Start adding threading checks to nss_util.

crypto/nss_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <pk11pub.h>
 #include <plarena.h>
 #include <prerror.h>
 #include <prinit.h>
 #include <prtime.h>
 #include <secmod.h>
 
 #if defined(OS_LINUX)
 #include <linux/nfs_fs.h>
 #include <sys/vfs.h>
 #elif defined(OS_OPENBSD)
 #include <sys/mount.h>
 #include <sys/param.h>
 #endif
 
 #include <vector>
 
 #include "base/debug/alias.h"
+#include "base/debug/stack_trace.h"
 #include "base/environment.h"
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram.h"
 #include "base/native_library.h"
 #include "base/strings/stringprintf.h"
+#include "base/threading/thread_checker.h"
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 
 // USE_NSS means we use NSS for everything crypto-related.  If USE_NSS is not
 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
 // use NSS for crypto or certificate verification, and we don't use the NSS
 // certificate and key databases.
 #if defined(USE_NSS)
 #include "base/synchronization/lock.h"
 #include "crypto/crypto_module_blocking_password_delegate.h"
@@ skipping 163 matching lines @@
   base::debug::Alias(&os_error);
   LOG(ERROR) << "Error initializing NSS without a persistent database: "
              << GetNSSErrorMessage();
   LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error;
 }
 
 class NSSInitSingleton {
  public:
 #if defined(OS_CHROMEOS)
   void OpenPersistentNSSDB() {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     if (!chromeos_user_logged_in_) {
       // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
       // Temporarily allow it until we fix http://crbug.com/70119
       base::ThreadRestrictions::ScopedAllowIO allow_io;
       chromeos_user_logged_in_ = true;
 
       // This creates another DB slot in NSS that is read/write, unlike
       // the fake root CA cert DB and the "default" crypto key
       // provider, which are still read-only (because we initialized
       // NSS before we had a cryptohome mounted).
       software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
                                   kNSSDatabaseName);
     }
   }
 
   void EnableTPMTokenForNSS() {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     // If this gets set, then we'll use the TPM for certs with
     // private keys, otherwise we'll fall back to the software
     // implementation.
     tpm_token_enabled_for_nss_ = true;
   }
 
   bool InitializeTPMToken(const std::string& token_name,
                           int token_slot_id,
                           const std::string& user_pin) {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     // If EnableTPMTokenForNSS hasn't been called, return false.
     if (!tpm_token_enabled_for_nss_)
       return false;
 
     // If everything is already initialized, then return true.
     if (chaps_module_ && tpm_slot_)
       return true;
 
     tpm_token_name_ = token_name;
     tpm_user_pin_ = user_pin;
@@ skipping 19 matching lines @@
     }
     if (chaps_module_){
       tpm_slot_ = GetTPMSlotForId(token_slot_id);
 
       return tpm_slot_ != NULL;
     }
     return false;
   }
 
   void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) {
+    // TODO(mattm): Change to DCHECK when callers have been fixed.
+    if (!thread_checker_.CalledOnValidThread()) {
+      DVLOG(1) << "Called on wrong thread.\n"
+               << base::debug::StackTrace().ToString();
+    }
+
     if (!tpm_token_enabled_for_nss_) {
       LOG(ERROR) << "GetTPMTokenInfo called before TPM Token is ready.";
       return;
     }
     if (token_name)
       *token_name = tpm_token_name_;
     if (user_pin)
       *user_pin = tpm_user_pin_;
   }
 
   bool IsTPMTokenReady() {
+    // TODO(mattm): Change to DCHECK when callers have been fixed.
+    if (!thread_checker_.CalledOnValidThread()) {
+      DVLOG(1) << "Called on wrong thread.\n"
+               << base::debug::StackTrace().ToString();
+    }
+
     return tpm_slot_ != NULL;
   }
 
   // Note that CK_SLOT_ID is an unsigned long, but cryptohome gives us the slot
   // id as an int. This should be safe since this is only used with chaps, which
   // we also control.
   PK11SlotInfo* GetTPMSlotForId(CK_SLOT_ID slot_id) {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     if (!chaps_module_)
       return NULL;
 
     VLOG(1) << "Poking chaps module.";
     SECStatus rv = SECMOD_UpdateSlotList(chaps_module_);
     if (rv != SECSuccess)
       PLOG(ERROR) << "SECMOD_UpdateSlotList failed: " << PORT_GetError();
 
     PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module_->moduleID, slot_id);
     if (!slot)
       LOG(ERROR) << "TPM slot " << slot_id << " not found.";
     return slot;
   }
 #endif  // defined(OS_CHROMEOS)
 
 
   bool OpenTestNSSDB() {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     if (test_slot_)
       return true;
     if (!g_test_nss_db_dir.Get().CreateUniqueTempDir())
       return false;
     test_slot_ = OpenUserDB(g_test_nss_db_dir.Get().path(), kTestTPMTokenName);
     return !!test_slot_;
   }
 
   void CloseTestNSSDB() {
+    DCHECK(thread_checker_.CalledOnValidThread());
+
     if (!test_slot_)
       return;
     SECStatus status = SECMOD_CloseUserDB(test_slot_);
     if (status != SECSuccess)
       PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
     PK11_FreeSlot(test_slot_);
     test_slot_ = NULL;
     ignore_result(g_test_nss_db_dir.Get().Delete());
   }
 
   PK11SlotInfo* GetPublicNSSKeySlot() {
+    // TODO(mattm): Change to DCHECK when callers have been fixed.
+    if (!thread_checker_.CalledOnValidThread()) {
+      DVLOG(1) << "Called on wrong thread.\n"
+               << base::debug::StackTrace().ToString();
+    }
+
     if (test_slot_)
       return PK11_ReferenceSlot(test_slot_);
     if (software_slot_)
       return PK11_ReferenceSlot(software_slot_);
     return PK11_GetInternalKeySlot();
   }
 
   PK11SlotInfo* GetPrivateNSSKeySlot() {
+    // TODO(mattm): Change to DCHECK when callers have been fixed.
+    if (!thread_checker_.CalledOnValidThread()) {
+      DVLOG(1) << "Called on wrong thread.\n"
+               << base::debug::StackTrace().ToString();
+    }
+
     if (test_slot_)
       return PK11_ReferenceSlot(test_slot_);
 
 #if defined(OS_CHROMEOS)
     if (tpm_token_enabled_for_nss_) {
       if (IsTPMTokenReady()) {
         return PK11_ReferenceSlot(tpm_slot_);
       } else {
         // If we were supposed to get the hardware token, but were
         // unable to, return NULL rather than fall back to sofware.
@@ skipping 25 matching lines @@
 
   NSSInitSingleton()
       : tpm_token_enabled_for_nss_(false),
         chaps_module_(NULL),
         software_slot_(NULL),
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
         chromeos_user_logged_in_(false) {
     base::TimeTicks start_time = base::TimeTicks::Now();
+
+    // It's safe to construct on any thread, since LazyInstance will prevent any
+    // other threads from accessing until the constructor is done.
+    thread_checker_.DetachFromThread();
+
     EnsureNSPRInit();
 
     // We *must* have NSS >= 3.14.3.
     COMPILE_ASSERT(
         (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) ||
         (NSS_VMAJOR == 3 && NSS_VMINOR > 14) ||
         (NSS_VMAJOR > 3),
         nss_version_check_failed);
     // Also check the run-time NSS version.
     // NSS_VersionCheck is a >= check, not strict equality.
@@ skipping 189 matching lines @@
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
   SECMODModule* root_;
   bool chromeos_user_logged_in_;
 #if defined(USE_NSS)
   // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
   // is fixed, we will no longer need the lock.
   base::Lock write_lock_;
 #endif  // defined(USE_NSS)
+
+  base::ThreadChecker thread_checker_;
 };
 
 // static
 bool NSSInitSingleton::force_nodb_init_ = false;
 
 base::LazyInstance<NSSInitSingleton>::Leaky
     g_nss_singleton = LAZY_INSTANCE_INITIALIZER;
 }  // namespace
 
 const char kTestTPMTokenName[] = "Test DB";
@@ skipping 170 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto