ANDROID: mm: handle SPF using a copy of the original vma

When introducing vma refcounting to stabilize the faulting vma, the
change also stopped copying the original vma. While refcounting
protects the vma from being destroyed, it does not protect it from
concurrent changes. This results in possible unexpected vma mutations
while page fault is being handled. To prevent that, revert back to
handling speculative page faults using a stable copy of the original
vma which can't be concurrently changed.

Fixes: d9d7f843 ("ANDROID: mm: introduce vma refcounting to protect vma during SPF")
Bug: 271817185
Bug: 277700087
Change-Id: If4ec5a6282ddc037c96addb19510cc83ccd7b2ea
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
(cherry picked from commit 7ba7908a)