From 6f58f5f5a8cc49843391c4de07a6fdd414a64667 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 22 Feb 2019 13:57:19 +0100
Subject: [PATCH] Fix a race when loading XS modules

---
 ...xt_init-fix-potential-race-condition.patch | 68 +++++++++++++++++++
 perl.spec                                     |  6 ++
 2 files changed, 74 insertions(+)
 create mode 100644 perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch

diff --git a/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch b/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch
new file mode 100644
index 0000000..50dd988
--- /dev/null
+++ b/perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch
@@ -0,0 +1,68 @@
+From 61d4c87c940fea028f08f27addc275b469320fda Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Mon, 18 Feb 2019 09:19:38 +0000
+Subject: [PATCH] Perl_my_cxt_init: fix potential race condition
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+(Found by code inspection - I can't reproduce a failure)
+
+the MY_CXT subsystem, which allows per-thread pseudo-static variables,
+has a thread race condition.
+
+When a module is first loaded, it is allocated  unique index (from
+PL_my_cxt_index++) which is assigned to the module's my_cxt_index static
+var.
+
+If two threads both try to load an XS module at the same time, its
+possible for one thread to set my_cxtp, then a second thread to overwrite
+it with a higher value, causing the first thread to use the wrong index
+into its local storage.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ util.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/util.c b/util.c
+index 5b6f4bfd27..ae86a8c4a4 100644
+--- a/util.c
++++ b/util.c
+@@ -5218,10 +5218,16 @@ Perl_my_cxt_init(pTHX_ int *index, size_t size)
+     dVAR;
+     void *p;
+     PERL_ARGS_ASSERT_MY_CXT_INIT;
++    /* do initial check without locking.
++     * -1:    not allocated or another thread currently allocating
++     *  other: already allocated by another thread
++     */
+     if (*index == -1) {
+-	/* this module hasn't been allocated an index yet */
+ 	MUTEX_LOCK(&PL_my_ctx_mutex);
+-	*index = PL_my_cxt_index++;
++        /*now a stricter check with locking */
++        if (*index == -1)
++            /* this module hasn't been allocated an index yet */
++            *index = PL_my_cxt_index++;
+ 	MUTEX_UNLOCK(&PL_my_ctx_mutex);
+     }
+     
+@@ -5278,9 +5284,12 @@ Perl_my_cxt_init(pTHX_ const char *my_cxt_key, size_t size)
+ 
+     index = Perl_my_cxt_index(aTHX_ my_cxt_key);
+     if (index == -1) {
+-	/* this module hasn't been allocated an index yet */
+ 	MUTEX_LOCK(&PL_my_ctx_mutex);
+-	index = PL_my_cxt_index++;
++        /*now a stricter check with locking */
++        index = Perl_my_cxt_index(aTHX_ my_cxt_key);
++        if (index == -1)
++            /* this module hasn't been allocated an index yet */
++            index = PL_my_cxt_index++;
+ 	MUTEX_UNLOCK(&PL_my_ctx_mutex);
+     }
+ 
+-- 
+2.20.1
+
diff --git a/perl.spec b/perl.spec
index 05b1d53..44caa7b 100644
--- a/perl.spec
+++ b/perl.spec
@@ -254,6 +254,9 @@ Patch52:        perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval-
 # Fix setting magic when changing $^R, RT#133782, in upstream after 5.29.7
 Patch53:        perl-5.28.1-perl-133782-set-magic-when-changing-R.patch
 
+# Fix a race when loading XS modules, in upstream after 5.29.7
+Patch54:        perl-5.29.7-Perl_my_cxt_init-fix-potential-race-condition.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2860,6 +2863,7 @@ Perl extension for Version Objects
 %patch51 -p1
 %patch52 -p1
 %patch53 -p1
+%patch54 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2906,6 +2910,7 @@ perl -x patchlevel.h \
     'Fedora Patch51: Fix the interpreter path if procfs is not mounted (RT#133573)' \
     'Fedora Patch52: Fix a crash when parsing #line directives with large numbers in eval (RT#131562)' \
     'Fedora Patch53: Fix setting magic when changing $^R (RT#133782)' \
+    'Fedora Patch54: Fix a race when loading XS modules' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5198,6 +5203,7 @@ popd
 - Fix a crash when parsing #line directives with large numbers in eval
   (RT#131562)
 - Fix setting magic when changing $^R (RT#133782)
+- Fix a race when loading XS modules
 
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4:5.28.1-432
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild