strat9_kernel/process/

signal.rs

//! Signal handling for Strat9-OS.
//!
//! Provides basic signal infrastructure for POSIX compatibility.
//! Implements signal delivery, masking, and handling.

use core::sync::atomic::{AtomicU64, Ordering};

/// Signal numbers (POSIX-compatible).
///
/// Standard POSIX signal numbers for compatibility with userspace libc.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(u32)]
pub enum Signal {
    /// Hangup detected on controlling terminal
    SIGHUP = 1,
    /// Interrupt from keyboard (Ctrl+C)
    SIGINT = 2,
    /// Quit from keyboard (Ctrl+\)
    SIGQUIT = 3,
    /// Illegal instruction
    SIGILL = 4,
    /// Trace/breakpoint trap
    SIGTRAP = 5,
    /// Abort signal
    SIGABRT = 6,
    /// Bus error (bad memory access)
    SIGBUS = 7,
    /// Floating-point exception
    SIGFPE = 8,
    /// Kill signal (cannot be caught or ignored)
    SIGKILL = 9,
    /// User-defined signal 1
    SIGUSR1 = 10,
    /// Segmentation fault
    SIGSEGV = 11,
    /// User-defined signal 2
    SIGUSR2 = 12,
    /// Broken pipe
    SIGPIPE = 13,
    /// Timer signal
    SIGALRM = 14,
    /// Termination signal
    SIGTERM = 15,
    /// Child stopped or terminated
    SIGCHLD = 17,
    /// Continue if stopped
    SIGCONT = 18,
    /// Stop process (cannot be caught or ignored)
    SIGSTOP = 19,
    /// Stop typed at terminal
    SIGTSTP = 20,
    /// Background read attempt
    SIGTTIN = 21,
    /// Background write attempt
    SIGTTOU = 22,
    /// Urgent data on socket
    SIGURG = 23,
    /// CPU time limit exceeded
    SIGXCPU = 24,
    /// File size limit exceeded
    SIGXFSZ = 25,
    /// Virtual timer expired
    SIGVTALRM = 26,
    /// Profiling timer expired
    SIGPROF = 27,
    /// Window size changed
    SIGWINCH = 28,
    /// I/O possible on socket
    SIGIO = 29,
    /// Power failure
    SIGPWR = 30,
    /// Bad system call
    SIGSYS = 31,
}

impl Signal {
    /// Convert a signal number to a Signal enum.
    pub fn from_u32(num: u32) -> Option<Self> {
        match num {
            1 => Some(Signal::SIGHUP),
            2 => Some(Signal::SIGINT),
            3 => Some(Signal::SIGQUIT),
            4 => Some(Signal::SIGILL),
            5 => Some(Signal::SIGTRAP),
            6 => Some(Signal::SIGABRT),
            7 => Some(Signal::SIGBUS),
            8 => Some(Signal::SIGFPE),
            9 => Some(Signal::SIGKILL),
            10 => Some(Signal::SIGUSR1),
            11 => Some(Signal::SIGSEGV),
            12 => Some(Signal::SIGUSR2),
            13 => Some(Signal::SIGPIPE),
            14 => Some(Signal::SIGALRM),
            15 => Some(Signal::SIGTERM),
            17 => Some(Signal::SIGCHLD),
            18 => Some(Signal::SIGCONT),
            19 => Some(Signal::SIGSTOP),
            20 => Some(Signal::SIGTSTP),
            21 => Some(Signal::SIGTTIN),
            22 => Some(Signal::SIGTTOU),
            23 => Some(Signal::SIGURG),
            24 => Some(Signal::SIGXCPU),
            25 => Some(Signal::SIGXFSZ),
            26 => Some(Signal::SIGVTALRM),
            27 => Some(Signal::SIGPROF),
            28 => Some(Signal::SIGWINCH),
            29 => Some(Signal::SIGIO),
            30 => Some(Signal::SIGPWR),
            31 => Some(Signal::SIGSYS),
            _ => None,
        }
    }

    /// Convert Signal to its numeric value.
    pub fn as_u32(self) -> u32 {
        self as u32
    }

    /// Check if this signal cannot be caught or blocked.
    pub fn is_uncatchable(self) -> bool {
        matches!(self, Signal::SIGKILL | Signal::SIGSTOP)
    }

    /// Get the bit position for this signal in a signal mask.
    pub fn bit(self) -> u64 {
        1u64 << (self.as_u32() - 1)
    }
}

/// Signal mask constants
pub const SIGNAL_MASK_SIZE: usize = 8; // u64 = 64 bits, enough for signals 1-64
pub const SIGNAL_MAX: u32 = 64;

