kern/43032: dtrace module load/unload is broken

[ad%netbsd.org@localhost]

>Number:         43032
>Category:       kern
>Synopsis:       dtrace module load/unload is broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 21 11:10:06 +0000 2010
>Originator:     Andrew Doran
>Release:        -current
>Organization:
The NetBSD Project
>Environment:
>Description:
     33         switch (cmd) {
     34         case MODULE_CMD_INIT:
     35                 dtrace_load(NULL);
     36                 return devsw_attach("dtrace", NULL, &bmajor,
     37                     &dtrace_cdevsw, &cmajor);

If devsw_attach() fails, we should be calling dtrace_unload() before
returning error to user.  panic() if dtrace_unload() fails.

     38         case MODULE_CMD_FINI:
     39                 dtrace_unload();
     40                 return devsw_detach(NULL, &dtrace_cdevsw);

This would typically be in reverse order.  So devsw_detach() first to
lock out new access, and bail out early with an error if that fails.

The return value of dtrace_unload() is not being checked.  So we can
remove the module from memory if dtrace is still in use.  To fix:

If dtrace_unload() fails, device switch vector should be re-instated
using devsw_attach() before returning error from dtrace_unload().
panic() if devsw_attach() fails.


>How-To-Repeat:
Code inspection.
>Fix:
See above.