1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/file_path_watcher_inotify.h"
6
7 #include <errno.h>
8 #include <poll.h>
9 #include <stddef.h>
10 #include <string.h>
11 #include <sys/inotify.h>
12 #include <sys/ioctl.h>
13 #include <sys/select.h>
14 #include <unistd.h>
15
16 #include <algorithm>
17 #include <array>
18 #include <fstream>
19 #include <map>
20 #include <memory>
21 #include <optional>
22 #include <set>
23 #include <unordered_map>
24 #include <utility>
25 #include <vector>
26
27 #include "base/containers/contains.h"
28 #include "base/files/file_enumerator.h"
29 #include "base/files/file_path.h"
30 #include "base/files/file_path_watcher.h"
31 #include "base/files/file_util.h"
32 #include "base/functional/bind.h"
33 #include "base/functional/callback_helpers.h"
34 #include "base/lazy_instance.h"
35 #include "base/location.h"
36 #include "base/logging.h"
37 #include "base/memory/ptr_util.h"
38 #include "base/memory/scoped_refptr.h"
39 #include "base/memory/weak_ptr.h"
40 #include "base/posix/eintr_wrapper.h"
41 #include "base/synchronization/lock.h"
42 #include "base/task/sequenced_task_runner.h"
43 #include "base/task/single_thread_task_runner.h"
44 #include "base/threading/platform_thread.h"
45 #include "base/threading/scoped_blocking_call.h"
46 #include "base/trace_event/base_tracing.h"
47 #include "build/build_config.h"
48
49 namespace base {
50
51 namespace {
52
53 #if !BUILDFLAG(IS_FUCHSIA)
54
55 // The /proc path to max_user_watches.
56 constexpr char kInotifyMaxUserWatchesPath[] =
57 "/proc/sys/fs/inotify/max_user_watches";
58
59 // This is a soft limit. If there are more than |kExpectedFilePathWatches|
60 // FilePathWatchers for a user, than they might affect each other's inotify
61 // watchers limit.
62 constexpr size_t kExpectedFilePathWatchers = 16u;
63
64 // The default max inotify watchers limit per user, if reading
65 // /proc/sys/fs/inotify/max_user_watches fails.
66 constexpr size_t kDefaultInotifyMaxUserWatches = 8192u;
67
68 #endif // !BUILDFLAG(IS_FUCHSIA)
69
70 class FilePathWatcherImpl;
71 class InotifyReader;
72
73 // Used by test to override inotify watcher limit.
74 size_t g_override_max_inotify_watches = 0u;
75
ToChangeType(const inotify_event * const event)76 FilePathWatcher::ChangeType ToChangeType(const inotify_event* const event) {
77 // Greedily select the most specific change type. It's possible that multiple
78 // types may apply, so this is ordered by specificity (e.g. "created" may also
79 // imply "modified", but the former is more useful).
80 if (event->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
81 return FilePathWatcher::ChangeType::kMoved;
82 } else if (event->mask & IN_CREATE) {
83 return FilePathWatcher::ChangeType::kCreated;
84 } else if (event->mask & IN_DELETE) {
85 return FilePathWatcher::ChangeType::kDeleted;
86 } else {
87 return FilePathWatcher::ChangeType::kModified;
88 }
89 }
90
91 class InotifyReaderThreadDelegate final : public PlatformThread::Delegate {
92 public:
InotifyReaderThreadDelegate(int inotify_fd)93 explicit InotifyReaderThreadDelegate(int inotify_fd)
94 : inotify_fd_(inotify_fd) {}
95 InotifyReaderThreadDelegate(const InotifyReaderThreadDelegate&) = delete;
96 InotifyReaderThreadDelegate& operator=(const InotifyReaderThreadDelegate&) =
97 delete;
98 ~InotifyReaderThreadDelegate() override = default;
99
100 private:
101 void ThreadMain() override;
102
103 const int inotify_fd_;
104 };
105
106 // Singleton to manage all inotify watches.
107 // TODO(tony): It would be nice if this wasn't a singleton.
108 // http://crbug.com/38174
109 class InotifyReader {
110 public:
111 // Watch descriptor used by AddWatch() and RemoveWatch().
112 #if BUILDFLAG(IS_ANDROID)
113 using Watch = uint32_t;
114 #else
115 using Watch = int;
116 #endif
117
118 // Record of watchers tracked for watch descriptors.
119 struct WatcherEntry {
120 scoped_refptr<SequencedTaskRunner> task_runner;
121 WeakPtr<FilePathWatcherImpl> watcher;
122 };
123
124 static constexpr Watch kInvalidWatch = static_cast<Watch>(-1);
125 static constexpr Watch kWatchLimitExceeded = static_cast<Watch>(-2);
126
127 InotifyReader(const InotifyReader&) = delete;
128 InotifyReader& operator=(const InotifyReader&) = delete;
129
130 // Watch directory |path| for changes. |watcher| will be notified on each
131 // change. Returns |kInvalidWatch| on failure.
132 Watch AddWatch(const FilePath& path, FilePathWatcherImpl* watcher);
133
134 // Remove |watch| if it's valid.
135 void RemoveWatch(Watch watch, FilePathWatcherImpl* watcher);
136
137 // Invoked on "inotify_reader" thread to notify relevant watchers.
138 void OnInotifyEvent(const inotify_event* event);
139
140 // Returns true if any paths are actively being watched.
141 bool HasWatches();
142
143 private:
144 friend struct LazyInstanceTraitsBase<InotifyReader>;
145
146 InotifyReader();
147 // There is no destructor because |g_inotify_reader| is a
148 // base::LazyInstace::Leaky object. Having a destructor causes build
149 // issues with GCC 6 (http://crbug.com/636346).
150
151 // Returns true on successful thread creation.
152 bool StartThread();
153
154 Lock lock_;
155
156 // Tracks which FilePathWatcherImpls to be notified on which watches.
157 // The tracked FilePathWatcherImpl is keyed by raw pointers for fast look up
158 // and mapped to a WatchEntry that is used to safely post a notification.
159 std::unordered_map<Watch, std::map<FilePathWatcherImpl*, WatcherEntry>>
160 watchers_ GUARDED_BY(lock_);
161
162 // File descriptor returned by inotify_init.
163 const int inotify_fd_;
164
165 // Thread delegate for the Inotify thread.
166 InotifyReaderThreadDelegate thread_delegate_;
167
168 // Flag set to true when startup was successful.
169 bool valid_ = false;
170 };
171
172 class FilePathWatcherImpl : public FilePathWatcher::PlatformDelegate {
173 public:
174 FilePathWatcherImpl();
175 FilePathWatcherImpl(const FilePathWatcherImpl&) = delete;
176 FilePathWatcherImpl& operator=(const FilePathWatcherImpl&) = delete;
177 ~FilePathWatcherImpl() override;
178
179 // Called for each event coming from the watch on the original thread.
180 // |fired_watch| identifies the watch that fired, |child| indicates what has
181 // changed, and is relative to the currently watched path for |fired_watch|.
182 //
183 // |change_info| includes information about the change.
184 // |created| is true if the object appears.
185 // |deleted| is true if the object disappears.
186 void OnFilePathChanged(InotifyReader::Watch fired_watch,
187 const FilePath::StringType& child,
188 FilePathWatcher::ChangeInfo change_info,
189 bool created,
190 bool deleted);
191
192 // Returns whether the number of inotify watches of this FilePathWatcherImpl
193 // would exceed the limit if adding one more.
194 bool WouldExceedWatchLimit() const;
195
196 // Returns a WatcherEntry for this, must be called on the original sequence.
197 InotifyReader::WatcherEntry GetWatcherEntry();
198
199 private:
200 // Start watching |path| for changes and notify |delegate| on each change.
201 // Returns true if watch for |path| has been added successfully.
202 bool Watch(const FilePath& path,
203 Type type,
204 const FilePathWatcher::Callback& callback) override;
205
206 // A generalized version. It extends |Type|.
207 bool WatchWithOptions(const FilePath& path,
208 const WatchOptions& flags,
209 const FilePathWatcher::Callback& callback) override;
210
211 bool WatchWithChangeInfo(
212 const FilePath& path,
213 const WatchOptions& options,
214 const FilePathWatcher::CallbackWithChangeInfo& callback) override;
215
216 // Cancel the watch. This unregisters the instance with InotifyReader.
217 void Cancel() override;
218
219 // Inotify watches are installed for all directory components of |target_|.
220 // A WatchEntry instance holds:
221 // - |watch|: the watch descriptor for a component.
222 // - |subdir|: the subdirectory that identifies the next component.
223 // - For the last component, there is no next component, so it is empty.
224 // - |linkname|: the target of the symlink.
225 // - Only if the target being watched is a symbolic link.
226 struct WatchEntry {
WatchEntrybase::__anone35f38bb0111::FilePathWatcherImpl::WatchEntry227 explicit WatchEntry(const FilePath::StringType& dirname)
228 : watch(InotifyReader::kInvalidWatch), subdir(dirname) {}
229
230 InotifyReader::Watch watch;
231 FilePath::StringType subdir;
232 FilePath::StringType linkname;
233 };
234
235 // Reconfigure to watch for the most specific parent directory of |target_|
236 // that exists. Also calls UpdateRecursiveWatches() below. Returns true if
237 // watch limit is not hit. Otherwise, returns false.
238 [[nodiscard]] bool UpdateWatches();
239
240 // Reconfigure to recursively watch |target_| and all its sub-directories.
241 // - This is a no-op if the watch is not recursive.
242 // - If |target_| does not exist, then clear all the recursive watches.
243 // - Assuming |target_| exists, passing kInvalidWatch as |fired_watch| forces
244 // addition of recursive watches for |target_|.
245 // - Otherwise, only the directory associated with |fired_watch| and its
246 // sub-directories will be reconfigured.
247 // Returns true if watch limit is not hit. Otherwise, returns false.
248 [[nodiscard]] bool UpdateRecursiveWatches(InotifyReader::Watch fired_watch,
249 bool is_dir);
250
251 // Enumerate recursively through |path| and add / update watches.
252 // Returns true if watch limit is not hit. Otherwise, returns false.
253 [[nodiscard]] bool UpdateRecursiveWatchesForPath(const FilePath& path);
254
255 // Do internal bookkeeping to update mappings between |watch| and its
256 // associated full path |path|.
257 void TrackWatchForRecursion(InotifyReader::Watch watch, const FilePath& path);
258
259 // Remove all the recursive watches.
260 void RemoveRecursiveWatches();
261
262 // |path| is a symlink to a non-existent target. Attempt to add a watch to
263 // the link target's parent directory. Update |watch_entry| on success.
264 // Returns true if watch limit is not hit. Otherwise, returns false.
265 [[nodiscard]] bool AddWatchForBrokenSymlink(const FilePath& path,
266 WatchEntry* watch_entry);
267
268 bool HasValidWatchVector() const;
269
270 // Callback to notify upon changes.
271 FilePathWatcher::CallbackWithChangeInfo callback_;
272
273 // The file or directory we're supposed to watch.
274 FilePath target_;
275
276 Type type_ = Type::kNonRecursive;
277 bool report_modified_path_ = false;
278
279 // The vector of watches and next component names for all path components,
280 // starting at the root directory. The last entry corresponds to the watch for
281 // |target_| and always stores an empty next component name in |subdir|.
282 std::vector<WatchEntry> watches_;
283
284 std::unordered_map<InotifyReader::Watch, FilePath> recursive_paths_by_watch_;
285 std::map<FilePath, InotifyReader::Watch> recursive_watches_by_path_;
286
287 WeakPtrFactory<FilePathWatcherImpl> weak_factory_{this};
288 };
289
290 LazyInstance<InotifyReader>::Leaky g_inotify_reader = LAZY_INSTANCE_INITIALIZER;
291
ThreadMain()292 void InotifyReaderThreadDelegate::ThreadMain() {
293 PlatformThread::SetName("inotify_reader");
294
295 std::array<pollfd, 1> fdarray{{{inotify_fd_, POLLIN, 0}}};
296
297 while (true) {
298 // Wait until some inotify events are available.
299 int poll_result = HANDLE_EINTR(poll(fdarray.data(), fdarray.size(), -1));
300 if (poll_result < 0) {
301 DPLOG(WARNING) << "poll failed";
302 return;
303 }
304
305 // Adjust buffer size to current event queue size.
306 int buffer_size;
307 int ioctl_result = HANDLE_EINTR(ioctl(inotify_fd_, FIONREAD, &buffer_size));
308
309 if (ioctl_result != 0 || buffer_size < 0) {
310 DPLOG(WARNING) << "ioctl failed";
311 return;
312 }
313
314 std::vector<char> buffer(static_cast<size_t>(buffer_size));
315
316 ssize_t bytes_read = HANDLE_EINTR(
317 read(inotify_fd_, buffer.data(), static_cast<size_t>(buffer_size)));
318
319 if (bytes_read < 0) {
320 DPLOG(WARNING) << "read from inotify fd failed";
321 return;
322 }
323
324 for (size_t i = 0; i < static_cast<size_t>(bytes_read);) {
325 inotify_event* event = reinterpret_cast<inotify_event*>(&buffer[i]);
326 size_t event_size = sizeof(inotify_event) + event->len;
327 DUMP_WILL_BE_CHECK_LE(i + event_size, static_cast<size_t>(bytes_read));
328 g_inotify_reader.Get().OnInotifyEvent(event);
329 i += event_size;
330 }
331 }
332 }
333
InotifyReader()334 InotifyReader::InotifyReader()
335 : inotify_fd_(inotify_init()), thread_delegate_(inotify_fd_) {
336 if (inotify_fd_ < 0) {
337 PLOG(ERROR) << "inotify_init() failed";
338 return;
339 }
340
341 if (!StartThread())
342 return;
343
344 valid_ = true;
345 }
346
StartThread()347 bool InotifyReader::StartThread() {
348 // This object is LazyInstance::Leaky, so thread_delegate_ will outlive the
349 // thread.
350 return PlatformThread::CreateNonJoinable(0, &thread_delegate_);
351 }
352
AddWatch(const FilePath & path,FilePathWatcherImpl * watcher)353 InotifyReader::Watch InotifyReader::AddWatch(const FilePath& path,
354 FilePathWatcherImpl* watcher) {
355 if (!valid_)
356 return kInvalidWatch;
357
358 if (watcher->WouldExceedWatchLimit())
359 return kWatchLimitExceeded;
360
361 AutoLock auto_lock(lock_);
362
363 ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::WILL_BLOCK);
364 const int watch_int =
365 inotify_add_watch(inotify_fd_, path.value().c_str(),
366 IN_ATTRIB | IN_CREATE | IN_DELETE | IN_CLOSE_WRITE |
367 IN_MOVE | IN_ONLYDIR);
368 if (watch_int == -1)
369 return kInvalidWatch;
370 const Watch watch = static_cast<Watch>(watch_int);
371
372 watchers_[watch].emplace(std::make_pair(watcher, watcher->GetWatcherEntry()));
373
374 return watch;
375 }
376
RemoveWatch(Watch watch,FilePathWatcherImpl * watcher)377 void InotifyReader::RemoveWatch(Watch watch, FilePathWatcherImpl* watcher) {
378 if (!valid_ || (watch == kInvalidWatch))
379 return;
380
381 AutoLock auto_lock(lock_);
382
383 auto watchers_it = watchers_.find(watch);
384 if (watchers_it == watchers_.end())
385 return;
386
387 auto& watcher_map = watchers_it->second;
388 watcher_map.erase(watcher);
389
390 if (watcher_map.empty()) {
391 watchers_.erase(watchers_it);
392
393 ScopedBlockingCall scoped_blocking_call(FROM_HERE,
394 BlockingType::WILL_BLOCK);
395 inotify_rm_watch(inotify_fd_, watch);
396 }
397 }
398
OnInotifyEvent(const inotify_event * event)399 void InotifyReader::OnInotifyEvent(const inotify_event* event) {
400 if (event->mask & IN_IGNORED)
401 return;
402
403 FilePath::StringType child(event->len ? event->name : FILE_PATH_LITERAL(""));
404 AutoLock auto_lock(lock_);
405
406 // In racing conditions, RemoveWatch() could grab `lock_` first and remove
407 // the entry for `event->wd`.
408 auto watchers_it = watchers_.find(static_cast<Watch>(event->wd));
409 if (watchers_it == watchers_.end())
410 return;
411
412 auto& watcher_map = watchers_it->second;
413 for (const auto& entry : watcher_map) {
414 auto& watcher_entry = entry.second;
415
416 FilePathWatcher::ChangeInfo change_info{
417 .file_path_type = event->mask & IN_ISDIR
418 ? FilePathWatcher::FilePathType::kDirectory
419 : FilePathWatcher::FilePathType::kFile,
420 .change_type = ToChangeType(event),
421 .cookie =
422 event->cookie ? std::make_optional(event->cookie) : std::nullopt,
423 };
424 bool created = event->mask & (IN_CREATE | IN_MOVED_TO);
425 bool deleted = event->mask & (IN_DELETE | IN_MOVED_FROM);
426 watcher_entry.task_runner->PostTask(
427 FROM_HERE,
428 BindOnce(&FilePathWatcherImpl::OnFilePathChanged, watcher_entry.watcher,
429 static_cast<Watch>(event->wd), child, std::move(change_info),
430 created, deleted));
431 }
432 }
433
HasWatches()434 bool InotifyReader::HasWatches() {
435 AutoLock auto_lock(lock_);
436
437 return !watchers_.empty();
438 }
439
440 FilePathWatcherImpl::FilePathWatcherImpl() = default;
441
~FilePathWatcherImpl()442 FilePathWatcherImpl::~FilePathWatcherImpl() {
443 DUMP_WILL_BE_CHECK(!task_runner() ||
444 task_runner()->RunsTasksInCurrentSequence());
445 }
446
OnFilePathChanged(InotifyReader::Watch fired_watch,const FilePath::StringType & child,FilePathWatcher::ChangeInfo change_info,bool created,bool deleted)447 void FilePathWatcherImpl::OnFilePathChanged(
448 InotifyReader::Watch fired_watch,
449 const FilePath::StringType& child,
450 FilePathWatcher::ChangeInfo change_info,
451 bool created,
452 bool deleted) {
453 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
454 DUMP_WILL_BE_CHECK(!watches_.empty());
455 DUMP_WILL_BE_CHECK(HasValidWatchVector());
456
457 // Used below to avoid multiple recursive updates.
458 bool did_update = false;
459
460 // Whether kWatchLimitExceeded is encountered during update.
461 bool exceeded_limit = false;
462
463 // Find the entries in |watches_| that correspond to |fired_watch|.
464 for (size_t i = 0; i < watches_.size(); ++i) {
465 const WatchEntry& watch_entry = watches_[i];
466 if (fired_watch != watch_entry.watch)
467 continue;
468
469 // Check whether a path component of |target_| changed.
470 bool change_on_target_path = child.empty() ||
471 (child == watch_entry.linkname) ||
472 (child == watch_entry.subdir);
473
474 // Check if the change references |target_| or a direct child of |target_|.
475 bool target_changed;
476 if (watch_entry.subdir.empty()) {
477 // The fired watch is for a WatchEntry without a subdir. Thus for a given
478 // |target_| = "/path/to/foo", this is for "foo". Here, check either:
479 // - the target has no symlink: it is the target and it changed.
480 // - the target has a symlink, and it matches |child|.
481 target_changed =
482 (watch_entry.linkname.empty() || child == watch_entry.linkname);
483 } else {
484 // The fired watch is for a WatchEntry with a subdir. Thus for a given
485 // |target_| = "/path/to/foo", this is for {"/", "/path", "/path/to"}.
486 // So we can safely access the next WatchEntry since we have not reached
487 // the end yet. Check |watch_entry| is for "/path/to", i.e. the next
488 // element is "foo".
489 bool next_watch_may_be_for_target = watches_[i + 1].subdir.empty();
490 if (next_watch_may_be_for_target) {
491 // The current |watch_entry| is for "/path/to", so check if the |child|
492 // that changed is "foo".
493 target_changed = watch_entry.subdir == child;
494 } else {
495 // The current |watch_entry| is not for "/path/to", so the next entry
496 // cannot be "foo". Thus |target_| has not changed.
497 target_changed = false;
498 }
499 }
500
501 // Update watches if a directory component of the |target_| path
502 // (dis)appears. Note that we don't add the additional restriction of
503 // checking the event mask to see if it is for a directory here as changes
504 // to symlinks on the target path will not have IN_ISDIR set in the event
505 // masks. As a result we may sometimes call UpdateWatches() unnecessarily.
506 if (change_on_target_path && (created || deleted) && !did_update) {
507 if (!UpdateWatches()) {
508 exceeded_limit = true;
509 break;
510 }
511 did_update = true;
512 }
513
514 // Report the following events:
515 // - The target or a direct child of the target got changed (in case the
516 // watched path refers to a directory).
517 // - One of the parent directories got moved or deleted, since the target
518 // disappears in this case.
519 // - One of the parent directories appears. The event corresponding to
520 // the target appearing might have been missed in this case, so recheck.
521 if (target_changed || (change_on_target_path && deleted) ||
522 (change_on_target_path && created && PathExists(target_))) {
523 if (!did_update) {
524 if (!UpdateRecursiveWatches(
525 fired_watch, change_info.file_path_type ==
526 FilePathWatcher::FilePathType::kDirectory)) {
527 exceeded_limit = true;
528 break;
529 }
530 did_update = true;
531 }
532 FilePath modified_path = report_modified_path_ && !change_on_target_path
533 ? target_.Append(child)
534 : target_;
535 callback_.Run(std::move(change_info), modified_path,
536 /*error=*/false); // `this` may be deleted.
537 return;
538 }
539 }
540
541 if (!exceeded_limit && Contains(recursive_paths_by_watch_, fired_watch)) {
542 if (!did_update) {
543 if (!UpdateRecursiveWatches(
544 fired_watch, change_info.file_path_type ==
545 FilePathWatcher::FilePathType::kDirectory)) {
546 exceeded_limit = true;
547 }
548 }
549 if (!exceeded_limit) {
550 FilePath modified_path =
551 report_modified_path_
552 ? recursive_paths_by_watch_[fired_watch].Append(child)
553 : target_;
554 callback_.Run(std::move(change_info), modified_path,
555 /*error=*/false); // `this` may be deleted.
556 return;
557 }
558 }
559
560 if (exceeded_limit) {
561 // Cancels all in-flight events from inotify thread.
562 weak_factory_.InvalidateWeakPtrs();
563
564 // Reset states and cancels all watches.
565 auto callback = callback_;
566 Cancel();
567
568 // Fires the error callback. `this` may be deleted as a result of this call.
569 callback.Run(FilePathWatcher::ChangeInfo(), target_, /*error=*/true);
570 }
571 }
572
WouldExceedWatchLimit() const573 bool FilePathWatcherImpl::WouldExceedWatchLimit() const {
574 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
575
576 // `watches_` contains inotify watches of all dir components of `target_`.
577 // `recursive_paths_by_watch_` contains inotify watches for sub dirs under
578 // `target_` of a Type::kRecursive watcher and keyed by inotify watches.
579 // All inotify watches used by this FilePathWatcherImpl are either in
580 // `watches_` or as a key in `recursive_paths_by_watch_`. As a result, the
581 // two provide a good estimate on the number of inofiy watches used by this
582 // FilePathWatcherImpl.
583 const size_t number_of_inotify_watches =
584 watches_.size() + recursive_paths_by_watch_.size();
585 return number_of_inotify_watches >= GetMaxNumberOfInotifyWatches();
586 }
587
GetWatcherEntry()588 InotifyReader::WatcherEntry FilePathWatcherImpl::GetWatcherEntry() {
589 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
590 return {task_runner(), weak_factory_.GetWeakPtr()};
591 }
592
Watch(const FilePath & path,Type type,const FilePathWatcher::Callback & callback)593 bool FilePathWatcherImpl::Watch(const FilePath& path,
594 Type type,
595 const FilePathWatcher::Callback& callback) {
596 return WatchWithChangeInfo(
597 path, WatchOptions{.type = type},
598 base::IgnoreArgs<const FilePathWatcher::ChangeInfo&>(
599 base::BindRepeating(std::move(callback))));
600 }
601
WatchWithOptions(const FilePath & path,const WatchOptions & options,const FilePathWatcher::Callback & callback)602 bool FilePathWatcherImpl::WatchWithOptions(
603 const FilePath& path,
604 const WatchOptions& options,
605 const FilePathWatcher::Callback& callback) {
606 return WatchWithChangeInfo(
607 path, options,
608 base::IgnoreArgs<const FilePathWatcher::ChangeInfo&>(
609 base::BindRepeating(std::move(callback))));
610 }
611
WatchWithChangeInfo(const FilePath & path,const WatchOptions & options,const FilePathWatcher::CallbackWithChangeInfo & callback)612 bool FilePathWatcherImpl::WatchWithChangeInfo(
613 const FilePath& path,
614 const WatchOptions& options,
615 const FilePathWatcher::CallbackWithChangeInfo& callback) {
616 DUMP_WILL_BE_CHECK(target_.empty());
617
618 set_task_runner(SequencedTaskRunner::GetCurrentDefault());
619 callback_ = callback;
620 target_ = path;
621 type_ = options.type;
622 report_modified_path_ = options.report_modified_path;
623
624 std::vector<FilePath::StringType> comps = target_.GetComponents();
625 DUMP_WILL_BE_CHECK(!comps.empty());
626 for (size_t i = 1; i < comps.size(); ++i) {
627 watches_.emplace_back(comps[i]);
628 }
629 watches_.emplace_back(FilePath::StringType());
630
631 if (!UpdateWatches()) {
632 Cancel();
633 // Note `callback` is not invoked since false is returned.
634 return false;
635 }
636
637 return true;
638 }
639
Cancel()640 void FilePathWatcherImpl::Cancel() {
641 if (!callback_) {
642 // Watch() was never called.
643 set_cancelled();
644 return;
645 }
646
647 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
648 DUMP_WILL_BE_CHECK(!is_cancelled());
649
650 set_cancelled();
651 callback_.Reset();
652
653 for (const auto& watch : watches_)
654 g_inotify_reader.Get().RemoveWatch(watch.watch, this);
655 watches_.clear();
656 target_.clear();
657 RemoveRecursiveWatches();
658 }
659
UpdateWatches()660 bool FilePathWatcherImpl::UpdateWatches() {
661 // Ensure this runs on the task_runner() exclusively in order to avoid
662 // concurrency issues.
663 DUMP_WILL_BE_CHECK(task_runner()->RunsTasksInCurrentSequence());
664 DUMP_WILL_BE_CHECK(HasValidWatchVector());
665
666 // Walk the list of watches and update them as we go.
667 FilePath path(FILE_PATH_LITERAL("/"));
668 for (WatchEntry& watch_entry : watches_) {
669 InotifyReader::Watch old_watch = watch_entry.watch;
670 watch_entry.watch = InotifyReader::kInvalidWatch;
671 watch_entry.linkname.clear();
672 watch_entry.watch = g_inotify_reader.Get().AddWatch(path, this);
673 if (watch_entry.watch == InotifyReader::kWatchLimitExceeded)
674 return false;
675 if (watch_entry.watch == InotifyReader::kInvalidWatch) {
676 // Ignore the error code (beyond symlink handling) to attempt to add
677 // watches on accessible children of unreadable directories. Note that
678 // this is a best-effort attempt; we may not catch events in this
679 // scenario.
680 if (IsLink(path)) {
681 if (!AddWatchForBrokenSymlink(path, &watch_entry))
682 return false;
683 }
684 }
685 if (old_watch != watch_entry.watch)
686 g_inotify_reader.Get().RemoveWatch(old_watch, this);
687 path = path.Append(watch_entry.subdir);
688 }
689
690 return UpdateRecursiveWatches(InotifyReader::kInvalidWatch, /*is_dir=*/false);
691 }
692
UpdateRecursiveWatches(InotifyReader::Watch fired_watch,bool is_dir)693 bool FilePathWatcherImpl::UpdateRecursiveWatches(
694 InotifyReader::Watch fired_watch,
695 bool is_dir) {
696 DUMP_WILL_BE_CHECK(HasValidWatchVector());
697
698 if (type_ != Type::kRecursive)
699 return true;
700
701 if (!DirectoryExists(target_)) {
702 RemoveRecursiveWatches();
703 return true;
704 }
705
706 // Check to see if this is a forced update or if some component of |target_|
707 // has changed. For these cases, redo the watches for |target_| and below.
708 if (!Contains(recursive_paths_by_watch_, fired_watch) &&
709 fired_watch != watches_.back().watch) {
710 return UpdateRecursiveWatchesForPath(target_);
711 }
712
713 // Underneath |target_|, only directory changes trigger watch updates.
714 if (!is_dir)
715 return true;
716
717 const FilePath& changed_dir = Contains(recursive_paths_by_watch_, fired_watch)
718 ? recursive_paths_by_watch_[fired_watch]
719 : target_;
720
721 auto start_it = recursive_watches_by_path_.upper_bound(changed_dir);
722 auto end_it = start_it;
723 for (; end_it != recursive_watches_by_path_.end(); ++end_it) {
724 const FilePath& cur_path = end_it->first;
725 if (!changed_dir.IsParent(cur_path))
726 break;
727
728 // There could be a race when another process is changing contents under
729 // `changed_dir` while chrome is watching (e.g. an Android app updating
730 // a dir with Chrome OS file manager open for the dir). In such case,
731 // `cur_dir` under `changed_dir` could exist in this loop but not in
732 // the FileEnumerator loop in the upcoming UpdateRecursiveWatchesForPath(),
733 // As a result, `g_inotify_reader` would have an entry in its `watchers_`
734 // pointing to `this` but `this` is no longer aware of that. Crash in
735 // http://crbug/990004 could happen later.
736 //
737 // Remove the watcher of `cur_path` regardless of whether it exists
738 // or not to keep `this` and `g_inotify_reader` consistent even when the
739 // race happens. The watcher will be added back if `cur_path` exists in
740 // the FileEnumerator loop in UpdateRecursiveWatchesForPath().
741 g_inotify_reader.Get().RemoveWatch(end_it->second, this);
742
743 // Keep it in sync with |recursive_watches_by_path_| crbug.com/995196.
744 recursive_paths_by_watch_.erase(end_it->second);
745 }
746 recursive_watches_by_path_.erase(start_it, end_it);
747
748 // If `changed_dir` does not exist anymore, then there is no need to call
749 // UpdateRecursiveWatchesForPath().
750 if (!DirectoryExists(changed_dir)) {
751 return true;
752 }
753
754 return UpdateRecursiveWatchesForPath(changed_dir);
755 }
756
UpdateRecursiveWatchesForPath(const FilePath & path)757 bool FilePathWatcherImpl::UpdateRecursiveWatchesForPath(const FilePath& path) {
758 DUMP_WILL_BE_CHECK_EQ(type_, Type::kRecursive);
759 DUMP_WILL_BE_CHECK(!path.empty());
760 DUMP_WILL_BE_CHECK(DirectoryExists(path));
761
762 // Note: SHOW_SYM_LINKS exposes symlinks as symlinks, so they are ignored
763 // rather than followed. Following symlinks can easily lead to the undesirable
764 // situation where the entire file system is being watched.
765 FileEnumerator enumerator(
766 path, true /* recursive enumeration */,
767 FileEnumerator::DIRECTORIES | FileEnumerator::SHOW_SYM_LINKS);
768 for (FilePath current = enumerator.Next(); !current.empty();
769 current = enumerator.Next()) {
770 DUMP_WILL_BE_CHECK(enumerator.GetInfo().IsDirectory());
771
772 // Check `recursive_watches_by_path_` as a heuristic to determine if this
773 // needs to be an add or update operation.
774 if (!Contains(recursive_watches_by_path_, current)) {
775 // Try to add new watches.
776 InotifyReader::Watch watch =
777 g_inotify_reader.Get().AddWatch(current, this);
778 if (watch == InotifyReader::kWatchLimitExceeded)
779 return false;
780
781 // The `watch` returned by inotify already exists. This is actually an
782 // update operation.
783 auto it = recursive_paths_by_watch_.find(watch);
784 if (it != recursive_paths_by_watch_.end()) {
785 recursive_watches_by_path_.erase(it->second);
786 recursive_paths_by_watch_.erase(it);
787 }
788 TrackWatchForRecursion(watch, current);
789 } else {
790 // Update existing watches.
791 InotifyReader::Watch old_watch = recursive_watches_by_path_[current];
792 DUMP_WILL_BE_CHECK_NE(InotifyReader::kInvalidWatch, old_watch);
793 InotifyReader::Watch watch =
794 g_inotify_reader.Get().AddWatch(current, this);
795 if (watch == InotifyReader::kWatchLimitExceeded)
796 return false;
797 if (watch != old_watch) {
798 g_inotify_reader.Get().RemoveWatch(old_watch, this);
799 recursive_paths_by_watch_.erase(old_watch);
800 recursive_watches_by_path_.erase(current);
801 TrackWatchForRecursion(watch, current);
802 }
803 }
804 }
805 return true;
806 }
807
TrackWatchForRecursion(InotifyReader::Watch watch,const FilePath & path)808 void FilePathWatcherImpl::TrackWatchForRecursion(InotifyReader::Watch watch,
809 const FilePath& path) {
810 DUMP_WILL_BE_CHECK_EQ(type_, Type::kRecursive);
811 DUMP_WILL_BE_CHECK(!path.empty());
812 DUMP_WILL_BE_CHECK(target_.IsParent(path));
813
814 if (watch == InotifyReader::kInvalidWatch)
815 return;
816
817 DUMP_WILL_BE_CHECK(!Contains(recursive_paths_by_watch_, watch));
818 DUMP_WILL_BE_CHECK(!Contains(recursive_watches_by_path_, path));
819 recursive_paths_by_watch_[watch] = path;
820 recursive_watches_by_path_[path] = watch;
821 }
822
RemoveRecursiveWatches()823 void FilePathWatcherImpl::RemoveRecursiveWatches() {
824 if (type_ != Type::kRecursive)
825 return;
826
827 for (const auto& it : recursive_paths_by_watch_)
828 g_inotify_reader.Get().RemoveWatch(it.first, this);
829
830 recursive_paths_by_watch_.clear();
831 recursive_watches_by_path_.clear();
832 }
833
AddWatchForBrokenSymlink(const FilePath & path,WatchEntry * watch_entry)834 bool FilePathWatcherImpl::AddWatchForBrokenSymlink(const FilePath& path,
835 WatchEntry* watch_entry) {
836 #if BUILDFLAG(IS_FUCHSIA)
837 // Fuchsia does not support symbolic links.
838 return false;
839 #else // BUILDFLAG(IS_FUCHSIA)
840 DUMP_WILL_BE_CHECK_EQ(InotifyReader::kInvalidWatch, watch_entry->watch);
841 std::optional<FilePath> link = ReadSymbolicLinkAbsolute(path);
842 if (!link) {
843 return true;
844 }
845 DUMP_WILL_BE_CHECK(link->IsAbsolute());
846
847 // Try watching symlink target directory. If the link target is "/", then we
848 // shouldn't get here in normal situations and if we do, we'd watch "/" for
849 // changes to a component "/" which is harmless so no special treatment of
850 // this case is required.
851 InotifyReader::Watch watch =
852 g_inotify_reader.Get().AddWatch(link->DirName(), this);
853 if (watch == InotifyReader::kWatchLimitExceeded)
854 return false;
855 if (watch == InotifyReader::kInvalidWatch) {
856 // TODO(craig) Symlinks only work if the parent directory for the target
857 // exist. Ideally we should make sure we've watched all the components of
858 // the symlink path for changes. See crbug.com/91561 for details.
859 DPLOG(WARNING) << "Watch failed for " << link->DirName().value();
860 return true;
861 }
862 watch_entry->watch = watch;
863 watch_entry->linkname = link->BaseName().value();
864 return true;
865 #endif // BUILDFLAG(IS_FUCHSIA)
866 }
867
HasValidWatchVector() const868 bool FilePathWatcherImpl::HasValidWatchVector() const {
869 if (watches_.empty())
870 return false;
871 for (size_t i = 0; i < watches_.size() - 1; ++i) {
872 if (watches_[i].subdir.empty())
873 return false;
874 }
875 return watches_.back().subdir.empty();
876 }
877
878 } // namespace
879
GetMaxNumberOfInotifyWatches()880 size_t GetMaxNumberOfInotifyWatches() {
881 #if BUILDFLAG(IS_FUCHSIA)
882 // Fuchsia has no limit on the number of watches.
883 return std::numeric_limits<int>::max();
884 #else
885 static const size_t max = []() {
886 size_t max_number_of_inotify_watches = 0u;
887
888 std::ifstream in(kInotifyMaxUserWatchesPath);
889 if (!in.is_open() || !(in >> max_number_of_inotify_watches)) {
890 LOG(ERROR) << "Failed to read " << kInotifyMaxUserWatchesPath;
891 return kDefaultInotifyMaxUserWatches / kExpectedFilePathWatchers;
892 }
893
894 return max_number_of_inotify_watches / kExpectedFilePathWatchers;
895 }();
896 return g_override_max_inotify_watches ? g_override_max_inotify_watches : max;
897 #endif // if BUILDFLAG(IS_FUCHSIA)
898 }
899
900 ScopedMaxNumberOfInotifyWatchesOverrideForTest::
ScopedMaxNumberOfInotifyWatchesOverrideForTest(size_t override_max)901 ScopedMaxNumberOfInotifyWatchesOverrideForTest(size_t override_max) {
902 DUMP_WILL_BE_CHECK_EQ(g_override_max_inotify_watches, 0u);
903 g_override_max_inotify_watches = override_max;
904 }
905
906 ScopedMaxNumberOfInotifyWatchesOverrideForTest::
~ScopedMaxNumberOfInotifyWatchesOverrideForTest()907 ~ScopedMaxNumberOfInotifyWatchesOverrideForTest() {
908 g_override_max_inotify_watches = 0u;
909 }
910
FilePathWatcher()911 FilePathWatcher::FilePathWatcher()
912 : FilePathWatcher(std::make_unique<FilePathWatcherImpl>()) {}
913
914 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
915 // Put inside "BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)" because Android
916 // includes file_path_watcher_linux.cc.
917
918 // static
HasWatchesForTest()919 bool FilePathWatcher::HasWatchesForTest() {
920 return g_inotify_reader.Get().HasWatches();
921 }
922 #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
923
924 } // namespace base
925