From 6f58f5f5a8cc49843391c4de07a6fdd414a64667 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Fri, 22 Feb 2019 13:57:19 +0100 Subject: [PATCH] Fix a race when loading XS modules --- ...xt_init-fix-potential-race-condition.patch | 68 +++++++++++++++++++ perl.spec | 6 ++ 2 files changed, 74 insertions(+) create mode 100644 perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch diff --git a/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch b/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch new file mode 100644 index 0000000..50dd988 --- /dev/null +++ b/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch @@ -0,0 +1,68 @@ +From 61d4c87c940fea028f08f27addc275b469320fda Mon Sep 17 00:00:00 2001 +From: David Mitchell +Date: Mon, 18 Feb 2019 09:19:38 +0000 +Subject: [PATCH] Perl_my_cxt_init: fix potential race condition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +(Found by code inspection - I can't reproduce a failure) + +the MY_CXT subsystem, which allows per-thread pseudo-static variables, +has a thread race condition. + +When a module is first loaded, it is allocated unique index (from +PL_my_cxt_index++) which is assigned to the module's my_cxt_index static +var. + +If two threads both try to load an XS module at the same time, its +possible for one thread to set my_cxtp, then a second thread to overwrite +it with a higher value, causing the first thread to use the wrong index +into its local storage. + +Signed-off-by: Petr Písař +--- + util.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/util.c b/util.c +index 5b6f4bfd27..ae86a8c4a4 100644 +--- a/util.c ++++ b/util.c +@@ -5218,10 +5218,16 @@ Perl_my_cxt_init(pTHX_ int *index, size_t size) + dVAR; + void *p; + PERL_ARGS_ASSERT_MY_CXT_INIT; ++ /* do initial check without locking. ++ * -1: not allocated or another thread currently allocating ++ * other: already allocated by another thread ++ */ + if (*index == -1) { +- /* this module hasn't been allocated an index yet */ + MUTEX_LOCK(&PL_my_ctx_mutex); +- *index = PL_my_cxt_index++; ++ /*now a stricter check with locking */ ++ if (*index == -1) ++ /* this module hasn't been allocated an index yet */ ++ *index = PL_my_cxt_index++; + MUTEX_UNLOCK(&PL_my_ctx_mutex); + } + +@@ -5278,9 +5284,12 @@ Perl_my_cxt_init(pTHX_ const char *my_cxt_key, size_t size) + + index = Perl_my_cxt_index(aTHX_ my_cxt_key); + if (index == -1) { +- /* this module hasn't been allocated an index yet */ + MUTEX_LOCK(&PL_my_ctx_mutex); +- index = PL_my_cxt_index++; ++ /*now a stricter check with locking */ ++ index = Perl_my_cxt_index(aTHX_ my_cxt_key); ++ if (index == -1) ++ /* this module hasn't been allocated an index yet */ ++ index = PL_my_cxt_index++; + MUTEX_UNLOCK(&PL_my_ctx_mutex); + } + +-- +2.20.1 + diff --git a/perl.spec b/perl.spec index 05b1d53..44caa7b 100644 --- a/perl.spec +++ b/perl.spec @@ -254,6 +254,9 @@ Patch52: perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval- # Fix setting magic when changing $^R, RT#133782, in upstream after 5.29.7 Patch53: perl-5.28.1-perl-133782-set-magic-when-changing-R.patch +# Fix a race when loading XS modules, in upstream after 5.29.7 +Patch54: perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2860,6 +2863,7 @@ Perl extension for Version Objects %patch51 -p1 %patch52 -p1 %patch53 -p1 +%patch54 -p1 %patch200 -p1 %patch201 -p1 @@ -2906,6 +2910,7 @@ perl -x patchlevel.h \ 'Fedora Patch51: Fix the interpreter path if procfs is not mounted (RT#133573)' \ 'Fedora Patch52: Fix a crash when parsing #line directives with large numbers in eval (RT#131562)' \ 'Fedora Patch53: Fix setting magic when changing $^R (RT#133782)' \ + 'Fedora Patch54: Fix a race when loading XS modules' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5198,6 +5203,7 @@ popd - Fix a crash when parsing #line directives with large numbers in eval (RT#131562) - Fix setting magic when changing $^R (RT#133782) +- Fix a race when loading XS modules * Fri Feb 01 2019 Fedora Release Engineering - 4:5.28.1-432 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild