[tor-commits] [tor/master] Add a failsafe to kill tor if the new exit code doesn't work.
nickm at torproject.org
nickm at torproject.org
Fri Oct 27 15:15:56 UTC 2017
commit c82cc8acb5aa43b3d96490d927dcc622f2c825e3
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Oct 20 10:22:04 2017 -0400
Add a failsafe to kill tor if the new exit code doesn't work.
It _should_ work, and I don't see a reason that it wouldn't, but
just in case, add a 10 second timer to make tor die with an
assertion failure if it's supposed to exit but it doesn't.
---
src/or/main.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/or/main.c b/src/or/main.c
index 6af61d513..c3822dd94 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -656,6 +656,22 @@ tell_event_loop_to_run_external_code(void)
}
}
+/** Failsafe measure that should never actually be necessary: If
+ * tor_shutdown_event_loop_and_exit() somehow doesn't successfully exit the
+ * event loop, then this callback will kill Tor with an assertion failure
+ * seconds later
+ */
+static void
+shutdown_did_not_work_callback(evutil_socket_t fd, short event, void *arg)
+{
+ // LCOV_EXCL_START
+ (void) fd;
+ (void) event;
+ (void) arg;
+ tor_assert_unreached();
+ // LCOV_EXCL_STOP
+}
+
/**
* After finishing the current callback (if any), shut down the main loop,
* clean up the process, and exit with <b>exitcode</b>.
@@ -669,6 +685,13 @@ tor_shutdown_event_loop_and_exit(int exitcode)
main_loop_should_exit = 1;
main_loop_exit_value = exitcode;
+ /* Die with an assertion failure in ten seconds, if for some reason we don't
+ * exit normally. */
+ struct timeval ten_seconds = { 10, 0 };
+ event_base_once(tor_libevent_get_base(), -1, EV_TIMEOUT,
+ shutdown_did_not_work_callback, NULL,
+ &ten_seconds);
+
/* Unlike loopexit, loopbreak prevents other callbacks from running. */
tor_event_base_loopbreak(tor_libevent_get_base());
}
More information about the tor-commits
mailing list