async exception safety

Masking ensures that EndStderrHandler gets written, so the helper
threads shut down.

However, nothing currently guarantees that calls to closeP2PSshConnection
are async exception safe, so made a note about it.

At this point, I've audited all calls to async, and made them all async
exception safe, except for ones in the assistant, and a few in leaf
commands (remotedaemon, enable-tor, multicast, p2p) which don't need to
be.
This commit is contained in:
Joey Hess 2020-06-05 14:56:41 -04:00
parent a477f7253c
commit dca19099a9
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 11 additions and 8 deletions

View file

@ -198,11 +198,13 @@ data StderrHandlerState = DiscardStderr | DisplayStderr | EndStderrHandler
closeP2PSshConnection :: P2PSshConnection -> IO (P2PSshConnection, Maybe ExitCode)
closeP2PSshConnection P2P.ClosedConnection = return (P2P.ClosedConnection, Nothing)
closeP2PSshConnection (P2P.OpenConnection (_st, conn, pid, stderrhandlerst)) = do
P2P.closeConnection conn
atomically $ writeTVar stderrhandlerst EndStderrHandler
exitcode <- waitForProcess pid
return (P2P.ClosedConnection, Just exitcode)
closeP2PSshConnection (P2P.OpenConnection (_st, conn, pid, stderrhandlerst)) =
-- mask async exceptions, avoid cleanup being interrupted
mask $ const $ do
P2P.closeConnection conn
atomically $ writeTVar stderrhandlerst EndStderrHandler
exitcode <- waitForProcess pid
return (P2P.ClosedConnection, Just exitcode)
-- Pool of connections over ssh to git-annex-shell p2pstdio.
type P2PSshConnectionPool = TVar (Maybe P2PSshConnectionPoolState)

View file

@ -4,9 +4,10 @@
date="2020-06-04T19:39:23Z"
content="""
I've converted everything to withCreateProcess, except for process pools
(P2P.IO, Assistant.TransferrerPool, Utility.CoProcess, and Remote.External),
which need to be handled as discussed in comment 8. And also
Git.Command.pipeReadLazy may (or may not) need to be converted.
(P2P.IO, Assistant.TransferrerPool, Utility.CoProcess, Remote.External,
and P2PSshConnectionPool), which need to be handled as discussed in
comment 8. And also Git.Command.pipeReadLazy may (or may not) need to be
converted.
During this conversion, I did not watch out for interactive processes that
might block on a password, so any timeout would also affect them. Really,