SSLClientSocket::IsConnected should care for internal buffers

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 553 matching lines @@
 //                                                          BufferRecv
 //                               V-------------------------------|
 //                          DoBufferRecv
 //                               |----------------V
 //                                              Read()
 //                               V----------------|
 //                        BufferRecvComplete()
 //                               |-------------------------------V
 //                                                      BufferRecvComplete()
 //                                                               |
-//                                                       PostOrRunCallback()
+//                                                        DoReadCallback()
 //                               V-------------------------------|
-//                        PostOrRunCallback()
+//                         UpdateReadStatus()

[Ryan Sleevi, 2013/01/07 18:59:04]

NACK on this. The intention of PostOrRunCallback is to force synchronous
continuation in situations where there is not a dedicated SSL thread. This
change introduces an extra yield for the single-threaded case, which we
definitely don't want.

[Takashi Toyoshima, 2013/01/08 06:25:39]

Oh, I miss the case of single-threaded model and my understanding on
PostOrRunCallback method is not clear.
Please let me reconsider this change from the viewpoint of threads and follow
your original suggestion carefully.

 //         V---------------------|
 //    (Read Callback)
 //
 /////////////////////////////////////////////////////////////////////////////
 class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
  public:
   // Creates a new Core.
   //
   // Any calls to NSS are executed on the |nss_task_runner|, while any calls
   // that need to operate on the underlying transport, net log, or server
@@ skipping 43 matching lines @@
   // any time.
   const HandshakeState& state() const { return network_handshake_state_; }
 
   // Called on the network task runner.
   // Read() and Write() mirror the net::Socket functions of the same name.
   // If ERR_IO_PENDING is returned, |callback| will be invoked on the network
   // task runner at a later point, unless the caller calls Detach().
   int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
   int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
 
+  // Called on the network task runner.
+  bool HasPendingAsyncOperation();
+  bool HasUnhandledData();
+
  private:
   friend class base::RefCountedThreadSafe<Core>;
   ~Core();
 
   enum State {
     STATE_NONE,
     STATE_HANDSHAKE,
     STATE_GET_DOMAIN_BOUND_CERT_COMPLETE,
   };
 
@@ skipping 78 matching lines @@
   bool DoTransportIO();
   int BufferRecv();
   int BufferSend();
 
   void OnRecvComplete(int result);
   void OnSendComplete(int result);
 
   void DoConnectCallback(int result);
   void DoReadCallback(int result);
   void DoWriteCallback(int result);
+  void UpdateNSSStatus(int amount_in_read_buffer,
+                       bool operation_is_read,
+                       const CompletionCallback& callback,
+                       int rv);
 
   // Client channel ID handler.
   static SECStatus ClientChannelIDHandler(
       void* arg,
       PRFileDesc* socket,
       SECKEYPublicKey **out_public_key,
       SECKEYPrivateKey **out_private_key);
 
   // ImportChannelIDKeys is a helper function for turning a DER-encoded cert and
   // key into a SECKEYPublicKey and SECKEYPrivateKey. Returns OK upon success
@@ skipping 57 matching lines @@
   ClientSocketHandle* transport_;
   base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_;
 
   // The current handshake state. Mirrors |nss_handshake_state_|.
   HandshakeState network_handshake_state_;
 
   // The service for retrieving Channel ID keys.  May be NULL.
   ServerBoundCertService* server_bound_cert_service_;
   ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
 
+  // The information about NSS task runner status.
+  int unhandled_buffer_size_;
+  bool waiting_read_;
+  bool waiting_write_;
+
   ////////////////////////////////////////////////////////////////////////////
   // Members that are ONLY accessed on the NSS task runner:
   ////////////////////////////////////////////////////////////////////////////
   HostPortPair host_and_port_;
   SSLConfig ssl_config_;
 
   // NSS SSL socket.
   PRFileDesc* nss_fd_;
 
   // Buffers for the network end of the SSL state machine
@@ skipping 60 matching lines @@
     ClientSocketHandle* transport,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     BoundNetLog* net_log,
     ServerBoundCertService* server_bound_cert_service)
     : detached_(false),
       transport_(transport),
       weak_net_log_factory_(net_log),
       server_bound_cert_service_(server_bound_cert_service),
       domain_bound_cert_request_handle_(NULL),
+      unhandled_buffer_size_(0),
+      waiting_read_(false),
+      waiting_write_(false),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       nss_fd_(NULL),
       nss_bufs_(NULL),
       next_handshake_state_(STATE_NONE),
       channel_id_xtn_negotiated_(false),
       channel_id_needed_(false),
       client_auth_cert_needed_(false),
       handshake_callback_called_(false),
       transport_recv_busy_(false),
@@ skipping 192 matching lines @@
     return posted ? ERR_IO_PENDING : ERR_ABORTED;
   }
 
   DCHECK(OnNSSTaskRunner());
   DCHECK(handshake_callback_called_);
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   DCHECK(user_read_callback_.is_null());
   DCHECK(user_connect_callback_.is_null());
   DCHECK(!user_read_buf_);
   DCHECK(nss_bufs_);
+  DCHECK(!waiting_read_);
 
   user_read_buf_ = buf;
   user_read_buf_len_ = buf_len;
+  waiting_read_ = true;
 
   int rv = DoReadLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_read_callback_ = callback;
   } else {
     user_read_buf_ = NULL;
     user_read_buf_len_ = 0;
+    waiting_read_ = false;
 
     if (!OnNetworkTaskRunner()) {
       PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
       return ERR_IO_PENDING;
     }
   }
 
   return rv;
 }
 
@@ skipping 12 matching lines @@
     return rv;
   }
 
   DCHECK(OnNSSTaskRunner());
   DCHECK(handshake_callback_called_);
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   DCHECK(user_write_callback_.is_null());
   DCHECK(user_connect_callback_.is_null());
   DCHECK(!user_write_buf_);
   DCHECK(nss_bufs_);
+  DCHECK(!waiting_write_);
 
   user_write_buf_ = buf;
   user_write_buf_len_ = buf_len;
+  waiting_write_ = true;
 
   int rv = DoWriteLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_write_callback_ = callback;
   } else {
     user_write_buf_ = NULL;
     user_write_buf_len_ = 0;
+    waiting_write_ = false;
 
     if (!OnNetworkTaskRunner()) {
       PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
       return ERR_IO_PENDING;
     }
   }
 
   return rv;
 }
 
+bool SSLClientSocketNSS::Core::HasPendingAsyncOperation() {
+  DCHECK(OnNetworkTaskRunner());
+  return waiting_read_ || waiting_write_;
+}
+
+bool SSLClientSocketNSS::Core::HasUnhandledData() {
+  DCHECK(OnNetworkTaskRunner());
+  return unhandled_buffer_size_ != 0;
+}
+
 bool SSLClientSocketNSS::Core::OnNSSTaskRunner() const {
   return nss_task_runner_->RunsTasksOnCurrentThread();
 }
 
 bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const {
   return network_task_runner_->RunsTasksOnCurrentThread();
 }
 
 // static
 SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
@@ skipping 1071 matching lines @@
   PostOrRunCallback(FROM_HERE, c);
 }
 
 void SSLClientSocketNSS::Core::DoReadCallback(int rv) {
   DCHECK(OnNSSTaskRunner());
   DCHECK_NE(ERR_IO_PENDING, rv);
   DCHECK(!user_read_callback_.is_null());
 
   user_read_buf_ = NULL;
   user_read_buf_len_ = 0;
-  base::Closure c = base::Bind(
-      base::ResetAndReturn(&user_read_callback_),
-      rv);
-  PostOrRunCallback(FROM_HERE, c);
+  char* buf;
+  int amount_in_read_buffer = memio_GetReadParams(nss_bufs_, &buf);
+  CompletionCallback cb = base::ResetAndReturn(&user_read_callback_);
+  // Curry the |amount_int_read_buffer| and |cb| back to the network task
+  // runner.
+  network_task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(&Core::UpdateNSSStatus,
+                 this,
+                 amount_in_read_buffer,
+                 true,  // Operation is read.
+                 cb,
+                 rv));

[Ryan Sleevi, 2013/01/07 18:59:04]

NACK: See above comments re: PostOrRunCallback. You should not be directly
calling PostTask here, since in the single-threaded case, OnNSSTaskRunner ==
OnNetworkTaskRunner() == true

[Takashi Toyoshima, 2013/01/08 06:25:39]

Done.

