| blob | 1963c3487fae3c9909fcdf5a885a9bd9f9daf281 |
1 /*
2 * Copyright © 2010 Codethink Limited
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the licence, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
16 *
17 * Author: Ryan Lortie <desrt@desrt.ca>
18 */
22 #define _XOPEN_SOURCE 600
28 #include <string.h>
29 #include <stdlib.h>
30 #include <errno.h>
31 #include <stdio.h>
32 #include <unistd.h>
33 #include <fcntl.h>
34 #include <sys/mman.h>
38 /* The engine has zero or more sources.
39 *
40 * If it has zero sources then things are very uninteresting. Nothing
41 * is writable, nothing will ever be written and reads will always
42 * return NULL.
43 *
44 * There are two interesting cases when there is a non-zero number of
45 * sources. Writing only ever occurs to the first source, if at all.
46 * Non-first sources are never writable.
47 *
48 * The first source may or may not be writable. In the usual case the
49 * first source is the one in the user's home directory and is writable,
50 * but it may be that the profile was setup for read-only access to
51 * system sources only.
52 *
53 * In the case that the first source is not writable (and therefore
54 * there are no writable sources), is_writable() will always return
55 * FALSE and no writes will ever be performed.
56 *
57 * It's possible to request changes in three ways:
58 *
59 * - synchronous: the D-Bus message is immediately sent to the
60 * dconf service and we block until we receive the reply. The change
61 * signal will follow soon thereafter (when we receive the signal on
62 * D-Bus).
63 *
64 * - asynchronous: typical asynchronous operation: we send the request
65 * and return immediately, notifying using a callback when the
66 * request is completed (and the new value is in the database). The
67 * change signal follows in the same way as with synchronous.
68 *
69 * - fast: we record the value locally and signal the change, returning
70 * immediately, as if the value is already in the database (from the
71 * viewpoint of the local process). We keep note of the new value
72 * locally until the service has confirmed that the write was
73 * successful. If the write fails, we emit a change signal. From
74 * the view of the program it looks like the value was successfully
75 * changed but then quickly changed back again by some external
76 * agent.
77 *
78 * In fast mode we have to do some management of the queue. If we
79 * immediately put all requests "in flight" then we can end up in a
80 * situation where the application writes many values for the same key
81 * and the service is kept (needlessly) busy writing over and over to
82 * the same key for some time after the requests stop coming in.
83 *
84 * If we limit the number of in-flight requests and put the other ones
85 * into a pending queue then we can perform merging of similar changes.
86 * If we notice that an item in the pending queue writes to the same
87 * keys as the newly-added request then we can simply drop the existing
88 * request (since its effect will be nullified by the new request).
89 *
90 * We want to keep the number of in-flight requests low in order to
91 * maximise our chance of dropping pending items, but we probably want
92 * it higher than 1 so that we can pipeline to hide latency.
93 *
94 * In order to minimise complexity, all changes go first to the pending
95 * queue. Changes are dispatched from the pending queue (and moved to
96 * the in-flight queue) when the number of requests in-flight is lower
97 * than the maximum.
98 *
99 * For both 'in_flight' and 'pending' queues we push to the tail and pop
100 * from the head. This puts the first operation on the head and the
101 * most recent operation on the tail.
102 *
103 * Since new operation go first to the pending queue, we find the most
104 * recent operations at the tail of that queue. Since we want to return
105 * the most-recently written value, we therefore scan for values
106 * starting at the tail of the pending queue and ending at the head of
107 * the in-flight queue.
108 *
109 * NB: I tell a lie. Async is not supported yet.
110 *
111 * Notes about threading:
112 *
113 * The engine is oblivious to threads and main contexts.
114 *
115 * What this means is that the engine has no interaction with GMainLoop
116 * and will not schedule idles or anything of the sort. All calls made
117 * by the engine to the client library will be made in response to
118 * incoming method calls, from the same thread as the incoming call.
119 *
120 * If dconf_engine_call_handle_reply() or
121 * dconf_engine_handle_dbus_signal() are called from 'exotic' threads
122 * (as will often be the case) then the resulting calls to
123 * dconf_engine_change_notify() will come from the same thread. That's
124 * left for the client library to deal with.
125 *
126 * All that said, the engine is completely threadsafe. The client
127 * library can call any method from any thread at any time -- as long as
128 * it is willing to deal with receiving the change notifies in those
129 * threads.
130 *
131 * Thread-safety is implemented using two locks.
