Avoid unnecessary cleanups during immediate shutdown

This patch addresses issues during immediate shutdowns, where modules
are not unloaded, but Asterisk atexit handlers are run.

In the typical case, this usually isn't a big deal. But the
introduction of the Stasis message bus makes it much more likely for
asynchronous activity to be happening off in some thread during
shutdown.

During an immediate shutdown, Asterisk skips unloading modules. But
while it is processing the atexit handlers, there is a window of time
where some of the core message types have been cleaned up, but the
message bus is still running. Specifically, it's still running
module subscriptions that might be using the core message types. If a
message is received by that subscription in that window, it will
attempt to use a message type that has been cleaned up.

To solve this problem, this patch introduces ast_register_cleanup().
This function operates identically to ast_register_atexit(), except
that cleanup calls are not invoked on an immediate shutdown. All of
the core message type and topic cleanup was moved from atexit handlers
to cleanup handlers.

This ensures that core type and topic cleanup only happens if the
modules that used them are first unloaded.

This patch also changes the ast_assert() when accessing a cleaned up
or uninitialized message type to an error log message. Message type
functions are actually NULL safe across the board, so the assert was a
bit heavy handed. Especially for anyone with DO_CRASH enabled.

Review: https://reviewboard.asterisk.org/r/2562/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@390122 65c4cc65-6c06-0410-ace0-fbb531ad65f3

5 files changed, 34 insertions, 17 deletions

diff --git a/include/asterisk.h b/include/asterisk.h
index 58d2df89c..87ebec032 100644
--- a/include/asterisk.h
+++ b/include/asterisk.h
@@ -90,6 +90,22 @@ int ast_pbx_init(void);				/*!< Provided by pbx.c */
 int ast_register_atexit(void (*func)(void));
 
 /*!
+ * \since 12
+ * \brief Register a function to be executed before Asterisk gracefully exits.
+ *
+ * If Asterisk is immediately shutdown (core stop now, or sending the TERM
+ * signal), the callback is not run. When the callbacks are run, they are run in
+ * sequence with ast_register_atexit() callbacks, in the reverse order of
+ * registration.
+ *
+ * \param func The callback function to use.
+ *
+ * \retval 0 on success.
+ * \retval -1 on error.
+ */
+int ast_register_cleanup(void (*func)(void));
+
+/*!
  * \brief Unregister a function registered with ast_register_atexit().
  * \param func The callback function to unregister.
  */
diff --git a/include/asterisk/security_events.h b/include/asterisk/security_events.h
index a971444a4..547b54708 100644
--- a/include/asterisk/security_events.h
+++ b/include/asterisk/security_events.h
@@ -87,12 +87,6 @@ struct stasis_message_type *ast_security_event_type(void);
 int ast_security_stasis_init(void);
 
 /*!
- * \brief removes stasis topic/event types for \ref ast_security_topic and \ref ast_security_event_type
- * \since 12
- */
-void ast_security_stasis_cleanup(void);
-
-/*!
  * \brief Get the list of required IEs for a given security event sub-type
  *
  * \param[in] event_type security event sub-type
diff --git a/include/asterisk/stasis.h b/include/asterisk/stasis.h
index e6ea6fa13..edb38ad1d 100644
--- a/include/asterisk/stasis.h
+++ b/include/asterisk/stasis.h
@@ -633,6 +633,12 @@ struct ao2_container *stasis_cache_dump(struct stasis_caching_topic *caching_top
 /*! @{ */
 
 /*!
+ * \internal
+ * \brief Log a message about invalid attempt to access a type.
+ */
+void stasis_log_bad_type_access(const char *name);
+
+/*!
  * \brief Boiler-plate removing macro for defining message types.
  *
  * \param name Name of message type.
@@ -641,7 +647,9 @@ struct ao2_container *stasis_cache_dump(struct stasis_caching_topic *caching_top
 #define STASIS_MESSAGE_TYPE_DEFN(name)				\
 	static struct stasis_message_type *_priv_ ## name;	\
 	struct stasis_message_type *name(void) {		\
-		ast_assert(_priv_ ## name != NULL);		\
+		if (_priv_ ## name == NULL) {			\
+			stasis_log_bad_type_access(#name);	\
+		}						\
 		return _priv_ ## name;				\
 	}
 
@@ -663,6 +671,15 @@ struct ao2_container *stasis_cache_dump(struct stasis_caching_topic *caching_top
 /*!
  * \brief Boiler-plate removing macro for cleaning up message types.
  *
+ * Note that if your type is defined in core instead of a loadable module, you
+ * should call message type cleanup from an ast_register_cleanup() handler
+ * instead of an ast_register_atexit() handler.
+ *
+ * The reason is that during an immediate shutdown, loadable modules (which may
+ * refer to core message types) are not unloaded. While the atexit handlers are
+ * run, there's a window of time where a module subscription might reference a
+ * core message type after it's been cleaned up. Which is bad.
+ *
  * \param name Name of message type.
  * \since 12
  */
diff --git a/include/asterisk/stasis_bridging.h b/include/asterisk/stasis_bridging.h
index 1b547a7d5..94bc4bc39 100644
--- a/include/asterisk/stasis_bridging.h
+++ b/include/asterisk/stasis_bridging.h
@@ -220,11 +220,6 @@ void ast_bridge_publish_leave(struct ast_bridge *bridge, struct ast_channel *cha
 struct ast_json *ast_bridge_snapshot_to_json(const struct ast_bridge_snapshot *snapshot);
 
 /*!
- * \brief Dispose of the stasis bridging topics and message types
- */
-void ast_stasis_bridging_shutdown(void);
-
-/*!
  * \brief Initialize the stasis bridging topic and message types
  * \retval 0 on success
  * \retval -1 on failure
diff --git a/include/asterisk/stasis_channels.h b/include/asterisk/stasis_channels.h
index e3beb03ce..e521e05eb 100644
--- a/include/asterisk/stasis_channels.h
+++ b/include/asterisk/stasis_channels.h
@@ -462,11 +462,6 @@ int ast_channel_snapshot_caller_id_equal(
 	const struct ast_channel_snapshot *new_snapshot);
 
 /*!
- * \brief Dispose of the stasis channel topics and message types
- */
-void ast_stasis_channels_shutdown(void);
-
-/*!
  * \brief Initialize the stasis channel topic and message types
  */
 void ast_stasis_channels_init(void);