Cygwin: pty: Fix thread safety of readahead buffer handling in pty master.

Previously, though readahead buffer handling in pty master was not
fully thread-safe, accept_input() was called from peek_pipe() thread
in select.cc. This caused the problem reported in:
https://cygwin.com/pipermail/cygwin/2023-July/253984.html

The mechanism of the problem is:
1) accept_input() which is called from peek_pipe() thread calls
   eat_readahead(-1) before reading readahead buffer. This allows
   writing to the readahead buffer from another (main) thread.
2) The main thread calls fhandler_pty_master::write() just after
   eat_readahead(-1) was called and before reading the readahead
   buffer by accept_input() called from peek_pipe() thread. This
   overwrites the readahead buffer.
3) The read result from readahead buffer which was overwritten is
   sent to the slave.

This patch makes readahead buffer handling fully thread-safe using
input_mutex to resolve this issue.

Fixes: 7b03b0d8ce ("select.cc (peek_pipe): Call flush_to_slave whenever we're checking for a pty master.")
Reported-by: Thomas Wolff <towo@towo.net>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>

winsup/cygwin/fhandler/pty.cc

@@ -436,8 +436,10 @@ static int osi;
 void
 fhandler_pty_master::flush_to_slave ()
 {
+  WaitForSingleObject (input_mutex, mutex_timeout);
   if (get_readahead_valid () && !(get_ttyp ()->ti.c_lflag & ICANON))
     accept_input ();
+  ReleaseMutex (input_mutex);
 }
 
 void
@@ -523,8 +525,6 @@ fhandler_pty_master::accept_input ()
   DWORD bytes_left;
   int ret = 1;
 
-  WaitForSingleObject (input_mutex, mutex_timeout);
-
   char *p = rabuf () + raixget ();
   bytes_left = eat_readahead (-1);
 
@@ -626,7 +626,6 @@ fhandler_pty_master::accept_input ()
   if (write_to == get_output_handle ())
     SetEvent (input_available_event); /* Set input_available_event only when
 					 the data is written to cyg pipe. */
-  ReleaseMutex (input_mutex);
   return ret;
 }
 
@@ -2235,9 +2234,9 @@ fhandler_pty_master::write (const void *ptr, size_t len)
 	    {
 	      /* This accept_input() call is needed in order to transfer input
 		 which is not accepted yet to non-cygwin pipe. */
+	      WaitForSingleObject (input_mutex, mutex_timeout);
 	      if (get_readahead_valid ())
 		accept_input ();
-	      WaitForSingleObject (input_mutex, mutex_timeout);
 	      acquire_attach_mutex (mutex_timeout);
 	      fhandler_pty_slave::transfer_input (tty::to_nat, from_master,
 						  get_ttyp (),
@@ -2305,9 +2304,10 @@ fhandler_pty_master::write (const void *ptr, size_t len)
 					  get_ttyp (), input_available_event);
       release_attach_mutex ();
     }
-  ReleaseMutex (input_mutex);
 
   line_edit_status status = line_edit (p, len, ti, &ret);
+  ReleaseMutex (input_mutex);
+
   if (status > line_edit_signalled && status != line_edit_pipe_full)
     ret = -1;
   return ret;

winsup/cygwin/local_includes/fhandler.h

@@ -2550,6 +2550,14 @@ public:
   int tcgetpgrp ();
   void flush_to_slave ();
   void discard_input ();
+  void acquire_input_mutex_if_necessary (DWORD ms)
+  {
+    WaitForSingleObject (input_mutex, ms);
+  }
+  void release_input_mutex_if_necessary (void)
+  {
+    ReleaseMutex (input_mutex);
+  }
 
   fhandler_pty_master (void *) {}