is one case where CopyMapping isn't
	// equivalent to AddMapping, as AddMapping would return EBUSY.
	return nil
}

// Translate implements memmap.Mappable.Translate.
func (bp *Proc) Translate(ctx context.Context, required, optional memmap.MappableRange, at usermem.AccessType) ([]memmap.Translation, error) {
	// TODO: In addition to the page initially allocated and mapped
	// in AddMapping (Linux: binder_mmap), Binder allocates and maps pages for
	// each transaction (Linux: binder_ioctl => binder_ioctl_write_read =>
	// binder_thread_write => binder_transaction => binder_alloc_buf =>
	// binder_update_page_range). Since we don't actually implement
	// BinderWriteReadIoctl (Linux: BINDER_WRITE_READ), we only ever have the
	// first page.
	var err error
	if required.End > usermem.PageSize {
		err = &memmap.BusError{syserror.EFAULT}
	}
	if required.Start == 0 {
		return []memmap.Translation{
			{
				Source: memmap.MappableRange{0, usermem.PageSize},
				File:   bp.platform.Memory(),
				Offset: bp.mapped.Start,
			},
		}, err
	}
	return nil, err
}

// InvalidateUnsavable implements memmap.Mappable.InvalidateUnsavable.
func (bp *Proc) InvalidateUnsavable(ctx context.Context) error {
	return nil
}