remove_dir_all 0.7.0

A safe, reliable implementation of remove_dir_all for Windows
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

use std::{
    fs::{self, OpenOptions},
    io,
    mem::size_of,
    os::windows::prelude::*,
    path::{Path, PathBuf},
};

use rayon::prelude::*;
use winapi::shared::minwindef::*;
use winapi::um::fileapi::*;
use winapi::um::minwinbase::*;
use winapi::um::winbase::*;
use winapi::um::winnt::*;

/// Reliably removes a directory and all of its children.
///
/// ```rust
/// use std::fs;
/// use remove_dir_all::*;
///
/// fs::create_dir("./temp/").unwrap();
/// remove_dir_all("./temp/").unwrap();
/// ```
pub fn remove_dir_all<P: AsRef<Path>>(path: P) -> io::Result<()> {
    // On Windows it is not enough to just recursively remove the contents of a
    // directory and then the directory itself. Deleting does not happen
    // instantaneously, but is delayed by IO being completed in the fs stack.
    //
    // Further, typical Windows machines can handle many more concurrent IOs
    // than a single threaded application is capable of submitting: the
    // overlapped (async) calls available do not cover the operations needed to
    // perform directory removal.
    //
    // To work around this, we use a work stealing scheduler and submit
    // deletions concurrently with directory scanning, and delete sibling
    // directories in parallel. This allows the slight latency of
    // STATUS_DELETE_PENDING to only have logarithmic effect: a very deep tree
    // will pay wall clock time for that overhead per level as the tree traverse
    // completes, but not for every interior not as a simple recursive deletion
    // would result in.
    //
    // Earlier versions of this crate moved the contents of the directory being
    // deleted to become siblings of `base_dir`, which required write access to
    // the parent directory under all circumstances; this is no longer required
    // - though it may be re-instated if in-use files turn out to be handled
    //   very poorly with this new threaded implementation.
    //
    // There is a single small race condition where external side effects may be
    // left: when deleting a hard linked readonly file, the syscalls required
    // are:
    // - open
    // - set rw
    // - unlink (SetFileDispositionDelete)
    // - set ro
    //
    // A crash or power failure could lead to the loss of the readonly bit on
    // the hardlinked inode.
    //
    // To handle files with names like `CON` and `morse .. .`,  and when a
    // directory structure is so deep it needs long path names the path is first
    // converted to the Win32 file namespace by calling `canonicalize()`.

    let path = _remove_dir_contents(path)?;
    let metadata = path.metadata()?;
    if metadata.permissions().readonly() {
        delete_readonly(metadata, &path)?;
    } else {
        log::trace!("removing {}", &path.display());
        fs::remove_dir(&path).map_err(|e| {
            log::debug!("error removing {}", &path.display());
            e
        })?;
        log::trace!("removed {}", &path.display());
    }
    Ok(())
}

/// Returns the canonicalised path, for one of caller's convenience.
pub fn _remove_dir_contents<P: AsRef<Path>>(path: P) -> io::Result<PathBuf> {
    let path = path.as_ref().canonicalize()?;
    _delete_dir_contents(&path)?;
    Ok(path)
}

fn _delete_dir_contents(path: &PathBuf) -> io::Result<()> {
    log::trace!("scanning {}", &path.display());
    let iter = path.read_dir()?.par_bridge();
    iter.try_for_each(|dir_entry| -> io::Result<()> {
        let dir_entry = dir_entry?;
        let metadata = dir_entry.metadata()?;
        let is_dir = dir_entry.file_type()?.is_dir();
        let dir_path = dir_entry.path();
        if is_dir {
            _delete_dir_contents(&dir_path)?;
        }
        log::trace!("removing {}", &dir_path.display());
        if metadata.permissions().readonly() {
            delete_readonly(metadata, &dir_path).map_err(|e| {
                log::debug!("error removing {}", &dir_path.display());
                e
            })?;
        } else if is_dir {
            fs::remove_dir(&dir_path).map_err(|e| {
                log::debug!("error removing {}", &dir_path.display());
                e
            })?;
        } else {
            fs::remove_file(&dir_path).map_err(|e| {
                log::debug!("error removing {}", &dir_path.display());
                e
            })?;
        }
        log::trace!("removed {}", &dir_path.display());
        Ok(())
    })?;
    log::trace!("scanned {}", &path.display());
    Ok(())
}

// Delete a file or directory that is readonly
fn delete_readonly(metadata: fs::Metadata, path: &Path) -> io::Result<()> {
    // Open, drop the readonly bit, set delete-on-close, close.
    let mut opts = OpenOptions::new();
    opts.access_mode(DELETE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES);
    opts.custom_flags(FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT);

    let file = opts.open(path)?;
    let mut perms = metadata.permissions();
    perms.set_readonly(false);
    file.set_permissions(perms)?;

    let mut info = FILE_DISPOSITION_INFO {
        DeleteFile: TRUE as u8,
    };
    let result = unsafe {
        SetFileInformationByHandle(
            file.as_raw_handle(),
            FileDispositionInfo,
            &mut info as *mut FILE_DISPOSITION_INFO as LPVOID,
            size_of::<FILE_DISPOSITION_INFO>() as u32,
        )
    };

    if result == 0 {
        return Err(io::Error::last_os_error());
    }

    file.set_permissions(metadata.permissions())?;
    drop(file);
    Ok(())
}