1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/important_file_writer.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9 #include <stdio.h>
10
11 #include <algorithm>
12 #include <string>
13 #include <utility>
14
15 #include "base/check.h"
16 #include "base/critical_closure.h"
17 #include "base/debug/alias.h"
18 #include "base/files/file.h"
19 #include "base/files/file_path.h"
20 #include "base/files/file_util.h"
21 #include "base/files/important_file_writer_cleaner.h"
22 #include "base/functional/bind.h"
23 #include "base/functional/callback_helpers.h"
24 #include "base/logging.h"
25 #include "base/metrics/histogram_functions.h"
26 #include "base/notreached.h"
27 #include "base/numerics/safe_conversions.h"
28 #include "base/strings/string_number_conversions.h"
29 #include "base/strings/string_util.h"
30 #include "base/task/sequenced_task_runner.h"
31 #include "base/task/task_runner.h"
32 #include "base/threading/platform_thread.h"
33 #include "base/threading/scoped_thread_priority.h"
34 #include "base/threading/thread.h"
35 #include "base/time/time.h"
36 #include "build/build_config.h"
37 #include "build/chromeos_buildflags.h"
38
39 namespace base {
40
41 namespace {
42
43 constexpr auto kDefaultCommitInterval = Seconds(10);
44 #if BUILDFLAG(IS_WIN)
45 // This is how many times we will retry ReplaceFile on Windows.
46 constexpr int kReplaceRetries = 5;
47 // This is the result code recorded if ReplaceFile still fails.
48 // It should stay constant even if we change kReplaceRetries.
49 constexpr int kReplaceRetryFailure = 10;
50 static_assert(kReplaceRetryFailure > kReplaceRetries, "No overlap allowed");
51 constexpr auto kReplacePauseInterval = Milliseconds(100);
52 #endif
53
UmaHistogramTimesWithSuffix(const char * histogram_name,StringPiece histogram_suffix,base::TimeDelta sample)54 void UmaHistogramTimesWithSuffix(const char* histogram_name,
55 StringPiece histogram_suffix,
56 base::TimeDelta sample) {
57 DCHECK(histogram_name);
58 std::string histogram_full_name(histogram_name);
59 if (!histogram_suffix.empty()) {
60 histogram_full_name.append(".");
61 histogram_full_name.append(histogram_suffix);
62 }
63 UmaHistogramTimes(histogram_full_name, sample);
64 }
65
66 // Deletes the file named |tmp_file_path| (which may be open as |tmp_file|),
67 // retrying on the same sequence after some delay in case of error. It is sadly
68 // common that third-party software on Windows may open the temp file and map it
69 // into its own address space, which prevents others from marking it for
70 // deletion (even if opening it for deletion was possible). |attempt| is the
71 // number of failed previous attempts to the delete the file (defaults to 0).
DeleteTmpFileWithRetry(File tmp_file,const FilePath & tmp_file_path,int attempt=0)72 void DeleteTmpFileWithRetry(File tmp_file,
73 const FilePath& tmp_file_path,
74 int attempt = 0) {
75 #if BUILDFLAG(IS_WIN)
76 // Mark the file for deletion when it is closed and then close it implicitly.
77 if (tmp_file.IsValid()) {
78 if (tmp_file.DeleteOnClose(true))
79 return;
80 // The file was opened with exclusive r/w access, so failures are primarily
81 // due to I/O errors or other phenomena out of the process's control. Go
82 // ahead and close the file. The call to DeleteFile below will basically
83 // repeat the above, but maybe it will somehow succeed.
84 tmp_file.Close();
85 }
86 #endif
87
88 // Retry every 250ms for up to two seconds. Metrics indicate that this is a
89 // reasonable number of retries -- the failures after all attempts generally
90 // point to access denied. The ImportantFileWriterCleaner should clean these
91 // up in the next process.
92 constexpr int kMaxDeleteAttempts = 8;
93 constexpr TimeDelta kDeleteFileRetryDelay = Milliseconds(250);
94
95 if (!DeleteFile(tmp_file_path) && ++attempt < kMaxDeleteAttempts &&
96 SequencedTaskRunner::HasCurrentDefault()) {
97 SequencedTaskRunner::GetCurrentDefault()->PostDelayedTask(
98 FROM_HERE,
99 BindOnce(&DeleteTmpFileWithRetry, base::File(), tmp_file_path, attempt),
100 kDeleteFileRetryDelay);
101 }
102 }
103
104 } // namespace
105
106 // static
WriteFileAtomically(const FilePath & path,StringPiece data,StringPiece histogram_suffix)107 bool ImportantFileWriter::WriteFileAtomically(const FilePath& path,
108 StringPiece data,
109 StringPiece histogram_suffix) {
110 // Calling the impl by way of the public WriteFileAtomically, so
111 // |from_instance| is false.
112 return WriteFileAtomicallyImpl(path, data, histogram_suffix,
113 /*from_instance=*/false);
114 }
115
116 // static
ProduceAndWriteStringToFileAtomically(const FilePath & path,BackgroundDataProducerCallback data_producer_for_background_sequence,OnceClosure before_write_callback,OnceCallback<void (bool success)> after_write_callback,const std::string & histogram_suffix)117 void ImportantFileWriter::ProduceAndWriteStringToFileAtomically(
118 const FilePath& path,
119 BackgroundDataProducerCallback data_producer_for_background_sequence,
120 OnceClosure before_write_callback,
121 OnceCallback<void(bool success)> after_write_callback,
122 const std::string& histogram_suffix) {
123 // Produce the actual data string on the background sequence.
124 std::optional<std::string> data =
125 std::move(data_producer_for_background_sequence).Run();
126 if (!data) {
127 DLOG(WARNING) << "Failed to serialize data to be saved in " << path.value();
128 return;
129 }
130
131 if (!before_write_callback.is_null())
132 std::move(before_write_callback).Run();
133
134 // Calling the impl by way of the private
135 // ProduceAndWriteStringToFileAtomically, which originated from an
136 // ImportantFileWriter instance, so |from_instance| is true.
137 const bool result = WriteFileAtomicallyImpl(path, *data, histogram_suffix,
138 /*from_instance=*/true);
139
140 if (!after_write_callback.is_null())
141 std::move(after_write_callback).Run(result);
142 }
143
144 // static
WriteFileAtomicallyImpl(const FilePath & path,StringPiece data,StringPiece histogram_suffix,bool from_instance)145 bool ImportantFileWriter::WriteFileAtomicallyImpl(const FilePath& path,
146 StringPiece data,
147 StringPiece histogram_suffix,
148 bool from_instance) {
149 const TimeTicks write_start = TimeTicks::Now();
150 if (!from_instance)
151 ImportantFileWriterCleaner::AddDirectory(path.DirName());
152
153 #if BUILDFLAG(IS_WIN) && DCHECK_IS_ON()
154 // In https://crbug.com/920174, we have cases where CreateTemporaryFileInDir
155 // hits a DCHECK because creation fails with no indication why. Pull the path
156 // onto the stack so that we can see if it is malformed in some odd way.
157 wchar_t path_copy[MAX_PATH];
158 base::wcslcpy(path_copy, path.value().c_str(), std::size(path_copy));
159 base::debug::Alias(path_copy);
160 #endif // BUILDFLAG(IS_WIN) && DCHECK_IS_ON()
161
162 #if BUILDFLAG(IS_CHROMEOS_ASH)
163 // On Chrome OS, chrome gets killed when it cannot finish shutdown quickly,
164 // and this function seems to be one of the slowest shutdown steps.
165 // Include some info to the report for investigation. crbug.com/418627
166 // TODO(hashimoto): Remove this.
167 struct {
168 size_t data_size;
169 char path[128];
170 } file_info;
171 file_info.data_size = data.size();
172 strlcpy(file_info.path, path.value().c_str(), std::size(file_info.path));
173 debug::Alias(&file_info);
174 #endif
175
176 // Write the data to a temp file then rename to avoid data loss if we crash
177 // while writing the file. Ensure that the temp file is on the same volume
178 // as target file, so it can be moved in one step, and that the temp file
179 // is securely created.
180 FilePath tmp_file_path;
181 File tmp_file =
182 CreateAndOpenTemporaryFileInDir(path.DirName(), &tmp_file_path);
183 if (!tmp_file.IsValid()) {
184 DPLOG(WARNING) << "Failed to create temporary file to update " << path;
185 return false;
186 }
187
188 // Don't write all of the data at once because this can lead to kernel
189 // address-space exhaustion on 32-bit Windows (see https://crbug.com/1001022
190 // for details).
