1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/important_file_writer.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9 #include <stdio.h>
10
11 #include <algorithm>
12 #include <string>
13 #include <utility>
14
15 #include "base/check.h"
16 #include "base/critical_closure.h"
17 #include "base/debug/alias.h"
18 #include "base/files/file.h"
19 #include "base/files/file_path.h"
20 #include "base/files/file_util.h"
21 #include "base/files/important_file_writer_cleaner.h"
22 #include "base/functional/bind.h"
23 #include "base/functional/callback_helpers.h"
24 #include "base/logging.h"
25 #include "base/metrics/histogram_functions.h"
26 #include "base/notreached.h"
27 #include "base/numerics/safe_conversions.h"
28 #include "base/strings/string_number_conversions.h"
29 #include "base/strings/string_util.h"
30 #include "base/task/sequenced_task_runner.h"
31 #include "base/task/task_runner.h"
32 #include "base/threading/platform_thread.h"
33 #include "base/threading/scoped_thread_priority.h"
34 #include "base/threading/thread.h"
35 #include "base/time/time.h"
36 #include "build/build_config.h"
37 #include "build/chromeos_buildflags.h"
38
39 namespace base {
40
41 namespace {
42
43 constexpr auto kDefaultCommitInterval = Seconds(10);
44 #if BUILDFLAG(IS_WIN)
45 // This is how many times we will retry ReplaceFile on Windows.
46 constexpr int kReplaceRetries = 5;
47 // This is the result code recorded if ReplaceFile still fails.
48 // It should stay constant even if we change kReplaceRetries.
49 constexpr int kReplaceRetryFailure = 10;
50 static_assert(kReplaceRetryFailure > kReplaceRetries, "No overlap allowed");
51 constexpr auto kReplacePauseInterval = Milliseconds(100);
52 #endif
53
UmaHistogramTimesWithSuffix(const char * histogram_name,StringPiece histogram_suffix,base::TimeDelta sample)54 void UmaHistogramTimesWithSuffix(const char* histogram_name,
55 StringPiece histogram_suffix,
56 base::TimeDelta sample) {
57 DCHECK(histogram_name);
58 std::string histogram_full_name(histogram_name);
59 if (!histogram_suffix.empty()) {
60 histogram_full_name.append(".");
61 histogram_full_name.append(histogram_suffix.data(),
62 histogram_suffix.length());
63 }
64 UmaHistogramTimes(histogram_full_name, sample);
65 }
66
67 // Deletes the file named |tmp_file_path| (which may be open as |tmp_file|),
68 // retrying on the same sequence after some delay in case of error. It is sadly
69 // common that third-party software on Windows may open the temp file and map it
70 // into its own address space, which prevents others from marking it for
71 // deletion (even if opening it for deletion was possible). |attempt| is the
72 // number of failed previous attempts to the delete the file (defaults to 0).
DeleteTmpFileWithRetry(File tmp_file,const FilePath & tmp_file_path,int attempt=0)73 void DeleteTmpFileWithRetry(File tmp_file,
74 const FilePath& tmp_file_path,
75 int attempt = 0) {
76 #if BUILDFLAG(IS_WIN)
77 // Mark the file for deletion when it is closed and then close it implicitly.
78 if (tmp_file.IsValid()) {
79 if (tmp_file.DeleteOnClose(true))
80 return;
81 // The file was opened with exclusive r/w access, so failures are primarily
82 // due to I/O errors or other phenomena out of the process's control. Go
83 // ahead and close the file. The call to DeleteFile below will basically
84 // repeat the above, but maybe it will somehow succeed.
85 tmp_file.Close();
86 }
87 #endif
88
89 // Retry every 250ms for up to two seconds. Metrics indicate that this is a
90 // reasonable number of retries -- the failures after all attempts generally
91 // point to access denied. The ImportantFileWriterCleaner should clean these
92 // up in the next process.
93 constexpr int kMaxDeleteAttempts = 8;
94 constexpr TimeDelta kDeleteFileRetryDelay = Milliseconds(250);
95
96 if (!DeleteFile(tmp_file_path) && ++attempt < kMaxDeleteAttempts &&
97 SequencedTaskRunner::HasCurrentDefault()) {
98 SequencedTaskRunner::GetCurrentDefault()->PostDelayedTask(
99 FROM_HERE,
100 BindOnce(&DeleteTmpFileWithRetry, base::File(), tmp_file_path, attempt),
101 kDeleteFileRetryDelay);
102 }
103 }
104
105 } // namespace
106
107 // static
WriteFileAtomically(const FilePath & path,StringPiece data,StringPiece histogram_suffix)108 bool ImportantFileWriter::WriteFileAtomically(const FilePath& path,
109 StringPiece data,
110 StringPiece histogram_suffix) {
111 // Calling the impl by way of the public WriteFileAtomically, so
112 // |from_instance| is false.
113 return WriteFileAtomicallyImpl(path, data, histogram_suffix,
114 /*from_instance=*/false);
115 }
116
117 // static
ProduceAndWriteStringToFileAtomically(const FilePath & path,BackgroundDataProducerCallback data_producer_for_background_sequence,OnceClosure before_write_callback,OnceCallback<void (bool success)> after_write_callback,const std::string & histogram_suffix)118 void ImportantFileWriter::ProduceAndWriteStringToFileAtomically(
119 const FilePath& path,
120 BackgroundDataProducerCallback data_producer_for_background_sequence,
121 OnceClosure before_write_callback,
122 OnceCallback<void(bool success)> after_write_callback,
123 const std::string& histogram_suffix) {
124 // Produce the actual data string on the background sequence.
125 absl::optional<std::string> data =
126 std::move(data_producer_for_background_sequence).Run();
127 if (!data) {
128 DLOG(WARNING) << "Failed to serialize data to be saved in " << path.value();
129 return;
130 }
131
132 if (!before_write_callback.is_null())
133 std::move(before_write_callback).Run();
134
135 // Calling the impl by way of the private
136 // ProduceAndWriteStringToFileAtomically, which originated from an
137 // ImportantFileWriter instance, so |from_instance| is true.
138 const bool result = WriteFileAtomicallyImpl(path, *data, histogram_suffix,
139 /*from_instance=*/true);
140
141 if (!after_write_callback.is_null())
142 std::move(after_write_callback).Run(result);
143 }
144
145 // static
WriteFileAtomicallyImpl(const FilePath & path,StringPiece data,StringPiece histogram_suffix,bool from_instance)146 bool ImportantFileWriter::WriteFileAtomicallyImpl(const FilePath& path,
147 StringPiece data,
148 StringPiece histogram_suffix,
149 bool from_instance) {
150 const TimeTicks write_start = TimeTicks::Now();
151 if (!from_instance)
152 ImportantFileWriterCleaner::AddDirectory(path.DirName());
153
154 #if BUILDFLAG(IS_WIN) && DCHECK_IS_ON()
155 // In https://crbug.com/920174, we have cases where CreateTemporaryFileInDir
156 // hits a DCHECK because creation fails with no indication why. Pull the path
157 // onto the stack so that we can see if it is malformed in some odd way.
158 wchar_t path_copy[MAX_PATH];
159 base::wcslcpy(path_copy, path.value().c_str(), std::size(path_copy));
160 base::debug::Alias(path_copy);
161 #endif // BUILDFLAG(IS_WIN) && DCHECK_IS_ON()
162
163 #if BUILDFLAG(IS_CHROMEOS_ASH)
164 // On Chrome OS, chrome gets killed when it cannot finish shutdown quickly,
165 // and this function seems to be one of the slowest shutdown steps.
166 // Include some info to the report for investigation. crbug.com/418627
167 // TODO(hashimoto): Remove this.
168 struct {
169 size_t data_size;
170 char path[128];
171 } file_info;
172 file_info.data_size = data.size();
173 strlcpy(file_info.path, path.value().c_str(), std::size(file_info.path));
174 debug::Alias(&file_info);
175 #endif
176
177 // Write the data to a temp file then rename to avoid data loss if we crash
178 // while writing the file. Ensure that the temp file is on the same volume
179 // as target file, so it can be moved in one step, and that the temp file
180 // is securely created.
181 FilePath tmp_file_path;
182 File tmp_file =
183 CreateAndOpenTemporaryFileInDir(path.DirName(), &tmp_file_path);
184 if (!tmp_file.IsValid()) {
185 DPLOG(WARNING) << "Failed to create temporary file to update " << path;
186 return false;
187 }
188
189 // Don't write all of the data at once because this can lead to kernel
190 // address-space exhaustion on 32-bit Windows (see https://crbug.com/1001022
191 // for details).
192 constexpr ptrdiff_t kMaxWriteAmount = 8 * 1024 * 1024;
193 int bytes_written = 0;
194 for (const char *scan = data.data(), *const end = scan + data.length();
195 scan < end; scan += bytes_written) {
196 const int write_amount =
197 static_cast<int>(std::min(kMaxWriteAmount, end - scan));
198 bytes_written = tmp_file.WriteAtCurrentPos(scan, write_amount);
199 if (bytes_written != write_amount) {
200 DPLOG(WARNING) << "Failed to write " << write_amount << " bytes to temp "
201 << "file to update " << path
202 << " (bytes_written=" << bytes_written << ")";
203 DeleteTmpFileWithRetry(std::move(tmp_file), tmp_file_path);
204 return false;
205 }
206 }
207
208 if (!tmp_file.Flush()) {
209 DPLOG(WARNING) << "Failed to flush temp file to update " << path;
210 DeleteTmpFileWithRetry(std::move(tmp_file), tmp_file_path);
211 return false;
212 }
213
214 File::Error replace_file_error = File::FILE_OK;
215 bool result;
216
217 // The file must be closed for ReplaceFile to do its job, which opens up a
218 // race with other software that may open the temp file (e.g., an A/V scanner
219 // doing its job without oplocks). Boost a background thread's priority on
220 // Windows and close as late as possible to improve the chances that the other
221 // software will lose the race.
222 #if BUILDFLAG(IS_WIN)
223 DWORD last_error;
224 int retry_count = 0;
225 {
226 ScopedBoostPriority scoped_boost_priority(ThreadType::kDisplayCritical);
227 tmp_file.Close();
228 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
229 // Save and restore the last error code so that it's not polluted by the
230 // thread priority change.
231 last_error = ::GetLastError();
232 for (/**/; !result && retry_count < kReplaceRetries; ++retry_count) {
233 // The race condition between closing the temporary file and moving it
234 // gets hit on a regular basis on some systems
235 // (https://crbug.com/1099284), so we retry a few times before giving up.
236 PlatformThread::Sleep(kReplacePauseInterval);
237 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
238 last_error = ::GetLastError();
239 }
240 }
241
242 // Log how many times we had to retry the ReplaceFile operation before it
243 // succeeded. If we never succeeded then return a special value.
244 if (!result)
245 retry_count = kReplaceRetryFailure;
246 UmaHistogramExactLinear("ImportantFile.FileReplaceRetryCount", retry_count,
247 kReplaceRetryFailure);
248 #else
249 tmp_file.Close();
250 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
251 #endif // BUILDFLAG(IS_WIN)
252
253 if (!result) {
254 #if BUILDFLAG(IS_WIN)
255 // Restore the error code from ReplaceFile so that it will be available for
256 // the log message, otherwise failures in SetCurrentThreadType may be
257 // reported instead.
258 ::SetLastError(last_error);
259 #endif
260 DPLOG(WARNING) << "Failed to replace " << path << " with " << tmp_file_path;
261 DeleteTmpFileWithRetry(File(), tmp_file_path);
262 }
263
264 const TimeDelta write_duration = TimeTicks::Now() - write_start;
265 UmaHistogramTimesWithSuffix("ImportantFile.WriteDuration", histogram_suffix,
266 write_duration);
267
268 return result;
269 }
270
ImportantFileWriter(const FilePath & path,scoped_refptr<SequencedTaskRunner> task_runner,StringPiece histogram_suffix)271 ImportantFileWriter::ImportantFileWriter(
272 const FilePath& path,
273 scoped_refptr<SequencedTaskRunner> task_runner,
274 StringPiece histogram_suffix)
275 : ImportantFileWriter(path,
276 std::move(task_runner),
277 kDefaultCommitInterval,
278 histogram_suffix) {}
279
ImportantFileWriter(const FilePath & path,scoped_refptr<SequencedTaskRunner> task_runner,TimeDelta interval,StringPiece histogram_suffix)280 ImportantFileWriter::ImportantFileWriter(
281 const FilePath& path,
282 scoped_refptr<SequencedTaskRunner> task_runner,
283 TimeDelta interval,
284 StringPiece histogram_suffix)
285 : path_(path),
286 task_runner_(std::move(task_runner)),
287 commit_interval_(interval),
288 histogram_suffix_(histogram_suffix) {
289 DCHECK(task_runner_);
290 ImportantFileWriterCleaner::AddDirectory(path.DirName());
291 }
292
~ImportantFileWriter()293 ImportantFileWriter::~ImportantFileWriter() {
294 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
295 // We're usually a member variable of some other object, which also tends
296 // to be our serializer. It may not be safe to call back to the parent object
297 // being destructed.
298 DCHECK(!HasPendingWrite());
299 }
300
HasPendingWrite() const301 bool ImportantFileWriter::HasPendingWrite() const {
302 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
303 return timer().IsRunning();
304 }
305
WriteNow(std::string data)306 void ImportantFileWriter::WriteNow(std::string data) {
307 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
308 if (!IsValueInRangeForNumericType<int32_t>(data.length())) {
309 NOTREACHED();
310 return;
311 }
312
313 WriteNowWithBackgroundDataProducer(base::BindOnce(
314 [](std::string data) { return absl::make_optional(std::move(data)); },
315 std::move(data)));
316 }
317
WriteNowWithBackgroundDataProducer(BackgroundDataProducerCallback background_data_producer)318 void ImportantFileWriter::WriteNowWithBackgroundDataProducer(
319 BackgroundDataProducerCallback background_data_producer) {
320 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
321
322 auto split_task = SplitOnceCallback(
323 BindOnce(&ProduceAndWriteStringToFileAtomically, path_,
324 std::move(background_data_producer),
325 std::move(before_next_write_callback_),
326 std::move(after_next_write_callback_), histogram_suffix_));
327
328 if (!task_runner_->PostTask(
329 FROM_HERE, MakeCriticalClosure("ImportantFileWriter::WriteNow",
330 std::move(split_task.first),
331 /*is_immediate=*/true))) {
332 // Posting the task to background message loop is not expected
333 // to fail, but if it does, avoid losing data and just hit the disk
334 // on the current thread.
335 NOTREACHED();
336
337 std::move(split_task.second).Run();
338 }
339 ClearPendingWrite();
340 }
341
ScheduleWrite(DataSerializer * serializer)342 void ImportantFileWriter::ScheduleWrite(DataSerializer* serializer) {
343 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
344
345 DCHECK(serializer);
346 serializer_.emplace<DataSerializer*>(serializer);
347
348 if (!timer().IsRunning()) {
349 timer().Start(
350 FROM_HERE, commit_interval_,
351 BindOnce(&ImportantFileWriter::DoScheduledWrite, Unretained(this)));
352 }
353 }
354
ScheduleWriteWithBackgroundDataSerializer(BackgroundDataSerializer * serializer)355 void ImportantFileWriter::ScheduleWriteWithBackgroundDataSerializer(
356 BackgroundDataSerializer* serializer) {
357 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
358
359 DCHECK(serializer);
360 serializer_.emplace<BackgroundDataSerializer*>(serializer);
361
362 if (!timer().IsRunning()) {
363 timer().Start(
364 FROM_HERE, commit_interval_,
365 BindOnce(&ImportantFileWriter::DoScheduledWrite, Unretained(this)));
366 }
367 }
368
DoScheduledWrite()369 void ImportantFileWriter::DoScheduledWrite() {
370 // One of the serializers should be set.
371 DCHECK(!absl::holds_alternative<absl::monostate>(serializer_));
372
373 const TimeTicks serialization_start = TimeTicks::Now();
374 BackgroundDataProducerCallback data_producer_for_background_sequence;
375
376 if (absl::holds_alternative<DataSerializer*>(serializer_)) {
377 absl::optional<std::string> data;
378 data = absl::get<DataSerializer*>(serializer_)->SerializeData();
379 if (!data) {
380 DLOG(WARNING) << "Failed to serialize data to be saved in "
381 << path_.value();
382 ClearPendingWrite();
383 return;
384 }
385
386 previous_data_size_ = data->size();
387 data_producer_for_background_sequence = base::BindOnce(
388 [](std::string data) { return absl::make_optional(std::move(data)); },
389 std::move(data).value());
390 } else {
391 data_producer_for_background_sequence =
392 absl::get<BackgroundDataSerializer*>(serializer_)
393 ->GetSerializedDataProducerForBackgroundSequence();
394
395 DCHECK(data_producer_for_background_sequence);
396 }
397
398 const TimeDelta serialization_duration =
399 TimeTicks::Now() - serialization_start;
400
401 UmaHistogramTimesWithSuffix("ImportantFile.SerializationDuration",
402 histogram_suffix_, serialization_duration);
403
404 WriteNowWithBackgroundDataProducer(
405 std::move(data_producer_for_background_sequence));
406 DCHECK(!HasPendingWrite());
407 }
408
RegisterOnNextWriteCallbacks(OnceClosure before_next_write_callback,OnceCallback<void (bool success)> after_next_write_callback)409 void ImportantFileWriter::RegisterOnNextWriteCallbacks(
410 OnceClosure before_next_write_callback,
411 OnceCallback<void(bool success)> after_next_write_callback) {
412 before_next_write_callback_ = std::move(before_next_write_callback);
413 after_next_write_callback_ = std::move(after_next_write_callback);
414 }
415
ClearPendingWrite()416 void ImportantFileWriter::ClearPendingWrite() {
417 timer().Stop();
418 serializer_.emplace<absl::monostate>();
419 }
420
SetTimerForTesting(OneShotTimer * timer_override)421 void ImportantFileWriter::SetTimerForTesting(OneShotTimer* timer_override) {
422 timer_override_ = timer_override;
423 }
424
425 } // namespace base
426