Defer control channel message invalidation
The conn_shutdown() function is called whenever a control channel connection is supposed to be closed, e.g. after a response to the client is sent or when named is being shut down. That function calls isccc_ccmsg_invalidate(), which resets the magic number in the structure holding the messages exchanged over a given control channel connection (isccc_ccmsg_t). The expectation here is that all operations related to the given control channel connection will have been completed by the time the connection needs to be shut down.
However, if named shutdown is initiated while a control channel message is still in flight, some netmgr callbacks might still be pending when conn_shutdown() is called and isccc_ccmsg_t invalidated. This causes the REQUIRE assertion checking the magic number in ccmsg_senddone() to fail when the latter function is eventually called, resulting in a crash.
Fix by splitting up isccc_ccmsg_invalidate() into two separate functions:
- isccc_ccmsg_disconnect(), which initiates TCP connection shutdown,
- isccc_ccmsg_invalidate(), which cleans up magic number and buffer,
and then:
-
replacing all existing uses of isccc_ccmsg_invalidate() with calls to isccc_ccmsg_disconnect(),
-
only calling isccc_ccmsg_invalidate() when all netmgr callbacks are guaranteed to have been run.
Adjust function comments accordingly.
Closes #4501 (closed)
See !8608 (closed) for prior discussion