git: 60a41168d195 - main - UFS: panic rather than forcibly unmount the root fs

From: Chuck Silvers <chs_at_FreeBSD.org>
Date: Thu, 10 Aug 2023 17:05:04 UTC
The branch main has been updated by chs:

URL: https://cgit.FreeBSD.org/src/commit/?id=60a41168d195cc09f7351c2c2bcafc389ed52406

commit 60a41168d195cc09f7351c2c2bcafc389ed52406
Author:     Chuck Silvers <chs@FreeBSD.org>
AuthorDate: 2023-08-10 16:55:47 +0000
Commit:     Chuck Silvers <chs@FreeBSD.org>
CommitDate: 2023-08-10 16:59:06 +0000

    UFS: panic rather than forcibly unmount the root fs
    
    If the root fs is forcibly unmounted then basically every process
    will die with a SEGV as soon as it tries to run again because libc.so
    is gone, which leaves the system basically hung.  It seems better
    to just panic instead, so let's do that.
    
    Requested-by:   karels
    Reviewed-by:    imp, mckusick, karels
    Sponsored-by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D41387
---
 sys/ufs/ffs/ffs_vfsops.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 64236d4e98d9..b2cd2d30bc04 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -303,6 +303,9 @@ ffs_fsfail_cleanup_locked(struct ufsmount *ump, int error)
 	mtx_assert(UFS_MTX(ump), MA_OWNED);
 	if (error == ENXIO && (ump->um_flags & UM_FSFAIL_CLEANUP) == 0) {
 		ump->um_flags |= UM_FSFAIL_CLEANUP;
+		if (ump->um_mountp == rootvnode->v_mount)
+			panic("UFS: root fs would be forcibly unmounted");
+
 		/*
 		 * Queue an async forced unmount.
 		 */