132 *
133 * The first lock (sources_lock) protects the sources. Although the
134 * sources are only ever read from, it is necessary to lock them because
135 * it is not safe to read during a refresh (when the source is being
136 * closed and reopened). Accordingly, sources_lock need only be
137 * acquired when accessing the parts of the sources that are subject to
138 * change as a result of refreshes; the static parts (like bus type,
139 * object path, etc) can be accessed without holding the lock. The
140 * 'sources' array itself (and 'n_sources') are set at construction and
141 * never change after that.
142 *
143 * The second lock (queue_lock) protects the various queues that are
144 * used to implement the "fast" writes described above.
145 *
146 * If both locks are held at the same time then the sources lock must
147 * have been acquired first.
148 */
150 #define MAX_IN_FLIGHT 2
155 struct _DConfEngine
156 {
158 GDestroyNotify free_func;
159 gint ref_count;
164 gint n_sources;
173 /**
174 * establishing and active, are hash tables storing the number
175 * of subscriptions to each path in the two possible states
176 */
177 /* active on the client side, but awaiting confirmation from the writer */
179 /* active on the client side, and with a D-Bus match rule established */
181 };
183 /* When taking the sources lock we check if any of the databases have
184 * had updates.
185 *
186 * Anything that is accessing the database (even only reading) needs to
187 * be holding the lock (since refreshes could be happening in another
188 * thread), so this makes sense.
189 *
190 * We could probably optimise this to avoid checking some databases in
191 * certain cases (ie: we do not need to check the user's database when
192 * we are only interested in checking writability) but this works well
193 * enough for now and is less prone to errors.
194 *
195 * We could probably change to a reader/writer situation that is only
196 * holding the write lock when actually making changes during a refresh
197 * but the engine is probably only ever really in use by two threads at
198 * a given time (main thread doing reads, DBus worker thread clearing
199 * the queue) so it seems unlikely that lock contention will become an
200 * issue.
201 *
202 * If it does, we can revisit this...
203 */
204 static void
206 {
207 gint i;
214 }
216 static void
218 {
220 }
222 static void
224 {
226 }
228 static void
230 {
232 }
234 /**
235 * Adds the count of subscriptions to @path in @from_table to the
236 * corresponding count in @to_table, creating it if it did not exist.
237 * Removes the count from @from_table.
238 */
239 static void
243 {
246 // Detect overflows
250 {
255 }
256 }
258 /**
259 * Increments the reference count for the subscription to @path, or sets
260 * it to 1 if it didn’t previously exist.
261 * Returns the new reference count.
262 */
263 static guint
266 {
268 // Detect overflows
273 }
275 /**
276 * Decrements the reference count for the subscription to @path, or
277 * removes it if the new value is 0. The count must exist and be greater
278 * than 0.
279 * Returns the new reference count, or 0 if it does not exist.
280 */
281 static guint
284 {
290 else
293 }
295 /**
296 * Returns the reference count for the subscription to @path, or 0 if it
297 * does not exist.
298 */
299 static guint
302 {
304 }
306 DConfEngine *
308 gpointer user_data,
309 GDestroyNotify free_func)
310 {
329 g_str_equal,
330 g_free,
331 NULL);
333 g_str_equal,
334 g_free,
335 NULL);
338 }
340 void
342 {
343 gint ref_count;
345 again:
349 {
350 gint i;
352 /* We are about to drop the last reference, but there is a chance
353 * that a signal may be happening at this very moment, causing the
354 * engine to gain another reference (due to its position in the
355 * global engine list).
356 *
357 * Acquiring the lock here means that either we will remove this
358 * engine from the list first or we will notice the reference
359 * count has increased (and skip the free).
360 */
363 {
366 }
394 }
398 }
402 {
406 }
408 guint64
410 {
411 guint64 state;
418 }
420 static gboolean
423 {
424 gint i;
426 /* We must check several things:
427 *
428 * - we have at least one source
429 *
430 * - the first source is writable
431 *
432 * - the key is not locked in a non-writable (ie: non-first) source
433 */
440 /* Ignore locks in the first source.
441 *
442 * Either it is writable and therefore ignoring locks is the right
443 * thing to do, or it's non-writable and we caught that case above.
444 */
450 }
452 gboolean
455 {
456 gboolean writable;
463 }
465 gchar **
469 {
473 {
481 {
485 {
487 {
491 {
492 /* It is not currently possible to lock dirs, so we
493 * don't (yet) have to check the other direction.
494 */
497 else
499 }
502 }
503 }
504 }
505 else
513 }
514 else
515 {
517 {
519 }
520 else
521 {
524 }
525 }
528 }
530 static gboolean
534 {
537 /* Tail to head... */
543 }
545 GVariant *
547 DConfReadFlags flags,
550 {
553 gint i;
557 /* There are a number of situations that this function has to deal
558 * with and they interact in unusual ways. We attempt to write the
559 * rules for all cases here:
560 *
561 * With respect to the steady-state condition with no locks:
562 *
563 * This is the case where there are no changes queued, no
564 * read_through and no locks.
