summaryrefslogtreecommitdiffstats
path: root/toolkit/xre/MultiInstanceLock.cpp
blob: eb4db6367a53851b52db6afd46c5a46dd0ffbc5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=2 sw=2 sts=2 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "MultiInstanceLock.h"

#include "commonupdatedir.h"  // for GetInstallHash
#include "mozilla/UniquePtr.h"
#include "nsPrintfCString.h"
#include "nsPromiseFlatString.h"
#include "nsXULAppAPI.h"
#include "updatedefines.h"  // for NS_t* definitions

#ifdef XP_WIN
#  include <shlwapi.h>
#else
#  include <fcntl.h>
#  include <sys/stat.h>
#  include <sys/types.h>
#endif

#ifdef XP_WIN
#  include "WinUtils.h"
#endif

#ifdef MOZ_WIDGET_COCOA
#  include "nsILocalFileMac.h"
#endif

namespace mozilla {

bool GetMultiInstanceLockFileName(const char* nameToken,
                                  const char16_t* installPath,
                                  nsCString& filePath) {
#ifdef XP_WIN
  // On Windows, the lock file is placed at the path
  // [updateDirectory]\[nameToken]-[pathHash], so first we need to get the
  // update directory path and then append the file name.

  // Note: This will return something like
  //   C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\<hash>
  // But we actually are going to want to return the root update directory,
  // the grandparent of this directory, which will look something like this:
  //   C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
  mozilla::UniquePtr<wchar_t[]> updateDir;
  HRESULT hr = GetCommonUpdateDirectory(
      reinterpret_cast<const wchar_t*>(installPath), updateDir);
  if (FAILED(hr)) {
    return false;
  }

  // For the path manipulation that we are about to do, it is important that
  // the update directory have no trailing slash.
  size_t len = wcslen(updateDir.get());
  if (len == 0) {
    return false;
  }
  if (updateDir.get()[len - 1] == '/' || updateDir.get()[len - 1] == '\\') {
    updateDir.get()[len - 1] = '\0';
  }

  wchar_t* hashPtr = PathFindFileNameW(updateDir.get());
  // PathFindFileNameW returns a pointer to the beginning of the string on
  // failure.
  if (hashPtr == updateDir.get()) {
    return false;
  }

  // We need to make a copy of the hash before we modify updateDir to get the
  // root update dir.
  size_t hashSize = wcslen(hashPtr) + 1;
  mozilla::UniquePtr<wchar_t[]> hash = mozilla::MakeUnique<wchar_t[]>(hashSize);
  errno_t error = wcscpy_s(hash.get(), hashSize, hashPtr);
  if (error != 0) {
    return false;
  }

  // Get the root update dir from the update dir.
  BOOL success = PathRemoveFileSpecW(updateDir.get());
  if (!success) {
    return false;
  }
  success = PathRemoveFileSpecW(updateDir.get());
  if (!success) {
    return false;
  }

  filePath =
      nsPrintfCString("%s\\%s-%s", NS_ConvertUTF16toUTF8(updateDir.get()).get(),
                      nameToken, NS_ConvertUTF16toUTF8(hash.get()).get());

#else
  mozilla::UniquePtr<NS_tchar[]> pathHash;
  if (!GetInstallHash(installPath, pathHash)) {
    return false;
  }

  // On POSIX platforms the base path is /tmp/[vendor][nameToken]-[pathHash].
  filePath = nsPrintfCString("/tmp/%s%s-%s", MOZ_APP_VENDOR, nameToken,
                             pathHash.get());

#endif

  return true;
}

MultiInstLockHandle OpenMultiInstanceLock(const char* nameToken,
                                          const char16_t* installPath) {
  nsCString filePath;
  if (!GetMultiInstanceLockFileName(nameToken, installPath, filePath)) {
    return MULTI_INSTANCE_LOCK_HANDLE_ERROR;
  }

  // Open a file handle with full privileges and sharing, and then attempt to
  // take a shared (nonexclusive, read-only) lock on it.
#ifdef XP_WIN
  HANDLE h =
      ::CreateFileW(PromiseFlatString(NS_ConvertUTF8toUTF16(filePath)).get(),
                    GENERIC_READ | GENERIC_WRITE,
                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
                    nullptr, OPEN_ALWAYS, 0, nullptr);
  if (h != INVALID_HANDLE_VALUE) {
    // The LockFileEx functions always require an OVERLAPPED structure even
    // though we did not open the lock file for overlapped I/O.
    OVERLAPPED o = {0};
    if (!::LockFileEx(h, LOCKFILE_FAIL_IMMEDIATELY, 0, 1, 0, &o)) {
      CloseHandle(h);
      h = INVALID_HANDLE_VALUE;
    }
  }
  return h;

#else
  int fd = ::open(PromiseFlatCString(filePath).get(),
                  O_CLOEXEC | O_CREAT | O_NOFOLLOW,
                  S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
  if (fd != -1) {
    // We would like to ensure that the lock file is deleted when we are done
    // with it. The normal way to do that would be to call unlink on it right
    // now, but that would immediately delete the name from the file system, and
    // we need other instances to be able to open that name and get the same
    // inode, so we can't unlink the file before we're done with it. This means
    // we accept some unreliability in getting the file deleted, but it's a zero
    // byte file in the tmp directory, so having it stay around isn't the worst.
    struct flock l = {0};
    l.l_start = 0;
    l.l_len = 0;
    l.l_type = F_RDLCK;
    if (::fcntl(fd, F_SETLK, &l)) {
      ::close(fd);
      fd = -1;
    }
  }
  return fd;

#endif
}

void ReleaseMultiInstanceLock(MultiInstLockHandle lock) {
  if (lock != MULTI_INSTANCE_LOCK_HANDLE_ERROR) {
#ifdef XP_WIN
    OVERLAPPED o = {0};
    ::UnlockFileEx(lock, 0, 1, 0, &o);
    ::CloseHandle(lock);

#else
    // If we're the last instance, then unlink the lock file. There is a race
    // condition here that may cause an instance to fail to open the same inode
    // as another even though they use the same path, but there's no reasonable
    // way to avoid that without skipping deleting the file at all, so we accept
    // that risk.
    bool otherInstance = true;
    if (IsOtherInstanceRunning(lock, &otherInstance) && !otherInstance) {
      // Recover the file's path so we can unlink it.
      // There's no error checking in here because we're content to let the file
      // hang around if any of this fails (which can happen if for example we're
      // on a system where /proc/self/fd does not exist); this is a zero-byte
      // file in the tmp directory after all.
      UniquePtr<NS_tchar[]> linkPath = MakeUnique<NS_tchar[]>(MAXPATHLEN + 1);
      NS_tsnprintf(linkPath.get(), MAXPATHLEN + 1, "/proc/self/fd/%d", lock);
      UniquePtr<NS_tchar[]> lockFilePath =
          MakeUnique<NS_tchar[]>(MAXPATHLEN + 1);
      if (::readlink(linkPath.get(), lockFilePath.get(), MAXPATHLEN + 1) !=
          -1) {
        ::unlink(lockFilePath.get());
      }
    }
    // Now close the lock file, which will release the lock.
    ::close(lock);
#endif
  }
}

bool IsOtherInstanceRunning(MultiInstLockHandle lock, bool* aResult) {
  // Every running instance has opened a readonly lock, and read locks prevent
  // write locks from being opened, so to see if we are the only instance, we
  // attempt to take a write lock, and if it succeeds then that must mean there
  // are no other read locks open and therefore no other instances.
  if (lock == MULTI_INSTANCE_LOCK_HANDLE_ERROR) {
    return false;
  }

#ifdef XP_WIN
  // We need to release the lock we're holding before we would be allowed to
  // take an exclusive lock, and if that succeeds we need to release it too
  // in order to get our shared lock back. This procedure is not atomic, so we
  // accept the risk of the scheduler deciding to ruin our day between these
  // operations; we'd get a false negative in a different instance's check.
  OVERLAPPED o = {0};
  // Release our current shared lock.
  if (!::UnlockFileEx(lock, 0, 1, 0, &o)) {
    return false;
  }
  // Attempt to take an exclusive lock.
  bool rv = false;
  if (::LockFileEx(lock, LOCKFILE_EXCLUSIVE_LOCK | LOCKFILE_FAIL_IMMEDIATELY, 0,
                   1, 0, &o)) {
    // We got the exclusive lock, so now release it.
    ::UnlockFileEx(lock, 0, 1, 0, &o);
    *aResult = false;
    rv = true;
  } else if (::GetLastError() == ERROR_LOCK_VIOLATION) {
    // We didn't get the exclusive lock because of outstanding shared locks.
    *aResult = true;
    rv = true;
  }
  // Attempt to reclaim the shared lock we released at the beginning.
  if (!::LockFileEx(lock, LOCKFILE_FAIL_IMMEDIATELY, 0, 1, 0, &o)) {
    rv = false;
  }
  return rv;

#else
  // See if we would be allowed to set a write lock (no need to actually do so).
  struct flock l = {0};
  l.l_start = 0;
  l.l_len = 0;
  l.l_type = F_WRLCK;
  if (::fcntl(lock, F_GETLK, &l)) {
    return false;
  }
  *aResult = l.l_type != F_UNLCK;
  return true;

#endif
}

already_AddRefed<nsIFile> GetNormalizedAppFile(nsIFile* aAppFile) {
  // If we're given an app file, use it; otherwise, get it from the ambient
  // directory service.
  nsresult rv;
  nsCOMPtr<nsIFile> appFile;
  if (aAppFile) {
    rv = aAppFile->Clone(getter_AddRefs(appFile));
    NS_ENSURE_SUCCESS(rv, nullptr);
  } else {
    nsCOMPtr<nsIProperties> dirSvc =
        do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
    NS_ENSURE_TRUE(dirSvc, nullptr);

    rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile),
                     getter_AddRefs(appFile));
    NS_ENSURE_SUCCESS(rv, nullptr);
  }

  // It is possible that the path we have is on a case insensitive
  // filesystem in which case the path may vary depending on how the
  // application is called. We want to normalize the case somehow.
  // On Linux XRE_EXECUTABLE_FILE already seems to be set to the correct path.
  //
  // See similar nsXREDirProvider::GetInstallHash. The main difference here is
  // to allow lookup to fail on OSX, because some tests use a nonexistent
  // appFile.
#ifdef XP_WIN
  // Windows provides a way to get the correct case.
  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(appFile)) {
    NS_WARNING("Failed to resolve install directory.");
  }
#elif defined(MOZ_WIDGET_COCOA)
  // On OSX roundtripping through an FSRef fixes the case.
  FSRef ref;
  nsCOMPtr<nsILocalFileMac> macFile = do_QueryInterface(appFile);
  if (macFile && NS_SUCCEEDED(macFile->GetFSRef(&ref)) &&
      NS_SUCCEEDED(
          NS_NewLocalFileWithFSRef(&ref, true, getter_AddRefs(macFile)))) {
    appFile = static_cast<nsIFile*>(macFile);
  } else {
    NS_WARNING("Failed to resolve install directory.");
  }
#endif

  return appFile.forget();
}

};  // namespace mozilla