fix(uffd-tests): release harnessState.mu before blocking on Serve drain

Address review findings from PR #2519:

* rpc_services_test.go: stopServe now snapshots and clears s.stop
  under the lock, then drops the lock before calling stop() (which
  blocks on <-done). Holding s.mu across the drain blocked every
  concurrent RPC handler that takes s.mu, and would deadlock the
  upcoming race tests where WaitFaultHeld needs s.mu while a worker
  is parked at a barrier waiting for a paired Pause to drain.

* harness_child_test.go: guard the child's rpc conn close with a
  sync.Once so the deferred safety-net close (needed for early
  returns from rpc.Register) does not double-close after the
  explicit close that unblocks server.ServeCodec on the success path.

Audit of the rest of rpc_services_test.go found no other
lock-during-blocking patterns: releaseAllBarriers, Paging.States,
and Barriers.{Install,WaitHeld,Release} already snapshot under the
lock and call out unlocked; Lifecycle.{Bootstrap,Shutdown,Resume}
only do non-blocking work under the lock (channel send via
context.cancel, fdexit.New, goroutine spawn).

Author: ValentaTomas

packages/orchestrator/pkg/sandbox/uffd/userfaultfd/harness_child_test.go

@@ -6,6 +6,7 @@ import (
 	"net/rpc"
 	"net/rpc/jsonrpc"
 	"os"
+	"sync"
 	"testing"
 )
 
@@ -38,7 +39,12 @@ func crossProcessServe() error {
 	if err != nil {
 		return fmt.Errorf("net.FileConn rpc: %w", err)
 	}
-	defer conn.Close()
+	// Close once: the explicit close before <-codecDone unblocks
+	// server.ServeCodec on the success path; the deferred close is the
+	// safety net for early returns from the rpc.Register calls below.
+	var closeConnOnce sync.Once
+	closeConn := func() { closeConnOnce.Do(func() { _ = conn.Close() }) }
+	defer closeConn()
 
 	state := newHarnessState(uffdFile.Fd())
 
@@ -70,7 +76,7 @@ func crossProcessServe() error {
 	state.releaseAllBarriers()
 	state.stopServe()
 
-	_ = conn.Close()
+	closeConn()
 	<-codecDone
 
 	return nil

packages/orchestrator/pkg/sandbox/uffd/userfaultfd/rpc_services_test.go

@@ -76,11 +76,20 @@ func (s *harnessState) startServeLocked() error {
 }
 
 func (s *harnessState) stopServe() {
+	// Snapshot s.stop and clear it under the lock, then drop the lock
+	// before calling stop() — stop() blocks on <-done draining the Serve
+	// goroutine, and any concurrent RPC handler that needs s.mu
+	// (Barriers.registry, Paging.States/Resume, Lifecycle.Bootstrap/Shutdown)
+	// would otherwise be blocked for the full drain. Required for the
+	// upcoming barrier-race RPCs where WaitFaultHeld must run while a
+	// worker parked at a barrier holds Pause's drain.
 	s.mu.Lock()
-	defer s.mu.Unlock()
-	if s.stop != nil {
-		s.stop()
-		s.stop = nil
+	stop := s.stop
+	s.stop = nil
+	s.mu.Unlock()
+
+	if stop != nil {
+		stop()
 	}
 }