arc: Abort booting ARC if the device is critically low on disk space.

components/arc/arc_bridge_bootstrap.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/arc/arc_bridge_bootstrap.h"
 
 #include <fcntl.h>
 #include <grp.h>
 #include <unistd.h>
 
 #include <utility>
 
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/posix/eintr_wrapper.h"
+#include "base/sys_info.h"
 #include "base/task_runner_util.h"
 #include "base/threading/thread_checker.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "components/user_manager/user_manager.h"
 #include "ipc/unix_domain_socket_util.h"
 #include "mojo/edk/embedder/embedder.h"
 #include "mojo/edk/embedder/platform_channel_pair.h"
 #include "mojo/edk/embedder/platform_channel_utils_posix.h"
 #include "mojo/edk/embedder/platform_handle_vector.h"
 #include "mojo/edk/embedder/scoped_platform_handle.h"
 #include "mojo/public/cpp/bindings/binding.h"
 
 namespace arc {
 
 namespace {
 
 const base::FilePath::CharType kArcBridgeSocketPath[] =
     FILE_PATH_LITERAL("/var/run/chrome/arc_bridge.sock");
 
 const char kArcBridgeSocketGroup[] = "arc-bridge";
 
+const base::FilePath::CharType kDiskCheckPath[] = "/home";
+
+const int64_t kCriticalDiskFreeBytes = 64 << 20;  // 64MB
+
 // This is called when StopArcInstance D-Bus method completes. Since we have the
 // ArcInstanceStopped() callback and are notified if StartArcInstance fails, we
 // don't need to do anything when StopArcInstance completes.
 void DoNothingInstanceStopped(bool) {}
 
 chromeos::SessionManagerClient* GetSessionManagerClient() {
   // If the DBusThreadManager or the SessionManagerClient aren't available,
   // there isn't much we can do. This should only happen when running tests.
   if (!chromeos::DBusThreadManager::IsInitialized() ||
       !chromeos::DBusThreadManager::Get() ||
       !chromeos::DBusThreadManager::Get()->GetSessionManagerClient())
     return nullptr;
   return chromeos::DBusThreadManager::Get()->GetSessionManagerClient();
 }
 
 class ArcBridgeBootstrapImpl : public ArcBridgeBootstrap,
                                public chromeos::SessionManagerClient::Observer {
  public:
   // The possible states of the bootstrap connection.  In the normal flow,
   // the state changes in the following sequence:
   //
   // STOPPED
   //   Start() ->
+  // DISK_SPACE_CHECKING
+  //   CheckDiskSpace() -> OnDiskSpaceChecked() ->
   // SOCKET_CREATING
   //   CreateSocket() -> OnSocketCreated() ->
   // STARTING
   //   StartArcInstance() -> OnInstanceStarted() ->
   // STARTED
   //   AcceptInstanceConnection() -> OnInstanceConnected() ->
   // READY
   //
   // When Stop() or AbortBoot() is called from any state, either because an
   // operation resulted in an error or because the user is logging out:
   //
   // (any)
   //   Stop()/AbortBoot() ->
   // STOPPING
   //   StopInstance() ->
   // STOPPED
   //
   // When the instance crashes while it was ready, it will be stopped:
   //   READY -> STOPPING -> STOPPED
   // and then restarted:
-  //   STOPPED -> SOCKET_CREATING -> ... -> READY).
+  //   STOPPED -> DISK_SPACE_CHECKING -> ... -> READY).
   //
   // Note: Order of constants below matters. Please make sure to sort them
   // in chronological order.
   enum class State {
     // ARC is not currently running.
     STOPPED,
 
+    // Checking the disk space.
+    DISK_SPACE_CHECKING,
+
     // An UNIX socket is being created.
     SOCKET_CREATING,
 
     // The request to start the instance has been sent.
     STARTING,
 
     // The instance has started. Waiting for it to connect to the IPC bridge.
     STARTED,
 
     // The instance is fully connected.
     READY,
 
     // The request to shut down the instance has been sent.
     STOPPING,
   };
 
   ArcBridgeBootstrapImpl();
   ~ArcBridgeBootstrapImpl() override;
 
   // ArcBridgeBootstrap:
   void Start() override;
   void Stop() override;
 
  private:
   // Aborts ARC instance boot. This is called from various state-machine
   // functions when they encounter an error during boot.
   void AbortBoot(ArcBridgeService::StopReason reason);
 
+  // Checks the device disk space.
+  static int64_t CheckDiskSpace();

[hidehiko, 2016/07/15 14:47:25]

Optional: how about "GetFreeDiskSpace()"?
"Check" is sometimes used for a function like a validation function, but yours
looks a kind of getter?

