Fix shutdown ordering in DeviceController. #7430
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pullapprove
bot
requested review from
andy31415,
chrisdecenzo,
Damian-Nordic,
hawk248,
jepenven-silabs,
msandstedt and
woody-apple
woody-apple
approved these changes
Jun 7, 2021
pan-apple
approved these changes
Jun 7, 2021
msandstedt
approved these changes
Jun 7, 2021
bzbarsky-apple
added a commit
to bzbarsky-apple/connectedhomeip
that referenced
this pull request
Jun 7, 2021
This change depends on project-chip#7428 and project-chip#7430 which fix the problems properly. Fixes project-chip#7408 Fixes project-chip#7409 Fixes project-chip#7410
saurabhst
approved these changes
Jun 7, 2021
yunhanw-google
approved these changes
Jun 7, 2021
andy31415
approved these changes
Jun 8, 2021
Before this fix we would tear down some things (importantly the secure session manager) before starting shutdown of the network layer. This would lead to a window of time during which we can still receive messages while in a partially torn down state, which would leave to crashes. Moving network layer shutdown, and in particular platform manager shutdown, to be first in the shutdown sequence ensures this can't happen by shutting down the message processing thread before we tear down any other state. Fixes project-chip#7297
bzbarsky-apple
force-pushed
the
fix-controller-shutdown
branch
from
3f0b66e to
0d2df68
Compare
bzbarsky-apple
added a commit
to bzbarsky-apple/connectedhomeip
that referenced
this pull request
Jun 8, 2021
This change depends on project-chip#7428 and project-chip#7430 which fix the problems properly. Fixes project-chip#7408 Fixes project-chip#7409 Fixes project-chip#7410
|
Cherrypick tag based on request for Arun. |
|
This seems to give me merge conflicts since #7429 also changed order of shutdown. Likely both should be cherrypicked. |
andy31415
pushed a commit
that referenced
this pull request
Jun 9, 2021
Before this fix we would tear down some things (importantly the secure session manager) before starting shutdown of the network layer. This would lead to a window of time during which we can still receive messages while in a partially torn down state, which would leave to crashes. Moving network layer shutdown, and in particular platform manager shutdown, to be first in the shutdown sequence ensures this can't happen by shutting down the message processing thread before we tear down any other state. Fixes #7297
bzbarsky-apple
added a commit
that referenced
this pull request
Jun 9, 2021
doublemis1
pushed a commit
to doublemis1/connectedhomeip
that referenced
this pull request
Jul 7, 2021
Before this fix we would tear down some things (importantly the secure session manager) before starting shutdown of the network layer. This would lead to a window of time during which we can still receive messages while in a partially torn down state, which would leave to crashes. Moving network layer shutdown, and in particular platform manager shutdown, to be first in the shutdown sequence ensures this can't happen by shutting down the message processing thread before we tear down any other state. Fixes project-chip#7297
nikita-s-wrk
pushed a commit
to nikita-s-wrk/connectedhomeip
that referenced
this pull request
Sep 23, 2021
Before this fix we would tear down some things (importantly the secure session manager) before starting shutdown of the network layer. This would lead to a window of time during which we can still receive messages while in a partially torn down state, which would leave to crashes. Moving network layer shutdown, and in particular platform manager shutdown, to be first in the shutdown sequence ensures this can't happen by shutting down the message processing thread before we tear down any other state. Fixes project-chip#7297
nikita-s-wrk
pushed a commit
to nikita-s-wrk/connectedhomeip
that referenced
this pull request
Sep 23, 2021
…roject-chip#7434) This change depends on project-chip#7428 and project-chip#7430 which fix the problems properly. Fixes project-chip#7408 Fixes project-chip#7409 Fixes project-chip#7410
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this fix we would tear down some things (importantly the secure
session manager) before starting shutdown of the network layer. This
would lead to a window of time during which we can still receive
messages while in a partially torn down state, which would leave to
crashes.
Moving network layer shutdown, and in particular platform manager
shutdown, to be first in the shutdown sequence ensures this can't
happen by shutting down the message processing thread before we tear
down any other state.
Fixes #7297
Problem
We can process messages while partially torn down.
Change overview
Ensure message processing is the first thing we stop doing.
Testing
I removed the various workarounds added in #7381, changed
scripts/tests/test_suites.shto run the tests many times, and tested with/without this change. Without this change, I typically crashed within just a few test runs (< 10). With this change I did >1000 runs with no crashes.