thread.c: reset waitq of keeping mutexes in child

We must not maintain references to threads in the parent process
in any mutexes held by the child process.

* thread_sync.c (rb_mutex_cleanup_keeping_mutexes): new function
* thread.c (rb_thread_atfork): cleanup keeping mutexes
  [ruby-core:85940] [Bug #14578]

Fixes: r58604 (commit 3586c9e087)
       ("reduce rb_mutex_t size from 160 to 80 bytes on 64-bit")

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62668 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

test/ruby/test_thread.rb

@@ -1205,6 +1205,17 @@ q.pop
     assert_predicate(status, :success?, bug9751)
   end if Process.respond_to?(:fork)
 
+  def test_fork_while_locked
+    m = Mutex.new
+    thrs = []
+    3.times do |i|
+      thrs << Thread.new { m.synchronize { Process.waitpid2(fork{})[1] } }
+    end
+    thrs.each do |t|
+      assert_predicate t.value, :success?, '[ruby-core:85940] [Bug #14578]'
+    end
+  end if Process.respond_to?(:fork)
+
   def test_subclass_no_initialize
     t = Module.new do
       break eval("class C\u{30b9 30ec 30c3 30c9} < Thread; self; end")

thread.c

@@ -4236,6 +4236,7 @@ rb_thread_atfork(void)
     rb_thread_t *th = GET_THREAD();
     rb_thread_atfork_internal(th, terminate_atfork_i);
     th->join_list = NULL;
+    rb_mutex_cleanup_keeping_mutexes(th);
 
     /* We don't want reproduce CVE-2003-0900. */
     rb_reset_random_seed();

thread_sync.c

@@ -415,6 +415,20 @@ rb_mutex_abandon_all(rb_mutex_t *mutexes)
 	list_head_init(&mutex->waitq);
     }
 }
+
+/*
+ * All other threads are dead in the a new child process, so waitqs
+ * contain references to dead threads which we need to clean up
+ */
+static void
+rb_mutex_cleanup_keeping_mutexes(const rb_thread_t *current_thread)
+{
+    rb_mutex_t *mutex = current_thread->keeping_mutexes;
+    while (mutex) {
+        list_head_init(&mutex->waitq);
+        mutex = mutex->next_mutex;
+    }
+}
 #endif
 
 static VALUE