Reland fix for OCSP startup race.

net/ocsp/nss_ocsp.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ocsp/nss_ocsp.h"
 
 #include <certt.h>
 #include <certdb.h>
 #include <ocsp.h>
 #include <nspr.h>
 #include <nss.h>
+#include <pthread.h>
 #include <secerr.h>
 
 #include <string>
 
+#include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/condition_variable.h"
 #include "base/histogram.h"
+#include "base/lazy_instance.h"
+#include "base/lock.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
-#include "base/singleton.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/thread.h"
 #include "base/time.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_response_headers.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 
 namespace {
 
+// Protects |g_request_context|.
+pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER;
+static URLRequestContext* g_request_context = NULL;
+
+class OCSPIOLoop : public MessageLoop::DestructionObserver {
+ public:
+  // MessageLoop::DestructionObserver:
+  virtual void WillDestroyCurrentMessageLoop();
+
+  void StartUsing() {
+    AutoLock autolock(lock_);
+    used_ = true;
+  }
+
+  bool used() const {
+    AutoLock autolock(lock_);
+    return used_;
+  }
+
+  // Called from worker thread.
+  void PostTaskToIOLoop(const tracked_objects::Location& from_here, Task* task);
+
+  void EnsureIOLoop();
+
+ private:
+  friend struct base::DefaultLazyInstanceTraits<OCSPIOLoop>;
+
+  OCSPIOLoop();
+  ~OCSPIOLoop();
+
+  mutable Lock lock_;
+  bool used_;  // Protected by |lock_|.
+  // This should not be modified after |used_|.
+  MessageLoopForIO* io_loop_;  // Protected by |lock_|.
+
+  DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop);
+};
+
+OCSPIOLoop::OCSPIOLoop()
+    : used_(false),
+      io_loop_(MessageLoopForIO::current()) {
+  DCHECK(io_loop_);
+  io_loop_->AddDestructionObserver(this);
+}
+
+OCSPIOLoop::~OCSPIOLoop() {
+  // IO thread was already deleted before the singleton is deleted
+  // in AtExitManager.
+  {
+    AutoLock autolock(lock_);
+    DCHECK(!io_loop_);
+    DCHECK(!used_);
+  }
+
+  pthread_mutex_lock(&g_request_context_lock);
+  DCHECK(!g_request_context);
+  pthread_mutex_unlock(&g_request_context_lock);
+}
+
+void OCSPIOLoop::WillDestroyCurrentMessageLoop() {
+  // Prevent the worker thread from trying to access |io_loop_|.
+  {
+    AutoLock autolock(lock_);
+    DCHECK_EQ(MessageLoopForIO::current(), io_loop_);
+    io_loop_ = NULL;
+    used_ = false;
+  }
+
+  pthread_mutex_lock(&g_request_context_lock);
+  g_request_context = NULL;
+  pthread_mutex_unlock(&g_request_context_lock);
+}
+
+void OCSPIOLoop::PostTaskToIOLoop(
+    const tracked_objects::Location& from_here, Task* task) {
+  AutoLock autolock(lock_);
+  if (io_loop_)
+    io_loop_->PostTask(from_here, task);
+}
+
+void OCSPIOLoop::EnsureIOLoop() {
+  AutoLock autolock(lock_);
+  DCHECK_EQ(MessageLoopForIO::current(), io_loop_);
+}
+
+base::LazyInstance<OCSPIOLoop> g_ocsp_io_loop(base::LINKER_INITIALIZED);
+
 const int kRecvBufferSize = 4096;
 
 // All OCSP handlers should be called in the context of
 // CertVerifier's thread (i.e. worker pool, not on the I/O thread).
 // It supports blocking mode only.
 
