This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.
The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.
However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.
The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.
Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!
Fixes#4039
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.
- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
does not exist (yet)
Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.
The patch is accompanied with test cases for exercising both situations.
Fixes#3733
By adding an additional synchronization point in the form of a matched
log message, this patch makes the timing behavior of the "test changing
provided services" step more deterministic. Without it, the scheduling
of OKL4 and base-hw resulted in a merge of two config updates into one.
Issue #3079
