/* GIO - GLib Input, Output and Streaming Library * * Copyright (C) 2006-2007 Red Hat, Inc. * Copyright (C) 2022-2024 Canonical, Ltd. * * SPDX-License-Identifier: LGPL-2.1-or-later * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General * Public License along with this library; if not, see . * * Author: Alexander Larsson * Author: Marco Trevisan */ #include "config.h" #include "glib.h" #include #include "glib-private.h" #include "gcancellable.h" #include "glibintl.h" /** * GCancellable: * * `GCancellable` allows operations to be cancelled. * * `GCancellable` is a thread-safe operation cancellation stack used * throughout GIO to allow for cancellation of synchronous and * asynchronous operations. */ enum { CANCELLED, LAST_SIGNAL }; struct _GCancellablePrivate { /* Atomic so that we don't require holding global mutexes for independent ops. */ gboolean cancelled; int cancelled_running; /* Access to fields below is protected by cancellable's mutex. */ GMutex mutex; guint fd_refcount; GWakeup *wakeup; }; static guint signals[LAST_SIGNAL] = { 0 }; G_DEFINE_TYPE_WITH_PRIVATE (GCancellable, g_cancellable, G_TYPE_OBJECT) static GPrivate current_cancellable; static GCond cancellable_cond; static void g_cancellable_finalize (GObject *object) { GCancellable *cancellable = G_CANCELLABLE (object); /* We're at finalization phase, so only one thread can be here. * Thus there's no need to lock. In case something is locking us, then we've * a bug, and g_mutex_clear() will make this clear aborting. */ if (cancellable->priv->wakeup) GLIB_PRIVATE_CALL (g_wakeup_free) (cancellable->priv->wakeup); g_mutex_clear (&cancellable->priv->mutex); G_OBJECT_CLASS (g_cancellable_parent_class)->finalize (object); } static void g_cancellable_class_init (GCancellableClass *klass) { GObjectClass *gobject_class = G_OBJECT_CLASS (klass); gobject_class->finalize = g_cancellable_finalize; /** * GCancellable::cancelled: * @cancellable: a #GCancellable. * * Emitted when the operation has been cancelled. * * Can be used by implementations of cancellable operations. If the * operation is cancelled from another thread, the signal will be * emitted in the thread that cancelled the operation, not the * thread that is running the operation. * * Note that disconnecting from this signal (or any signal) in a * multi-threaded program is prone to race conditions. For instance * it is possible that a signal handler may be invoked even after * a call to g_signal_handler_disconnect() for that handler has * already returned. * * There is also a problem when cancellation happens right before * connecting to the signal. If this happens the signal will * unexpectedly not be emitted, and checking before connecting to * the signal leaves a race condition where this is still happening. * * In order to make it safe and easy to connect handlers there * are two helper functions: g_cancellable_connect() and * g_cancellable_disconnect() which protect against problems * like this. * * An example of how to us this: * |[ * // Make sure we don't do unnecessary work if already cancelled * if (g_cancellable_set_error_if_cancelled (cancellable, error)) * return; * * // Set up all the data needed to be able to handle cancellation * // of the operation * my_data = my_data_new (...); * * id = 0; * if (cancellable) * id = g_cancellable_connect (cancellable, * G_CALLBACK (cancelled_handler) * data, NULL); * * // cancellable operation here... * * g_cancellable_disconnect (cancellable, id); * * // cancelled_handler is never called after this, it is now safe * // to free the data * my_data_free (my_data); * ]| * * Note that the cancelled signal is emitted in the thread that * the user cancelled from, which may be the main thread. So, the * cancellable signal should not do something that can block. */ signals[CANCELLED] = g_signal_new (I_("cancelled"), G_TYPE_FROM_CLASS (gobject_class), G_SIGNAL_RUN_LAST, G_STRUCT_OFFSET (GCancellableClass, cancelled), NULL, NULL, NULL, G_TYPE_NONE, 0); } static void g_cancellable_init (GCancellable *cancellable) { cancellable->priv = g_cancellable_get_instance_private (cancellable); g_mutex_init (&cancellable->priv->mutex); } /** * g_cancellable_new: * * Creates a new #GCancellable object. * * Applications that want to start one or more operations * that should be cancellable should create a #GCancellable * and pass it to the operations. * * One #GCancellable can be used in multiple consecutive * operations or in multiple