semaphores: fix missed wakes from ABA bug in waiter count logic

[musl] / src / thread / sem_timedwait.c

diff --git a/src/thread/sem_timedwait.c b/src/thread/sem_timedwait.c
index 58d3ebf..aa67376 100644 (file)
--- a/src/thread/sem_timedwait.c
+++ b/src/thread/sem_timedwait.c
@@ -1,4 +1,5 @@
 #include <semaphore.h>
+#include <limits.h>
 #include "pthread_impl.h"
 
 static void cleanup(void *p)
@@ -13,14 +14,15 @@ int sem_timedwait(sem_t *restrict sem, const struct timespec *restrict at)
        if (!sem_trywait(sem)) return 0;
 
        int spins = 100;
-       while (spins-- && sem->__val[0] <= 0 && !sem->__val[1]) a_spin();
+       while (spins-- && !(sem->__val[0] & SEM_VALUE_MAX) && !sem->__val[1])
+               a_spin();
 
        while (sem_trywait(sem)) {
-               int r;
+               int r, priv = sem->__val[2];
                a_inc(sem->__val+1);
-               a_cas(sem->__val, 0, -1);
+               a_cas(sem->__val, 0, 0x80000000);
                pthread_cleanup_push(cleanup, (void *)(sem->__val+1));
-               r = __timedwait_cp(sem->__val, -1, CLOCK_REALTIME, at, sem->__val[2]);
+               r = __timedwait_cp(sem->__val, 0x80000000, CLOCK_REALTIME, at, priv);
                pthread_cleanup_pop(1);
                if (r) {
                        errno = r;