Merge pull request #29508 from andrwng/ct-l1-lsm-domain-manager-crash

ct/l1/lsm: avoid segfault after opening fails

Author: andrwng

src/v/cloud_topics/level_one/domain/db_domain_manager.cc

@@ -903,6 +903,9 @@ db_domain_manager::gate_and_open_reads() {
         // Shutting down.
         co_return std::unexpected(rpc::errc::not_leader);
     }
+    if (!db_ || db_->needs_reopen()) {
+        co_return std::unexpected(rpc::errc::not_leader);
+    }
     co_return gate_read_lock{
       .gate = std::move(*gate_res),
       .db_lock = std::move(fut.get()),
@@ -1087,7 +1090,7 @@ db_domain_manager::restore_domain(rpc::restore_domain_request req) {
         };
     }
     // No-op, we're already restored!
-    if (db_->get_domain_uuid() == req.new_uuid) {
+    if (db_ && db_->get_domain_uuid() == req.new_uuid) {
         co_return rpc::restore_domain_reply{
           .ec = rpc::errc::ok,
         };
@@ -1101,6 +1104,11 @@ db_domain_manager::restore_domain(rpc::restore_domain_request req) {
           .ec = rpc::errc::not_leader,
         };
     }
+    if (!db_ || db_->needs_reopen()) {
+        co_return rpc::restore_domain_reply{
+          .ec = rpc::errc::not_leader,
+        };
+    }
     // Check again for the no-op case a restore finished while we were waiting
     // for the lock.
     if (db_->get_domain_uuid() == req.new_uuid) {

src/v/cloud_topics/level_one/domain/db_domain_manager.h

@@ -87,9 +87,8 @@ class db_domain_manager final : public domain_manager {
     // reopening it if needed (e.g. the underlying Raft term has changed since
     // the last open).
     //
-    // Once called, callers should expect that db_ is at least set, though it
-    // is possible that it will still need to be reopened (e.g. because of a
-    // domain restore).
+    // Even upon success, callers should check the database is still opened
+    // with the database lock.
     ss::future<std::expected<void, rpc::errc>> maybe_open_db();
 
     // Should be called and held when resetting the database instance to ensure