191 constexpr ptrdiff_t kMaxWriteAmount = 8 * 1024 * 1024;
192 int bytes_written = 0;
193 for (const char *scan = data.data(), *const end = scan + data.length();
194 scan < end; scan += bytes_written) {
195 const int write_amount =
196 static_cast<int>(std::min(kMaxWriteAmount, end - scan));
197 bytes_written = tmp_file.WriteAtCurrentPos(scan, write_amount);
198 if (bytes_written != write_amount) {
199 DPLOG(WARNING) << "Failed to write " << write_amount << " bytes to temp "
200 << "file to update " << path
201 << " (bytes_written=" << bytes_written << ")";
202 DeleteTmpFileWithRetry(std::move(tmp_file), tmp_file_path);
203 return false;
204 }
205 }
206
207 if (!tmp_file.Flush()) {
208 DPLOG(WARNING) << "Failed to flush temp file to update " << path;
209 DeleteTmpFileWithRetry(std::move(tmp_file), tmp_file_path);
210 return false;
211 }
212
213 File::Error replace_file_error = File::FILE_OK;
214 bool result;
215
216 // The file must be closed for ReplaceFile to do its job, which opens up a
217 // race with other software that may open the temp file (e.g., an A/V scanner
218 // doing its job without oplocks). Boost a background thread's priority on
219 // Windows and close as late as possible to improve the chances that the other
220 // software will lose the race.
221 #if BUILDFLAG(IS_WIN)
222 DWORD last_error;
223 int retry_count = 0;
224 {
225 ScopedBoostPriority scoped_boost_priority(ThreadType::kDisplayCritical);
226 tmp_file.Close();
227 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
228 // Save and restore the last error code so that it's not polluted by the
229 // thread priority change.
230 last_error = ::GetLastError();
231 for (/**/; !result && retry_count < kReplaceRetries; ++retry_count) {
232 // The race condition between closing the temporary file and moving it
233 // gets hit on a regular basis on some systems
234 // (https://crbug.com/1099284), so we retry a few times before giving up.
235 PlatformThread::Sleep(kReplacePauseInterval);
236 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
237 last_error = ::GetLastError();
238 }
239 }
240
241 // Log how many times we had to retry the ReplaceFile operation before it
242 // succeeded. If we never succeeded then return a special value.
243 if (!result)
244 retry_count = kReplaceRetryFailure;
245 UmaHistogramExactLinear("ImportantFile.FileReplaceRetryCount", retry_count,
246 kReplaceRetryFailure);
247 #else
248 tmp_file.Close();
249 result = ReplaceFile(tmp_file_path, path, &replace_file_error);
250 #endif // BUILDFLAG(IS_WIN)
251
252 if (!result) {
253 #if BUILDFLAG(IS_WIN)
254 // Restore the error code from ReplaceFile so that it will be available for
255 // the log message, otherwise failures in SetCurrentThreadType may be
256 // reported instead.
257 ::SetLastError(last_error);
258 #endif
259 DPLOG(WARNING) << "Failed to replace " << path << " with " << tmp_file_path;
260 DeleteTmpFileWithRetry(File(), tmp_file_path);
261 }
262
263 const TimeDelta write_duration = TimeTicks::Now() - write_start;
264 UmaHistogramTimesWithSuffix("ImportantFile.WriteDuration", histogram_suffix,
265 write_duration);
266
267 return result;
268 }
269
ImportantFileWriter(const FilePath & path,scoped_refptr<SequencedTaskRunner> task_runner,StringPiece histogram_suffix)270 ImportantFileWriter::ImportantFileWriter(
271 const FilePath& path,
272 scoped_refptr<SequencedTaskRunner> task_runner,
273 StringPiece histogram_suffix)
274 : ImportantFileWriter(path,
275 std::move(task_runner),
276 kDefaultCommitInterval,
277 histogram_suffix) {}
278
ImportantFileWriter(const FilePath & path,scoped_refptr<SequencedTaskRunner> task_runner,TimeDelta interval,StringPiece histogram_suffix)279 ImportantFileWriter::ImportantFileWriter(
280 const FilePath& path,
281 scoped_refptr<SequencedTaskRunner> task_runner,
282 TimeDelta interval,
283 StringPiece histogram_suffix)
284 : path_(path),
285 task_runner_(std::move(task_runner)),
286 commit_interval_(interval),
287 histogram_suffix_(histogram_suffix) {
288 DCHECK(task_runner_);
289 ImportantFileWriterCleaner::AddDirectory(path.DirName());
290 }
291
~ImportantFileWriter()292 ImportantFileWriter::~ImportantFileWriter() {
293 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
294 // We're usually a member variable of some other object, which also tends
295 // to be our serializer. It may not be safe to call back to the parent object
296 // being destructed.