 SECStatus OCSPCreateSession(const char* host, PRUint16 portnum,
                             SEC_HTTP_SERVER_SESSION* pSession);
 SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session,
                                PRPollDesc **pPollDesc);
@@ skipping 16 matching lines @@
                                 PRPollDesc** pPollDesc,
                                 PRUint16* http_response_code,
                                 const char** http_response_content_type,
                                 const char** http_response_headers,
                                 const char** http_response_data,
                                 PRUint32* http_response_data_len);
 SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request);
 
 char* GetAlternateOCSPAIAInfo(CERTCertificate *cert);
 
-class OCSPInitSingleton : public MessageLoop::DestructionObserver {
- public:
-  // Called on IO thread.
-  virtual void WillDestroyCurrentMessageLoop() {
-    AutoLock autolock(lock_);
-    DCHECK_EQ(MessageLoopForIO::current(), io_loop_);
-    io_loop_ = NULL;
-    request_context_ = NULL;
-  };
+class OCSPNSSInitialization {
+ private:
+  friend struct base::DefaultLazyInstanceTraits<OCSPNSSInitialization>;
 
-  // Called from worker thread.
-  void PostTaskToIOLoop(
-      const tracked_objects::Location& from_here, Task* task) {
-    AutoLock autolock(lock_);
-    if (io_loop_)
-      io_loop_->PostTask(from_here, task);
-  }
-
-  // This is static method because it is called before NSS initialization,
-  // that is, before OCSPInitSingleton is initialized.
-  static void set_url_request_context(URLRequestContext* request_context) {
-    request_context_ = request_context;
-  }
-  static URLRequestContext* url_request_context() {
-    return request_context_;
-  }
-
- private:
-  friend struct DefaultSingletonTraits<OCSPInitSingleton>;
-
-  OCSPInitSingleton()
-      : io_loop_(MessageLoopForIO::current()) {
-    DCHECK(io_loop_);
-    io_loop_->AddDestructionObserver(this);
-
-    // NSS calls the functions in the function table to download certificates
-    // or CRLs or talk to OCSP responders over HTTP.  These functions must
-    // set an NSS/NSPR error code when they fail.  Otherwise NSS will get the
-    // residual error code from an earlier failed function call.
-    client_fcn_.version = 1;
-    SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1;
-    ft->createSessionFcn = OCSPCreateSession;
-    ft->keepAliveSessionFcn = OCSPKeepAliveSession;
-    ft->freeSessionFcn = OCSPFreeSession;
-    ft->createFcn = OCSPCreate;
-    ft->setPostDataFcn = OCSPSetPostData;
-    ft->addHeaderFcn = OCSPAddHeader;
-    ft->trySendAndReceiveFcn = OCSPTrySendAndReceive;
-    ft->cancelFcn = NULL;
-    ft->freeFcn = OCSPFree;
-    SECStatus status = SEC_RegisterDefaultHttpClient(&client_fcn_);
-    if (status != SECSuccess) {
-      NOTREACHED() << "Error initializing OCSP: " << PR_GetError();
-    }
-
-    // Work around NSS bugs 524013 and 564334.  NSS incorrectly thinks the
-    // CRLs for Network Solutions Certificate Authority have bad signatures,
-    // which causes certificates issued by that CA to be reported as revoked.
-    // By using OCSP for those certificates, which don't have AIA extensions,
-    // we can work around these bugs.  See http://crbug.com/41730.
-    CERT_StringFromCertFcn old_callback = NULL;
-    status = CERT_RegisterAlternateOCSPAIAInfoCallBack(
-        GetAlternateOCSPAIAInfo, &old_callback);
-    if (status == SECSuccess) {
-      DCHECK(!old_callback);
-    } else {
-      NOTREACHED() << "Error initializing OCSP: " << PR_GetError();
-    }
-  }
-
-  virtual ~OCSPInitSingleton() {
-    // IO thread was already deleted before the singleton is deleted
-    // in AtExitManager.
-    AutoLock autolock(lock_);
-    DCHECK(!io_loop_);
-    DCHECK(!request_context_);
-  }
+  OCSPNSSInitialization();
+  ~OCSPNSSInitialization();
 