/// How to modify the signal mask
pub const SIG_BLOCK: i32 = 0;
pub const SIG_UNBLOCK: i32 = 1;
pub const SIG_SETMASK: i32 = 2;

/// A set of signals represented as a bitmask.
///
/// Uses atomic operations for lock-free signal delivery.
#[derive(Debug)]
pub struct SignalSet {
    mask: AtomicU64,
}

impl Clone for SignalSet {
    /// Performs the clone operation.
    fn clone(&self) -> Self {
        Self::from_mask(self.get_mask())
    }
}

impl SignalSet {
    /// Create an empty signal set.
    pub const fn new() -> Self {
        Self {
            mask: AtomicU64::new(0),
        }
    }

    /// Create a signal set from a raw mask value.
    pub const fn from_mask(mask: u64) -> Self {
        Self {
            mask: AtomicU64::new(mask),
        }
    }

    /// Add a signal to the set.
    pub fn add(&self, signal: Signal) {
        let bit = signal.bit();
        self.mask.fetch_or(bit, Ordering::Release);
    }

    /// Remove a signal from the set.
    pub fn remove(&self, signal: Signal) {
        let bit = !signal.bit();
        self.mask.fetch_and(bit, Ordering::AcqRel);
    }

    /// Check if a signal is in the set.
    pub fn contains(&self, signal: Signal) -> bool {
        let bit = signal.bit();
        (self.mask.load(Ordering::Acquire) & bit) != 0
    }

    /// Check if the set is empty.
    pub fn is_empty(&self) -> bool {
        self.mask.load(Ordering::Acquire) == 0
    }

    /// Get the raw mask value.
    pub fn get_mask(&self) -> u64 {
        self.mask.load(Ordering::Acquire)
    }

    /// Set the raw mask value.
    pub fn set_mask(&self, mask: u64) {
        self.mask.store(mask, Ordering::Release);
    }

    /// Clear all signals.
    pub fn clear(&self) {
        self.mask.store(0, Ordering::Release);
    }

    /// Get the next pending signal (lowest numbered).
    pub fn next_pending(&self) -> Option<Signal> {
        let pending = self.mask.load(Ordering::Acquire);
        if pending == 0 {
            return None;
        }
        let signal_num = pending.trailing_zeros() + 1;
        Signal::from_u32(signal_num)
    }

    /// Get signals that are in self but not in blocked.
    pub fn unblocked(&self, blocked: &SignalSet) -> u64 {
        let pending = self.mask.load(Ordering::Acquire);
        let blocked_mask = blocked.mask.load(Ordering::Acquire);
        pending & !blocked_mask
    }

    /// Atomically consume one pending unblocked signal (CAS loop).
    pub fn consume_one_unblocked(&self, blocked: &SignalSet) -> Option<Signal> {
        loop {
            let pending = self.mask.load(Ordering::Acquire);
            let blocked_mask = blocked.mask.load(Ordering::Acquire);
            let unblocked = pending & !blocked_mask;
            if unblocked == 0 {
                return None;
            }
            let lowest_bit = unblocked & unblocked.wrapping_neg();
            let new_pending = pending & !lowest_bit;
            match self.mask.compare_exchange_weak(
                pending,
                new_pending,
                Ordering::AcqRel,
                Ordering::Acquire,
            ) {
                Ok(_) => {
                    let signal_num = lowest_bit.trailing_zeros() + 1;
                    return Signal::from_u32(signal_num);
                }
                Err(_) => continue,
            }
        }
    }

    /// Peek the next pending unblocked signal without consuming it.
    pub fn peek_one_unblocked(&self, blocked: &SignalSet) -> Option<Signal> {
        let pending = self.mask.load(Ordering::Acquire);
        let blocked_mask = blocked.mask.load(Ordering::Acquire);
        let unblocked = pending & !blocked_mask;
        if unblocked == 0 {
            return None;
        }
        let signal_num = unblocked.trailing_zeros() + 1;
        Signal::from_u32(signal_num)
    }

    /// Try to consume a specific pending signal.
    pub fn try_consume(&self, signal: Signal) -> bool {
        let bit = signal.bit();
        loop {
            let pending = self.mask.load(Ordering::Acquire);
            if (pending & bit) == 0 {
                return false;
            }
            let new_pending = pending & !bit;
            match self.mask.compare_exchange_weak(
                pending,
                new_pending,
                Ordering::AcqRel,
                Ordering::Acquire,
            ) {
                Ok(_) => return true,
                Err(_) => continue,
            }
        }
    }
}

