1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/file_path_watcher_inotify.h"
6
7 #include <errno.h>
8 #include <poll.h>
9 #include <stddef.h>
10 #include <string.h>
11 #include <sys/inotify.h>
12 #include <sys/ioctl.h>
13 #include <sys/select.h>
14 #include <unistd.h>
15
16 #include <algorithm>
17 #include <array>
18 #include <fstream>
19 #include <map>
20 #include <memory>
21 #include <optional>
22 #include <set>
23 #include <unordered_map>
24 #include <utility>
25 #include <vector>
26
27 #include "base/containers/contains.h"
28 #include "base/files/file_enumerator.h"
29 #include "base/files/file_path.h"
30 #include "base/files/file_path_watcher.h"
31 #include "base/files/file_util.h"
32 #include "base/functional/bind.h"
33 #include "base/functional/callback_helpers.h"
34 #include "base/lazy_instance.h"
35 #include "base/location.h"
36 #include "base/logging.h"
37 #include "base/memory/ptr_util.h"
38 #include "base/memory/scoped_refptr.h"
39 #include "base/memory/weak_ptr.h"
40 #include "base/posix/eintr_wrapper.h"
41 #include "base/synchronization/lock.h"
42 #include "base/task/sequenced_task_runner.h"
43 #include "base/task/single_thread_task_runner.h"
44 #include "base/threading/platform_thread.h"
45 #include "base/threading/scoped_blocking_call.h"
46 #include "base/trace_event/base_tracing.h"
47 #include "build/build_config.h"
48
49 namespace base {
50
51 namespace {
52
53 #if !BUILDFLAG(IS_FUCHSIA)
54
55 // The /proc path to max_user_watches.
56 constexpr char kInotifyMaxUserWatchesPath[] =
57 "/proc/sys/fs/inotify/max_user_watches";
58
59 // This is a soft limit. If there are more than |kExpectedFilePathWatches|
60 // FilePathWatchers for a user, than they might affect each other's inotify
61 // watchers limit.
62 constexpr size_t kExpectedFilePathWatchers = 16u;
63
64 // The default max inotify watchers limit per user, if reading
65 // /proc/sys/fs/inotify/max_user_watches fails.
66 constexpr size_t kDefaultInotifyMaxUserWatches = 8192u;
67
68 #endif // !BUILDFLAG(IS_FUCHSIA)
69
70 class FilePathWatcherImpl;
71 class InotifyReader;
72
73 // Used by test to override inotify watcher limit.
74 size_t g_override_max_inotify_watches = 0u;
75
ToChangeType(const inotify_event * const event)76 FilePathWatcher::ChangeType ToChangeType(const inotify_event* const event) {
77 // Greedily select the most specific change type. It's possible that multiple
78 // types may apply, so this is ordered by specificity (e.g. "created" may also
79 // imply "modified", but the former is more useful).
80 if (event->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
81 return FilePathWatcher::ChangeType::kMoved;
82 } else if (event->mask & IN_CREATE) {
83 return FilePathWatcher::ChangeType::kCreated;
84 } else if (event->mask & IN_DELETE) {
85 return FilePathWatcher::ChangeType::kDeleted;
86 } else {
87 return FilePathWatcher::ChangeType::kModified;
88 }
89 }
90
91 class InotifyReaderThreadDelegate final : public PlatformThread::Delegate {
92 public:
InotifyReaderThreadDelegate(int inotify_fd)93 explicit InotifyReaderThreadDelegate(int inotify_fd)
94 : inotify_fd_(inotify_fd) {}
95 InotifyReaderThreadDelegate(const InotifyReaderThreadDelegate&) = delete;
96 InotifyReaderThreadDelegate& operator=(const InotifyReaderThreadDelegate&) =
97 delete;
98 ~InotifyReaderThreadDelegate() override = default;
99
100 private:
101 void ThreadMain() override;
102
103 const int inotify_fd_;
104 };
105
106 // Singleton to manage all inotify watches.
107 // TODO(tony): It would be nice if this wasn't a singleton.
108 // http://crbug.com/38174
109 class InotifyReader {
110 public:
111 // Watch descriptor used by AddWatch() and RemoveWatch().
112 #if BUILDFLAG(IS_ANDROID)
113 using Watch = uint32_t;
114 #else
115 using Watch = int;
116 #endif
117
118 // Record of watchers tracked for watch descriptors.
119 struct WatcherEntry {
120 scoped_refptr<SequencedTaskRunner> task_runner;
121 WeakPtr<FilePathWatcherImpl> watcher;
122 };
123
124 static constexpr Watch kInvalidWatch = static_cast<Watch>(-1);
125 static constexpr Watch kWatchLimitExceeded = static_cast<Watch>(-2);
126
127 InotifyReader(const InotifyReader&) = delete;
128 InotifyReader& operator=(const InotifyReader&) = delete;
129
130 // Watch directory |path| for changes. |watcher| will be notified on each
131 // change. Returns |kInvalidWatch| on failure.
