Revert "Fix NetAcceptAction::cancel() use-after-free race condition (#12803)" (#12841)

This reverts commit 89a5def.

I suspect this is introducing different crashes in NetAccept::cancel in CI regression tests.

Author: bneradt

src/iocore/net/P_NetAccept.h

@@ -43,7 +43,6 @@
 #include "iocore/net/NetAcceptEventIO.h"
 #include "Server.h"
 
-#include <atomic>
 #include <vector>
 
 struct NetAccept;
@@ -61,29 +60,21 @@ AcceptFunction net_accept;
 
 class UnixNetVConnection;
 
+// TODO fix race between cancel accept and call back
 struct NetAcceptAction : public Action, public RefCountObjInHeap {
-  std::atomic<Server *> server{nullptr};
-
-  NetAcceptAction(Continuation *cont, Server *s)
-  {
-    continuation = cont;
-    if (cont != nullptr) {
-      mutex = cont->mutex;
-    }
-    server.store(s, std::memory_order_release);
-  }
+  Server *server;
 
   void
   cancel(Continuation *cont = nullptr) override
   {
-    // Close the server before setting the cancelled flag. This ensures that
-    // when acceptEvent() sees cancelled == true, the server close is already
-    // complete, preventing use-after-free races.
-    Server *s = server.exchange(nullptr, std::memory_order_acq_rel);
-    if (s != nullptr) {
-      s->close();
-    }
     Action::cancel(cont);
+    server->close();
+  }
+
+  Continuation *
+  operator=(Continuation *acont)
+  {
+    return Action::operator=(acont);
   }
 
   ~NetAcceptAction() override

src/iocore/net/QUICNetProcessor.cc

@@ -251,7 +251,9 @@ QUICNetProcessor::main_accept(Continuation *cont, SOCKET fd, AcceptOptions const
   na->server.sock = UnixSocket{fd};
   ats_ip_copy(&na->server.accept_addr, &accept_ip);
 
-  na->action_ = new NetAcceptAction(cont, &na->server);
+  na->action_         = new NetAcceptAction();
+  *na->action_        = cont;
+  na->action_->server = &na->server;
   na->init_accept();
 
   return na->action_.get();

src/iocore/net/UnixNetAccept.cc

@@ -479,7 +479,6 @@ NetAccept::acceptEvent(int event, void *ep)
   MUTEX_TRY_LOCK(lock, m, e->ethread);
   if (lock.is_locked()) {
     if (action_->cancelled) {
-      // Server was already closed by whoever called cancel().
       e->cancel();
       Metrics::Gauge::decrement(net_rsb.accepts_currently_open);
       delete this;
@@ -488,7 +487,6 @@ NetAccept::acceptEvent(int event, void *ep)
 
     int res;
     if ((res = net_accept(this, e, false)) < 0) {
-      action_->cancel();
       Metrics::Gauge::decrement(net_rsb.accepts_currently_open);
       /* INKqa11179 */
       Warning("Accept on port %d failed with error no %d", ats_ip_port_host_order(&server.addr), res);
@@ -639,7 +637,7 @@ NetAccept::acceptFastEvent(int event, void *ep)
   return EVENT_CONT;
 
 Lerror:
-  action_->cancel();
+  server.close();
   e->cancel();
   Metrics::Gauge::decrement(net_rsb.accepts_currently_open);
   delete this;
@@ -658,7 +656,6 @@ NetAccept::acceptLoopEvent(int event, Event *e)
   }
 
   // Don't think this ever happens ...
-  action_->cancel();
   Metrics::Gauge::decrement(net_rsb.accepts_currently_open);
   delete this;
   return EVENT_DONE;

src/iocore/net/UnixNetProcessor.cc

@@ -133,7 +133,9 @@ UnixNetProcessor::accept_internal(Continuation *cont, int fd, AcceptOptions cons
   na->proxyPort     = sa ? sa->proxyPort : nullptr;
   na->snpa          = dynamic_cast<SSLNextProtocolAccept *>(cont);
 
-  na->action_ = new NetAcceptAction(cont, &na->server);
+  na->action_         = new NetAcceptAction();
+  *na->action_        = cont;
+  na->action_->server = &na->server;
 
   if (opt.frequent_accept) { // true
     if (accept_threads > 0 && listen_per_thread == 0) {