 }
 
 void SSLClientSocketNSS::Core::DoWriteCallback(int rv) {
   DCHECK(OnNSSTaskRunner());
   DCHECK_NE(ERR_IO_PENDING, rv);
   DCHECK(!user_write_callback_.is_null());
 
   // Since Run may result in Write being called, clear |user_write_callback_|
   // up front.
   user_write_buf_ = NULL;
   user_write_buf_len_ = 0;
-  base::Closure c = base::Bind(
-      base::ResetAndReturn(&user_write_callback_),
-      rv);
-  PostOrRunCallback(FROM_HERE, c);
+  char* buf;
+  // Update buffer status because DoWriteLoop called DoTransportIO which may
+  // perform read operations.
+  int amount_in_read_buffer = memio_GetReadParams(nss_bufs_, &buf);
+  CompletionCallback cb = base::ResetAndReturn(&user_write_callback_);
+  // Curry the |cb| back to the network task runner.
+  network_task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(&Core::UpdateNSSStatus,
+                 this,
+                 amount_in_read_buffer,
+                 false,  // Operation is not read, but write.
+                 cb,
+                 rv));

[Ryan Sleevi, 2013/01/07 18:59:04]

Also here

[Takashi Toyoshima, 2013/01/08 06:25:39]

Done.

+}
+
+void SSLClientSocketNSS::Core::UpdateNSSStatus(
+    int amount_in_read_buffer,
+    bool operation_is_read,
+    const CompletionCallback& callback,
+    int rv) {

[Ryan Sleevi, 2013/01/07 18:59:04]

If you're going to post a callback, you should post it as a base::Closure,
pre-bound to rv. The existing code (DoWriteCallback/DoReadCallback) already
handles the DCHECKs on |rv|

[Takashi Toyoshima, 2013/01/08 06:25:39]

Done.

+  DCHECK(OnNetworkTaskRunner());
+  DCHECK_NE(ERR_IO_PENDING, rv);
+  DCHECK(!callback.is_null());
+  DCHECK((operation_is_read && waiting_read_) ||
+         (!operation_is_read && waiting_write_));
+
+  unhandled_buffer_size_ = amount_in_read_buffer;
+  if (operation_is_read)
+    waiting_read_ = false;
+  else
+    waiting_write_ = false;
+  PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));

[Ryan Sleevi, 2013/01/07 18:59:04]

At this point, you're guaranteed to be OnNetworkTaskRunner (line 2337), so
there's no point in calling PostOrRunCallback.

Presuming the updated type to base::Closure

callback.Run()

[Takashi Toyoshima, 2013/01/08 06:25:39]

Done.

 }
 
 SECStatus SSLClientSocketNSS::Core::ClientChannelIDHandler(
     void* arg,
     PRFileDesc* socket,
     SECKEYPublicKey **out_public_key,
     SECKEYPrivateKey **out_private_key) {
   Core* core = reinterpret_cast<Core*>(arg);
   DCHECK(core->OnNSSTaskRunner());
 
@@ skipping 602 matching lines @@
 }
 
 bool SSLClientSocketNSS::IsConnected() const {
   // Ideally, we should also check if we have received the close_notify alert
   // message from the server, and return false in that case.  We're not doing
   // that, so this function may return a false positive.  Since the upper
   // layer (HttpNetworkTransaction) needs to handle a persistent connection
   // closed by the server when we send a request anyway, a false positive in
   // exchange for simpler code is a good trade-off.
   EnterFunction("");
-  bool ret = completed_handshake_ && transport_->socket()->IsConnected();
+  bool ret;
+
+  if (!completed_handshake_)
+    ret = false;
+  else if (core_->HasPendingAsyncOperation())
+    ret = true;
+  else if (core_->HasUnhandledData())
+    ret = true;
+  else
+    ret = transport_->socket()->IsConnected();
+
   LeaveFunction("");
   return ret;
 }
 
 bool SSLClientSocketNSS::IsConnectedAndIdle() const {
   // Unlike IsConnected, this method doesn't return a false positive.
   //
   // Strictly speaking, we should check if we have received the close_notify
   // alert message from the server, and return false in that case.  Although
   // the close_notify alert message means EOF in the SSL layer, it is just
   // bytes to the transport layer below, so
   // transport_->socket()->IsConnectedAndIdle() returns the desired false
   // when we receive close_notify.
   EnterFunction("");
-  bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle();
+  bool ret;
+
+  if (!completed_handshake_)
+    ret = false;
+  else if (core_->HasPendingAsyncOperation())
+    ret = true;  // This is probably wrong, but mirrors TCP.
+  else if (core_->HasUnhandledData())
+    ret = false;
+  else
+    ret = transport_->socket()->IsConnectedAndIdle();
+
   LeaveFunction("");
   return ret;
 }
 
 int SSLClientSocketNSS::GetPeerAddress(IPEndPoint* address) const {
   return transport_->socket()->GetPeerAddress(address);
 }
 
 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const {
   return transport_->socket()->GetLocalAddress(address);
@@ skipping 533 matching lines @@
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
   return server_bound_cert_service_;
 }
 
 }  // namespace net