ANDROID: Re-enable fast mremap and fix UAF with SPF

SPF attempts page faults without taking the mmap lock, but takes the
PTL. If there is a concurrent fast mremap (at PMD/PUD level), this
can lead to a UAF as fast mremap will only take the PTL locks at the
PMD/PUD level. SPF cannot take the PTL locks at the larger subtree
granularity since this introduces much contention in the page fault
paths.

To address the race:
  1) Only try fast mremaps if there are no users of the VMA. Android
     is concerned with this optimization in the context of
     GC stop-the-world pause. So there are no other threads active
     and this should almost always succeed.
  2) Speculative faults detect ongoing fast mremaps and fallback
     to conventional fault handling (taking mmap read lock).

Bug: 263177905
Change-Id: I23917e493ddc8576de19883cac053dfde9982b7f
[ Kalesh Singh : CP'ed from 13-5.10
   - vm_ref_count is file_ref_count in 13-5.15
     for ABI compatibility reason.
   - VMA default refcount is 0 instead of 1 in 13-5.15
     See: vma_init() ]
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>