fix(shutdown): Prevent race condition when ~GlobalObjectHolder() routine unlocks global mutex

Unlocking global mutex in GlobalObject destruction routine made it possible for a new attachment to slip in, so it will be creating new GlobalObject and using it, while destroying routine still in action. This can lead to an undefined state of the global objects, such as shared memory, where one thread is actively using it while another thread is destroying it.

Author: Artyom Ivanov

src/jrd/Database.cpp

@@ -586,6 +586,15 @@ namespace Jrd
 	{
 		MutexLockGuard guard(g_mutex, FB_FUNCTION);
 
+		while (g_shuttingDown)
+		{
+			// Currently other GlobalObject is in shutdown process but he unlock the mutex for some reason,
+			// so it's better to wait until this process is over.
+			// This is done to eliminate potential race conditions involving global objects, such as shared memory.
+			MutexUnlockGuard unlockGuard(g_mutex, FB_FUNCTION);
+			Thread::yield();
+		}
+
 		Database::GlobalObjectHolder::DbId* entry = g_hashTable->lookup(id);
 		if (!entry)
 		{
@@ -606,6 +615,11 @@ namespace Jrd
 			fb_assert(false);
 
 		{ // scope
+			// We need to unlock mutex to safely shutdown some managers, so set shutdown flag to make sure that
+			// other threads will wait until we done our shutdown routine.
+			// This is done to eliminate potential race conditions involving global objects, such as shared memory.
+			AutoSetRestore shuttingDownGuard(&g_shuttingDown, true);
+
 			// here we cleanup what should not be globally protected
 			MutexUnlockGuard guard(g_mutex, FB_FUNCTION);
 			if (m_replMgr)

src/jrd/Database.h

@@ -290,6 +290,8 @@ class Database : public pool_alloc<type_dbb>
 
 		static Firebird::GlobalPtr<DbIdHash> g_hashTable;
 		static Firebird::GlobalPtr<Firebird::Mutex> g_mutex;
+		// It doesn't need to be atomic because all accesses is done under the mutex
+		static inline bool g_shuttingDown = false;
 
 	public:
 		static GlobalObjectHolder* init(const Firebird::string& id,