132 Watch AddWatch(const FilePath& path, FilePathWatcherImpl* watcher);
133
134 // Remove |watch| if it's valid.
135 void RemoveWatch(Watch watch, FilePathWatcherImpl* watcher);
136
137 // Invoked on "inotify_reader" thread to notify relevant watchers.
138 void OnInotifyEvent(const inotify_event* event);
139
140 // Returns true if any paths are actively being watched.
141 bool HasWatches();
142
143 private:
144 friend struct LazyInstanceTraitsBase<InotifyReader>;
145
146 InotifyReader();
147 // There is no destructor because |g_inotify_reader| is a
148 // base::LazyInstace::Leaky object. Having a destructor causes build
149 // issues with GCC 6 (http://crbug.com/636346).
150
151 // Returns true on successful thread creation.
152 bool StartThread();
153
154 Lock lock_;
155
156 // Tracks which FilePathWatcherImpls to be notified on which watches.
157 // The tracked FilePathWatcherImpl is keyed by raw pointers for fast look up
158 // and mapped to a WatchEntry that is used to safely post a notification.
159 std::unordered_map<Watch, std::map<FilePathWatcherImpl*, WatcherEntry>>
160 watchers_ GUARDED_BY(lock_);
161
162 // File descriptor returned by inotify_init.
163 const int inotify_fd_;
164
165 // Thread delegate for the Inotify thread.
166 InotifyReaderThreadDelegate thread_delegate_;
167
168 // Flag set to true when startup was successful.
169 bool valid_ = false;
170 };
171
172 class FilePathWatcherImpl : public FilePathWatcher::PlatformDelegate {
173 public:
174 FilePathWatcherImpl();
175 FilePathWatcherImpl(const FilePathWatcherImpl&) = delete;
176 FilePathWatcherImpl& operator=(const FilePathWatcherImpl&) = delete;
177 ~FilePathWatcherImpl() override;
178
179 // Called for each event coming from the watch on the original thread.
180 // |fired_watch| identifies the watch that fired, |child| indicates what has
181 // changed, and is relative to the currently watched path for |fired_watch|.
182 //
183 // |change_info| includes information about the change.
184 // |created| is true if the object appears.
185 // |deleted| is true if the object disappears.
186 void OnFilePathChanged(InotifyReader::Watch fired_watch,
187 const FilePath::StringType& child,
188 FilePathWatcher::ChangeInfo change_info,
189 bool created,
190 bool deleted);
191
192 // Returns whether the number of inotify watches of this FilePathWatcherImpl
193 // would exceed the limit if adding one more.
194 bool WouldExceedWatchLimit() const;
195
196 // Returns a WatcherEntry for this, must be called on the original sequence.
197 InotifyReader::WatcherEntry GetWatcherEntry();
198
199 private:
200 // Start watching |path| for changes and notify |delegate| on each change.
201 // Returns true if watch for |path| has been added successfully.
202 bool Watch(const FilePath& path,
203 Type type,
204 const FilePathWatcher::Callback& callback) override;
205
206 // A generalized version. It extends |Type|.
207 bool WatchWithOptions(const FilePath& path,
208 const WatchOptions& flags,
209 const FilePathWatcher::Callback& callback) override;
210
211 bool WatchWithChangeInfo(
212 const FilePath& path,
213 const WatchOptions& options,
214 const FilePathWatcher::CallbackWithChangeInfo& callback) override;
215
216 // Cancel the watch. This unregisters the instance with InotifyReader.
217 void Cancel() override;
218
219 // Inotify watches are installed for all directory components of |target_|.
220 // A WatchEntry instance holds:
221 // - |watch|: the watch descriptor for a component.
222 // - |subdir|: the subdirectory that identifies the next component.
223 // - For the last component, there is no next component, so it is empty.
224 // - |linkname|: the target of the symlink.
225 // - Only if the target being watched is a symbolic link.
226 struct WatchEntry {
WatchEntrybase::__anon2a6cfb250111::FilePathWatcherImpl::WatchEntry227 explicit WatchEntry(const FilePath::StringType& dirname)
228 : watch(InotifyReader::kInvalidWatch), subdir(dirname) {}
229
230 InotifyReader::Watch watch;
231 FilePath::StringType subdir;
232 FilePath::StringType linkname;
233 };
234
235 // Reconfigure to watch for the most specific parent directory of |target_|
236 // that exists. Also calls UpdateRecursiveWatches() below. Returns true if
237 // watch limit is not hit. Otherwise, returns false.
238 [[nodiscard]] bool UpdateWatches();
239
240 // Reconfigure to recursively watch |target_| and all its sub-directories.
241 // - This is a no-op if the watch is not recursive.
242 // - If |target_| does not exist, then clear all the recursive watches.
243 // - Assuming |target_| exists, passing kInvalidWatch as |fired_watch| forces
244 // addition of recursive watches for |target_|.
245 // - Otherwise, only the directory associated with |fired_watch| and its
246 // sub-directories will be reconfigured.
