kern/109277: kernel ppp(4) botches clist reservation in RELENG_6

[Bruce Evans]

On Sun, 18 Feb 2007, Dmitry Pryanishnikov wrote:

>> Description:
>    Very rare (maybe, once a month) spontaneous crashes occur during the
>    active simultaneous use of kernel ppp and system console. When console
>    is in X.org mode, system just silently reboots. OTOH, there is a certain
>    chance to get valid crash dump when system console is in text mode.
>    Last such a crash was "panic: clist reservation botch" (see cblock_alloc()
>    function in /sys/kern/tty_subr.c), this was RELENG_6 as of 1-Feb-2007,
>    backtrace was:
> ...
>    Looks like ppp(4) enters cblock_alloc(), then gets preempted, then
>    ttyinput() reenters cblock_alloc().
>
>> Fix:
>    I'm ready to provide further debugging information on this issue.
>    Unfortunately, I'm not familiar enough with the locking concepts
>    in modern FreeBSD kernels (and in tty subsystem particularly)
>    in order to make the fix myself.

Tty locking is especially simple and not very good -- everything must
be Giant-locked to work.  However, the default for network drivers is
now not to use Giant locking.  ppp doesn't seem to be aware of this.
The only simple fix seems to be to pessimize all network drivers by
configuring Giant locking for them all -- see netisr.c.  I'm not sure
if this is enough -- it is probably necessary to Giant-lock all calls
into ppp (especially ioctls), but things in netisr.c only logically
affect isrs.

Bruce