Wait for RCU to finish before destroying a memory context

Memory reclamation by `call_rcu()` is asynchronous, so during shutdown
it can lose a race with the destruction of its memory context. When we
defer memory reclamation, we need to attach to the memory context to
indicate that it is still in use, but that is not enough to delay its
destruction. So, call `rcu_barrier()` in `isc_mem_destroy()` to wait
for pending RCU work to finish before proceeding to destroy the memory
context.

diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index 0b2a31724469225e17909466ff7c732f67dd7e87..31052364781ad1f43f1d027b11997d058257de9e 100644 (file)
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -32,6 +32,7 @@
 #include <isc/strerr.h>
 #include <isc/string.h>
 #include <isc/types.h>
+#include <isc/urcu.h>
 #include <isc/util.h>
 
 #ifdef HAVE_LIBXML2
@@ -578,6 +579,12 @@ isc__mem_destroy(isc_mem_t **ctxp FLARG) {
        ctx = *ctxp;
        *ctxp = NULL;
 
+       /*
+        * wait for asynchronous memory reclamation to complete
+        * before checking for memory leaks
+        */
+       rcu_barrier();
+
 #if ISC_MEM_TRACKLINES
        if ((ctx->debugging & ISC_MEM_DEBUGTRACE) != 0) {
                fprintf(stderr, "destroy mctx %p file %s line %u\n", ctx, file,