Superminaren
/
kvm
mirror of https://github.com/jetkvm/kvm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
391 Commits 26 Branches 15 Tags 160 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Alex P 1b007b76d7 fix: resolve critical concurrency and safety issues in session management 
- Fix panic recovery in AddSession to log instead of re-throwing, preventing process crashes
- Fix integer overflow in trust score calculation by capping before int conversion
- Fix TOCTOU race condition in nickname uniqueness check with atomic UpdateSessionNickname method
 2025-10-23 10:47:37 +03:00
Alex P 1671a7706b [WIP] Optimizations: code readiness optimizations 2025-10-23 01:24:58 +03:00
Alex P 40ccecc902 fix: address critical race conditions and security issues in multi-session 
This commit resolves multiple critical issues in the multi-session implementation:

Race Conditions Fixed:
- Add primaryPromotionLock mutex to prevent dual-primary corruption
- Implement atomic nickname reservation before session addition
- Add corruption detection and auto-fix in transferPrimaryRole
- Implement broadcast coalescing to prevent storms

Security Improvements:
- Add permission check for HID RPC handshake
- Implement sliding window rate limiting for emergency promotions
- Add global RPC rate limiter (2000 req/sec across all sessions)
- Enhance nickname validation (control chars, zero-width chars, unicode)

Reliability Enhancements:
- Add 5-second timeouts to all WebSocket writes
- Add RPC queue monitoring (warns at 200+ messages)
- Verify grace period memory leak protection
- Verify goroutine cleanup on session removal

Technical Details:
- Use double-locking pattern (primaryPromotionLock → mu)
- Implement deferred cleanup for failed nickname reservations
- Use atomic.Bool for broadcast coalescing
- Add trust scoring for emergency promotion selection

Files Modified:
- session_manager.go: Core session management fixes
- session_cleanup_handlers.go: Rate limiting for emergency promotions
- hidrpc.go: Permission checks for handshake
- jsonrpc_session_handlers.go: Enhanced nickname validation
- jsonrpc.go: Global RPC rate limiting
- webrtc.go: WebSocket timeouts and queue monitoring

Total: 266 insertions, 73 deletions across 6 files
 2025-10-17 14:28:16 +03:00
Alex P 846caf77ce refactor: improve code maintainability with focused handler functions 
Extract large switch statements and functions into focused, reusable handlers
to improve code maintainability while preserving 100% functionality.

Changes:
- Extract onRPCMessage switch (200+ lines → 20 lines) into jsonrpc_session_handlers.go
- Extract cleanupInactiveSessions (343 lines → 54 lines) into session_cleanup_handlers.go
- Consolidate duplicate emergency promotion logic into attemptEmergencyPromotion()
- Simplify shouldBecomePrimary boolean logic with self-documenting variables

All changes pass linting (0 issues) and maintain complete functionality.
 2025-10-17 11:29:04 +03:00