fix: prevent deadlock on concurrent push and disconnect#24215
Merged
Conversation
The previous `AtomicBoolean` guard in `AtmospherePushConnection` closed only the disconnect-vs-disconnect race. A push thread that reads `disconnecting` as false before a concurrent `disconnect()` flips it can still proceed into `synchronized(lock)` behind the disconnect thread, which is itself blocked inside `resource.close()` waiting for the servlet container's HTTP session lock held by the push thread — a two-lock cycle. Move `resource.close()` out of the monitor: inside `synchronized(lock)` capture the resource into a local and call `connectionLost()` to transition the state, then release the monitor before invoking `close()` on the stashed reference. Add a matching re-check of `isConnected()` at the top of the `synchronized` block in `push()` so a push that waited for the monitor observes the late disconnect and defers via `PUSH_PENDING`/`RESPONSE_PENDING` instead of NPEing on the cleared resource. The `disconnecting` flag stays set until `close()` returns so subsequent pushes take the fast path and no new `disconnect()` re-enters while `close()` is still in flight. Related-to #24192
|
mshabarov
approved these changes
Apr 30, 2026
vaadin-bot
added a commit
that referenced
this pull request
Apr 30, 2026
… 25.1) (#24227) This PR cherry-picks changes from the original PR #24215 to branch 25.1. --- #### Original PR description > The previous `AtomicBoolean` guard in `AtmospherePushConnection` closed only the disconnect-vs-disconnect race. A push thread that reads `disconnecting` as false before a concurrent `disconnect()` flips it can still proceed into `synchronized(lock)` behind the disconnect thread, which is itself blocked inside `resource.close()` waiting for the servlet container's HTTP session lock held by the push thread — a two-lock cycle. > > Move `resource.close()` out of the monitor: inside `synchronized(lock)` capture the resource into a local and call `connectionLost()` to transition the state, then release the monitor before invoking `close()` on the stashed reference. Add a matching re-check of `isConnected()` at the top of the `synchronized` block in `push()` so a push that waited for the monitor observes the late disconnect and defers via `PUSH_PENDING`/`RESPONSE_PENDING` instead of NPEing on the cleared resource. The `disconnecting` flag stays set until `close()` returns so subsequent pushes take the fast path and no new `disconnect()` re-enters while `close()` is still in flight. > > Related-to #24192 Co-authored-by: Marco Collovati <marco@vaadin.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The previous
AtomicBooleanguard inAtmospherePushConnectionclosed only the disconnect-vs-disconnect race. A push thread that readsdisconnectingas false before a concurrentdisconnect()flips it can still proceed intosynchronized(lock)behind the disconnect thread, which is itself blocked insideresource.close()waiting for the servlet container's HTTP session lock held by the push thread — a two-lock cycle.Move
resource.close()out of the monitor: insidesynchronized(lock)capture the resource into a local and callconnectionLost()to transition the state, then release the monitor before invokingclose()on the stashed reference. Add a matching re-check ofisConnected()at the top of thesynchronizedblock inpush()so a push that waited for the monitor observes the late disconnect and defers viaPUSH_PENDING/RESPONSE_PENDINGinstead of NPEing on the cleared resource. Thedisconnectingflag stays set untilclose()returns so subsequent pushes take the fast path and no newdisconnect()re-enters whileclose()is still in flight.Related-to #24192