concurrent operations. * * Returns: a #GCancellable. **/ GCancellable * g_cancellable_new (void) { return g_object_new (G_TYPE_CANCELLABLE, NULL); } /** * g_cancellable_push_current: * @cancellable: a #GCancellable object * * Pushes @cancellable onto the cancellable stack. The current * cancellable can then be received using g_cancellable_get_current(). * * This is useful when implementing cancellable operations in * code that does not allow you to pass down the cancellable object. * * This is typically called automatically by e.g. #GFile operations, * so you rarely have to call this yourself. **/ void g_cancellable_push_current (GCancellable *cancellable) { GSList *l; g_return_if_fail (cancellable != NULL); l = g_private_get (¤t_cancellable); l = g_slist_prepend (l, cancellable); g_private_set (¤t_cancellable, l); } /** * g_cancellable_pop_current: * @cancellable: a #GCancellable object * * Pops @cancellable off the cancellable stack (verifying that @cancellable * is on the top of the stack). **/ void g_cancellable_pop_current (GCancellable *cancellable) { GSList *l; l = g_private_get (¤t_cancellable); g_return_if_fail (l != NULL); g_return_if_fail (l->data == cancellable); l = g_slist_delete_link (l, l); g_private_set (¤t_cancellable, l); } /** * g_cancellable_get_current: * * Gets the top cancellable from the stack. * * Returns: (nullable) (transfer none): a #GCancellable from the top * of the stack, or %NULL if the stack is empty. **/ GCancellable * g_cancellable_get_current (void) { GSList *l; l = g_private_get (¤t_cancellable); if (l == NULL) return NULL; return G_CANCELLABLE (l->data); } /** * g_cancellable_reset: * @cancellable: a #GCancellable object. * * Resets @cancellable to its uncancelled state. * * If cancellable is currently in use by any cancellable operation * then the behavior of this function is undefined. * * Note that it is generally not a good idea to reuse an existing * cancellable for more operations after it has been cancelled once, * as this function might tempt you to do. The recommended practice * is to drop the reference to a cancellable after cancelling it, * and let it die with the outstanding async operations. You should * create a fresh cancellable for further async operations. **/ void g_cancellable_reset (GCancellable *cancellable) { GCancellablePrivate *priv; g_return_if_fail (G_IS_CANCELLABLE (cancellable)); priv = cancellable->priv; g_mutex_lock (&priv->mutex); if (g_atomic_int_compare_and_exchange (&priv->cancelled, TRUE, FALSE)) { if (priv->wakeup) GLIB_PRIVATE_CALL (g_wakeup_acknowledge) (priv->wakeup); } g_mutex_unlock (&priv->mutex); } /** * g_cancellable_is_cancelled: * @cancellable: (nullable): a #GCancellable or %NULL * * Checks if a cancellable job has been cancelled. * * Returns: %TRUE if @cancellable is cancelled, * FALSE if called with %NULL or if item is not cancelled. **/ gboolean g_cancellable_is_cancelled (GCancellable *cancellable) { return cancellable != NULL && g_atomic_int_get (&cancellable->priv->cancelled); } /** * g_cancellable_set_error_if_cancelled: * @cancellable: (nullable): a #GCancellable or %NULL * @error: #GError to append error state to * * If the @cancellable is cancelled, sets the error to notify * that the operation was cancelled. * * Returns: %TRUE if @cancellable was cancelled, %FALSE if it was not */ gboolean g_cancellable_set_error_if_cancelled (GCancellable *cancellable, GError **error) { if (g_cancellable_is_cancelled (cancellable)) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CANCELLED, _("Operation was cancelled")); return TRUE; } return FALSE; } /** * g_cancellable_get_fd: * @cancellable: a #GCancellable. * * Gets the file descriptor for a cancellable job. This can be used to * implement cancellable operations on Unix systems. The returned fd will * turn readable when @cancellable is cancelled. * * You are not supposed to read from the fd yourself, just check for * readable status. Reading to unset the readable status is done * with g_cancellable_reset(). * * After a successful return from this function, you should use * g_cancellable_release_fd() to free up resources allocated for * the returned file descriptor. * * See also g_cancellable_make_pollfd(). * * Returns: A valid file descriptor. `-1` if the file descriptor * is not supported, or on errors. **/ int g_cancellable_get_fd (GCancellable *cancellable) { GPollFD pollfd; #ifndef G_OS_WIN32 gboolean retval G_GNUC_UNUSED /* when