[glibc] Fix data race in nscd (#806070)

Thu Mar 29 16:26:27 UTC 2012

commit d004e5468f108f10ef33cbeedd599d0c06486253
Author: Jeff Law <law at redhat.com>
Date:   Thu Mar 29 10:25:56 2012 -0600

    Fix data race in nscd (#806070)

 glibc-rh806070.patch |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 glibc.spec           |   12 +++++++++---
 2 files changed, 57 insertions(+), 3 deletions(-)
---

diff --git a/glibc-rh806070.patch b/glibc-rh806070.patch
new file mode 100644
index 0000000..71d7133
--- /dev/null
+++ b/glibc-rh806070.patch
@@ -0,0 +1,48 @@
+diff -rup c/nscd/nscd_gethst_r.c d/nscd/nscd_gethst_r.c
+--- c/nscd/nscd_gethst_r.c	2012-01-01 05:16:32.000000000 -0700
++++ d/nscd/nscd_gethst_r.c	2012-03-28 10:45:51.546600822 -0600
+@@ -101,9 +101,27 @@ libc_freeres_fn (hst_map_free)
+ uint32_t
+ __nscd_get_nl_timestamp (void)
+ {
++  uint32_t retval;
+   if (__nss_not_use_nscd_hosts != 0)
+     return 0;
+ 
++  int cnt = 0;
++  /* __nscd_get_mapping can change hst_map_handle.mapped to NO_MAPPING.
++   However, __nscd_get_mapping assumes the prior value was not NO_MAPPING.
++   Thus we have to acquire the lock to prevent this thread from changing
++   hst_map_handle.mapped to NO_MAPPING while another thread is inside
++    __nscd_get_mapping.  */
++  while (__builtin_expect
++	 (atomic_compare_and_exchange_val_acq (&__hst_map_handle.lock,
++					       1, 0) != 0, 0))
++    {
++      // XXX Best number of rounds?
++      if (__builtin_expect (++cnt > 5, 0))
++	return 0;
++
++      atomic_delay ();
++    }
++
+   struct mapped_database *map = __hst_map_handle.mapped;
+ 
+   if (map == NULL
+@@ -113,9 +131,14 @@ __nscd_get_nl_timestamp (void)
+     map = __nscd_get_mapping (GETFDHST, "hosts", &__hst_map_handle.mapped);
+ 
+   if (map == NO_MAPPING)
+-    return 0;
++    retval =  0;
++  else
++    retval =  map->head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP];
++
++  /* Release the lock.  */
++  __hst_map_handle.lock = 0;
+ 
+-  return map->head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP];
++  return retval;
+ }
+ 
+ 
diff --git a/glibc.spec b/glibc.spec
index 5c23263..78de6d0 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -28,7 +28,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 29%{?dist}
+Release: 30%{?dist}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -100,9 +100,9 @@ Patch32 : %{name}-rh739743.patch
 Patch33 : %{name}-rh789238.patch
 # From upstream 
 Patch34 : %{name}-rh794797.patch
-# Posted upstream
+# From upstream
 Patch35 : %{name}-rh788989.patch
-# Posted upstream
+# From upstream (sans comment which was added during review)
 Patch36 : %{name}-rh795498.patch
 # From upstream
 Patch37 : %{name}-rh760935.patch
@@ -123,6 +123,8 @@ Patch44 : %{name}-stap-libm.patch
 Patch45 : %{name}-rh803286.patch
 # Sent upstream, waiting on review
 Patch46 : %{name}-rh806403.patch
+# Submitted upstream, BZ 13594
+Patch47 : %{name}-rh806070.patch
 
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -388,6 +390,7 @@ rm -rf %{glibcportsdir}
 %patch44 -p1
 %patch45 -p1
 %patch46 -p1
+%patch47 -p1
 
 # A lot of programs still misuse memcpy when they have to use
 # memmove. The memcpy implementation below is not tolerant at
@@ -1240,6 +1243,9 @@ rm -f *.filelist*
 %endif
 
 %changelog
+* Tue Mar 27 2012 Jeff Law <law at redhat.com> - 2.15-30
+  - Fix data race in nscd (#806070)
+
 * Fri Mar 23 2012 Jeff Law <law at redhat.com> - 2.15-29
   - Fix typo in __nss_getent (#806403).
 
