nptl: wait for pending setxid request also in detached thread (bug 25942)

There is a race between __nptl_setxid and exiting detached thread, which
causes a deadlock on stack_cache_lock.  The deadlock happens in this
state:

T1: setgroups -> __nptl_setxid (holding stack_cache_lock, waiting on cmdp->cntr == 0)
T2 (detached, exiting): start_thread -> __deallocate_stack (waiting on stack_cache_lock)
more threads waiting on stack_cache_lock in pthread_create

For non-detached threads, start_thread waits for its own setxid handler to
finish before exiting.  Do this for detached threads as well.

1 files changed, 6 insertions, 5 deletions

diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c
index afd379e..a430890 100644
--- a/nptl/pthread_create.c
+++ b/nptl/pthread_create.c
@@ -552,11 +552,7 @@ START_THREAD_DEFN
   advise_stack_range (pd->stackblock, pd->stackblock_size, (uintptr_t) pd,
 		      pd->guardsize);
 
-  /* If the thread is detached free the TCB.  */
-  if (IS_DETACHED (pd))
-    /* Free the TCB.  */
-    __free_tcb (pd);
-  else if (__glibc_unlikely (pd->cancelhandling & SETXID_BITMASK))
+  if (__glibc_unlikely (pd->cancelhandling & SETXID_BITMASK))
     {
       /* Some other thread might call any of the setXid functions and expect
 	 us to reply.  In this case wait until we did that.  */
@@ -572,6 +568,11 @@ START_THREAD_DEFN
       pd->setxid_futex = 0;
     }
 
+  /* If the thread is detached free the TCB.  */
+  if (IS_DETACHED (pd))
+    /* Free the TCB.  */
+    __free_tcb (pd);
+
   /* We cannot call '_exit' here.  '_exit' will terminate the process.
 
      The 'exit' implementation in the kernel will signal when the