/*-
 * Copyright (c) 2024 Klara, Inc.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * These tests demonstrate a bug in ppoll() and pselect() where a blocked
 * signal can fire after the timer runs out but before the signal mask is
 * restored.  To do this, we fork a child process which installs a SIGINT
 * handler and repeatedly calls either ppoll() or pselect() with a 1 ms
 * timeout, while the parent repeatedly sends SIGINT to the child at
 * intervals that start out at 1100 us and gradually decrease to 900 us.
 * Each SIGINT resynchronizes parent and child, and sooner or later the
 * parent hits the sweet spot and the SIGINT arrives at just the right
 * time to demonstrate the bug.
 */

#include <sys/select.h>
#include <sys/wait.h>

#include <err.h>
#include <errno.h>
#include <poll.h>
#include <signal.h>
#include <stdbool.h>
#include <stdlib.h>
#include <unistd.h>

#include <atf-c.h>

static volatile sig_atomic_t caught[NSIG];

static void
handler(int signo)
{
	caught[signo]++;
}

static void
child(int rd, bool poll)
{
	struct timespec timeout = { .tv_nsec = 1000000 };
	sigset_t set0, set1;
	int ret;

	/* empty mask for ppoll() / pselect() */
	sigemptyset(&set0);

	/* block SIGINT, then install a handler for it */
	sigemptyset(&set1);
	sigaddset(&set1, SIGINT);
	sigprocmask(SIG_BLOCK, &set1, NULL);
	signal(SIGINT, handler);

	/* signal parent that we are ready */
	close(rd);
	for (;;) {
		/* sleep for 1 ms with signals unblocked */
		ret = poll ? ppoll(NULL, 0, &timeout, &set0) :
		    pselect(0, NULL, NULL, NULL, &timeout, &set0);
		/*
		 * At this point, either ret == 0 (timer ran out) errno ==
		 * EINTR (a signal was received).  Any other outcome is
		 * abnormal.
		 */
		if (ret != 0 && errno != EINTR)
			err(1, "p%s()", poll ? "poll" : "select");
		/* if ret == 0, we should not have caught any signals */
		if (ret == 0 && caught[SIGINT]) {
			/*
			 * We successfully demonstrated the race.  Restore
			 * the default action and re-raise SIGINT.
			 */
			signal(SIGINT, SIG_DFL);
			raise(SIGINT);
			/* Not reached */
		}
		/* reset for next attempt */
		caught[SIGINT] = 0;
	}
	/* Not reached */
}

static void
prace(bool poll)
{
	int pd[2], status;
	pid_t pid;

	/* fork child process */
	if (pipe(pd) != 0)
		err(1, "pipe()");
	if ((pid = fork()) < 0)
		err(1, "fork()");
	if (pid == 0) {
		close(pd[0]);
		child(pd[1], poll);
		/* Not reached */
	}
	close(pd[1]);

	/* wait for child to signal readiness */
	(void)read(pd[0], &pd[0], sizeof(pd[0]));
	close(pd[0]);

	/* repeatedly attempt to signal at just the right moment */
	for (useconds_t timeout = 1100; timeout > 900; timeout--) {
		usleep(timeout);
		if (kill(pid, SIGINT) != 0) {
			if (errno != ENOENT)
				err(1, "kill()");
			/* ENOENT means the child has terminated */
			break;
		}
	}

	/* we're done, kill the child for sure */
	(void)kill(pid, SIGKILL);
	if (waitpid(pid, &status, 0) < 0)
		err(1, "waitpid()");

	/* assert that the child died of SIGKILL */
	ATF_REQUIRE(WIFSIGNALED(status));
	ATF_REQUIRE_MSG(WTERMSIG(status) == SIGKILL,
	    "child caught SIG%s", sys_signame[WTERMSIG(status)]);
}

ATF_TC_WITHOUT_HEAD(ppoll_race);
ATF_TC_BODY(ppoll_race, tc)
{
	prace(true);
}

ATF_TC_WITHOUT_HEAD(pselect_race);
ATF_TC_BODY(pselect_race, tc)
{
	prace(false);
}

ATF_TP_ADD_TCS(tp)
{
	ATF_TP_ADD_TC(tp, ppoll_race);
	ATF_TP_ADD_TC(tp, pselect_race);
	return (atf_no_error());
}