   SEC_HttpClientFcn client_fcn_;
 
-  // |lock_| protects |io_loop_|.
-  Lock lock_;
-  // I/O thread.
-  MessageLoop* io_loop_;  // I/O thread
-  // URLRequestContext for OCSP handlers.
-  static URLRequestContext* request_context_;
-
-  DISALLOW_COPY_AND_ASSIGN(OCSPInitSingleton);
+  DISALLOW_COPY_AND_ASSIGN(OCSPNSSInitialization);
 };
 
-URLRequestContext* OCSPInitSingleton::request_context_ = NULL;
+OCSPNSSInitialization::OCSPNSSInitialization() {
+  // NSS calls the functions in the function table to download certificates
+  // or CRLs or talk to OCSP responders over HTTP.  These functions must
+  // set an NSS/NSPR error code when they fail.  Otherwise NSS will get the
+  // residual error code from an earlier failed function call.
+  client_fcn_.version = 1;
+  SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1;
+  ft->createSessionFcn = OCSPCreateSession;
+  ft->keepAliveSessionFcn = OCSPKeepAliveSession;
+  ft->freeSessionFcn = OCSPFreeSession;
+  ft->createFcn = OCSPCreate;
+  ft->setPostDataFcn = OCSPSetPostData;
+  ft->addHeaderFcn = OCSPAddHeader;
+  ft->trySendAndReceiveFcn = OCSPTrySendAndReceive;
+  ft->cancelFcn = NULL;
+  ft->freeFcn = OCSPFree;
+  SECStatus status = SEC_RegisterDefaultHttpClient(&client_fcn_);
+  if (status != SECSuccess) {
+    NOTREACHED() << "Error initializing OCSP: " << PR_GetError();
+  }
+
+  // Work around NSS bugs 524013 and 564334.  NSS incorrectly thinks the
+  // CRLs for Network Solutions Certificate Authority have bad signatures,
+  // which causes certificates issued by that CA to be reported as revoked.
+  // By using OCSP for those certificates, which don't have AIA extensions,
+  // we can work around these bugs.  See http://crbug.com/41730.
+  CERT_StringFromCertFcn old_callback = NULL;
+  status = CERT_RegisterAlternateOCSPAIAInfoCallBack(
+      GetAlternateOCSPAIAInfo, &old_callback);
+  if (status == SECSuccess) {
+    DCHECK(!old_callback);
+  } else {
+    NOTREACHED() << "Error initializing OCSP: " << PR_GetError();
+  }
+}
+
+OCSPNSSInitialization::~OCSPNSSInitialization() {}
+
+base::LazyInstance<OCSPNSSInitialization> g_ocsp_nss_initialization(
+    base::LINKER_INITIALIZED);
 
 // Concrete class for SEC_HTTP_REQUEST_SESSION.
 // Public methods except virtual methods of URLRequest::Delegate (On* methods)
 // run on certificate verifier thread (worker thread).
 // Virtual methods of URLRequest::Delegate and private methods run
 // on IO thread.
 class OCSPRequestSession
     : public base::RefCountedThreadSafe<OCSPRequestSession>,
       public URLRequest::Delegate,
       public MessageLoop::DestructionObserver {
@@ skipping 20 matching lines @@
   void AddHeader(const char* http_header_name, const char* http_header_value) {
     extra_request_headers_.SetHeader(http_header_name,
                                      http_header_value);
   }
 
   void Start() {
     // At this point, it runs on worker thread.
     // |io_loop_| was initialized to be NULL in constructor, and
     // set only in StartURLRequest, so no need to lock |lock_| here.
     DCHECK(!io_loop_);
-    Singleton<OCSPInitSingleton>()->PostTaskToIOLoop(
+    g_ocsp_io_loop.Get().PostTaskToIOLoop(
         FROM_HERE,
         NewRunnableMethod(this, &OCSPRequestSession::StartURLRequest));
   }
 
   bool Started() const {
     return request_ != NULL;
   }
 
   void Cancel() {
     // IO thread may set |io_loop_| to NULL, so protect by |lock_|.
@@ skipping 118 matching lines @@
   // Must call this method while holding |lock_|.
   void CancelLocked() {
     lock_.AssertAcquired();
     if (io_loop_) {
       io_loop_->PostTask(
           FROM_HERE,
           NewRunnableMethod(this, &OCSPRequestSession::CancelURLRequest));
     }
   }
 
+  // Runs on |g_ocsp_io_loop|'s IO loop.
   void StartURLRequest() {
     DCHECK(!request_);
 
-    URLRequestContext* url_request_context =
-        OCSPInitSingleton::url_request_context();
+    pthread_mutex_lock(&g_request_context_lock);
+    URLRequestContext* url_request_context = g_request_context;
+    pthread_mutex_unlock(&g_request_context_lock);
+
     if (url_request_context == NULL)
       return;
 
     {
       AutoLock autolock(lock_);
       DCHECK(!io_loop_);
       io_loop_ = MessageLoopForIO::current();
       io_loop_->AddDestructionObserver(this);
     }
 
@@ skipping 112 matching lines @@
   DISALLOW_COPY_AND_ASSIGN(OCSPServerSession);
 };
 
 
 // OCSP Http Client functions.
 // Our Http Client functions operate in blocking mode.
 SECStatus OCSPCreateSession(const char* host, PRUint16 portnum,
                             SEC_HTTP_SERVER_SESSION* pSession) {
   VLOG(1) << "OCSP create session: host=" << host << " port=" << portnum;
   DCHECK(!MessageLoop::current());
-  if (OCSPInitSingleton::url_request_context() == NULL) {
+  pthread_mutex_lock(&g_request_context_lock);
+  URLRequestContext* request_context = g_request_context;
+  pthread_mutex_unlock(&g_request_context_lock);
+  if (request_context == NULL) {
     LOG(ERROR) << "No URLRequestContext for OCSP handler.";
     // The application failed to call SetURLRequestContextForOCSP, so we
     // can't create and use URLRequest.  PR_NOT_IMPLEMENTED_ERROR is not an
     // accurate error code for this error condition, but is close enough.
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     return SECFailure;
   }
   *pSession = new OCSPServerSession(host, portnum);
   return SECSuccess;
 }
@@ skipping 286 matching lines @@
     }
   }
 
   return NULL;
 }
 
 }  // anonymous namespace
 
 namespace net {
 
+void SetMessageLoopForOCSP() {
+  // Must have a MessageLoopForIO.
+  DCHECK(MessageLoopForIO::current());
+
+  bool used = g_ocsp_io_loop.Get().used();
+
+  // Should not be called when g_ocsp_io_loop has already been used.
+  DCHECK(!used);
+}
+
 void EnsureOCSPInit() {
-  Singleton<OCSPInitSingleton>::get();
+  g_ocsp_io_loop.Get().StartUsing();
+  g_ocsp_nss_initialization.Get();
 }
 
 // This function would be called before NSS initialization.
 void SetURLRequestContextForOCSP(URLRequestContext* request_context) {
-  OCSPInitSingleton::set_url_request_context(request_context);
+  pthread_mutex_lock(&g_request_context_lock);
+  if (request_context) {
+    DCHECK(request_context->is_main());
+    DCHECK(!g_request_context);
+  } else {
+    DCHECK(g_request_context);
+  }
+  g_request_context = request_context;
+  pthread_mutex_unlock(&g_request_context_lock);
 }
 
 URLRequestContext* GetURLRequestContextForOCSP() {
-  return OCSPInitSingleton::url_request_context();
+  pthread_mutex_lock(&g_request_context_lock);
+  URLRequestContext* request_context = g_request_context;
+  pthread_mutex_unlock(&g_request_context_lock);
+  DCHECK(request_context->is_main());
+  return request_context;
 }
 
 }  // namespace net