565 *
566 * The value returned is the one from the lowest-index source that
567 * contains that value.
568 *
569 * With respect to locks:
570 *
571 * If a lock is present (except in source #0 where it is ignored)
572 * then we will only return a value found in the source where the
573 * lock was present, or a higher-index source (following the normal
574 * rule that sources with lower indexes take priority).
575 *
576 * This statement includes read_through and queued changes. If a
577 * lock is found, we will ignore those.
578 *
579 * With respect to flags:
580 *
581 * If DCONF_READ_USER_VALUE is given then we completely ignore all
582 * locks, returning the user value all the time, even if it is not
583 * visible (because of a lock). This includes any pending value
584 * that is in the read_through or pending queues.
585 *
586 * If DCONF_READ_DEFAULT_VALUE is given then we skip the writable
587 * database and the queues (including read_through, which is
588 * meaningless in this case) and skip directly to the non-writable
589 * databases. This is defined as the value that the user would see
590 * if they were to have just done a reset for that key.
591 *
592 * With respect to read_through and queued changed:
593 *
594 * We only consider read_through and queued changes in the event
595 * that we have a writable source. This will possibly cause us to
596 * ignore read_through and will have no real effect on the queues
597 * (since they will be empty anyway if we have no writable source).
598 *
599 * We only consider read_through and queued changes in the event
600 * that we have not found any locks.
601 *
602 * If there is a non-NULL value found in read_through or the queued
603 * changes then we will return that value.
604 *
605 * If there is a NULL value (ie: a reset) found in read_through or
606 * the queued changes then we will only ignore any value found in
607 * the first source (which must be writable, or else we would not
608 * have been considering read_through and the queues). This is
609 * consistent with the fact that a reset will unset any value found
610 * in this source but will not affect values found in lower sources.
611 *
612 * Put another way: if a non-writable source contains a value for a
613 * particular key then it is impossible for this function to return
614 * NULL.
615 *
616 * We implement the above rules as follows. We have three state
617 * tracking variables:
618 *
619 * - lock_level: records if and where we found a lock
620 *
621 * - found_key: records if we found the key in any queue
622 *
623 * - value: records the value of the found key (NULL for resets)
624 *
625 * We take these steps:
626 *
627 * 1. check for lockdown. If we find a lock then we prevent any
628 * other sources (including read_through and pending/in-flight)
629 * from affecting the value of the key.
630 *
631 * We record the result of this in the lock_level variable. Zero
632 * means that no locks were found. Non-zero means that a lock was
633 * found in the source with the index given by the variable.
634 *
635 * 2. check the uncommitted changes in the read_through list as the
636 * highest priority. This is only done if we have a writable
637 * source and no locks were found.
638 *
639 * If we found an entry in the read_through then we set
640 * 'found_key' to TRUE and set 'value' to the value that we found
641 * (which will be NULL in the case of finding a reset request).
642 *
643 * 3. check our pending and in-flight "fast" changes (in that order).
644 * This is only done if we have a writable source and no locks
645 * were found. It is also only done if we did not find the key in
646 * the read_through.
647 *
648 * 4. check the first source, if there is one.
649 *
650 * This is only done if 'found_key' is FALSE. If 'found_key' is
651 * TRUE then it means that the first database was writable and we
652 * either found a value that will replace it (value != NULL) or
653 * found a pending reset (value == NULL) that will unset it.
654 *
655 * We only actually do this step if we have a writable first
656 * source and no locks found, otherwise we just let step 5 do all
657 * the checking.
658 *
659 * 5. check the remaining sources.
660 *
661 * We do this until we have value != NULL. Even if found_key was
662 * TRUE, the reset that was requested will not have affected the
663 * lower-level databases.
664 */
666 /* Step 1. Check for locks.
667 *
668 * Note: i > 0 (strictly). Ignore locks for source #0.
669 */
673 {
676 }
678 /* Only do steps 2 to 4 if we have no locks and we have a writable source. */
680 {
683 /* If the user has requested the default value only, then ensure
684 * that we "find" a NULL value here. This is equivalent to the
685 * user having reset the key, which is the definition of this
686 * flag.
687 */
691 /* Step 2. Check read_through. */
695 /* Step 3. Check queued changes if we didn't find it in read_through.
696 *
697 * NB: We may want to optimise this to avoid taking the lock in
698 * the case that we know both queues are empty.
