search

jetty / jetty.project

Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more
https://eclipse.dev/jetty
Other
3.83k stars 1.91k forks source link

Serialize calls to the WebSocket Core FrameHandler #9892

Open lachlan-roberts opened 1 year ago

lachlan-roberts commented 1 year ago

Jetty version(s) 10+

Description Currently there is no protection against the FrameHandler being invoked concurrently by multiple threads.

In particular during an idleTimeout event, even if a FrameHandler is currently in onOpen() or onMessage() then the idleTimeout could occur and the onClosed notification would be called concurrently.

the jakarta websocket 2.1 specification states:

In all cases, the implementation must not invoke an endpoint instance with more than one thread per peer at a time [WSC-5.1-2]. The implementation may not invoke the close method on an endpoint until after the open method has completed [WSC-5.1-3].

This guarantees that a WebSocket endpoint instance is never called by more than one container thread at a time per peer [WSC-5.1-4].

Currently this is not the case as onClosed() can be called concurrently to onOpen() and onMessage(). But if we serialized the notifications to the FrameHandler in core it would solve this issue.

The FrameHandler implementations are currently not taking this into consideration, so are not protecting fields in a lock that could be modified concurrently by onMessage and onClosed.

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has been a full year without activity. It will be closed if no further activity occurs. Thank you for your contributions.