// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Author: Aleksa Sarai <cyphar@cyphar.com>
 * Copyright (C) 2018-2019 SUSE LLC.
 */

#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>

#include "../kselftest.h"
#include "helpers.h"

/*
 * O_LARGEFILE is set to 0 by glibc.
 * XXX: This is wrong on {mips, parisc, powerpc, sparc}.
 */
#undef	O_LARGEFILE
#ifdef __aarch64__
#define	O_LARGEFILE 0x20000
#else
#define	O_LARGEFILE 0x8000
#endif

struct open_how_ext {
	struct open_how inner;
	uint32_t extra1;
	char pad1[128];
	uint32_t extra2;
	char pad2[128];
	uint32_t extra3;
};

struct struct_test {
	const char *name;
	struct open_how_ext arg;
	size_t size;
	int err;
};

#define NUM_OPENAT2_STRUCT_TESTS 7
#define NUM_OPENAT2_STRUCT_VARIATIONS 13

void test_openat2_struct(void)
{
	int misalignments[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 17, 87 };

	struct struct_test tests[] = {
		/* Normal struct. */
		{ .name = "normal struct",
		  .arg.inner.flags = O_RDONLY,
		  .size = sizeof(struct open_how) },
		/* Bigger struct, with zeroed out end. */
		{ .name = "bigger struct (zeroed out)",
		  .arg.inner.flags = O_RDONLY,
		  .size = sizeof(struct open_how_ext) },

		/* TODO: Once expanded, check zero-padding. */

		/* Smaller than version-0 struct. */
		{ .name = "zero-sized 'struct'",
		  .arg.inner.flags = O_RDONLY, .size = 0, .err = -EINVAL },
		{ .name = "smaller-than-v0 struct",
		  .arg.inner.flags = O_RDONLY,
		  .size = OPEN_HOW_SIZE_VER0 - 1, .err = -EINVAL },

		/* Bigger struct, with non-zero trailing bytes. */
		{ .name = "bigger struct (non-zero data in first 'future field')",
		  .arg.inner.flags = O_RDONLY, .arg.extra1 = 0xdeadbeef,
		  .size = sizeof(struct open_how_ext), .err = -E2BIG },
		{ .name = "bigger struct (non-zero data in middle of 'future fields')",
		  .arg.inner.flags = O_RDONLY, .arg.extra2 = 0xfeedcafe,
		  .size = sizeof(struct open_how_ext), .err = -E2BIG },
		{ .name = "bigger struct (non-zero data at end of 'future fields')",
		  .arg.inner.flags = O_RDONLY, .arg.extra3 = 0xabad1dea,
		  .size = sizeof(struct open_how_ext), .err = -E2BIG },
	};

	BUILD_BUG_ON(ARRAY_LEN(misalignments) != NUM_OPENAT2_STRUCT_VARIATIONS);
	BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_STRUCT_TESTS);

	for (int i = 0; i < ARRAY_LEN(tests); i++) {
		struct struct_test *test = &tests[i];
		struct open_how_ext how_ext = test->arg;

		for (int j = 0; j < ARRAY_LEN(misalignments); j++) {
			int fd, misalign = misalignments[j];
			char *fdpath = NULL;
			bool failed;
			void (*resultfn)(const char *msg, ...) = ksft_test_result_pass;

			void *copy = NULL, *how_copy = &how_ext;

			if (!openat2_supported) {
				ksft_print_msg("openat2(2) unsupported\n");
				resultfn = ksft_test_result_skip;
				goto skip;
			}

			if (misalign) {
				/*
				 * Explicitly misalign the structure copying it with the given
				 * (mis)alignment offset. The other data is set to be non-zero to
				 * make sure that non-zero bytes outside the struct aren't checked
				 *
				 * This is effectively to check that is_zeroed_user() works.
				 */
				copy = malloc(misalign + sizeof(how_ext));
				how_copy = copy + misalign;
				memset(copy, 0xff, misalign);
				memcpy(how_copy, &how_ext, sizeof(how_ext));
			}

			fd = raw_openat2(AT_FDCWD, ".", how_copy, test->size);
			if (test->err >= 0)
				failed = (fd < 0);
			else
				failed = (fd != test->err);
			if (fd >= 0) {
				fdpath = fdreadlink(fd);
				close(fd);
			}

			if (failed) {
				resultfn = ksft_test_result_fail;

				ksft_print_msg("openat2 unexpectedly returned ");
				if (fdpath)
					ksft_print_msg("%d['%s']\n", fd, fdpath);
				else
					ksft_print_msg("%d (%s)\n", fd, strerror(-fd));
			}

skip:
			if (test->err >= 0)
				resultfn("openat2 with %s argument [misalign=%d] succeeds\n",
					 test->name, misalign);
			else
				resultfn("openat2 with %s argument [misalign=%d] fails with %d (%s)\n",
					 test->name, misalign, test->err,
					 strerror(-test->err));

			free(copy);
			free(fdpath);
			fflush(stdout);
		}
	}
}

struct flag_test {
	const char *name;
	struct open_how how;
	int err;
};

#define NUM_OPENAT2_FLAG_TESTS 25

void test_openat2_flags(void)
{
	struct flag_test tests[] = {
		/* O_TMPFILE is incompatible with O_PATH and O_CREAT. */
		{ .name = "incompatible flags (O_TMPFILE | O_PATH)",
		  .how.flags = O_TMPFILE | O_PATH | O_RDWR, .err = -EINVAL },
		{ .name = "incompatible flags (O_TMPFILE | O_CREAT)",
		  .how.flags = O_TMPFILE | O_CREAT | O_RDWR, .err = -EINVAL },

		/* O_PATH only permits certain other flags to be set ... */
		{ .name = "compatible flags (O_PATH | O_CLOEXEC)",
		  .how.flags = O_PATH | O_CLOEXEC },
		{ .name = "compatible flags (O_PATH | O_DIRECTORY)",
		  .how.flags = O_PATH | O_DIRECTORY },
		{ .name = "compatible flags (O_PATH | O_NOFOLLOW)",
		  .how.flags = O_PATH | O_NOFOLLOW },
		/* ... and others are absolutely not permitted. */
		{ .name = "incompatible flags (O_PATH | O_RDWR)",
		  .how.flags = O_PATH | O_RDWR, .err = -EINVAL },
		{ .name = "incompatible flags (O_PATH | O_CREAT)",
		  .how.flags = O_PATH | O_CREAT, .err = -EINVAL },
		{ .name = "incompatible flags (O_PATH | O_EXCL)",
		  .how.flags = O_PATH | O_EXCL, .err = -EINVAL },
		{ .name = "incompatible flags (O_PATH | O_NOCTTY)",
		  .how.flags = O_PATH | O_NOCTTY, .err = -EINVAL },
		{ .name = "incompatible flags (O_PATH | O_DIRECT)",
		  .how.flags = O_PATH | O_DIRECT, .err = -EINVAL },
		{ .name = "incompatible flags (O_PATH | O_LARGEFILE)",
		  .how.flags = O_PATH | O_LARGEFILE, .err = -EINVAL },

		/* ->mode must only be set with O_{CREAT,TMPFILE}. */
		{ .name = "non-zero how.mode and O_RDONLY",
		  .how.flags = O_RDONLY, .how.mode = 0600, .err = -EINVAL },
		{ .name = "non-zero how.mode and O_PATH",
		  .how.flags = O_PATH,   .how.mode = 0600, .err = -EINVAL },
		{ .name = "valid how.mode and O_CREAT",
		  .how.flags = O_CREAT,  .how.mode = 0600 },
		{ .name = "valid how.mode and O_TMPFILE",
		  .how.flags = O_TMPFILE | O_RDWR, .how.mode = 0600 },
		/* ->mode must only contain 0777 bits. */
		{ .name = "invalid how.mode and O_CREAT",
		  .how.flags = O_CREAT,
		  .how.mode = 0xFFFF, .err = -EINVAL },
		{ .name = "invalid (very large) how.mode and O_CREAT",
		  .how.flags = O_CREAT,
		  .how.mode = 0xC000000000000000ULL, .err = -EINVAL },
		{ .name = "invalid how.mode and O_TMPFILE",
		  .how.flags = O_TMPFILE | O_RDWR,
		  .how.mode = 0x1337, .err = -EINVAL },
		{ .name = "invalid (very large) how.mode and O_TMPFILE",
		  .how.flags = O_TMPFILE | O_RDWR,
		  .how.mode = 0x0000A00000000000ULL, .err = -EINVAL },