compiling with G_DISABLE_ASSERT */; #endif if (cancellable == NULL) return -1; #ifdef G_OS_WIN32 pollfd.fd = -1; #else retval = g_cancellable_make_pollfd (cancellable, &pollfd); g_assert (retval); #endif return pollfd.fd; } /** * g_cancellable_make_pollfd: * @cancellable: (nullable): a #GCancellable or %NULL * @pollfd: a pointer to a #GPollFD * * Creates a #GPollFD corresponding to @cancellable; this can be passed * to g_poll() and used to poll for cancellation. This is useful both * for unix systems without a native poll and for portability to * windows. * * When this function returns %TRUE, you should use * g_cancellable_release_fd() to free up resources allocated for the * @pollfd. After a %FALSE return, do not call g_cancellable_release_fd(). * * If this function returns %FALSE, either no @cancellable was given or * resource limits prevent this function from allocating the necessary * structures for polling. (On Linux, you will likely have reached * the maximum number of file descriptors.) The suggested way to handle * these cases is to ignore the @cancellable. * * You are not supposed to read from the fd yourself, just check for * readable status. Reading to unset the readable status is done * with g_cancellable_reset(). * * Returns: %TRUE if @pollfd was successfully initialized, %FALSE on * failure to prepare the cancellable. * * Since: 2.22 **/ gboolean g_cancellable_make_pollfd (GCancellable *cancellable, GPollFD *pollfd) { GCancellablePrivate *priv; g_return_val_if_fail (pollfd != NULL, FALSE); if (cancellable == NULL) return FALSE; g_return_val_if_fail (G_IS_CANCELLABLE (cancellable), FALSE); priv = cancellable->priv; g_mutex_lock (&priv->mutex); if ((priv->fd_refcount++) == 0) { priv->wakeup = GLIB_PRIVATE_CALL (g_wakeup_new) (); if (g_atomic_int_get (&priv->cancelled)) GLIB_PRIVATE_CALL (g_wakeup_signal) (priv->wakeup); } g_assert (priv->wakeup); GLIB_PRIVATE_CALL (g_wakeup_get_pollfd) (priv->wakeup, pollfd); g_mutex_unlock (&priv->mutex); return TRUE; } /** * g_cancellable_release_fd: * @cancellable: a #GCancellable * * Releases a resources previously allocated by g_cancellable_get_fd() * or g_cancellable_make_pollfd(). * * For compatibility reasons with older releases, calling this function * is not strictly required, the resources will be automatically freed * when the @cancellable is finalized. However, the @cancellable will * block scarce file descriptors until it is finalized if this function * is not called. This can cause the application to run out of file * descriptors when many #GCancellables are used at the same time. * * Since: 2.22 **/ void g_cancellable_release_fd (GCancellable *cancellable) { if (cancellable == NULL) return; g_return_if_fail (G_IS_CANCELLABLE (cancellable)); g_mutex_lock (&cancellable->priv->mutex); g_assert (cancellable->priv->fd_refcount > 0); if ((cancellable->priv->fd_refcount--) == 1) { GLIB_PRIVATE_CALL (g_wakeup_free) (cancellable->priv->wakeup); cancellable->priv->wakeup = NULL; } g_mutex_unlock (&cancellable->priv->mutex); } /** * g_cancellable_cancel: * @cancellable: (nullable): a #GCancellable object. * * Will set @cancellable to cancelled, and will emit the * #GCancellable::cancelled signal. (However, see the warning about * race conditions in the documentation for that signal if you are * planning to connect to it.) * * This function is thread-safe. In other words, you can safely call * it from a thread other than the one running the operation that was * passed the @cancellable. * * If @cancellable is %NULL, this function returns immediately for convenience. * * The convention within GIO is that cancelling an asynchronous * operation causes it to complete asynchronously. That is, if you * cancel the operation from the same thread in which it is running, * then the operation's #GAsyncReadyCallback will not be invoked until * the application returns to the main loop. **/ void g_cancellable_cancel (GCancellable *cancellable) { GCancellablePrivate *priv; if (cancellable == NULL || g_atomic_int_get (&cancellable->priv->cancelled)) return; priv = cancellable->priv; /* We add a reference before locking, to avoid that potential toggle * notifications on the object might happen while we're locked. */ g_object_ref (cancellable); g_mutex_lock (&priv->mutex); if (!g_atomic_int_compare_and_exchange (&priv->cancelled, FALSE, TRUE)) { g_mutex_unlock (&priv->mutex); g_object_unref (cancellable); return; } g_atomic_int_inc (&priv->cancelled_running); if (priv->wakeup) GLIB_PRIVATE_CALL (g_wakeup_signal) (priv->wakeup); g_signal_emit (cancellable, signals[CANCELLED], 0); if (g_atomic_int_dec_and_test (&priv->cancelled_running)) g_cond_broadcast (&cancellable_cond); g_mutex_unlock (&priv->mutex); g_object_unref (cancellable); } /** * g_cancellable_connect: * @cancellable: A #GCancellable. * @callback: The #GCallback to connect. * @data: Data to pass to @callback. * @data_destroy_func: (nullable): Free function for @data or %NULL. * * Convenience function to connect to the #GCancellable::cancelled * signal. Also handles the race condition that may happen * if the cancellable is cancelled right before connecting. * * @callback is called exactly once each time @cancellable is cancelled, * either directly at the time of the connect if @cancellable is already * cancelled, or when @cancellable is cancelled in some thread. * In case the cancellable is reset via [method@Gio.Cancellable.reset] * then the callback can be called again if the @cancellable is cancelled. * * @data_destroy_func will be called when the handler is * disconnected, or immediately if the cancellable is already * cancelled. * * See #GCancellable::cancelled for details on how to use this. * * Since GLib 2.40, the lock protecting @cancellable is not held when * @callback is invoked. This lifts a restriction in place for * earlier GLib versions which now makes it easier to write cleanup * code that unconditionally invokes e.g. g_cancellable_cancel(). * * Returns: The id of the signal handler or 0 if @cancellable has already * been cancelled. * * Since: 2.22 */ gulong g_cancellable_connect (GCancellable *cancellable, GCallback callback, gpointer data, GDestroyNotify data_destroy_func) { gulong id; g_return_val_if_fail (G_IS_CANCELLABLE (cancellable), 0); g_mutex_lock (&cancellable->priv->mutex); if (g_atomic_int_get (&cancellable->priv->cancelled)) { void (*_callback) (GCancellable *cancellable, gpointer user_data); _callback = (void *)callback; id = 0; _callback (cancellable, data); if (data_destroy_func) data_destroy_func (data); } else { id = g_signal_connect_data (cancellable, "cancelled", callback, data, (GClosureNotify) data_destroy_func, G_CONNECT_DEFAULT); } g_mutex_unlock (&cancellable->priv->mutex); return id; } /** * g_cancellable_disconnect: * @cancellable: (nullable): A #GCancellable or %NULL. * @handler_id: Handler id of the handler to be disconnected, or `0`. * * Disconnects a handler from a cancellable instance similar to * g_signal_handler_disconnect(). Additionally, in the event that a * signal handler is currently running, this call will block until the * handler has finished. Calling this function from a * #GCancellable::cancelled signal handler will therefore result in a * deadlock. * * This avoids a race condition where a thread cancels at the * same time as the cancellable operation is finished and the * signal handler is removed. See #GCancellable::cancelled for * details on how to use this. * * If @cancellable is %NULL or @handler_id is `0` this function does * nothing. * * Since: 2.22 */ void g_cancellable_disconnect (GCancellable *cancellable, gulong handler_id) { GCancellablePrivate *priv; if (handler_id == 0 || cancellable == NULL) return; priv = cancellable->priv; g_mutex_lock (&priv->mutex); while (g_atomic_int_get (&priv->cancelled_running) != 0) g_cond_wait (&cancellable_cond, &priv->mutex); g_mutex_unlock (&priv->mutex); g_signal_handler_disconnect (cancellable, handler_id); } typedef struct { GSource source; /* Atomic: */ GCancellable *cancellable; gulong cancelled_handler; /* Atomic: */ gboolean cancelled_callback_called; } GCancellableSource; /* * The reference count of the GSource might be 0 at this point but it is not * finalized yet and its dispose function did not run yet, or otherwise we * would have disconnected the signal handler already and due to the signal * emission lock it would be impossible to call the signal handler at that * point. That is: at this point we either have a fully valid GSource, or * it's not disposed or finalized yet and we can still resurrect it as needed. * * As such we first ensure that we have a strong reference to the GSource in * here before calling any other GSource API. */ static void cancellable_source_cancelled (GCancellable *cancellable, gpointer user_data) { GSource *source = user_data; GCancellableSource *cancellable_source = (GCancellableSource *) source; gboolean callback_was_not_called G_GNUC_UNUSED; g_source_ref (source); g_source_set_ready_time (source, 0); callback_was_not_called = g_atomic_int_compare_and_exchange ( &cancellable_source->cancelled_callback_called, FALSE, TRUE); g_assert (callback_was_not_called); g_source_unref (source); } static gboolean cancellable_source_prepare (GSource *source, gint *timeout) { GCancellableSource *cancellable_source = (GCancellableSource *) source; GCancellable *cancellable; if (timeout) *timeout = -1; cancellable = g_atomic_pointer_get (&cancellable_source->cancellable); if (cancellable && !g_atomic_int_get (&cancellable->priv->cancelled_running)) g_atomic_int_set (&cancellable_source->cancelled_callback_called, FALSE); return FALSE; } static gboolean cancellable_source_dispatch (GSource *source, GSourceFunc callback, gpointer user_data) { GCancellableSourceFunc func = (GCancellableSourceFunc)callback; GCancellableSource *cancellable_source = (GCancellableSource *)source; g_source_set_ready_time (source, -1); return (*func) (cancellable_source->cancellable, user_data); } static void cancellable_source_dispose (GSource *source) { GCancellableSource *cancellable_source = (GCancellableSource *)source; GCancellable *cancellable; cancellable = g_atomic_pointer_exchange (&cancellable_source->cancellable, NULL); if (cancellable) { if (g_atomic_int_get (&cancellable->priv->cancelled_running)) { /* There can be a race here: if thread A has called * g_cancellable_cancel() and has got as far as committing to call * cancellable_source_cancelled(), then thread B drops the final * ref on the GCancellableSource before g_source_ref() is called in * cancellable_source_cancelled(), then cancellable_source_dispose() * will run through and the GCancellableSource will be finalised * before cancellable_source_cancelled() gets to g_source_ref(). It * will then be left in a state where it’s committed to using a * dangling GCancellableSource pointer. * * Eliminate that race by waiting to ensure that our cancelled * callback has been called, keeping a temporary ref, so that * there's no risk that we're unreffing something that is still * going to be used. */ g_source_ref (source); while (!g_atomic_int_get (&cancellable_source->cancelled_callback_called)) ; g_source_unref (source); } g_clear_signal_handler (&cancellable_source->cancelled_handler, cancellable); g_object_unref (cancellable); } } static gboolean cancellable_source_closure_callback (GCancellable *cancellable, gpointer data) { GClosure *closure = data; GValue params = G_VALUE_INIT; GValue result_value = G_VALUE_INIT; gboolean result; g_value_init (&result_value, G_TYPE_BOOLEAN); g_value_init (¶ms, G_TYPE_CANCELLABLE); g_value_set_object (¶ms, cancellable); g_closure_invoke (closure, &result_value, 1, ¶ms, NULL); result = g_value_get_boolean (&result_value); g_value_unset (&result_value); g_value_unset (¶ms); return result; } static GSourceFuncs cancellable_source_funcs = { cancellable_source_prepare, NULL, cancellable_source_dispatch, NULL, (GSourceFunc)cancellable_source_closure_callback, NULL, }; /** * g_cancellable_source_new: * @cancellable: (nullable): a #GCancellable, or %NULL * * Creates a source that triggers if @cancellable is cancelled and * calls its callback of type #GCancellableSourceFunc. This is * primarily useful for attaching to another (non-cancellable) source * with g_source_add_child_source() to add cancellability to it. * * For convenience, you can call this with a %NULL #GCancellable, * in which case the source will never trigger. * * The new #GSource will hold a reference to the #GCancellable. * * Returns: (transfer full): the new #GSource. * * Since: 2.28 */ GSource * g_cancellable_source_new (GCancellable *cancellable) { GSource *source; GCancellableSource *cancellable_source; source = g_source_new (&cancellable_source_funcs, sizeof (GCancellableSource)); g_source_set_static_name (source, "GCancellable"); g_source_set_dispose_function (source, cancellable_source_dispose); cancellable_source = (GCancellableSource *)source; if (cancellable) { cancellable_source->cancellable = g_object_ref (cancellable); /* We intentionally don't use g_cancellable_connect() here, * because we don't want the "at most once" behavior. */ cancellable_source->cancelled_handler = g_signal_connect (cancellable, "cancelled", G_CALLBACK (cancellable_source_cancelled), source); if (g_cancellable_is_cancelled (cancellable)) g_source_set_ready_time (source, 0); } return source; }