commit c82cc8acb5aa43b3d96490d927dcc622f2c825e3 Author: Nick Mathewson nickm@torproject.org Date: Fri Oct 20 10:22:04 2017 -0400
Add a failsafe to kill tor if the new exit code doesn't work.
It _should_ work, and I don't see a reason that it wouldn't, but just in case, add a 10 second timer to make tor die with an assertion failure if it's supposed to exit but it doesn't. --- src/or/main.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+)
diff --git a/src/or/main.c b/src/or/main.c index 6af61d513..c3822dd94 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -656,6 +656,22 @@ tell_event_loop_to_run_external_code(void) } }
+/** Failsafe measure that should never actually be necessary: If + * tor_shutdown_event_loop_and_exit() somehow doesn't successfully exit the + * event loop, then this callback will kill Tor with an assertion failure + * seconds later + */ +static void +shutdown_did_not_work_callback(evutil_socket_t fd, short event, void *arg) +{ + // LCOV_EXCL_START + (void) fd; + (void) event; + (void) arg; + tor_assert_unreached(); + // LCOV_EXCL_STOP +} + /** * After finishing the current callback (if any), shut down the main loop, * clean up the process, and exit with <b>exitcode</b>. @@ -669,6 +685,13 @@ tor_shutdown_event_loop_and_exit(int exitcode) main_loop_should_exit = 1; main_loop_exit_value = exitcode;
+ /* Die with an assertion failure in ten seconds, if for some reason we don't + * exit normally. */ + struct timeval ten_seconds = { 10, 0 }; + event_base_once(tor_libevent_get_base(), -1, EV_TIMEOUT, + shutdown_did_not_work_callback, NULL, + &ten_seconds); + /* Unlike loopexit, loopbreak prevents other callbacks from running. */ tor_event_base_loopbreak(tor_libevent_get_base()); }