Fix some race conditions in BanMan::DumpBanlist()

[hebasto]

This PR split from #24097 with some additions. This makes the following switch from RecursiveMutex to Mutex a pure refactoring.

See details in commit messages.

[maflcko]

why is is ok to refuse to dump when two threads call this function?

[hebasto]

It is an optimization. Calling this function in the destructor guarantees that the final state will be dumped to the disk.

[maflcko]

Then it should be mentioned in the release notes that calling the ban rpc no longer implies the stuff is written to disk and when the node crashes, the state will be lost.

[hebasto]

Not relevant since the recent update, I guess.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #24097 (Replace RecursiveMutex m_cs_banned with Mutex, and rename it by hebasto)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[w0xlt]

tACK e06d092

This PR :

. adds m_banned_mutex to prevent the m_is_dirty value from being read in a different state in BannedSetIsDirty() and SweepBanned().

. gets rid of GetBanned() so it doesn't call SweepBanned() twice and sets banmap = m_banned. This works because the m_banned_mutex is already held in this operation.

. adds the same strategy used in DumpMempool to avoid concurrent writing to disk, but adds an optimization to return early if a write is in progress.

. Since there is only m_is_dirty = true; (not = false) outside of BanMan::DumpBanlist(), the last commit makes sense to avoid inconsistent values for m_dirty in a race condition.

[shaavan]

Concept ACK

Going commit wise:

1. Concurrent calls to Write() have been prevented by "Trying" to lock dump_lock and exit if locking fails. However, as @MarcoFalke pointed out, it can lead to ban rpc calls in which DumpBanList() could not write anything to disk, leading to potential data loss. This behavior should be appropriately documented.
   Other than this, it could also lead to writing failure when called through other functions as well. What do you think about introducing a mutex for this function that allows calling DumpBanList only when we AssertLockNotHeld(new_mutex).

2. SweepBanned and BannedSetIsDirty are brought under the same lock block to prevent race conditions for m_is_dirty. I agree with this approach.

3. Prevented SweepBanned to be called twice by directly setting the value of banmap (= m_banned) instead of calling GetBanned(). I think this is an improvement over the current code.

4. Modifying the code to call SetBannedSetDirty(true); throughout the codebase prevents the risk of inconsistent value due to race conditions. I agree with this change.

[w0xlt]

Perhaps the same strategy used in DumpMempool would be a safer approach in 2c77427 .

static Mutex dump_mutex;
LOCK(dump_mutex);

[hebasto]

Updated e06d092 -> 99a6b69 (pr24168.01 -> pr24168.02, diff).

Lock optimization dropped as an any optimization must be justified with benchmarking, at least. That was not done in this case.
So sorry for a premature optimization.

[w0xlt]

reACK 99a6b69

Optimization removed, but the dump behavior now is more predictable.

[jonatack]

Concept ACK

[shaavan]

ACK 99a6b69

Changes since my last review:

• Changed logic of preventing concurrent write by creating a static mutex and locking it.

@hebasto
We can move on to the optimization logic after we have some benchmark results. Until then, we can stick with the current logic, which is more reliable and predictable.

[luke-jr]

utACK

[maflcko]

unrelated: Is m_dirty even used on shutdown when true? Shouldn't the below log be adjusted when it fails?