Fix concurrent pipeline modification bug (#2739)

* Fix concurrent pipeline modification bug

When executing a request, it's possible for multiple threads to interact and
modify the channel pipeline without synchronizing which can cause issues. This
commit fixes this issue by ensuring that code that modifies the pipeline all run
within the context of the channel's event loop.

* Review comments

Fix usages of doInEventLoop() in cases where the caller returns a Future. When
calling doInEventLoop(), the caller needs to properly deal with cases where the
returned future fails exceptionally, and take the appropriate action with the
future that the caller itself returns.

* Add additional tests

Author: dagnir

.changes/next-release/bugfix-NettyNIOHTTPClient-378faeb.json

@@ -0,0 +1,6 @@
+{
+    "category": "Netty NIO HTTP Client", 
+    "contributor": "", 
+    "type": "bugfix", 
+    "description": "When executing a request, it's possible for multiple threads to interact and modify the channel pipeline without synchronizing which can cause issues. This commit fixes this issue by ensuring that code that modifies the pipeline all run within the context of the channel's event loop."
+}

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/FutureCancelHandler.java

@@ -23,42 +23,53 @@
 import io.netty.channel.ChannelInboundHandlerAdapter;
 import java.io.IOException;
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.utils.Logger;
 
 /**
  * Closes the channel if the execution future has been cancelled.
  */
 @SdkInternalApi
 @ChannelHandler.Sharable
 public final class FutureCancelHandler extends ChannelInboundHandlerAdapter {
+    private static final Logger LOG = Logger.loggerFor(FutureCancelHandler.class);
     private static final FutureCancelHandler INSTANCE = new FutureCancelHandler();
 
     private FutureCancelHandler() {
     }
 
     @Override
     public void exceptionCaught(ChannelHandlerContext ctx, Throwable e) {
-        if (cancelled(ctx, e)) {
+        if (!(e instanceof FutureCancelledException)) {
+            ctx.fireExceptionCaught(e);
+            return;
+        }
+
+        FutureCancelledException cancelledException = (FutureCancelledException) e;
+
+        if (currentRequestCancelled(ctx, cancelledException)) {
             RequestContext requestContext = ctx.channel().attr(REQUEST_CONTEXT_KEY).get();
             requestContext.handler().onError(e);
             ctx.fireExceptionCaught(new IOException("Request cancelled"));
             ctx.close();
             requestContext.channelPool().release(ctx.channel());
         } else {
-            ctx.fireExceptionCaught(e);
+            LOG.debug(() -> String.format("Received a cancellation exception but it did not match the current execution ID. "
+                                          + "Exception's execution ID is %d, but the current ID on the channel is %d. Exception"
+                                          + " is being ignored.",
+                                          cancelledException.getExecutionId(),
+                                          executionId(ctx)));
         }
     }
 
     public static FutureCancelHandler getInstance() {
         return INSTANCE;
     }
 
-    private boolean cancelled(ChannelHandlerContext ctx, Throwable t) {
-        if (!(t instanceof FutureCancelledException)) {
-            return false;
-        }
-
-        FutureCancelledException e = (FutureCancelledException) t;
+    private boolean currentRequestCancelled(ChannelHandlerContext ctx, FutureCancelledException e) {
+        return e.getExecutionId() == executionId(ctx);
+    }
 
-        return e.getExecutionId() == ctx.channel().attr(EXECUTION_ID_KEY).get();
+    private Long executionId(ChannelHandlerContext ctx) {
+        return ctx.channel().attr(EXECUTION_ID_KEY).get();
     }
 }

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/HandlerRemovingChannelPool.java

@@ -22,12 +22,14 @@
 import io.netty.channel.ChannelHandler;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import io.netty.handler.timeout.WriteTimeoutHandler;
+import io.netty.util.concurrent.DefaultPromise;
 import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.Promise;
 import java.util.concurrent.CompletableFuture;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.http.nio.netty.internal.http2.FlushOnReadHandler;
 import software.amazon.awssdk.http.nio.netty.internal.nrs.HttpStreamsClientHandler;
+import software.amazon.awssdk.http.nio.netty.internal.utils.NettyUtils;
 import software.amazon.awssdk.metrics.MetricCollector;
 
 /**
@@ -55,37 +57,37 @@ public Future<Channel> acquire(Promise<Channel> promise) {
 
     @Override
     public Future<Void> release(Channel channel) {
-        removePerRequestHandlers(channel);
-        return delegate.release(channel);
+        return release(channel, new DefaultPromise<>(channel.eventLoop()));
     }
 
     @Override
     public Future<Void> release(Channel channel, Promise<Void> promise) {
-        removePerRequestHandlers(channel);
-        return delegate.release(channel, promise);
+        removePerRequestHandlers(channel).addListener(future -> delegate.release(channel, promise));
+        return promise;
     }
 
