tarantool / tarantool / 19630358081

push

github

box: forbid concurrent invocation of `box_raft_try_promote`

Currently, we allow concurrent invocation of `box_raft_try_promote`, since
we either disable the `is_in_promote` guard in `box_promote` or omit it in
`box_cfg_xc`, while `box_raft_try_promote` yields to write the raft state.

This leads to a race over the `diag` of the fiber executing the
`box_raft_try_promote_f` trigger, and can lead to more bugs.

Let's forbid concurrent execution of `box_raft_try_promote` by enabling the
`is_in_promote` guard while `box_raft_try_promote` is called.

One potential caveat is the concurrent execution of `box_promote_qsync`
which is also guarded by the `is_in_promote`. However, it is executed in
the raft worker fiber and can be retried until `box_raft_try_promote`
execution finishes.

To be on the safer side, let's:
1. Call `raft_restore` before setting the fiber's `diag` to prevent any
    potential tampering with it from `raft->on_update` triggers.
2. Set `is_box_configured` right before calling `box_raft_try_promote` to
   maintain the invariant that it is always called by `box.cfg` first. Also
   move `box_broadcast_ballot` for consistency.

The `raft_leader_promote` test from the gh-6033 test group should now test
that a concurrent promote fails rather than succeeds.

Closes #11703
Closes #11708

NO_DOC=<bugfix>

(cherry picked from commit b59284539)

68760 of 116365 branches covered (59.09%)

9 of 9 new or added lines in 2 files covered. (100.0%)

103472 of 118176 relevant lines covered (87.56%)

1617255.59 hits per line