		/* ->resolve flags must not conflict. */
		{ .name = "incompatible resolve flags (BENEATH | IN_ROOT)",
		  .how.flags = O_RDONLY,
		  .how.resolve = RESOLVE_BENEATH | RESOLVE_IN_ROOT,
		  .err = -EINVAL },

		/* ->resolve must only contain RESOLVE_* flags. */
		{ .name = "invalid how.resolve and O_RDONLY",
		  .how.flags = O_RDONLY,
		  .how.resolve = 0x1337, .err = -EINVAL },
		{ .name = "invalid how.resolve and O_CREAT",
		  .how.flags = O_CREAT,
		  .how.resolve = 0x1337, .err = -EINVAL },
		{ .name = "invalid how.resolve and O_TMPFILE",
		  .how.flags = O_TMPFILE | O_RDWR,
		  .how.resolve = 0x1337, .err = -EINVAL },
		{ .name = "invalid how.resolve and O_PATH",
		  .how.flags = O_PATH,
		  .how.resolve = 0x1337, .err = -EINVAL },

		/* currently unknown upper 32 bit rejected. */
		{ .name = "currently unknown bit (1 << 63)",
		  .how.flags = O_RDONLY | (1ULL << 63),
		  .how.resolve = 0, .err = -EINVAL },
	};

	BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_FLAG_TESTS);

	for (int i = 0; i < ARRAY_LEN(tests); i++) {
		int fd, fdflags = -1;
		char *path, *fdpath = NULL;
		bool failed = false;
		struct flag_test *test = &tests[i];
		void (*resultfn)(const char *msg, ...) = ksft_test_result_pass;

		if (!openat2_supported) {
			ksft_print_msg("openat2(2) unsupported\n");
			resultfn = ksft_test_result_skip;
			goto skip;
		}

		path = (test->how.flags & O_CREAT) ? "/tmp/ksft.openat2_tmpfile" : ".";
		unlink(path);

		fd = sys_openat2(AT_FDCWD, path, &test->how);
		if (fd < 0 && fd == -EOPNOTSUPP) {
			/*
			 * Skip the testcase if it failed because not supported
			 * by FS. (e.g. a valid O_TMPFILE combination on NFS)
			 */
			ksft_test_result_skip("openat2 with %s fails with %d (%s)\n",
					      test->name, fd, strerror(-fd));
			goto next;
		}

		if (test->err >= 0)
			failed = (fd < 0);
		else
			failed = (fd != test->err);
		if (fd >= 0) {
			int otherflags;

			fdpath = fdreadlink(fd);
			fdflags = fcntl(fd, F_GETFL);
			otherflags = fcntl(fd, F_GETFD);
			close(fd);

			E_assert(fdflags >= 0, "fcntl F_GETFL of new fd");
			E_assert(otherflags >= 0, "fcntl F_GETFD of new fd");

			/* O_CLOEXEC isn't shown in F_GETFL. */
			if (otherflags & FD_CLOEXEC)
				fdflags |= O_CLOEXEC;
			/* O_CREAT is hidden from F_GETFL. */
			if (test->how.flags & O_CREAT)
				fdflags |= O_CREAT;
			if (!(test->how.flags & O_LARGEFILE))
				fdflags &= ~O_LARGEFILE;
			failed |= (fdflags != test->how.flags);
		}

		if (failed) {
			resultfn = ksft_test_result_fail;

			ksft_print_msg("openat2 unexpectedly returned ");
			if (fdpath)
				ksft_print_msg("%d['%s'] with %X (!= %X)\n",
					       fd, fdpath, fdflags,
					       test->how.flags);
			else
				ksft_print_msg("%d (%s)\n", fd, strerror(-fd));
		}

skip:
		if (test->err >= 0)
			resultfn("openat2 with %s succeeds\n", test->name);
		else
			resultfn("openat2 with %s fails with %d (%s)\n",
				 test->name, test->err, strerror(-test->err));
next:
		free(fdpath);
		fflush(stdout);
	}
}

#define NUM_TESTS (NUM_OPENAT2_STRUCT_VARIATIONS * NUM_OPENAT2_STRUCT_TESTS + \
		   NUM_OPENAT2_FLAG_TESTS)

int main(int argc, char **argv)
{
	ksft_print_header();
	ksft_set_plan(NUM_TESTS);

	test_openat2_struct();
	test_openat2_flags();

	if (ksft_get_fail_cnt() + ksft_get_error_cnt() > 0)
		ksft_exit_fail();
	else
		ksft_exit_pass();
}