An alternative is just using base::Bind

PostTaskAndReplyWithResult(
    ....
    base::Bind(AmountOfFreeDiskSpace, FilePath(kDiskCheckPath)),
    ...);

Up to you.

[Shuhei Takahashi, 2016/07/19 04:38:00]

Good point that we can just bind to AmountOfFreeDiskSpace! Changed accordingly.

+  void OnDiskSpaceChecked(int64_t disk_free_bytes);
+
   // Creates the UNIX socket on the bootstrap thread and then processes its
   // file descriptor.
   static base::ScopedFD CreateSocket();
   void OnSocketCreated(base::ScopedFD fd);
 
   // Synchronously accepts a connection on |socket_fd| and then processes the
   // connected socket's file descriptor.
   static base::ScopedFD AcceptInstanceConnection(base::ScopedFD socket_fd);
   void OnInstanceConnected(base::ScopedFD fd);
 
@@ skipping 39 matching lines @@
 }
 
 void ArcBridgeBootstrapImpl::Start() {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(delegate_);
   if (state_ != State::STOPPED) {
     VLOG(1) << "Start() called when instance is not stopped";
     return;
   }
   stop_reason_ = ArcBridgeService::StopReason::SHUTDOWN;
+  // TODO(crbug.com/628124): Move disk space checking logic to session_manager.
+  SetState(State::DISK_SPACE_CHECKING);
+  base::PostTaskAndReplyWithResult(
+      base::WorkerPool::GetTaskRunner(true).get(), FROM_HERE,
+      base::Bind(&ArcBridgeBootstrapImpl::CheckDiskSpace),
+      base::Bind(&ArcBridgeBootstrapImpl::OnDiskSpaceChecked,
+                 weak_factory_.GetWeakPtr()));
+}
+
+// static
+int64_t ArcBridgeBootstrapImpl::CheckDiskSpace() {
+  return base::SysInfo::AmountOfFreeDiskSpace(base::FilePath(kDiskCheckPath));
+}
+
+void ArcBridgeBootstrapImpl::OnDiskSpaceChecked(int64_t disk_free_bytes) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  if (state_ != State::DISK_SPACE_CHECKING) {
+    VLOG(1) << "Stop() called while checking disk space";
+    return;
+  }
+  if (disk_free_bytes < 0) {
+    LOG(ERROR) << "ARC: Failed to get free disk space";
+    AbortBoot(ArcBridgeService::StopReason::GENERIC_BOOT_FAILURE);
+    return;
+  } else if (disk_free_bytes < kCriticalDiskFreeBytes) {

[hidehiko, 2016/07/15 14:47:25]

  return;
}
if (...) {
  :
  return;
}

to standardize the style in this file?

[Shuhei Takahashi, 2016/07/19 04:38:00]

Done.

+    LOG(ERROR) << "ARC: The device is too low on disk space to start ARC";
+    AbortBoot(ArcBridgeService::StopReason::LOW_DISK_SPACE);
+    return;
+  }
   SetState(State::SOCKET_CREATING);
   base::PostTaskAndReplyWithResult(
       base::WorkerPool::GetTaskRunner(true).get(), FROM_HERE,
       base::Bind(&ArcBridgeBootstrapImpl::CreateSocket),
       base::Bind(&ArcBridgeBootstrapImpl::OnSocketCreated,
                  weak_factory_.GetWeakPtr()));
 }
 
 // static
 base::ScopedFD ArcBridgeBootstrapImpl::CreateSocket() {
@@ skipping 209 matching lines @@
 }
 
 }  // namespace
 
 // static
 std::unique_ptr<ArcBridgeBootstrap> ArcBridgeBootstrap::Create() {
   return base::WrapUnique(new ArcBridgeBootstrapImpl());
 }
 
 }  // namespace arc