From 35746a9ee75608e7b2393e4519adca602bf2615f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 19 Oct 2017 13:42:28 -0400
Subject: Comment-only change: annotate exit() calls.

Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
---
 src/common/aes.c               |  2 +-
 src/common/compat_libevent.c   |  2 +-
 src/common/compat_time.c       |  4 ++--
 src/common/compat_winthreads.c |  2 +-
 src/common/sandbox.c           |  2 +-
 src/common/util.c              | 24 ++++++++++++------------
 6 files changed, 18 insertions(+), 18 deletions(-)

(limited to 'src/common')

diff --git a/src/common/aes.c b/src/common/aes.c
index 20b51a6758..df4368fdba 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -254,7 +254,7 @@ evaluate_ctr_for_aes(void)
     /* LCOV_EXCL_START */
     log_err(LD_CRYPTO, "This OpenSSL has a buggy version of counter mode; "
                   "quitting tor.");
-    exit(1);
+    exit(1); // exit ok: openssl is broken.
     /* LCOV_EXCL_STOP */
   }
   return 0;
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 740cc2a11d..1c3a1b9f37 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -126,7 +126,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
   if (!the_event_base) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL, "Unable to initialize Libevent: cannot continue.");
-    exit(1);
+    exit(1); // exit ok: libevent is broken.
     /* LCOV_EXCL_STOP */
   }
 
diff --git a/src/common/compat_time.c b/src/common/compat_time.c
index 1ce6f5ce4e..7fd4281ade 100644
--- a/src/common/compat_time.c
+++ b/src/common/compat_time.c
@@ -90,7 +90,7 @@ tor_gettimeofday(struct timeval *timeval)
   if (ft.ft_64 < EPOCH_BIAS) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL,"System time is before 1970; failing.");
-    exit(1);
+    exit(1); // exit ok: system clock is broken.
     /* LCOV_EXCL_STOP */
   }
   ft.ft_64 -= EPOCH_BIAS;
@@ -102,7 +102,7 @@ tor_gettimeofday(struct timeval *timeval)
     log_err(LD_GENERAL,"gettimeofday failed.");
     /* If gettimeofday dies, we have either given a bad timezone (we didn't),
        or segfaulted.*/
-    exit(1);
+    exit(1); // exit ok: gettimeofday failed.
     /* LCOV_EXCL_STOP */
   }
 #elif defined(HAVE_FTIME)
diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c
index 122e0f0166..5f7ec94c23 100644
--- a/src/common/compat_winthreads.c
+++ b/src/common/compat_winthreads.c
@@ -52,7 +52,7 @@ spawn_exit(void)
   //we should never get here. my compiler thinks that _endthread returns, this
   //is an attempt to fool it.
   tor_assert(0);
-  _exit(0);
+  _exit(0); // exit ok: unreachable.
   // LCOV_EXCL_STOP
 }
 
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7a4e3ece38..931837e767 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1756,7 +1756,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
 #endif
 
 #if defined(DEBUGGING_CLOSE)
-  _exit(1);
+  _exit(1); // exit ok: programming error has led to sandbox failure.
 #endif // DEBUGGING_CLOSE
 }
 
diff --git a/src/common/util.c b/src/common/util.c
index 5ff7e104d6..7dc5e8144d 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -156,7 +156,7 @@ tor_malloc_(size_t size DMALLOC_PARAMS)
     /* If these functions die within a worker process, they won't call
      * spawn_exit, but that's ok, since the parent will run out of memory soon
      * anyway. */
-    exit(1);
+    exit(1); // exit ok: alloc failed.
     /* LCOV_EXCL_STOP */
   }
   return result;
@@ -244,7 +244,7 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS)
   if (PREDICT_UNLIKELY(result == NULL)) {
     /* LCOV_EXCL_START */
     log_err(LD_MM,"Out of memory on realloc(). Dying.");
-    exit(1);
+    exit(1); // exit ok: alloc failed.
     /* LCOV_EXCL_STOP */
   }
   return result;
@@ -282,7 +282,7 @@ tor_strdup_(const char *s DMALLOC_PARAMS)
   if (PREDICT_UNLIKELY(duplicate == NULL)) {
     /* LCOV_EXCL_START */
     log_err(LD_MM,"Out of memory on strdup(). Dying.");
-    exit(1);
+    exit(1); // exit ok: alloc failed.
     /* LCOV_EXCL_STOP */
   }
   return duplicate;
@@ -3590,14 +3590,14 @@ start_daemon(void)
   if (pipe(daemon_filedes)) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL,"pipe failed; exiting. Error was %s", strerror(errno));
-    exit(1);
+    exit(1); // exit ok: during daemonize, pipe failed.
     /* LCOV_EXCL_STOP */
   }
   pid = fork();
   if (pid < 0) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL,"fork failed. Exiting.");
-    exit(1);
+    exit(1); // exit ok: during daemonize, fork failed
     /* LCOV_EXCL_STOP */
   }
   if (pid) {  /* Parent */
@@ -3612,9 +3612,9 @@ start_daemon(void)
     }
     fflush(stdout);
     if (ok == 1)
-      exit(0);
+      exit(0); // exit ok: during daemonize, daemonizing.
     else
-      exit(1); /* child reported error */
+      exit(1); /* child reported error. exit ok: daemonize failed. */
   } else { /* Child */
     close(daemon_filedes[0]); /* we only write */
 
@@ -3626,7 +3626,7 @@ start_daemon(void)
      * _Advanced Programming in the Unix Environment_.
      */
     if (fork() != 0) {
-      exit(0);
+      exit(0); // exit ok: during daemonize, fork failed (2)
     }
     set_main_thread(); /* We are now the main thread. */
 
@@ -3655,14 +3655,14 @@ finish_daemon(const char *desired_cwd)
    /* Don't hold the wrong FS mounted */
   if (chdir(desired_cwd) < 0) {
     log_err(LD_GENERAL,"chdir to \"%s\" failed. Exiting.",desired_cwd);
-    exit(1);
+    exit(1); // exit ok: during daemonize, chdir failed.
   }
 
   nullfd = tor_open_cloexec("/dev/null", O_RDWR, 0);
   if (nullfd < 0) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL,"/dev/null can't be opened. Exiting.");
-    exit(1);
+    exit(1); // exit ok: during daemonize, couldn't open /dev/null
     /* LCOV_EXCL_STOP */
   }
   /* close fds linking to invoking terminal, but
@@ -3674,7 +3674,7 @@ finish_daemon(const char *desired_cwd)
       dup2(nullfd,2) < 0) {
     /* LCOV_EXCL_START */
     log_err(LD_GENERAL,"dup2 failed. Exiting.");
-    exit(1);
+    exit(1); // exit ok: during daemonize, dup2 failed.
     /* LCOV_EXCL_STOP */
   }
   if (nullfd > 2)
@@ -4474,7 +4474,7 @@ tor_spawn_background(const char *const filename, const char **argv,
         err += (nbytes < 0);
       }
 
-      _exit(err?254:255);
+      _exit(err?254:255); // exit ok: in child.
     }
 
     /* Never reached, but avoids compiler warning */
-- 
cgit v1.2.3-54-g00ecf