Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lots of Olm sessions for the same device #25716

Closed
richvdh opened this issue Jul 4, 2023 · 4 comments · Fixed by matrix-org/matrix-js-sdk#3549
Closed

Lots of Olm sessions for the same device #25716

richvdh opened this issue Jul 4, 2023 · 4 comments · Fixed by matrix-org/matrix-js-sdk#3549

Comments

@richvdh
Copy link
Member

richvdh commented Jul 4, 2023
edited
Loading

For some reason Element is repeatedly creating new sessions for another of my devices.

So far it is up to 73 of them.
@weeman1337
Copy link
Contributor

@richvdh how bad is this? Can you provide some snipped to get the session count for my devices? Just to test with some of my accounts, so that I can triage this issue better.

@richvdh
Copy link
Member Author

richvdh commented Jul 5, 2023

I ran this in a browser console to dump the devices with a large number of sessions:

async function sessionsPerDevice() {
    const db = await new Promise((resolve) => {
        const req = indexedDB.open('matrix-js-sdk:crypto');
        req.onsuccess = () => resolve(req.result);
    });

    // fetch all the known Olm sessions
    const rows = await new Promise((resolve) => {
        const tx1 = db.transaction(["sessions"], "readonly");
        const idx = tx1.objectStore("sessions").index("deviceKey");
        const req = idx.getAll();
        req.onsuccess = () => resolve(req.result);
    });

    // collect the sessions by device ID
    const deviceMap = new Map();
    for (const row of rows) {
        const {deviceKey} = row;
        const m = deviceMap.get(deviceKey) ?? 0;
        deviceMap.set(deviceKey, m+1);
    }

    // sort by descending number of sessions
    const sorted = Array.from(deviceMap.entries());
    sorted.sort(([,a], [,b]) => b-a);

    return sorted;
}

const deviceList = mxMatrixClientPeg.get().crypto.deviceList;
for (const [key, count] of (await sessionsPerDevice()).slice(0, 5)) {
    console.log(`${key} [${deviceList.getUserByIdentityKey("m.megolm.v1.aes-sha2", key)}]: ${count}`);
}

@richvdh
Copy link
Member Author

richvdh commented Jul 5, 2023
edited
Loading

Having looked at the rageshakes, what happened is a double failure:

  • EA device sends lots (about 70?) of encrypted to-device messages. [This actually happened twice.]
  • Those to-device messages get reordered before decryption at EW. We only keep 40 message keys, so end up dropping a load of keys.
  • Once the messages that we have dropped keys for turn up, we decide that the olm session is wedged, and force a new olm session.
  • New-olm-session-creation is supposed to be rate-limited, but it is racy, so if lots of requests for new olm sessions happen at once, the rate limit doesn't work.

So, the problems here are:

  1. To-device-messages are being reordered. They shouldn't be reordered at all, though Element tries to process them in parallel, which may be part of the problem.
  2. New-olm-session-creation-rate-limiting is racy.

@richvdh
Copy link
Member Author

richvdh commented Jul 5, 2023

Have opened #25723 to track the reordering. Suggest we use this issue to track "New-olm-session-creation-rate-limiting is racy."

@richvdh richvdh added O-Occasional Affects or can be seen by some users regularly or most users rarely and removed O-Occasional Affects or can be seen by some users regularly or most users rarely labels Jul 5, 2023
@uhoreg uhoreg mentioned this issue Jul 6, 2023
Merged
3 tasks
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this issue Feb 24, 2024
@su-ex
Merge tag 'v27.0.0' into sc
9bbc329 
* Drop support for Node 16 ([\matrix-org#3533](matrix-org#3533)).
* Improve types around login, registration, UIA and identity servers ([\matrix-org#3537](matrix-org#3537)).
* **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (matrix-org#3189)**
* Simplify `MatrixClient::setPowerLevel` API ([\matrix-org#3570](matrix-org#3570)). Fixes element-hq/element-web#13900 and matrix-org#1844.
* Deprecate `VerificationRequest.getQRCodeBytes` and replace it with the asynchronous `generateQRCode`. ([\matrix-org#3562](matrix-org#3562)).
* Deprecate `VerificationRequest.beginKeyVerification()` in favour of `VerificationRequest.startVerification()`. ([\matrix-org#3528](matrix-org#3528)).
* Deprecate `Crypto.VerificationRequest` application event, replacing it with `Crypto.VerificationRequestReceived`. ([\matrix-org#3514](matrix-org#3514)).
* Throw saner error when peeking has its room pulled out from under it ([\matrix-org#3577](matrix-org#3577)). Fixes element-hq/element-web#18679.
* OIDC: Log in ([\matrix-org#3554](matrix-org#3554)). Contributed by @kerryarchibald.
* Prevent threads code from making identical simultaneous API hits ([\matrix-org#3541](matrix-org#3541)). Fixes element-hq/element-web#25395.
* Update IUnsigned type to be extensible ([\matrix-org#3547](matrix-org#3547)).
* add stop() api to BackupManager for clean shutdown ([\matrix-org#3553](matrix-org#3553)).
* Log the message ID of any undecryptable to-device messages ([\matrix-org#3543](matrix-org#3543)).
* Ignore thread relations on state events for consistency with edits ([\matrix-org#3540](matrix-org#3540)).
* OIDC: validate id token ([\matrix-org#3531](matrix-org#3531)). Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\matrix-org#3600](matrix-org#3600)).
* Fix `TypedEventEmitter::removeAllListeners(void)` not working ([\matrix-org#3561](matrix-org#3561)).
* Don't allow Olm unwedging rate-limiting to race ([\matrix-org#3549](matrix-org#3549)). Fixes element-hq/element-web#25716.
* Fix an instance of failed to decrypt error when an in flight `/keys/query` fails. ([\matrix-org#3486](matrix-org#3486)).
* Use the right anchor emoji for SAS verification ([\matrix-org#3534](matrix-org#3534)).
* fix a bug which caused the wrong emoji to be shown during SAS device verification. ([\matrix-org#3523](matrix-org#3523)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't allow Olm unwedging rate-limiting to race uhoreg/matrix-js-sdk
2 participants
@richvdh @weeman1337