     @Override
     public void close() {
         delegate.close();
     }
 
-    private void removePerRequestHandlers(Channel channel) {
-        channel.attr(IN_USE).set(false);
+    private Future<?> removePerRequestHandlers(Channel channel) {
+        return NettyUtils.doInEventLoop(channel.eventLoop(), () -> {
+            channel.attr(IN_USE).set(false);
 
-        // Only remove per request handler if the channel is registered
-        // or open since DefaultChannelPipeline would remove handlers if
-        // channel is closed and unregistered
-        // See DefaultChannelPipeline.java#L1403
-        if (channel.isOpen() || channel.isRegistered()) {
-            removeIfExists(channel.pipeline(),
-                           HttpStreamsClientHandler.class,
-                           LastHttpContentHandler.class,
-                           FlushOnReadHandler.class,
-                           ResponseHandler.class,
-                           ReadTimeoutHandler.class,
-                           WriteTimeoutHandler.class);
-        }
+            // Only remove per request handler if the channel is registered
+            // or open since DefaultChannelPipeline would remove handlers if
+            // channel is closed and unregistered
+            if (channel.isOpen() || channel.isRegistered()) {
+                removeIfExists(channel.pipeline(),
+                               HttpStreamsClientHandler.class,
+                               LastHttpContentHandler.class,
+                               FlushOnReadHandler.class,
+                               ResponseHandler.class,
+                               ReadTimeoutHandler.class,
+                               WriteTimeoutHandler.class);
+            }
+        });
     }
 
     @Override

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/HonorCloseOnReleaseChannelPool.java

@@ -66,7 +66,12 @@ public Future<Void> release(Channel channel, Promise<Void> promise) {
             }
 
             delegatePool.release(channel, promise);
+        }).addListener(f -> {
+            if (!f.isSuccess()) {
+                promise.tryFailure(f.cause());
+            }
         });
+
         return promise;
     }
 

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/IdleConnectionCountingChannelPool.java

@@ -20,6 +20,7 @@
 import io.netty.channel.Channel;
 import io.netty.channel.pool.ChannelPool;
 import io.netty.util.AttributeKey;
+import io.netty.util.concurrent.DefaultPromise;
 import io.netty.util.concurrent.EventExecutor;
 import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.Promise;
@@ -91,14 +92,13 @@ public Future<Channel> acquire(Promise<Channel> promise) {
 
     @Override
     public Future<Void> release(Channel channel) {
-        channelReleased(channel);
-        return delegatePool.release(channel);
+        return release(channel, new DefaultPromise<>(executor));
     }
 
     @Override
     public Future<Void> release(Channel channel, Promise<Void> promise) {
-        channelReleased(channel);
-        return delegatePool.release(channel, promise);
+        channelReleased(channel).addListener(f -> delegatePool.release(channel, promise));
+        return promise;
     }
 
     @Override
@@ -112,6 +112,10 @@ public CompletableFuture<Void> collectChannelPoolMetrics(MetricCollector metrics
         doInEventLoop(executor, () -> {
             metrics.reportMetric(HttpMetric.AVAILABLE_CONCURRENCY, idleConnections);
             result.complete(null);
+        }).addListener(f -> {
+            if (!f.isSuccess()) {
+                result.completeExceptionally(f.cause());
+            }
         });
         return result;
     }
@@ -153,8 +157,8 @@ private void channelAcquired(Channel channel) {
     /**
      * Invoked when a channel is released, marking it idle until it's acquired.
      */
-    private void channelReleased(Channel channel) {
-        doInEventLoop(executor, () -> {
+    private Future<?> channelReleased(Channel channel) {
+        return doInEventLoop(executor, () -> {
             ChannelIdleState channelIdleState = getChannelIdleState(channel);
 
             if (channelIdleState == null) {

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/NettyRequestExecutor.java

@@ -68,6 +68,7 @@
 import software.amazon.awssdk.http.nio.netty.internal.nrs.HttpStreamsClientHandler;
 import software.amazon.awssdk.http.nio.netty.internal.nrs.StreamedHttpRequest;
 import software.amazon.awssdk.http.nio.netty.internal.utils.ChannelUtils;
+import software.amazon.awssdk.http.nio.netty.internal.utils.NettyUtils;
 import software.amazon.awssdk.metrics.MetricCollector;
 
 @SdkInternalApi
@@ -164,10 +165,12 @@ private void verifyMetricsWereCollected(CompletableFuture<Void> metricsFuture) {
     private void makeRequestListener(Future<Channel> channelFuture) {
         if (channelFuture.isSuccess()) {
             channel = channelFuture.getNow();
-            configureChannel();
-            if (tryConfigurePipeline()) {
-                makeRequest();
-            }
+            NettyUtils.doInEventLoop(channel.eventLoop(), () -> {
+                configureChannel();
+                if (tryConfigurePipeline()) {
+                    makeRequest();
+                }
+            });
         } else {
             handleFailure(() -> "Failed to create connection to " + endpoint(), channelFuture.cause());
         }

