// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
#pragma allow_unsafe_buffers
#endif

#include "base/android/library_loader/library_prefetcher.h"

#include <sys/mman.h>
#include <sys/types.h>
#include <sys/wait.h>

#include <algorithm>
#include <array>
#include <cerrno>
#include <csignal>
#include <cstddef>
#include <string>

#include "base/android/library_loader/anchor_functions.h"
#include "base/android/orderfile/orderfile_buildflags.h"
#include "base/bits.h"
#include "base/containers/span.h"
#include "base/feature_list.h"
#include "base/features.h"
#include "base/logging.h"
#include "base/memory/page_size.h"
#include "base/metrics/histogram_functions.h"
#include "base/posix/eintr_wrapper.h"
#include "base/threading/platform_thread.h"
#include "base/time/time.h"
#include "base/trace_event/trace_event.h"
#include "build/build_config.h"

#if BUILDFLAG(ORDERFILE_INSTRUMENTATION)
#include "base/android/orderfile/orderfile_instrumentation.h"  // nogncheck
#endif

#if BUILDFLAG(SUPPORTS_CODE_ORDERING)

namespace base {
namespace android {

namespace {

#if !BUILDFLAG(ORDERFILE_INSTRUMENTATION)
// The binary is aligned to a minimum 16K page size on AArch64 Android, else 4K.
// This might not match base::GetPageSize(), the booted Kernel's page size.
#if defined(ARCH_CPU_ARM64)
constexpr size_t kBinaryPageSize = 16384;
#else
constexpr size_t kBinaryPageSize = 4096;
#endif
// Reads a byte per page between |start| and |end| to force it into the page
// cache.
// Heap allocations, syscalls and library functions are not allowed in this
// function.
// Returns true for success.
#if defined(ADDRESS_SANITIZER)
// Disable AddressSanitizer instrumentation for this function. It is touching
// memory that hasn't been allocated by the app, though the addresses are
// valid. Furthermore, this takes place in a child process. See crbug.com/653372
// for the context.
__attribute__((no_sanitize_address))
#endif
void Prefetch(size_t start, size_t end) {
  unsigned char* start_ptr = reinterpret_cast<unsigned char*>(start);
  unsigned char* end_ptr = reinterpret_cast<unsigned char*>(end);
  [[maybe_unused]] unsigned char dummy = 0;
  // It's possible that using kBinaryPageSize instead of page_size (or some
  // other value) is a bit arbitrary for the read stepping here. In practice,
  // disk readahead is greater than either, so probably doesn't matter too much.
  for (unsigned char* ptr = start_ptr; ptr < end_ptr; ptr += kBinaryPageSize) {
    // Volatile is required to prevent the compiler from eliminating this
    // loop.
    dummy ^= *static_cast<volatile unsigned char*>(ptr);
  }
}

// Call madvise from |start| to |end| in chunks of |target_length| (rounded up
// to a whole page). |target_length| can be 0 to madvise the entire range in a
// single call. |start| must already be aligned to a page.
int MadviseRange(size_t start, size_t end, int advice, size_t target_length) {
  if (target_length == 0) {
    target_length = end - start;
  }
  target_length = bits::AlignUp(target_length, base::GetPageSize());
  for (size_t current = start; current < end; current += target_length) {
    // madvise will round `end - current` up to a page size if required.
    size_t length = std::min(target_length, end - current);
    if (madvise(reinterpret_cast<void*>(current), length, advice) != 0) {
      return errno;
    }
  }
  return 0;
}

struct Section {
  static Section CreateAligned(std::string_view name,
                               size_t start_anchor,
                               size_t end_anchor) {
    return Section{
        .name = name,
        .start = start_anchor - start_anchor % kBinaryPageSize,
        .end = bits::AlignUp(end_anchor, kBinaryPageSize),
    };
  }

  std::string_view name;
  size_t start;
  size_t end;
};

// These values were used in the past for recording
// "LibraryLoader.PrefetchDetailedStatus".
// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused. See PrefetchStatus in enums.xml.
enum class PrefetchStatus {
  kSuccess = 0,
  kWrongOrdering = 1,
  kForkFailed = 2,
  kChildProcessCrashed = 3,
  kChildProcessKilled = 4,
  kMadviseFailed = 5,
  kMaxValue = kMadviseFailed,
};

PrefetchStatus PrefetchWithMadvise(base::span<const Section> sections,
                                   int madvise_advice,
                                   size_t madvise_length) {
  TRACE_EVENT("startup", "LibraryPrefetcher::PrefetchWithMadvise");
  for (const auto& section : sections) {
    int result = MadviseRange(section.start, section.end, madvise_advice,
                              madvise_length);
    if (result != 0) {
      PLOG(WARNING) << "madvise failed for " << section.name << " section";
      return PrefetchStatus::kMadviseFailed;
    }
  }
  return PrefetchStatus::kSuccess;
}

PrefetchStatus PrefetchWithFork(base::span<const Section> sections) {
  TRACE_EVENT("startup", "LibraryPrefetcher::PrefetchWithFork");
  base::TimeTicks fork_start_time = base::TimeTicks::Now();
  pid_t pid = fork();
  if (pid == 0) {
    // Android defines the background priority to this value since at least 2009
    // (see Process.java).
    constexpr int kBackgroundPriority = 10;
    setpriority(PRIO_PROCESS, 0, kBackgroundPriority);
    for (const auto& section : sections) {
      Prefetch(section.start, section.end);
    }
    // _exit() doesn't call the atexit() handlers.
    _exit(EXIT_SUCCESS);
  } else {
    base::UmaHistogramCustomMicrosecondsTimes(
        "Android.LibraryLoader.Prefetch.ForkDuration",
        base::TimeTicks::Now() - fork_start_time, base::Microseconds(1),
        base::Seconds(1), 50);
    if (pid < 0) {
      return PrefetchStatus::kForkFailed;
    }
    int status;
    const pid_t result = HANDLE_EINTR(waitpid(pid, &status, 0));
    if (result == pid) {
      if (WIFEXITED(status)) {
        return PrefetchStatus::kSuccess;
      }
      if (WIFSIGNALED(status)) {
        int signal = WTERMSIG(status);
        switch (signal) {
          case SIGSEGV:
          case SIGBUS:
            return PrefetchStatus::kChildProcessCrashed;
          case SIGKILL:
          case SIGTERM:
          default:
            return PrefetchStatus::kChildProcessKilled;
        }
      }
    }
    // Should not happen. Per man waitpid(2), errors are:
    // - EINTR: handled.
    // - ECHILD if the process doesn't have an unwaited-for child with this PID.
    // - EINVAL.
    return PrefetchStatus::kChildProcessKilled;
  }
}

PrefetchStatus PrefetchWithForkOrMadvise() {
  if (!IsOrderingSane()) {
    LOG(WARNING) << "Incorrect code ordering";
    return PrefetchStatus::kWrongOrdering;
  }

  const std::array<const Section, 2> sections{
      // Fetch the ordered section first.
      Section::CreateAligned("ordered", kStartOfOrderedText, kEndOfOrderedText),
      Section::CreateAligned("text", kStartOfText, kEndOfText),
  };

  if (base::FeatureList::IsEnabled(features::kLibraryPrefetcherMadvise)) {
    // MADV_POPULATE_READ was an alternative considered. The differences being:
    // - It can be used reliably on the entire range at once.
    // - It takes longer than multiple WILLNEEDs of moderate (~64K) length.
    // - It grows attributed RSS aggressively. (WILLNEED doesn't.)
    // - It is not as widely supported as WILLNEED.
    // - (At time of writing) it is not already allowlisted in our seccomp BPF.
    constexpr int madvise_advice = MADV_WILLNEED;

    // The man page for madvise(2) expressly supports using madvise(0, 0, ...)
    // as a way to probe support, but it still trips -Wnonnull.
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wnonnull"
    bool supported = madvise(nullptr, 0, madvise_advice) == 0;
#pragma clang diagnostic pop
    if (!supported) {
      // PLOG immediately after check so that nothing overwrites errno.
      PLOG(WARNING) << "madvise not supported for library prefetch";
    }
    base::UmaHistogramBoolean("Android.LibraryLoader.Prefetch.Madvise",
                              supported);

    if (supported) {
      base::ThreadType old_thread_type =
          base::PlatformThread::GetCurrentThreadType();
      base::PlatformThread::SetCurrentThreadType(base::ThreadType::kBackground);
      PrefetchStatus status =
          PrefetchWithMadvise(sections, madvise_advice,
                              features::kLibraryPrefetcherMadviseLength.Get());
      base::PlatformThread::SetCurrentThreadType(old_thread_type);
      return status;
    }

    if (!features::kLibraryPrefetcherMadviseFallback.Get()) {
      return PrefetchStatus::kMadviseFailed;
    }
    LOG(WARNING) << "falling back to fork-based library prefetch";
  }

  return PrefetchWithFork(sections);
}
#endif  // !BUILDFLAG(ORDERFILE_INSTRUMENTATION)

}  // namespace

// static
void NativeLibraryPrefetcher::PrefetchNativeLibrary() {
#if BUILDFLAG(ORDERFILE_INSTRUMENTATION)
  // Avoid forking with orderfile instrumentation because the child process
  // would create a dump as well.
  return;
#else
  base::TimeTicks start_time = base::TimeTicks::Now();
  PrefetchStatus status = PrefetchWithForkOrMadvise();
  base::UmaHistogramMediumTimes("Android.LibraryLoader.Prefetch.Duration",
                                base::TimeTicks::Now() - start_time);
  base::UmaHistogramEnumeration("Android.LibraryLoader.Prefetch.Status",
                                status);
  if (status != PrefetchStatus::kSuccess) {
    LOG(WARNING) << "Cannot prefetch the library. status = "
                 << static_cast<int>(status);
  }
#endif  // BUILDFLAG(ORDERFILE_INSTRUMENTATION)
}

}  // namespace android
}  // namespace base
#endif  // BUILDFLAG(SUPPORTS_CODE_ORDERING)