Synchronize the update of feature refcount

[youzhongyang]

Motivation and Context

As reported and analyzed in #17184, the concurrent execution of feature_sync() can lead to panic due to unprotected update of the feature refcount.

Description

Use spa->spa_feat_stats_lock to synchronize the update of the refcount.

How Has This Been Tested?

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Quality assurance (non-breaking change which makes the code more robust against bugs)
• Breaking change (fix or feature that would cause existing functionality to change)
• Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the OpenZFS code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• I have run the ZFS Test Suite with this change applied.
• All commit messages are properly formatted and contain Signed-off-by.

[snajpa]

why the code duplication? wouldn't it be better to ensure feature_sync is OK to be called with spa_feat_stats_lock held and then enforce the lock being held in all instances feature_sync is called? (via an ASSERT)

[youzhongyang]

@snajpa - I thought about it and didn't like the code duplication too. A new version is force pushed, please take a look. Thanks.

[behlendorf]

I'm a little concerned with how much is now being done in feature_sync() under this mutex. But after reading through it I don't see anything clearly problematic, so I'm good with this straight forward fix to close the race.