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/utils/NettyUtils.java

@@ -130,13 +130,19 @@ public static <T> GenericFutureListener<Future<T>> promiseNotifyingListener(Prom
      *
      * @param eventExecutor Executor to run task in.
      * @param runnable Task to run.
+     *
+     * @return The {@code Future} from from the executor.
      */
-    public static void doInEventLoop(EventExecutor eventExecutor, Runnable runnable) {
+    public static Future<?> doInEventLoop(EventExecutor eventExecutor, Runnable runnable) {
         if (eventExecutor.inEventLoop()) {
-            runnable.run();
-        } else {
-            eventExecutor.submit(runnable);
+            try {
+                runnable.run();
+                return eventExecutor.newSucceededFuture(null);
+            } catch (Throwable t) {
+                return eventExecutor.newFailedFuture(t);
+            }
         }
+        return eventExecutor.submit(runnable);
     }
 
     /**

http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/HonorCloseOnReleaseChannelPoolTest.java

@@ -17,8 +17,14 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
 
+import io.netty.channel.Channel;
+import io.netty.channel.nio.NioEventLoopGroup;
 import io.netty.channel.pool.ChannelPool;
+import io.netty.util.concurrent.Future;
+import io.netty.util.concurrent.Promise;
+import java.util.concurrent.TimeUnit;
 import org.junit.Test;
 import org.mockito.Mockito;
 import org.mockito.internal.verification.Times;
@@ -53,4 +59,36 @@ public void releaseClosesIfFlagged() throws Exception {
         Mockito.verify(channelPool, new Times(0)).release(any());
         Mockito.verify(channelPool, new Times(1)).release(any(), any());
     }
+
+    @Test
+    public void release_delegateReleaseFails_futureFailed() throws Exception {
+        NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup();
+        try {
+            ChannelPool mockDelegatePool = Mockito.mock(ChannelPool.class);
+            MockChannel channel = new MockChannel();
+
+            nioEventLoopGroup.register(channel);
+
+            HonorCloseOnReleaseChannelPool channelPool = new HonorCloseOnReleaseChannelPool(mockDelegatePool);
+
+            RuntimeException errorToThrow = new RuntimeException("failed!");
+            when(mockDelegatePool.release(any(Channel.class), any(Promise.class))).thenThrow(errorToThrow);
+
+            Promise<Void> promise = channel.eventLoop().newPromise();
+
+            Future<Void> releasePromise = channelPool.release(channel, promise);
+            try {
+                releasePromise.get(1, TimeUnit.SECONDS);
+            } catch (Exception e) {
+                if (e instanceof InterruptedException) {
+                    throw e;
+                }
+                // ignore any other exception
+            }
+            assertThat(releasePromise.isSuccess()).isFalse();
+            assertThat(releasePromise.cause()).isSameAs(errorToThrow);
+        } finally {
+            nioEventLoopGroup.shutdownGracefully();
+        }
+    }
 }

http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/internal/IdleConnectionCountingChannelPoolTest.java

@@ -16,7 +16,9 @@
 package software.amazon.awssdk.http.nio.netty.internal;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
 
 import io.netty.channel.Channel;
@@ -26,6 +28,8 @@
 import io.netty.channel.pool.ChannelPool;
 import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.Promise;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -170,6 +174,20 @@ public void stochastic_rapidAcquireCloseReleaseIsCalculatedCorrectly() throws In
         }
     }
 
+    @Test
+    public void collectChannelPoolMetrics_failes_futureFailed() throws Exception {
+        MockChannel channel = new MockChannel();
+        eventLoopGroup.register(channel);
+
+        RuntimeException errorToThrow = new RuntimeException("failed!");
+        MetricCollector mockMetricCollector = mock(MetricCollector.class);
+        doThrow(errorToThrow).when(mockMetricCollector).reportMetric(any(), any());
+
+        CompletableFuture<Void> collectFuture = idleCountingPool.collectChannelPoolMetrics(mockMetricCollector);
+
+        assertThatThrownBy(() -> collectFuture.get(1, TimeUnit.SECONDS)).hasCause(errorToThrow);
+    }
+
     private int getIdleConnectionCount() {
         MetricCollector metricCollector = MetricCollector.create("test");
         idleCountingPool.collectChannelPoolMetrics(metricCollector).join();
@@ -186,10 +204,10 @@ private void stubDelegatePoolAcquiresForSuccess() {
     }
 
     private void stubDelegatePoolReleasesForSuccess() {
-        Mockito.when(delegatePool.release(any())).thenAnswer((Answer<Future<Channel>>) invocation -> {
-            Channel channel = invocation.getArgumentAt(0, Channel.class);
-            Promise<Channel> result = channel.eventLoop().newPromise();
-            return result.setSuccess(channel);
+        Mockito.when(delegatePool.release(any(Channel.class), any(Promise.class))).thenAnswer((Answer<Future<Void>>) invocation -> {
+            Promise<Void> promise = invocation.getArgumentAt(1, Promise.class);
+            promise.setSuccess(null);
+            return promise;
         });
     }