Call rcu_barrier earlier in the destructor

If a call_rcu thread is running, there is a possible race condition
where the destructors run before all call_rcu callbacks have finished
running. This can happen, for example, if the call_rcu callback tries to
log something after the logging context has been torn down.

In !10394, we tried to counter this by explicitely creating a call_rcu
thread an shutting it down before running the destructors, but it is
possible for things to "slip" and end up on the default call_rcu thread.

As a quickfix, this commit moves an rcu_barrier() that was in the mem
context destructor earlier, so that it "protects" all libisc
destructors.

diff --git a/lib/isc/lib.c b/lib/isc/lib.c
index bdff8efd3582e4656c71af192f9a5af7e577e879..c0f9d30dba4d19080aeb62313771744c184859dd 100644 (file)
--- a/lib/isc/lib.c
+++ b/lib/isc/lib.c
@@ -67,6 +67,9 @@ isc__lib_shutdown(void) {
                return;
        }
 
+       rcu_barrier();
+       rcu_unregister_thread();
+
        isc__iterated_hash_shutdown();
        isc__xml_shutdown();
        isc__uv_shutdown();
@@ -75,6 +78,4 @@ isc__lib_shutdown(void) {
        isc__mem_shutdown();
        isc__mutex_shutdown();
        isc__os_shutdown();
-       /* should be after isc__mem_shutdown() which calls rcu_barrier() */
-       rcu_unregister_thread();
 }

diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index c1b0ab7331c878f947d4d37a674ad876374cf5a5..ff34485ae0e527cfc3b994f779b0b03fc0eb0562 100644 (file)
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -434,10 +434,9 @@ isc__mem_initialize(void) {
 
 void
 isc__mem_shutdown(void) {
+       /* should be called after an rcu_barrier() */
        bool empty;
 
-       rcu_barrier();
-
        isc__mem_checkdestroyed();
 
        LOCK(&contextslock);