/// Signal action flags
pub const SA_NOCLDSTOP: u32 = 1 << 0;
pub const SA_NOCLDWAIT: u32 = 1 << 1;
pub const SA_SIGINFO: u32 = 1 << 2;
pub const SA_RESTORER: u32 = 1 << 3;
pub const SA_ONSTACK: u32 = 1 << 4;
pub const SA_RESTART: u32 = 1 << 5;
pub const SA_NODEFER: u32 = 1 << 6;
pub const SA_RESETHAND: u32 = 1 << 7;

pub const SIG_DFL: u64 = 0;
pub const SIG_IGN: u64 = 1;

#[derive(Debug, Clone, Copy)]
#[repr(C)]
pub struct SigActionData {
    pub handler: u64,
    pub flags: u64,
    pub restorer: u64,
    pub mask: u64,
}

impl SigActionData {
    /// Builds a default instance.
    pub const fn default() -> Self {
        Self {
            handler: SIG_DFL,
            flags: 0,
            restorer: 0,
            mask: 0,
        }
    }

    /// Returns whether default.
    pub fn is_default(&self) -> bool {
        self.handler == SIG_DFL
    }
    /// Returns whether ignore.
    pub fn is_ignore(&self) -> bool {
        self.handler == SIG_IGN
    }
    /// Returns whether user handler.
    pub fn is_user_handler(&self) -> bool {
        self.handler > 1
    }
}

impl Default for SigActionData {
    /// Builds a default instance.
    fn default() -> Self {
        Self::default()
    }
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum DefaultAction {
    Term,
    Core,
    Stop,
    Cont,
    Ign,
}

impl Signal {
    /// Performs the default action operation.
    pub fn default_action(self) -> DefaultAction {
        match self {
            Signal::SIGHUP
            | Signal::SIGINT
            | Signal::SIGPIPE
            | Signal::SIGALRM
            | Signal::SIGTERM
            | Signal::SIGUSR1
            | Signal::SIGUSR2
            | Signal::SIGPROF
            | Signal::SIGVTALRM
            | Signal::SIGIO
            | Signal::SIGPWR
            | Signal::SIGSYS => DefaultAction::Term,

            Signal::SIGQUIT
            | Signal::SIGILL
            | Signal::SIGABRT
            | Signal::SIGFPE
            | Signal::SIGSEGV
            | Signal::SIGBUS
            | Signal::SIGTRAP
            | Signal::SIGXCPU
            | Signal::SIGXFSZ => DefaultAction::Core,

            Signal::SIGSTOP | Signal::SIGTSTP | Signal::SIGTTIN | Signal::SIGTTOU => {
                DefaultAction::Stop
            }

            Signal::SIGCONT => DefaultAction::Cont,

            Signal::SIGCHLD | Signal::SIGURG | Signal::SIGWINCH => DefaultAction::Ign,

            Signal::SIGKILL => DefaultAction::Term,
        }
    }
}

pub const SIGNAL_FRAME_MAGIC: u64 = 0x5354_5239_5349_4700;

#[derive(Debug, Clone, Copy)]
#[repr(C)]
pub struct SignalFrame {
    pub restorer: u64,
    pub signo: u64,
    pub saved_mask: u64,
    pub rip: u64,
    pub rsp: u64,
    pub rflags: u64,
    pub rax: u64,
    pub rcx: u64,
    pub rdx: u64,
    pub rbx: u64,
    pub rbp: u64,
    pub rsi: u64,
    pub rdi: u64,
    pub r8: u64,
    pub r9: u64,
    pub r10: u64,
    pub r11: u64,
    pub r12: u64,
    pub r13: u64,
    pub r14: u64,
    pub r15: u64,
    pub magic: u64,
}

#[derive(Clone, Copy, PartialEq, Eq)]
enum SignalDeliveryMode {
    Normal,
    InterruptReturn,
}

/// Count of signals deferred on the interrupt-return path because their
/// default action (Term/Core/Stop) or missing restorer requires a task-switch
/// or kill, which is not safe from timer-IRQ context.  Exposed for diagnostics.
pub static SIGNAL_IRQ_DEFERRED_COUNT: AtomicU64 = AtomicU64::new(0);

fn deliver_pending_signal_inner(
    frame: &mut crate::syscall::SyscallFrame,
    mode: SignalDeliveryMode,
) -> bool {
    let task = match crate::process::current_task_clone() {
        Some(t) => t,
        None => return false,
    };

    if task.is_kernel() {
        return false;
    }

    if mode == SignalDeliveryMode::InterruptReturn
        && task.irq_signal_delivery_blocked.load(Ordering::Acquire)
    {
        return false;
    }

    if mode == SignalDeliveryMode::Normal {
        task.irq_signal_delivery_blocked
            .store(false, Ordering::Release);
    }

    // A task runs on exactly one CPU at a time, so there is no concurrent
    // signal-consumption path executing on behalf of the same task. Signal
    // senders may still add new bits concurrently, so try_consume remains the
    // authority for actually claiming the signal selected by the peek.
    let signal = match task
        .pending_signals
        .peek_one_unblocked(&task.blocked_signals)
    {
        Some(s) => s,
        None => return false,
    };

    let action = unsafe {
        let actions = &*task.process.signal_actions.get();
        actions[signal.as_u32() as usize]
    };

    if action.is_ignore() {
        debug_assert!(
            task.pending_signals.try_consume(signal),
            "signal vanished between peek and consume (ignore path)"
        );
        return true;
    }

    if action.is_default() {
        match signal.default_action() {
            DefaultAction::Ign | DefaultAction::Cont => {
                debug_assert!(
                    task.pending_signals.try_consume(signal),
                    "signal vanished between peek and consume (ign/cont path)"
                );
                return true;
            }
            DefaultAction::Stop => {
                if mode == SignalDeliveryMode::InterruptReturn {
                    // Stop requires task suspension : not safe from IRQ context.
                    // Leave the signal pending; the syscall-return path will deliver it.
                    task.irq_signal_delivery_blocked
                        .store(true, Ordering::Release);
                    SIGNAL_IRQ_DEFERRED_COUNT.fetch_add(1, Ordering::Relaxed);
                    return false;
                }
                debug_assert!(
                    task.pending_signals.try_consume(signal),
                    "signal vanished between peek and consume (stop path)"
                );
                return true;
            }
            DefaultAction::Term | DefaultAction::Core => {
                if mode == SignalDeliveryMode::InterruptReturn {
                    // kill_task requires a scheduler operation : not safe from IRQ context.
                    // Leave the signal pending; the syscall-return path will deliver it.
                    task.irq_signal_delivery_blocked
                        .store(true, Ordering::Release);
                    SIGNAL_IRQ_DEFERRED_COUNT.fetch_add(1, Ordering::Relaxed);
                    return false;
                }
                if !task.pending_signals.try_consume(signal) {
                    return false;
                }
                log::info!(
                    "[signal] killing pid {} on SIG{}",
                    task.pid,
                    signal.as_u32()
                );
                crate::process::kill_task(task.id);
                return true;
            }
        }
    }

    let handler = action.handler;
    let restorer = action.restorer;
    let sig_mask = action.mask;
    let flags = action.flags;

    if restorer == 0 {
        if mode == SignalDeliveryMode::InterruptReturn {
            // Cannot safely kill from IRQ context; leave signal pending.
            task.irq_signal_delivery_blocked
                .store(true, Ordering::Release);
            SIGNAL_IRQ_DEFERRED_COUNT.fetch_add(1, Ordering::Relaxed);
            return false;
        }
        if !task.pending_signals.try_consume(signal) {
            return false;
        }
        log::warn!("[signal] no restorer for SIG{}, killing", signal.as_u32());
        crate::process::kill_task(task.id);
        return true;
    }

    if !task.pending_signals.try_consume(signal) {
        return false;
    }

    let user_rsp = frame.iret_rsp;
    let frame_size = core::mem::size_of::<SignalFrame>() as u64;
    let new_rsp = ((user_rsp - frame_size) & !0xF) - 8;

    let sig_frame = SignalFrame {
        restorer,
        signo: signal.as_u32() as u64,
        saved_mask: task.blocked_signals.get_mask(),
        rip: frame.iret_rip,
        rsp: frame.iret_rsp,
        rflags: frame.iret_rflags,
        rax: frame.rax,
        rcx: frame.rcx,
        rdx: frame.rdx,
        rbx: frame.rbx,
        rbp: frame.rbp,
        rsi: frame.rsi,
        rdi: frame.rdi,
        r8: frame.r8,
        r9: frame.r9,
        r10: frame.r10,
        r11: frame.r11,
        r12: frame.r12,
        r13: frame.r13,
        r14: frame.r14,
        r15: frame.r15,
        magic: SIGNAL_FRAME_MAGIC,
    };

    let bytes: &[u8] = unsafe {
        core::slice::from_raw_parts(
            &sig_frame as *const SignalFrame as *const u8,
            core::mem::size_of::<SignalFrame>(),
        )
    };

    match crate::memory::UserSliceWrite::new(new_rsp, bytes.len()) {
        Ok(slice) => {
            slice.copy_from(bytes);
        }
        Err(_) => {
            if mode == SignalDeliveryMode::InterruptReturn {
                task.irq_signal_delivery_blocked
                    .store(true, Ordering::Release);
                task.pending_signals.add(signal);
                return false;
            }
            log::warn!("[signal] fault writing signal frame, killing");
            crate::process::kill_task(task.id);
            return true;
        }
    }

    // Block signals specified in sa_mask, plus the signal itself (unless SA_NODEFER)
    let mut new_mask = task.blocked_signals.get_mask() | sig_mask;
    if flags & (SA_NODEFER as u64) == 0 {
        new_mask |= signal.bit();
    }
    task.blocked_signals.set_mask(new_mask);

    // SA_RESETHAND: reset handler to SIG_DFL after delivery
    if flags & (SA_RESETHAND as u64) != 0 {
        unsafe {
            let actions = &mut *task.process.signal_actions.get();
            actions[signal.as_u32() as usize] = SigActionData::default();
        }
    }

    frame.iret_rip = handler;
    frame.iret_rsp = new_rsp;
    frame.rdi = signal.as_u32() as u64;
    frame.rsi = 0;
    frame.rdx = 0;

    true
}

/// Performs the deliver pending signal operation.
pub fn deliver_pending_signal(frame: &mut crate::syscall::SyscallFrame) -> bool {
    deliver_pending_signal_inner(frame, SignalDeliveryMode::Normal)
}

/// Deliver a pending signal on the IRQ-return path to Ring 3.
///
/// Only one signal is delivered per call (the lowest-numbered unblocked one).
/// Signals whose default action is Term, Core, or Stop, and signals without a
/// restorer, are **deferred** : they remain pending and are delivered on the
/// next syscall-return path, which is safe to kill or suspend the task.
/// The deferral count is tracked in [`SIGNAL_IRQ_DEFERRED_COUNT`].
///
/// This mirrors Linux's `do_notify_resume()` called from `ret_from_intr`.
pub fn deliver_pending_signal_on_interrupt_return(
    frame: &mut crate::syscall::SyscallFrame,
) -> bool {
    deliver_pending_signal_inner(frame, SignalDeliveryMode::InterruptReturn)
}

/// Signal alternate stack
#[derive(Debug, Clone, Copy, Default)]
#[repr(C)]
pub struct SigStack {
    /// Stack base address
    pub ss_sp: u64,
    /// Stack flags
    pub ss_flags: i32,
    /// Stack size
    pub ss_size: usize,
}

/// Send a signal to a task.
///
/// # Arguments
///
/// - `target`: Task ID to send the signal to
/// - `signal`: Signal to send
///
/// # Returns
///
/// - `Ok(())` if the signal was delivered
/// - `Err(InvalidArgument)` if the task doesn't exist or signal is invalid
pub fn send_signal(
    target: crate::process::TaskId,
    signal: Signal,
) -> Result<(), crate::syscall::error::SyscallError> {
    use crate::{process::get_task_by_id, syscall::error::SyscallError};

    // SIGKILL and SIGSTOP cannot be ignored
    if signal.is_uncatchable() {
        // Still deliver them
    }

    let task = get_task_by_id(target).ok_or(SyscallError::InvalidArgument)?;

    // Add signal to the task's pending set.
    // We have a reference to the task, so it's safe to access its fields.
    let pending = &task.pending_signals;
    pending.add(signal);

    // If the task is blocked and the signal is not blocked, wake it.
    // Best-effort read: state may change concurrently, but wake_task is
    // idempotent : a spurious wake is harmless and a missed wake will be
    // caught on the next scheduling point when pending_signals is checked.
    {
        let state = task.get_state();
        if state == crate::process::TaskState::Blocked {
            let blocked = &task.blocked_signals;
            if !blocked.contains(signal) {
                // Wake the task so it can handle the signal.
                crate::process::wake_task(target);
            }
        }
    }

    Ok(())
}

/// Check if the current task has any pending signals.
///
/// Used by blocking syscalls to determine if they should return EINTR.
pub fn has_pending_signals() -> bool {
    use crate::process::current_task_clone;

    if let Some(task) = current_task_clone() {
        let pending = &task.pending_signals;
        let blocked = &task.blocked_signals;
        pending.unblocked(blocked) != 0
    } else {
        false
    }
}

/// Consume the next pending signal.
///
/// Atomically removes the signal from the pending set and returns it.
pub fn consume_next_signal() -> Option<Signal> {
    use crate::process::current_task_clone;

    if let Some(task) = current_task_clone() {
        task.pending_signals
            .consume_one_unblocked(&task.blocked_signals)
    } else {
        None
    }
}