247 // Returns true if watch limit is not hit. Otherwise, returns false.
248 [[nodiscard]] bool UpdateRecursiveWatches(InotifyReader::Watch fired_watch,
249 bool is_dir);
250
251 // Enumerate recursively through |path| and add / update watches.
252 // Returns true if watch limit is not hit. Otherwise, returns false.
253 [[nodiscard]] bool UpdateRecursiveWatchesForPath(const FilePath& path);
254
255 // Do internal bookkeeping to update mappings between |watch| and its
256 // associated full path |path|.
257 void TrackWatchForRecursion(InotifyReader::Watch watch, const FilePath& path);
258
259 // Remove all the recursive watches.
260 void RemoveRecursiveWatches();
261
262 // |path| is a symlink to a non-existent target. Attempt to add a watch to
263 // the link target's parent directory. Update |watch_entry| on success.
264 // Returns true if watch limit is not hit. Otherwise, returns false.
265 [[nodiscard]] bool AddWatchForBrokenSymlink(const FilePath& path,
266 WatchEntry* watch_entry);
267
268 bool HasValidWatchVector() const;
269
270 // Callback to notify upon changes.
271 FilePathWatcher::CallbackWithChangeInfo callback_;
272
273 // The file or directory we're supposed to watch.
274 FilePath target_;
275
276 Type type_ = Type::kNonRecursive;
277 bool report_modified_path_ = false;
278
279 // The vector of watches and next component names for all path components,
280 // starting at the root directory. The last entry corresponds to the watch for
281 // |target_| and always stores an empty next component name in |subdir|.
282 std::vector<WatchEntry> watches_;
283
284 std::unordered_map<InotifyReader::Watch, FilePath> recursive_paths_by_watch_;
285 std::map<FilePath, InotifyReader::Watch> recursive_watches_by_path_;
286
287 WeakPtrFactory<FilePathWatcherImpl> weak_factory_{this};
288 };
289
290 LazyInstance<InotifyReader>::Leaky g_inotify_reader = LAZY_INSTANCE_INITIALIZER;
291
ThreadMain()292 void InotifyReaderThreadDelegate::ThreadMain() {
293 PlatformThread::SetName("inotify_reader");
294
295 std::array<pollfd, 1> fdarray{{{inotify_fd_, POLLIN, 0}}};
296
297 while (true) {
298 // Wait until some inotify events are available.
299 int poll_result = HANDLE_EINTR(poll(fdarray.data(), fdarray.size(), -1));
300 if (poll_result < 0) {
301 DPLOG(WARNING) << "poll failed";
302 return;
303 }
304
305 // Adjust buffer size to current event queue size.
306 int buffer_size;
307 int ioctl_result = HANDLE_EINTR(ioctl(inotify_fd_, FIONREAD, &buffer_size));
308
309 if (ioctl_result != 0 || buffer_size < 0) {
310 DPLOG(WARNING) << "ioctl failed";
311 return;
312 }
313
314 std::vector<char> buffer(static_cast<size_t>(buffer_size));
315
316 ssize_t bytes_read = HANDLE_EINTR(
317 read(inotify_fd_, buffer.data(), static_cast<size_t>(buffer_size)));
318
319 if (bytes_read < 0) {
320 DPLOG(WARNING) << "read from inotify fd failed";
321 return;
322 }
323
324 for (size_t i = 0; i < static_cast<size_t>(bytes_read);) {
325 inotify_event* event = reinterpret_cast<inotify_event*>(&buffer[i]);
326 size_t event_size = sizeof(inotify_event) + event->len;
327 DUMP_WILL_BE_CHECK_LE(i + event_size, static_cast<size_t>(bytes_read));
328 g_inotify_reader.Get().OnInotifyEvent(event);
329 i += event_size;
330 }
331 }
332 }
333
InotifyReader()334 InotifyReader::InotifyReader()
335 : inotify_fd_(inotify_init()), thread_delegate_(inotify_fd_) {
336 if (inotify_fd_ < 0) {
337 PLOG(ERROR) << "inotify_init() failed";
338 return;
339 }
340
341 if (!StartThread())
342 return;
343
344 valid_ = true;
345 }
346
StartThread()347 bool InotifyReader::StartThread() {
348 // This object is LazyInstance::Leaky, so thread_delegate_ will outlive the
349 // thread.
350 return PlatformThread::CreateNonJoinable(0, &thread_delegate_);
351 }
352
AddWatch(const FilePath & path,FilePathWatcherImpl * watcher)353 InotifyReader::Watch InotifyReader::AddWatch(const FilePath& path,
354 FilePathWatcherImpl* watcher) {
355 if (!valid_)
356 return kInvalidWatch;
357
358 if (watcher->WouldExceedWatchLimit())
359 return kWatchLimitExceeded;
360
361 AutoLock auto_lock(lock_);
362
363 ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::WILL_BLOCK);
364 const int watch_int =
365 inotify_add_watch(inotify_fd_, path.value().c_str(),
366 IN_ATTRIB | IN_CREATE | IN_DELETE | IN_CLOSE_WRITE |
367 IN_MOVE | IN_ONLYDIR);
368 if (watch_int == -1)
369 return kInvalidWatch;
370 const Watch watch = static_cast<Watch>(watch_int);
371
372 watchers_[watch].emplace(std::make_pair(watcher, watcher->GetWatcherEntry()));
373
374 return watch;
375 }
376
RemoveWatch(Watch watch,FilePathWatcherImpl * watcher)377 void InotifyReader::RemoveWatch(Watch watch, FilePathWatcherImpl* watcher) {
378 if (!valid_ || (watch == kInvalidWatch))
379 return;
380
381 AutoLock auto_lock(lock_);
382
383 auto watchers_it = watchers_.find(watch);
384 if (watchers_it == watchers_.end())
385 return;
386
387 auto& watcher_map = watchers_it->second;
388 watcher_map.erase(watcher);
389
390 if (watcher_map.empty()) {
391 watchers_.erase(watchers_it);
392
393 ScopedBlockingCall scoped_blocking_call(FROM_HERE,
394 BlockingType::WILL_BLOCK);
395 inotify_rm_watch(inotify_fd_, watch);
396 }
397 }
398
OnInotifyEvent(const inotify_event * event)399 void InotifyReader::OnInotifyEvent(const inotify_event* event) {
400 if (event->mask & IN_IGNORED)
401 return;
402
403 FilePath::StringType child(event->len ? event->name : FILE_PATH_LITERAL(""));
404 AutoLock auto_lock(lock_);
405
406 // In racing conditions, RemoveWatch() could grab `lock_` first and remove
407 // the entry for `event->wd`.
408 auto watchers_it = watchers_.find(static_cast<Watch>(event->wd));
409 if (watchers_it == watchers_.end())
410 return;
411
412 auto& watcher_map = watchers_it->second;
413 for (const auto& entry : watcher_map) {
414 auto& watcher_entry = entry.second;
415
416 FilePathWatcher::ChangeInfo change_info{
417 .file_path_type = event->mask & IN_ISDIR
418 ? FilePathWatcher::FilePathType::kDirectory
419 : FilePathWatcher::FilePathType::kFile,
420 .change_type = ToChangeType(event),
421 .cookie =
422 event->cookie ? std::make_optional(event->cookie) : std::nullopt,
423 };
424 bool created = event->mask & (IN_CREATE | IN_MOVED_TO);
425 bool deleted = event->mask & (IN_DELETE | IN_MOVED_FROM);
426 watcher_entry.task_runner->PostTask(
427 FROM_HERE,
428 BindOnce(&FilePathWatcherImpl::OnFilePathChanged, watcher_entry.watcher,
429 static_cast<Watch>(event->wd), child, std::move(change_info),
430 created, deleted));
431 }
432 }
433
HasWatches()434 bool InotifyReader::HasWatches() {
435 AutoLock auto_lock(lock_);
436
437 return !watchers_.empty();
438 }
439
440 FilePathWatcherImpl::FilePathWatcherImpl() = default;
441
~FilePathWatcherImpl()442 FilePathWatcherImpl::~FilePathWatcherImpl() {
443 DUMP_WILL_BE_CHECK(!task_runner() ||
444 task_runner()->RunsTasksInCurrentSequence());
445 }
446
OnFilePathChanged(InotifyReader::Watch fired_watch,const FilePath::StringType & child,FilePathWatcher::ChangeInfo change_info,bool created,bool deleted)447 void FilePathWatcherImpl::OnFilePathChanged(
448 InotifyReader::Watch fired_watch,
449 const FilePath::StringType& child,
450 FilePathWatcher::ChangeInfo change_info,
451 bool created,
452 bool deleted) {
453 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
454
455 // Check to see if Cancel() has already been called.
456 if (watches_.empty()) {
457 return;
458 }
459
460 DUMP_WILL_BE_CHECK(HasValidWatchVector());
461
462 // Used below to avoid multiple recursive updates.
463 bool did_update = false;
464
465 // Whether kWatchLimitExceeded is encountered during update.
466 bool exceeded_limit = false;
467
468 // Find the entries in |watches_| that correspond to |fired_watch|.
469 for (size_t i = 0; i < watches_.size(); ++i) {
470 const WatchEntry& watch_entry = watches_[i];
471 if (fired_watch != watch_entry.watch)
472 continue;
473
474 // Check whether a path component of |target_| changed.
475 bool change_on_target_path = child.empty() ||
476 (child == watch_entry.linkname) ||
477 (child == watch_entry.subdir);
478
479 // Check if the change references |target_| or a direct child of |target_|.
480 bool target_changed;
481 if (watch_entry.subdir.empty()) {
482 // The fired watch is for a WatchEntry without a subdir. Thus for a given
483 // |target_| = "/path/to/foo", this is for "foo". Here, check either:
484 // - the target has no symlink: it is the target and it changed.
485 // - the target has a symlink, and it matches |child|.
486 target_changed =
487 (watch_entry.linkname.empty() || child == watch_entry.linkname);
488 } else {
489 // The fired watch is for a WatchEntry with a subdir. Thus for a given
490 // |target_| = "/path/to/foo", this is for {"/", "/path", "/path/to"}.
491 // So we can safely access the next WatchEntry since we have not reached
492 // the end yet. Check |watch_entry| is for "/path/to", i.e. the next
493 // element is "foo".
494 bool next_watch_may_be_for_target = watches_[i + 1].subdir.empty();
495 if (next_watch_may_be_for_target) {
496 // The current |watch_entry| is for "/path/to", so check if the |child|
497 // that changed is "foo".
498 target_changed = watch_entry.subdir == child;
499 } else {
500 // The current |watch_entry| is not for "/path/to", so the next entry
501 // cannot be "foo". Thus |target_| has not changed.
502 target_changed = false;
503 }
504 }
505
506 // Update watches if a directory component of the |target_| path
507 // (dis)appears. Note that we don't add the additional restriction of
508 // checking the event mask to see if it is for a directory here as changes
509 // to symlinks on the target path will not have IN_ISDIR set in the event
510 // masks. As a result we may sometimes call UpdateWatches() unnecessarily.
511 if (change_on_target_path && (created || deleted) && !did_update) {
512 if (!UpdateWatches()) {
513 exceeded_limit = true;
514 break;
515 }
516 did_update = true;
517 }
518
519 // Report the following events:
520 // - The target or a direct child of the target got changed (in case the
521 // watched path refers to a directory).
522 // - One of the parent directories got moved or deleted, since the target
523 // disappears in this case.
524 // - One of the parent directories appears. The event corresponding to
525 // the target appearing might have been missed in this case, so recheck.
526 if (target_changed || (change_on_target_path && deleted) ||
527 (change_on_target_path && created && PathExists(target_))) {
528 if (!did_update) {
529 if (!UpdateRecursiveWatches(
530 fired_watch, change_info.file_path_type ==
531 FilePathWatcher::FilePathType::kDirectory)) {
532 exceeded_limit = true;
533 break;
534 }
535 did_update = true;
536 }
537 FilePath modified_path = report_modified_path_ && !change_on_target_path
538 ? target_.Append(child)
539 : target_;
540 callback_.Run(std::move(change_info), modified_path,
541 /*error=*/false); // `this` may be deleted.
542 return;
543 }
544 }
545
546 if (!exceeded_limit && Contains(recursive_paths_by_watch_, fired_watch)) {
547 if (!did_update) {
548 if (!UpdateRecursiveWatches(
549 fired_watch, change_info.file_path_type ==
550 FilePathWatcher::FilePathType::kDirectory)) {
551 exceeded_limit = true;
552 }
553 }
554 if (!exceeded_limit) {
555 FilePath modified_path =
556 report_modified_path_
557 ? recursive_paths_by_watch_[fired_watch].Append(child)
558 : target_;
559 callback_.Run(std::move(change_info), modified_path,
560 /*error=*/false); // `this` may be deleted.
561 return;
562 }
563 }
564
565 if (exceeded_limit) {
566 // Cancels all in-flight events from inotify thread.
567 weak_factory_.InvalidateWeakPtrs();
568
569 // Reset states and cancels all watches.
570 auto callback = callback_;
571 Cancel();
572
573 // Fires the error callback. `this` may be deleted as a result of this call.
574 callback.Run(FilePathWatcher::ChangeInfo(), target_, /*error=*/true);
575 }
576 }
577
WouldExceedWatchLimit() const578 bool FilePathWatcherImpl::WouldExceedWatchLimit() const {
579 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
580
581 // `watches_` contains inotify watches of all dir components of `target_`.
582 // `recursive_paths_by_watch_` contains inotify watches for sub dirs under
583 // `target_` of a Type::kRecursive watcher and keyed by inotify watches.
584 // All inotify watches used by this FilePathWatcherImpl are either in
585 // `watches_` or as a key in `recursive_paths_by_watch_`. As a result, the
586 // two provide a good estimate on the number of inofiy watches used by this
587 // FilePathWatcherImpl.
588 const size_t number_of_inotify_watches =
589 watches_.size() + recursive_paths_by_watch_.size();
590 return number_of_inotify_watches >= GetMaxNumberOfInotifyWatches();
591 }
592
GetWatcherEntry()593 InotifyReader::WatcherEntry FilePathWatcherImpl::GetWatcherEntry() {
594 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
595 return {task_runner(), weak_factory_.GetWeakPtr()};
596 }
597
Watch(const FilePath & path,Type type,const FilePathWatcher::Callback & callback)598 bool FilePathWatcherImpl::Watch(const FilePath& path,
599 Type type,
600 const FilePathWatcher::Callback& callback) {
601 return WatchWithChangeInfo(
602 path, WatchOptions{.type = type},
603 base::IgnoreArgs<const FilePathWatcher::ChangeInfo&>(
604 base::BindRepeating(std::move(callback))));
605 }
606
WatchWithOptions(const FilePath & path,const WatchOptions & options,const FilePathWatcher::Callback & callback)607 bool FilePathWatcherImpl::WatchWithOptions(
608 const FilePath& path,
609 const WatchOptions& options,
610 const FilePathWatcher::Callback& callback) {
611 return WatchWithChangeInfo(
612 path, options,
613 base::IgnoreArgs<const FilePathWatcher::ChangeInfo&>(
614 base::BindRepeating(std::move(callback))));
615 }
616
WatchWithChangeInfo(const FilePath & path,const WatchOptions & options,const FilePathWatcher::CallbackWithChangeInfo & callback)617 bool FilePathWatcherImpl::WatchWithChangeInfo(
618 const FilePath& path,
619 const WatchOptions& options,
620 const FilePathWatcher::CallbackWithChangeInfo& callback) {
621 DUMP_WILL_BE_CHECK(target_.empty());
622
623 set_task_runner(SequencedTaskRunner::GetCurrentDefault());
624 callback_ = callback;
625 target_ = path;
626 type_ = options.type;
627 report_modified_path_ = options.report_modified_path;
628
629 std::vector<FilePath::StringType> comps = target_.GetComponents();
630 DUMP_WILL_BE_CHECK(!comps.empty());
631 for (size_t i = 1; i < comps.size(); ++i) {
632 watches_.emplace_back(comps[i]);
633 }
634 watches_.emplace_back(FilePath::StringType());
635
636 if (!UpdateWatches()) {
637 Cancel();
638 // Note `callback` is not invoked since false is returned.
639 return false;
640 }
641
642 return true;
643 }
644
Cancel()645 void FilePathWatcherImpl::Cancel() {
646 if (!callback_) {
647 // Watch() was never called.
648 set_cancelled();
649 return;
650 }
651
652 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
653 DUMP_WILL_BE_CHECK(!is_cancelled());
654
655 set_cancelled();
656 callback_.Reset();
657
658 for (const auto& watch : watches_)
659 g_inotify_reader.Get().RemoveWatch(watch.watch, this);
660 watches_.clear();
661 target_.clear();
662 RemoveRecursiveWatches();
663 }
664
UpdateWatches()665 bool FilePathWatcherImpl::UpdateWatches() {
666 // Ensure this runs on the task_runner() exclusively in order to avoid
667 // concurrency issues.
668 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
669 DUMP_WILL_BE_CHECK(HasValidWatchVector());
670
671 // Walk the list of watches and update them as we go.
672 FilePath path(FILE_PATH_LITERAL("/"));
673 for (WatchEntry& watch_entry : watches_) {
674 InotifyReader::Watch old_watch = watch_entry.watch;
675 watch_entry.watch = InotifyReader::kInvalidWatch;
676 watch_entry.linkname.clear();
677 watch_entry.watch = g_inotify_reader.Get().AddWatch(path, this);
678 if (watch_entry.watch == InotifyReader::kWatchLimitExceeded)
679 return false;
680 if (watch_entry.watch == InotifyReader::kInvalidWatch) {
681 // Ignore the error code (beyond symlink handling) to attempt to add
682 // watches on accessible children of unreadable directories. Note that
683 // this is a best-effort attempt; we may not catch events in this
684 // scenario.
685 if (IsLink(path)) {
686 if (!AddWatchForBrokenSymlink(path, &watch_entry))
687 return false;
688 }
689 }
690 if (old_watch != watch_entry.watch)
691 g_inotify_reader.Get().RemoveWatch(old_watch, this);
692 path = path.Append(watch_entry.subdir);
693 }
694
695 return UpdateRecursiveWatches(InotifyReader::kInvalidWatch, /*is_dir=*/false);
696 }
697
UpdateRecursiveWatches(InotifyReader::Watch fired_watch,bool is_dir)698 bool FilePathWatcherImpl::UpdateRecursiveWatches(
699 InotifyReader::Watch fired_watch,
700 bool is_dir) {
701 DUMP_WILL_BE_CHECK(HasValidWatchVector());
702
703 if (type_ != Type::kRecursive)
704 return true;
705
706 if (!DirectoryExists(target_)) {
707 RemoveRecursiveWatches();
708 return true;
709 }
710
711 // Check to see if this is a forced update or if some component of |target_|
712 // has changed. For these cases, redo the watches for |target_| and below.
713 if (!Contains(recursive_paths_by_watch_, fired_watch) &&
714 fired_watch != watches_.back().watch) {
715 return UpdateRecursiveWatchesForPath(target_);
716 }
717
718 // Underneath |target_|, only directory changes trigger watch updates.
719 if (!is_dir)
720 return true;
721
722 const FilePath& changed_dir = Contains(recursive_paths_by_watch_, fired_watch)
723 ? recursive_paths_by_watch_[fired_watch]
724 : target_;
725
726 auto start_it = recursive_watches_by_path_.upper_bound(changed_dir);
727 auto end_it = start_it;
728 for (; end_it != recursive_watches_by_path_.end(); ++end_it) {
729 const FilePath& cur_path = end_it->first;
730 if (!changed_dir.IsParent(cur_path))
731 break;
732
733 // There could be a race when another process is changing contents under
734 // `changed_dir` while chrome is watching (e.g. an Android app updating
735 // a dir with Chrome OS file manager open for the dir). In such case,
736 // `cur_dir` under `changed_dir` could exist in this loop but not in
737 // the FileEnumerator loop in the upcoming UpdateRecursiveWatchesForPath(),
738 // As a result, `g_inotify_reader` would have an entry in its `watchers_`
739 // pointing to `this` but `this` is no longer aware of that. Crash in
740 // http://crbug/990004 could happen later.
741 //
742 // Remove the watcher of `cur_path` regardless of whether it exists
743 // or not to keep `this` and `g_inotify_reader` consistent even when the
744 // race happens. The watcher will be added back if `cur_path` exists in
745 // the FileEnumerator loop in UpdateRecursiveWatchesForPath().
746 g_inotify_reader.Get().RemoveWatch(end_it->second, this);
747
748 // Keep it in sync with |recursive_watches_by_path_| crbug.com/995196.
749 recursive_paths_by_watch_.erase(end_it->second);
750 }
751 recursive_watches_by_path_.erase(start_it, end_it);
752
753 // If `changed_dir` does not exist anymore, then there is no need to call
754 // UpdateRecursiveWatchesForPath().
755 if (!DirectoryExists(changed_dir)) {
756 return true;
757 }
758
759 return UpdateRecursiveWatchesForPath(changed_dir);
760 }
761
UpdateRecursiveWatchesForPath(const FilePath & path)762 bool FilePathWatcherImpl::UpdateRecursiveWatchesForPath(const FilePath& path) {
763 DUMP_WILL_BE_CHECK_EQ(type_, Type::kRecursive);
764 DUMP_WILL_BE_CHECK(!path.empty());
765 DUMP_WILL_BE_CHECK(DirectoryExists(path));
766
767 // Note: SHOW_SYM_LINKS exposes symlinks as symlinks, so they are ignored
768 // rather than followed. Following symlinks can easily lead to the undesirable
769 // situation where the entire file system is being watched.
770 FileEnumerator enumerator(
771 path, true /* recursive enumeration */,
772 FileEnumerator::DIRECTORIES | FileEnumerator::SHOW_SYM_LINKS);
773 for (FilePath current = enumerator.Next(); !current.empty();
774 current = enumerator.Next()) {
775 DUMP_WILL_BE_CHECK(enumerator.GetInfo().IsDirectory());
776
777 // Check `recursive_watches_by_path_` as a heuristic to determine if this
778 // needs to be an add or update operation.
779 if (!Contains(recursive_watches_by_path_, current)) {
780 // Try to add new watches.
781 InotifyReader::Watch watch =
782 g_inotify_reader.Get().AddWatch(current, this);
783 if (watch == InotifyReader::kWatchLimitExceeded)
784 return false;
785
786 // The `watch` returned by inotify already exists. This is actually an
787 // update operation.
788 auto it = recursive_paths_by_watch_.find(watch);
789 if (it != recursive_paths_by_watch_.end()) {
790 recursive_watches_by_path_.erase(it->second);
791 recursive_paths_by_watch_.erase(it);
792 }
793 TrackWatchForRecursion(watch, current);
794 } else {
795 // Update existing watches.
796 InotifyReader::Watch old_watch = recursive_watches_by_path_[current];
797 DUMP_WILL_BE_CHECK_NE(InotifyReader::kInvalidWatch, old_watch);
798 InotifyReader::Watch watch =
799 g_inotify_reader.Get().AddWatch(current, this);
800 if (watch == InotifyReader::kWatchLimitExceeded)
801 return false;
802 if (watch != old_watch) {
803 g_inotify_reader.Get().RemoveWatch(old_watch, this);
804 recursive_paths_by_watch_.erase(old_watch);
805 recursive_watches_by_path_.erase(current);
806 TrackWatchForRecursion(watch, current);
807 }
808 }
809 }
810 return true;
811 }
812
TrackWatchForRecursion(InotifyReader::Watch watch,const FilePath & path)813 void FilePathWatcherImpl::TrackWatchForRecursion(InotifyReader::Watch watch,
814 const FilePath& path) {
815 DUMP_WILL_BE_CHECK_EQ(type_, Type::kRecursive);
816 DUMP_WILL_BE_CHECK(!path.empty());
817 DUMP_WILL_BE_CHECK(target_.IsParent(path));
818
819 if (watch == InotifyReader::kInvalidWatch)
820 return;
821
822 DUMP_WILL_BE_CHECK(!Contains(recursive_paths_by_watch_, watch));
823 DUMP_WILL_BE_CHECK(!Contains(recursive_watches_by_path_, path));
824 recursive_paths_by_watch_[watch] = path;
825 recursive_watches_by_path_[path] = watch;
826 }
827
RemoveRecursiveWatches()828 void FilePathWatcherImpl::RemoveRecursiveWatches() {
829 if (type_ != Type::kRecursive)
830 return;
831
832 for (const auto& it : recursive_paths_by_watch_)
833 g_inotify_reader.Get().RemoveWatch(it.first, this);
834
835 recursive_paths_by_watch_.clear();
836 recursive_watches_by_path_.clear();
837 }
838
AddWatchForBrokenSymlink(const FilePath & path,WatchEntry * watch_entry)839 bool FilePathWatcherImpl::AddWatchForBrokenSymlink(const FilePath& path,
840 WatchEntry* watch_entry) {
841 #if BUILDFLAG(IS_FUCHSIA)
842 // Fuchsia does not support symbolic links.
843 return false;
844 #else // BUILDFLAG(IS_FUCHSIA)
845 DUMP_WILL_BE_CHECK_EQ(InotifyReader::kInvalidWatch, watch_entry->watch);
846 std::optional<FilePath> link = ReadSymbolicLinkAbsolute(path);
847 if (!link) {
848 return true;
849 }
850 DUMP_WILL_BE_CHECK(link->IsAbsolute());
851
852 // Try watching symlink target directory. If the link target is "/", then we
853 // shouldn't get here in normal situations and if we do, we'd watch "/" for
854 // changes to a component "/" which is harmless so no special treatment of
855 // this case is required.
856 InotifyReader::Watch watch =
857 g_inotify_reader.Get().AddWatch(link->DirName(), this);
858 if (watch == InotifyReader::kWatchLimitExceeded)
859 return false;
860 if (watch == InotifyReader::kInvalidWatch) {
861 // TODO(craig) Symlinks only work if the parent directory for the target
862 // exist. Ideally we should make sure we've watched all the components of
863 // the symlink path for changes. See crbug.com/91561 for details.
864 DPLOG(WARNING) << "Watch failed for " << link->DirName().value();
865 return true;
866 }
867 watch_entry->watch = watch;
868 watch_entry->linkname = link->BaseName().value();
869 return true;
870 #endif // BUILDFLAG(IS_FUCHSIA)
871 }
872
HasValidWatchVector() const873 bool FilePathWatcherImpl::HasValidWatchVector() const {
874 if (watches_.empty())
875 return false;
876 for (size_t i = 0; i < watches_.size() - 1; ++i) {
877 if (watches_[i].subdir.empty())
878 return false;
879 }
880 return watches_.back().subdir.empty();
881 }
882
883 } // namespace
884
GetMaxNumberOfInotifyWatches()885 size_t GetMaxNumberOfInotifyWatches() {
886 #if BUILDFLAG(IS_FUCHSIA)
887 // Fuchsia has no limit on the number of watches.
888 return std::numeric_limits<int>::max();
889 #else
890 static const size_t max = [] {
891 size_t max_number_of_inotify_watches = 0u;
892
893 std::ifstream in(kInotifyMaxUserWatchesPath);
894 if (!in.is_open() || !(in >> max_number_of_inotify_watches)) {
895 LOG(ERROR) << "Failed to read " << kInotifyMaxUserWatchesPath;
896 return kDefaultInotifyMaxUserWatches / kExpectedFilePathWatchers;
897 }
898
899 return max_number_of_inotify_watches / kExpectedFilePathWatchers;
900 }();
901 return g_override_max_inotify_watches ? g_override_max_inotify_watches : max;
902 #endif // if BUILDFLAG(IS_FUCHSIA)
903 }
904
905 ScopedMaxNumberOfInotifyWatchesOverrideForTest::
ScopedMaxNumberOfInotifyWatchesOverrideForTest(size_t override_max)906 ScopedMaxNumberOfInotifyWatchesOverrideForTest(size_t override_max) {
907 DUMP_WILL_BE_CHECK_EQ(g_override_max_inotify_watches, 0u);
908 g_override_max_inotify_watches = override_max;
909 }
910
911 ScopedMaxNumberOfInotifyWatchesOverrideForTest::
~ScopedMaxNumberOfInotifyWatchesOverrideForTest()912 ~ScopedMaxNumberOfInotifyWatchesOverrideForTest() {
913 g_override_max_inotify_watches = 0u;
914 }
915
FilePathWatcher()916 FilePathWatcher::FilePathWatcher()
917 : FilePathWatcher(std::make_unique<FilePathWatcherImpl>()) {}
918
919 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
920 // Put inside "BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)" because Android
921 // includes file_path_watcher_linux.cc.
922
923 // static
HasWatchesForTest()924 bool FilePathWatcher::HasWatchesForTest() {
925 return g_inotify_reader.Get().HasWatches();
926 }
927 #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
928
929 } // namespace base
930