fix pthread_cond_wait paired with with priority-inheritance mutex

pthread_cond_wait arranged for requeued waiters to wake when the mutex
is unlocked by temporarily adjusting the mutex's waiter count. commit
54ca677983d47529bab8752315ac1a2b49888870 broke this when introducing
PI mutexes by repurposing the waiter count field of the mutex
structure. since then, for PI mutexes, the waiter count adjustment was
misinterpreted by the mutex locking code as indicating that the mutex
is non a non-recoverable state.

it would be possible to special-case PI mutexes here, but instead just
drop all adjustment of the waiters count, and instead use the lock
word waiters bit for all mutex types. since the mutex is either held
by the caller or in unrecoverable state at the time the bit is set, it
will necessarily still be set at the time of any subsequent valid
unlock operation, and this will produce the desired effect of waking
the next waiter.

if waiter counts are entirely dropped at some point in the future this
code should still work without modification.

diff --git a/src/thread/pthread_cond_timedwait.c b/src/thread/pthread_cond_timedwait.c
index d150124..f5f37af 100644 (file)
--- a/src/thread/pthread_cond_timedwait.c
+++ b/src/thread/pthread_cond_timedwait.c
@@ -146,14 +146,13 @@ relock:
 
        if (oldstate == WAITING) goto done;
 
-       if (!node.next) a_inc(&m->_m_waiters);
-
        /* Unlock the barrier that's holding back the next waiter, and
         * either wake it or requeue it to the mutex. */
-       if (node.prev)
-               unlock_requeue(&node.prev->barrier, &m->_m_lock, m->_m_type & 128);
-       else
-               a_dec(&m->_m_waiters);
+       if (node.prev) {
+               int val = m->_m_lock;
+               if (val>0) a_cas(&m->_m_lock, val, val|0x80000000);
+               unlock_requeue(&node.prev->barrier, &m->_m_lock, m->_m_type & (8|128));
+       }
 
        /* Since a signal was consumed, cancellation is not permitted. */
        if (e == ECANCELED) e = 0;