syd 3.52.0

//
// Syd: rock-solid application kernel
// src/workers/mod.rs: Worker threads implementation
//
// Copyright (c) 2024, 2025, 2026 Ali Polatel <alip@chesswob.org>
// Based in part upon rusty_pool which is:
//     Copyright (c) Robin Friedli <robinfriedli@icloud.com>
//     SPDX-License-Identifier: Apache-2.0
//
// SPDX-License-Identifier: GPL-3.0

use std::{
    collections::hash_map::Entry,
    option::Option,
    sync::{
        atomic::{AtomicUsize, Ordering},
        Condvar, Mutex,
    },
};

use libc::c_long;
use nix::{
    errno::Errno,
    sys::signal::{SigSet, Signal},
    unistd::{gettid, Pid},
};

use crate::{
    cache::{
        ptrace_map_new, signal_map_new, sys_interrupt_map_new, sys_result_map_new, unix_map_new,
        PtraceMap, SighandleInfo, SignalMap, SigreturnTrampolineIP, SysInterrupt, SysInterruptMap,
        SysResultMap, UnixMap, SIG_NEST_MAX,
    },
    confine::ScmpNotifReq,
    fs::{block_signal, sigtimedpoll, unblock_signal},
    proc::proc_tgid,
    retry::retry_on_eintr,
    sigset::SydSigSet,
    workers::aes::AesLock,
};

// syd_aes: Encryptor helper thread
pub(crate) mod aes;
// syd_int: Interrupter helper thread
pub(crate) mod int;
// syd_out: Timeouter helper thread
pub(crate) mod out;
// syd_ipc: IPC thread
pub(crate) mod ipc;
// syd_emu: Main worker threads
pub(crate) mod emu;
// syd_gdb: Ptrace worker thread (aka syd_main)
pub(crate) mod gdb;

/// A cache for worker threads.
pub(crate) struct WorkerCache {
    // Signal handlers map
    pub(crate) signal_map: SignalMap,
    // System call interrupt map
    pub(crate) sysint_map: SysInterruptMap,
    // System call result map
    pub(crate) sysres_map: SysResultMap,
    // [inode,(pid,path)] map of unix binds.
    // Path is only used for UNIX domain sockets.
    pub(crate) unix_map: UnixMap,
    // [tid, tgid] map for ptrace(PTRACE_TRACEME) calling tids.
    // This is used to prevent ptrace(2) detection efficiently.
    pub(crate) ptrace_map: PtraceMap,
    // Crypt sandboxing map.
    pub(crate) crypt_map: Option<AesLock>,
}

impl WorkerCache {
    pub(crate) fn new(crypt_map: Option<AesLock>) -> Self {
        Self {
            signal_map: signal_map_new(),
            sysint_map: sys_interrupt_map_new(),
            sysres_map: sys_result_map_new(),
            unix_map: unix_map_new(),
            ptrace_map: ptrace_map_new(),
            crypt_map,
        }
    }

    // Push a signal-delivery cookie at signal-delivery-stop.
    //
    // On overflow, evicts the oldest cookie.
    pub(crate) fn push_sig_handle(&self, tid: Pid) -> Result<(), Errno> {
        let mut map = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner());

        let info = map.entry(tid).or_insert_with(|| SighandleInfo {
            depth: 0,
            frames: [None; SIG_NEST_MAX],
            in_sigreturn: false,
            in_singlestep: false,
            trampoline_ip: None,
        });

        let depth = usize::from(info.depth);
        if depth >= SIG_NEST_MAX {
            info.frames.copy_within(1..SIG_NEST_MAX, 0);
            info.frames[SIG_NEST_MAX - 1] = Some(());
        } else {
            info.depth = info.depth.checked_add(1).ok_or(Errno::ENOSPC)?;
            info.frames[depth] = Some(());
        }

        Ok(())
    }

    // Gets sigreturn(2) trampoline IP for TID.
    pub(crate) fn get_sig_trampoline_ip(&self, tid: Pid) -> Option<SigreturnTrampolineIP> {
        self.signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get(&tid)
            .and_then(|info| info.trampoline_ip)
    }

    // Returns true between PTRACE_SINGLESTEP at signal delivery and SIGTRAP.
    pub(crate) fn get_sig_in_singlestep(&self, tid: Pid) -> bool {
        self.signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get(&tid)
            .is_some_and(|info| info.in_singlestep)
    }

    // Set/unset single step state preceding/following trampoline IP capture.
    pub(crate) fn set_sig_in_singlestep(&self, tid: Pid, state: bool) {
        if let Some(info) = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get_mut(&tid)
        {
            info.in_singlestep = state;
        }
    }

    // Records sigreturn(2) trampoline IP which is reused for the lifetime of exec.
    pub(crate) fn set_sig_trampoline_ip(&self, tid: Pid, ip: SigreturnTrampolineIP) {
        if let Some(info) = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get_mut(&tid)
        {
            info.in_singlestep = false;
            info.trampoline_ip = Some(ip);
        }
    }

    // Removes sigreturn(2) trampoline IP.
    pub(crate) fn del_sig_trampoline_ip(&self, tid: Pid) {
        if let Some(info) = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get_mut(&tid)
        {
            info.in_singlestep = false;
            info.trampoline_ip = None;
        }
    }

    // Returns number of signal-delivery checksums for TID.
    pub(crate) fn depth_sig_handle(&self, tid: Pid) -> u8 {
        self.signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .get(&tid)
            .map_or(0, |info| info.depth)
    }

    // Returns true if a sigreturn(2) syscall is in progress for TID.
    pub(crate) fn has_sig_handle(&self, tid: Pid) -> bool {
        let map = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner());
        map.get(&tid).is_some_and(|info| info.in_sigreturn)
    }

    // Mark the given TID as inside a sigreturn(2) system call.
    //
    // Returns false if the TID has no outstanding register-set checksum.
    pub(crate) fn enter_sig_handle(&self, tid: Pid) -> bool {
        let mut map = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner());

        let info = match map.get_mut(&tid) {
            Some(info) => info,
            None => return false,
        };
        if info.depth == 0 {
            return false;
        }
        info.in_sigreturn = true;

        true
    }

    // At sigreturn(2) system call exit:
    // 1. Verify a signal delivery cookie exists for this TID.
    // 2. Pop the topmost cookie.
    //
    // Returns true on legitimate sigreturn(2), false otherwise.
    pub(crate) fn exit_sig_handle(&self, tid: Pid) -> bool {
        let mut map = self
            .signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner());

        let mut entry = match map.entry(tid) {
            Entry::Occupied(entry) => entry,
            Entry::Vacant(_) => return false,
        };

        let info = entry.get_mut();
        if !info.in_sigreturn || info.depth == 0 {
            return false;
        }
        info.in_sigreturn = false;

        let depth = info.depth.saturating_sub(1);
        info.frames[usize::from(depth)] = None;
        info.depth = depth;
        if info.depth == 0 {
            entry.remove();
        }

        true
    }

    // Delete TID from the signal handle map.
    pub(crate) fn retire_sig_handle(&self, tid: Pid) {
        self.signal_map
            .sig_handle
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .remove(&tid);
    }

    // Delete a TGID from ptrace map.
    pub(crate) fn retire_ptrace_tgid(&self, tgid: Pid) {
        let mut map = self
            .ptrace_map
            .write()
            .unwrap_or_else(|err| err.into_inner());
        map.retain(|_, &mut pid| pid != tgid)
    }

    // Delete a TID from ptrace map.
    pub(crate) fn retire_ptrace_tid(&self, tid: Pid) {
        self.ptrace_map
            .write()
            .unwrap_or_else(|err| err.into_inner())
            .remove(&tid);
    }

    // Record a chdir(2) pid and syscall number (chdir or fchdir).
    pub(crate) fn add_chdir(&self, pid: Pid, scno: c_long) {
        self.sysres_map
            .trace_chdir
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .insert(pid, scno);
    }

    // Query, remove and return a chdir result.
    pub(crate) fn get_chdir(&self, pid: Pid) -> Option<c_long> {
        self.sysres_map
            .trace_chdir
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .remove(&pid)
    }

    // Record a mmap(2) pid and syscall number (mmap or mmap2).
    pub(crate) fn add_mmap(&self, pid: Pid, scno: c_long, args: [u64; 6]) {
        self.sysres_map
            .trace_mmap
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .insert(pid, (scno, args));
    }

    // Query, remove and return true if found.
    pub(crate) fn get_mmap(&self, pid: Pid) -> Option<(c_long, [u64; 6])> {
        self.sysres_map
            .trace_mmap
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .remove(&pid)
    }

    // Record an error result.
    pub(crate) fn add_error(&self, pid: Pid, errno: Option<Errno>) {
        self.sysres_map
            .trace_error
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .insert(pid, errno);
    }

    // Query, remove and return a error result.
    pub(crate) fn get_error(&self, pid: Pid) -> Option<(Pid, Option<Errno>)> {
        self.sysres_map
            .trace_error
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .remove_entry(&pid)
    }

    // Add a restarting signal.
    pub(crate) fn add_sig_restart(&self, request_tgid: Pid, sig: libc::c_int) -> Result<(), Errno> {
        let mut map = self
            .sysint_map
            .sig_restart
            .lock()
            .unwrap_or_else(|err| err.into_inner());
        if let Some(set) = map.get_mut(&request_tgid) {
            set.add(sig);
            return Ok(());
        }

        let mut set = SydSigSet::new(0);
        set.add(sig);

        map.try_reserve(1).or(Err(Errno::ENOMEM))?;
        map.insert(request_tgid, set);

        Ok(())
    }

    // Delete a restarting signal.
    pub(crate) fn del_sig_restart(&self, request_tgid: Pid, sig: libc::c_int) {
        let mut map = self
            .sysint_map
            .sig_restart
            .lock()
            .unwrap_or_else(|err| err.into_inner());
        let set_nil = if let Some(set) = map.get_mut(&request_tgid) {
            set.del(sig);
            set.is_empty()
        } else {
            return;
        };

        if set_nil {
            map.remove(&request_tgid);
        }
    }

    // Delete a TGID from the signal restart map.
    pub(crate) fn retire_sig_restart(&self, tgid: Pid) {
        self.sysint_map
            .sig_restart
            .lock()
            .unwrap_or_else(|err| err.into_inner())
            .remove(&tgid);
    }

    // Add a blocked syscall.
    pub(crate) fn add_sys_block(
        &self,
        request: ScmpNotifReq,
        ignore_restart: bool,
    ) -> Result<(), Errno> {
        let handler_tid = gettid();
        let tgid = proc_tgid(request.pid())?;
        let interrupt = SysInterrupt::new(request, handler_tid, tgid, ignore_restart)?;

        let (ref lock, ref cvar) = *self.sysint_map.sys_block;
        let mut map = lock.lock().unwrap_or_else(|err| err.into_inner());

        map.retain_mut(|interrupt| handler_tid != interrupt.handler || interrupt.delete());
        map.try_reserve(1).or(Err(Errno::ENOMEM))?;
        map.push(interrupt);

        cvar.notify_one();

        // Discard spurious pending signals.
        // Note, SIGALRM is only queued once unlike realtime signals,
        // therefore we do not need a while loop here for sigtimedpoll.
        let mut mask = SigSet::empty();
        mask.add(Signal::SIGALRM);
        let _ = retry_on_eintr(|| sigtimedpoll(&mask, None));

        unblock_signal(Signal::SIGALRM)
    }

    // Remove a blocked syscall.
    pub(crate) fn del_sys_block(&self, request_id: u64) -> Result<(), Errno> {
        block_signal(Signal::SIGALRM)?;

        let (ref lock, ref _cvar) = *self.sysint_map.sys_block;
        let mut map = lock.lock().unwrap_or_else(|err| err.into_inner());
        map.retain_mut(|interrupt| request_id != interrupt.request.id || interrupt.delete());

        Ok(())
    }

    pub(crate) fn retire_unix_map(&self, pid: Pid) {
        self.unix_map
            .write()
            .unwrap_or_else(|err| err.into_inner())
            .retain(|_, val| val.pid != pid);
    }

    // Remove a TID completely from the cache.
    pub(crate) fn del_tid(&self, tid: Pid) {
        // Retire TID from signal maps.
        self.retire_sig_handle(tid);
        self.retire_ptrace_tid(tid);

        // Remove unix inode records for tid.
        self.retire_unix_map(tid);

        // Remove preexisting error record for tid.
        let _ = self.get_error(tid);

        // Remove preexisting chdir record for tid.
        let _ = self.get_chdir(tid);
    }

    // Remove a TGID completely from the cache.
    pub(crate) fn del_tgid(&self, tgid: Pid) {
        self.retire_sig_restart(tgid);
        self.retire_ptrace_tgid(tgid);
        self.del_tid(tgid);
    }
}

// The absolute maximum number of workers. This corresponds to the
// maximum value that can be stored within half the bits of usize, as
// two counters (total workers and busy workers) are stored in one
// AtomicUsize.
const MAX_SIZE: usize = (1 << (usize::BITS / 2)) - 1;

const WORKER_BUSY_MASK: usize = MAX_SIZE;
const INCREMENT_TOTAL: usize = 1 << (usize::BITS / 2);
const INCREMENT_BUSY: usize = 1;

// Struct containing data shared between workers
#[derive(Default)]
pub(crate) struct WorkerData {
    // Worker count
    //
    // - Total workers in the upper half
    // - Busy workers in the lower half
    pub(crate) counter: AtomicUsize,

    // Monitor notification channel with notified flag
    pub(crate) mon_signal: (Mutex<bool>, Condvar),
}

impl WorkerData {
    /*
    fn increment_both(&self) -> (usize, usize) {
        let old_val = self
            .counter
            .fetch_add(INCREMENT_TOTAL | INCREMENT_BUSY, Ordering::Relaxed);
        Self::split(old_val)
    }
    */

    pub(crate) fn decrement_both(&self) -> (usize, usize) {
        let old_val = self
            .counter
            .fetch_sub(INCREMENT_TOTAL | INCREMENT_BUSY, Ordering::Relaxed);
        Self::split(old_val)
    }

    pub(crate) fn increment_worker_total(&self) -> usize {
        let old_val = self.counter.fetch_add(INCREMENT_TOTAL, Ordering::Relaxed);
        Self::total(old_val)
    }

    // Decrement total worker count and wake monitor.
    pub(crate) fn decrement_worker_total(&self) -> usize {
        let old_val = self.counter.fetch_sub(INCREMENT_TOTAL, Ordering::Relaxed);
        self.notify_monitor();
        Self::total(old_val)
    }

    // Increment busy worker count.
    // Wake monitor when all workers are busy.
    pub(crate) fn increment_worker_busy(&self) -> usize {
        let old_val = self.counter.fetch_add(INCREMENT_BUSY, Ordering::Relaxed);
        let (total, old_busy) = Self::split(old_val);
        if old_busy.saturating_add(1) >= total {
            self.notify_monitor();
        }
        Self::busy(old_val)
    }

    pub(crate) fn decrement_worker_busy(&self) -> usize {
        let old_val = self.counter.fetch_sub(INCREMENT_BUSY, Ordering::Relaxed);
        Self::busy(old_val)
    }

    /*
    fn get_total_count(&self) -> usize {
        Self::total(self.counter.load(Ordering::Relaxed))
    }

    fn get_busy_count(&self) -> usize {
        Self::busy(self.counter.load(Ordering::Relaxed))
    }
    */

    // Wake the monitor thread.
    pub(crate) fn notify_monitor(&self) {
        let (ref lock, ref cvar) = self.mon_signal;
        let mut guard = lock.lock().unwrap_or_else(|err| err.into_inner());
        *guard = true; // Mark as notified.
        cvar.notify_one();
    }

    pub(crate) fn split(val: usize) -> (usize, usize) {
        let total_count = val >> (usize::BITS / 2);
        let busy_count = val & WORKER_BUSY_MASK;
        (total_count, busy_count)
    }

    fn total(val: usize) -> usize {
        val >> (usize::BITS / 2)
    }

    fn busy(val: usize) -> usize {
        val & WORKER_BUSY_MASK
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_worker_data_1() {
        assert_eq!(WorkerData::total(0), 0);
    }

    #[test]
    fn test_worker_data_2() {
        assert_eq!(WorkerData::busy(0), 0);
    }

    #[test]
    fn test_worker_data_3() {
        let val = INCREMENT_TOTAL;
        assert_eq!(WorkerData::total(val), 1);
        assert_eq!(WorkerData::busy(val), 0);
    }

    #[test]
    fn test_worker_data_4() {
        let val = INCREMENT_BUSY;
        assert_eq!(WorkerData::busy(val), 1);
        assert_eq!(WorkerData::total(val), 0);
    }

    #[test]
    fn test_worker_data_5() {
        let val = INCREMENT_TOTAL | INCREMENT_BUSY;
        assert_eq!(WorkerData::total(val), 1);
        assert_eq!(WorkerData::busy(val), 1);
    }

    #[test]
    fn test_worker_data_6() {
        assert_eq!(WorkerData::busy(MAX_SIZE), MAX_SIZE);
        assert_eq!(WorkerData::total(MAX_SIZE), 0);
    }
}