699 */
701 {
704 /* Check the pending queue first because those were submitted
705 * more recently.
706 */
711 }
713 /* Step 4. Check the first source. */
717 /* We already checked source #0 (or ignored it, as appropriate).
718 *
719 * Abuse the lock_level variable to get step 5 to skip this one.
720 */
722 }
724 /* Step 5. Check the remaining sources, until value != NULL. */
727 {
733 }
738 }
740 gchar **
744 {
746 GHashTableIter iter;
748 gint n_items;
749 gpointer key;
750 gint i;
752 /* This function is unreliable in the presence of pending changes.
753 * Here's why:
754 *
755 * Consider the case that we list("/a/") and a pending request has a
756 * reset request recorded for "/a/b/c". The question of if "b/"
757 * should appear in the output rests on if "/a/b/d" also exists.
758 *
759 * Put another way: If "/a/b/c" is the only key in "/a/b/" then
760 * resetting it would mean that "/a/b/" stops existing (and we should
761 * not include it in the output). If there are others keys then it
762 * will continue to exist and we should include it.
763 *
764 * Instead of trying to sort this out, we just ignore the pending
765 * requests and report what the on-disk file says.
766 */
773 {
775 gint j;
783 {
785 /* Steal the keys from the list. */
788 /* Free only the list. */
790 }
791 }
801 {
804 }
814 }
817 gpointer handle,
821 struct _DConfEngineCallHandle
822 {
824 DConfEngineCallHandleCallback callback;
826 };
828 static gpointer
830 DConfEngineCallHandleCallback callback,
832 gsize size)
833 {
846 }
850 {
853 else
855 }
857 void
861 {
866 }
868 static void
870 {
873 }
875 /* returns floating */
879 {
884 "interface='ca.desrt.dconf.Writer',"
885 "path='%s',"
888 path);
895 }
898 {
899 DConfEngineCallHandle handle;
901 guint64 state;
902 gint pending;
906 static void
908 gpointer handle,
911 {
914 /* ignore errors */
917 /* more on the way... */
921 {
924 /* Our recorded state does not match the current state. Something
925 * must have changed while our watch requests were on the wire.
926 *
927 * We don't know what changed, so we can just say that potentially
928 * everything under the path being watched changed. This case is
929 * very rare, anyway...
930 */
932 }
937 // Subscription(s): establishing -> active
943 }
945 void
948 {
952 // Subscription: inactive -> active
954 else
955 // Subscription: inactive -> establishing
957 path);
962 gint i;
967 /* It's possible (although rare) that the dconf database could change
968 * while our match rule is on the wire.
969 *
970 * Since we returned immediately (suggesting to the user that the
971 * watch was already established) we could have a race.
972 *
973 * To deal with this, we use the current state counter to ensure that nothing
974 * changes while the watch requests are on the wire.
975 */
981 /* We start getting async calls returned as soon as we start dispatching them,
982 * so we must not touch the 'ow' struct after we send the first one.
983 */
994 }
996 void
999 {
1002 gint i;
1004 // Client code cannot unsubscribe if it is not subscribed
1007 // Subscription: establishing -> inactive
1009 else
1010 // Subscription: active -> inactive
1021 }
1023 static void
1027 {
1028 gint i;
1030 /* We need not hold any locks here because we are only touching static
1031 * things: the number of sources, and static properties of each source
1032 * itself.
1033 *
1034 * This function silently ignores all errors.
1035 */
1038 {
1044 result = dconf_engine_dbus_call_sync_func (engine->sources[i]->bus_type, "org.freedesktop.DBus",
1051 }
1052 }
1054 void
1057 {
1061 }
1063 void
1066 {
1070 }
1073 {
1074 DConfEngineCallHandle handle;
1082 {
1090 }
1092 /* This function promotes changes from the pending queue to the
1093 * in-flight queue by sending the appropriate D-Bus message.
1094 *
1095 * Of course, this is only possible when there are pending items and
1096 * room in the in-flight queue. For this reason, this function gets
1097 * called in two situations:
1098 *
1099 * - an item has been added to the pending queue (due to an API call)
1100 *
1101 * - an item has been removed from the inflight queue (due to a D-Bus
1102 * reply having been received)
1103 *
1104 * It will move a maximum of one item.
1105 */
1108 static void
1111 gpointer origin_tag)
1112 {
1117 dconf_engine_change_notify (engine, prefix, changes, NULL, FALSE, origin_tag, engine->user_data);
1118 }
1120 static void
1122 gpointer handle,
1125 {
1130 /* D-Bus guarantees ordered delivery of messages.
1131 *
1132 * The dconf-service handles requests in-order.
