Don't chan_release() from an RCU callback

RCU callbacks are not allowed to block.  chan_release(), which is triggered
by decreffing a chan, can be triggered from an RCU callback.

Here's an example of a callchain that would have panicked:

 #01 [<0xffffffffc200b7c2>] in sem_down  (block here)
 #02 [<0xffffffffc200c221>] in cv_wait
 #03 [<0xffffffffc204ee05>] in rendez_sleep (this actually panics now)
 #04 [<0xffffffffc2039fa4>] in __qbread
 #05 [<0xffffffffc207c014>] in doread
 #06 [<0xffffffffc207c901>] in mntrpcread
 #07 [<0xffffffffc207d1a5>] in mountio
 #08 [<0xffffffffc207d3b5>] in mountrpc
 #09 [<0xffffffffc207dbfd>] in mntclunk
 #10 [<0xffffffffc2031448>] in chan_release
 #11 [<0xffffffffc2030bcb>] in kref_put
 #12 [<0xffffffffc2078be0>] in gtfs_tf_free
 #13 [<0xffffffffc2042125>] in __tf_free
 #14 [<0xffffffffc204f7e2>] in rcu_mgmt_ktask
 #15 [<0xffffffffc200acc0>] in __ktask_wrapper
 #16 [<0xffffffffc205981f>] in process_routine_kmsg
 #17 [<0xffffffffc20534a8>] in __smp_idle

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>

kern/src/ns/chan.c

diff --git a/kern/src/ns/chan.c b/kern/src/ns/chan.c
index 9e42ff9..b7d6a1d 100644
--- a/kern/src/ns/chan.c
+++ b/kern/src/ns/chan.c
@@ -158,6 +158,13 @@
 {
 	struct chan *c = container_of(kref, struct chan, ref);
 	ERRSTACK(1);
+
+	/* We can be called from RCU callbacks, but close methods can block.  In
+	 * those cases, we need to defer our work to a kernel message. */
+	if (in_rcu_cb_ctx(this_pcpui_ptr())) {
+		run_as_rkm(chan_release, kref);
+		return;
+	}
 	/* this style discards the error from close().  picture it as
 	 * if (waserror()) { } else { close(); } chanfree_no_matter_what();  */
 	if (!waserror()) {