Synchronization primitives not robust against unwinding

[jethrogb]

Various synchronization primitives in std are not robust against unwinding triggered inside the std implementation. This may result in

• double panics
• deadlocks
• Mutexes being poisoned that shouldn't be

Such unwinding may be triggered in many different ways, for example:

• pthread_cancel on certain pthread implementations
• assertion/unwrap failure due to a variety of causes:
  • The kernel may return an unexpected error value from a system call
  • The libc implementation may return an unexpected error from a call
  • An unexpected return value due to the use of Linux seccomp
  • Iago attacks

I've identified at least the following cases. Fixes for some of these have been proposed and rejected in #58042 and #58461.

Primitive	Unwind during blocking in	Failure occurs in	Test case
MPSC oneshot	recv/recv_timeout	Receiver drop	https://github.com/jethrogb/rust/blob/95e8613d4e92f5f4b5487f2e7b4b936ea17d96d2/src/test/run-fail/mpsc-recv-unwind/oneshot.rs
MPSC sync	recv/recv_timeout	Receiver drop	https://github.com/jethrogb/rust/blob/95e8613d4e92f5f4b5487f2e7b4b936ea17d96d2/src/test/run-fail/mpsc-recv-unwind/sync.rs
MPSC shared	recv/recv_timeout	Receiver drop	https://github.com/jethrogb/rust/blob/95e8613d4e92f5f4b5487f2e7b4b936ea17d96d2/src/test/run-fail/mpsc-recv-unwind/shared.rs
MPSC stream	recv/recv_timeout	Receiver drop	https://github.com/jethrogb/rust/blob/95e8613d4e92f5f4b5487f2e7b4b936ea17d96d2/src/test/run-fail/mpsc-recv-unwind/stream.rs
Condvar	wait/wait_timeout	wait	https://github.com/jethrogb/rust/blob/dd20f165ded66619ee040f5d819a4490fad3bd5c/src/test/run-pass/condvar-wait-panic-poison.rs
thread	park/park_timeout	park/ThreadInfo::with	#58461 (comment)