1133 *
1134 * The reply we just received should therefore be at the head of
1135 * our 'in flight' queue.
1136 *
1137 * Due to https://bugs.freedesktop.org/show_bug.cgi?id=59780 it is
1138 * possible that we receive an out-of-sequence error message, however,
1139 * so only assume that messages are in-order for positive replies.
1140 */
1142 {
1147 }
1148 else
1149 {
1150 gboolean found;
1156 }
1158 /* We just popped a change from the in-flight queue, possibly
1159 * making room for another to be added. Check that.
1160 */
1164 /* Deal with the reply we got. */
1166 {
1167 /* The write worked.
1168 *
1169 * We already sent a change notification for this item when we
1170 * added it to the pending queue and we don't want to send another
1171 * one again. At the same time, it's very likely that we're just
1172 * about to receive a change signal from the service.
1173 *
1174 * The tag sent as part of the reply to the Change call will be
1175 * the same tag as on the change notification signal. Record that
1176 * tag so that we can ignore the signal when it comes.
1177 *
1178 * last_handled is only ever touched from the worker thread
1179 */
1182 }
1185 {
1186 /* Some kind of unexpected failure occurred while attempting to
1187 * commit the change.
1188 *
1189 * There's not much we can do here except to drop our local copy
1190 * of the change (and notify that it is gone) and print the error
1191 * message as a warning.
1192 */
1195 }
1199 }
1201 static void
1203 {
1204 if (!g_queue_is_empty (&engine->pending) && g_queue_get_length (&engine->in_flight) < MAX_IN_FLIGHT)
1205 {
1223 }
1226 {
1227 /* The in-flight queue should not be empty if we have changes
1228 * pending...
1229 */
1233 }
1234 }
1236 static gboolean
1239 gpointer user_data)
1240 {
1243 /* Resets absolutely always succeed -- even in the case that there is
1244 * not even a writable database.
1245 */
1247 }
1249 static gboolean
1253 {
1259 {
1263 }
1268 }
1270 gboolean
1273 gpointer origin_tag,
1275 {
1286 /* Check for duplicates in the pending queue.
1287 *
1288 * Note: order doesn't really matter here since "similarity" is an
1289 * equivalence class and we've ensured that there are no pairwise
1290 * similar changes in the queue already (ie: at most we will have only
1291 * one similar item to the one we are adding).
1292 */
1296 {
1300 {
1301 /* We found a similar item in the queue.
1302 *
1303 * We want to drop the one that's in the queue already since
1304 * we want our new (more recent) change to take precedence.
1305 *
1306 * The pending queue owned the changeset, so free it.
1307 */
1311 /* There will only have been one, so stop looking. */
1313 }
1314 }
1316 /* No matter what we're going to queue up this change, so put it in
1317 * the pending queue now.
1318 *
1319 * There may be room in the in_flight queue, so we try to manage the
1320 * queue right away in order to try to promote it there (which causes
1321 * the D-Bus message to actually be sent).
1322 *
1323 * The change might get tossed before being sent if the loop above
1324 * finds it on a future call.
1325 */
1331 /* Emit the signal after dropping the lock to avoid deadlock on re-entry. */
1335 }
1337 gboolean
1342 {
1346 {
1351 }
1358 /* we know that we have at least one source because we checked writability */
1369 /* g_variant_get() is okay with NULL tag */
1374 }
1376 static gboolean
1378 GBusType bus_type,
1381 {
1382 gint i;
1385 {
1390 }
1393 }
1395 void
1401 {
1403 {
1414 /* Reject junk */
1416 /* No changes? Do nothing. */
1420 {
1421 /* If the prefix is a key then the changes must be ['']. */
1424 }
1426 {
1427 /* If the prefix is a dir then we can have changes within that
1428 * dir, but they must be rel paths.
1429 *
1430 * ie:
1431 *
1432 * ('/a/', ['b', 'c/']) == ['/a/b', '/a/c/']
1433 */
1434 gint i;
1439 }
1440 else
1441 /* Not a key or a dir? */
1449 {
1452 /* It's possible that this incoming change notify is for a
1453 * change that we already announced to the client when we
1454 * placed it in the pending queue.
1455 *
1456 * Check last_handled to determine if we should ignore it.
1457 */
1465 }
1467 junk:
1469 }
1472 {
1482 /* Rejecting junk here is relatively straightforward */
1491 {
1500 }
1501 }
1502 }
1504 gboolean
1506 {
1507 gboolean has;
1509 /* The in-flight queue will never be empty unless the pending queue is
1510 * also empty, so we only really need to check one of them...
1511 */
1517 }
1519 void
1521 {
1526 }