297 DCHECK(!HasPendingWrite());
298 }
299
HasPendingWrite() const300 bool ImportantFileWriter::HasPendingWrite() const {
301 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
302 return timer().IsRunning();
303 }
304
WriteNow(std::string data)305 void ImportantFileWriter::WriteNow(std::string data) {
306 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
307 if (!IsValueInRangeForNumericType<int32_t>(data.length())) {
308 NOTREACHED();
309 return;
310 }
311
312 WriteNowWithBackgroundDataProducer(base::BindOnce(
313 [](std::string data) { return std::make_optional(std::move(data)); },
314 std::move(data)));
315 }
316
WriteNowWithBackgroundDataProducer(BackgroundDataProducerCallback background_data_producer)317 void ImportantFileWriter::WriteNowWithBackgroundDataProducer(
318 BackgroundDataProducerCallback background_data_producer) {
319 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
320
321 auto split_task = SplitOnceCallback(
322 BindOnce(&ProduceAndWriteStringToFileAtomically, path_,
323 std::move(background_data_producer),
324 std::move(before_next_write_callback_),
325 std::move(after_next_write_callback_), histogram_suffix_));
326
327 if (!task_runner_->PostTask(
328 FROM_HERE, MakeCriticalClosure("ImportantFileWriter::WriteNow",
329 std::move(split_task.first),
330 /*is_immediate=*/true))) {
331 // Posting the task to background message loop is not expected
332 // to fail, but if it does, avoid losing data and just hit the disk
333 // on the current thread.
334 NOTREACHED();
335
336 std::move(split_task.second).Run();
337 }
338 ClearPendingWrite();
339 }
340
ScheduleWrite(DataSerializer * serializer)341 void ImportantFileWriter::ScheduleWrite(DataSerializer* serializer) {
342 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
343
344 DCHECK(serializer);
345 serializer_.emplace<DataSerializer*>(serializer);
346
347 if (!timer().IsRunning()) {
348 timer().Start(
349 FROM_HERE, commit_interval_,
350 BindOnce(&ImportantFileWriter::DoScheduledWrite, Unretained(this)));
351 }
352 }
353
ScheduleWriteWithBackgroundDataSerializer(BackgroundDataSerializer * serializer)354 void ImportantFileWriter::ScheduleWriteWithBackgroundDataSerializer(
355 BackgroundDataSerializer* serializer) {
356 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
357
358 DCHECK(serializer);
359 serializer_.emplace<BackgroundDataSerializer*>(serializer);
360
361 if (!timer().IsRunning()) {
362 timer().Start(
363 FROM_HERE, commit_interval_,
364 BindOnce(&ImportantFileWriter::DoScheduledWrite, Unretained(this)));
365 }
366 }
367
DoScheduledWrite()368 void ImportantFileWriter::DoScheduledWrite() {
369 // One of the serializers should be set.
370 DCHECK(!absl::holds_alternative<absl::monostate>(serializer_));
371
372 const TimeTicks serialization_start = TimeTicks::Now();
373 BackgroundDataProducerCallback data_producer_for_background_sequence;
374
375 if (absl::holds_alternative<DataSerializer*>(serializer_)) {
376 std::optional<std::string> data;
377 data = absl::get<DataSerializer*>(serializer_)->SerializeData();
378 if (!data) {
379 DLOG(WARNING) << "Failed to serialize data to be saved in "
380 << path_.value();
381 ClearPendingWrite();
382 return;
383 }
384
385 previous_data_size_ = data->size();
386 data_producer_for_background_sequence = base::BindOnce(
387 [](std::string data) { return std::make_optional(std::move(data)); },
388 std::move(data).value());
389 } else {
390 data_producer_for_background_sequence =
391 absl::get<BackgroundDataSerializer*>(serializer_)
392 ->GetSerializedDataProducerForBackgroundSequence();
393
394 DCHECK(data_producer_for_background_sequence);
395 }
396
397 const TimeDelta serialization_duration =
398 TimeTicks::Now() - serialization_start;
399
400 UmaHistogramTimesWithSuffix("ImportantFile.SerializationDuration",
401 histogram_suffix_, serialization_duration);
402
403 WriteNowWithBackgroundDataProducer(
404 std::move(data_producer_for_background_sequence));
405 DCHECK(!HasPendingWrite());
406 }
407
RegisterOnNextWriteCallbacks(OnceClosure before_next_write_callback,OnceCallback<void (bool success)> after_next_write_callback)408 void ImportantFileWriter::RegisterOnNextWriteCallbacks(
409 OnceClosure before_next_write_callback,
410 OnceCallback<void(bool success)> after_next_write_callback) {
411 before_next_write_callback_ = std::move(before_next_write_callback);
412 after_next_write_callback_ = std::move(after_next_write_callback);
413 }
414
ClearPendingWrite()415 void ImportantFileWriter::ClearPendingWrite() {
416 timer().Stop();
417 serializer_.emplace<absl::monostate>();
418 }
419
SetTimerForTesting(OneShotTimer * timer_override)420 void ImportantFileWriter::SetTimerForTesting(OneShotTimer* timer_override) {
421 timer_override_ = timer_override;
422 }
423
424 } // namespace base
425