kern/56397: Lock order reversal in dtrace: dtrace_provider_lock <-> kernconfig_lock

[campbell+netbsd%mumble.net@localhost]

>Number:         56397
>Category:       kern
>Synopsis:       Lock order reversal in dtrace: dtrace_provider_lock <-> kernconfig_lock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 11 10:50:00 +0000 2021
>Originator:     Taylor R Campbell
>Release:        HEAD
>Organization:
The NutBSD Foodation
>Environment:
slowly roasting in a fog of CO2
>Description:
kernconfig_lock -> dtrace_provider_lock:
1. The dtrace module registers a module load callback dtrace_module_loaded.
2. kern_module.c holds kernconfig_lock while it calls module callbacks, including dtrace_module_loaded.
3. dtrace_module_loaded takes dtrace_provider_lock.

dtrace_provider_lock -> kernconfig_lock:
1. dtrace_open (open of /dev/dtrace/dtrace) takes dtrace_provider_lock.
2. dtrace_open calls dtrace_probe_provide.
3. dtrace_probe_provide takes kernconfig_lock.
>How-To-Repeat:
concurrent modload, modunload, and dtrace
>Fix:
Reverse one of the lock orders.  Maybe hoist the kernconfig_lock out of dtrace_probe_provide into the caller, but this requires adjusting dtrace_enabling_provide, which requires taking kernconfig_lock on every dtrace_register.  Maybe that's OK.