Remount read-only and fstrans

["J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>]

Updating a mounted file system from read-write to read-only is
racy as it is not clear when a mounted file system is read-only.
Currently we set MNT_RDONLY before we call VFS_MOUNT().  If
VFS_MOUNT() fails some operations may see the mounted file
system read-only but this was never the case.  Even if we would
set MNT_RDONLY in xxx_mount() after successfull vflush() there
would remain a window where operations would miss MNT_RDONLY.

Plan is to suspend the file system while the mounted file system
gets updated.  This way no operations run on the mounted file
system during update and all operations see the state before or
after the update.

Vfs_suspend() with fstrans_start()/fstrans_done() is a mechanism
to give one thread exclusive access to a mounted file system.
Other threads trying to run vnode operations on this mounted file
system will stall until the file system resumes.  On a non suspended
file system fstrans_start()/fstrans_done() work without locks or
other atomic operations.

Currently fstrans_start()/fstrans_done() is mostly used inside the
file system.  This has drawbacks, first it is to late to change the
operations vector if the vnode gets revoked and second it does not
scale well to support it for all file systems.

Plan is to move fstrans_start()/fstrans_done() into vnode_if.c and
enable vfs_suspend() on all file systems.

Diffs are here: https://www.netbsd.org/~hannken/vnode_if/

Comments or objections anyone?

--
J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig (Germany)