From e55b9dfeb0c9238153840b07129091087797774d Mon Sep 17 00:00:00 2001
From: Jens Stutte <jstutte@mozilla.com>
Date: Fri, 20 Aug 2021 05:49:26 +0000
Subject: [PATCH] Bug 1588498: Forbid the creation of new cache Context objects
 during quota manager shutdown. r=dom-storage-reviewers,asuth

We want to enforce the (assumed) invariant that after we started QM shutdown we should not create new contextes and associated threads for cache IO. We do this generating a runtime error, whose handling might not be consistent in all (unexpected) cases, yet. But this is preferable over a shutdown hang crash, for sure.

Differential Revision: https://phabricator.services.mozilla.com/D123137
---
 dom/cache/Manager.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/dom/cache/Manager.cpp b/dom/cache/Manager.cpp
index 1bd95e56fd0c..d8d253f5293d 100644
--- a/dom/cache/Manager.cpp
+++ b/dom/cache/Manager.cpp
@@ -6,6 +6,7 @@
 
 #include "mozilla/dom/cache/Manager.h"
 
+#include "mozilla/AppShutdown.h"
 #include "mozilla/AutoRestore.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/StaticMutex.h"
@@ -231,6 +232,17 @@ class Manager::Factory {
       const SafeRefPtr<ManagerId>& aManagerId) {
     mozilla::ipc::AssertIsOnBackgroundThread();
 
+    // If we get here during/after quota manager shutdown, we bail out.
+    MOZ_ASSERT(AppShutdown::GetCurrentShutdownPhase() <
+               ShutdownPhase::AppShutdownQM);
+    if (AppShutdown::GetCurrentShutdownPhase() >=
+        ShutdownPhase::AppShutdownQM) {
+      NS_WARNING(
+          "Attempt to AcquireCreateIfNonExistent a Manager during QM "
+          "shutdown.");
+      return Err(NS_ERROR_ILLEGAL_DURING_SHUTDOWN);
+    }
+
     // Ensure there is a factory instance.  This forces the Acquire() call
     // below to use the same factory.
     QM_TRY(MaybeCreateInstance());