TAKE - fix a use after free race in xfs

[Steve Lord <lord@sgi.com>]

Transaction A is in callback processing unpinning a buffer,
Transaction B is in the process of marking the buffer stale.
Between transaction A dropping its reference and checking
the stale state, transaction B gets a reference and stales
the buffer. A ends up freeing the log item and releasing
the buffer. End result is we have a reference to free memory
and an unlocked buffer.

We have never seen this problem on linux, only on Irix under
very heavy load, and usually with a large cpu count.


Date:  Fri Jan 24 12:11:43 PST 2003
Workarea:  jen.americas.sgi.com:/src/lord/xfs-linux.2.4

The following file(s) were checked into:
  bonnie.engr.sgi.com:/isms/slinx/2.4.x-xfs


Modid:  2.4.x-xfs:slinx:137748a
linux/fs/xfs/xfsidbg.c - 1.213
	- decode XFS_LID_BUF_STALE.

linux/fs/xfs/xfs_extfree_item.c - 1.53
	- deal with extra arg on unpin operation

linux/fs/xfs/xfs_buf_item.c - 1.135
	- add a new flag to the unpin operation, use this flag being set to
	  indicate that we staled the buffer rather than using the bli_flags
	  which another thread can set while we are in this function.

linux/fs/xfs/xfs_inode_item.c - 1.110
linux/fs/xfs/xfs_dquot_item.c - 1.33
	- deal with extra arg on unpin operation

linux/fs/xfs/xfs_trans.c - 1.138
	- when unpining a log item, pass the buffer stale state from the
	  log item descriptor flags into the unpin operation, this tells
	  the function that we are actually the transaction which staled
	  it.

linux/fs/xfs/xfs_trans.h - 1.116
	- change prototype for unpin operations and IOP_UNPIN, define a new
	  flag for log item descriptors.

linux/fs/xfs/xfs_trans_buf.c - 1.110
	- when logging a buffer into a transaction, clear XFS_LID_BUF_STALE
	  when staling a buffer in a transaction, set XFS_LID_BUF_STALE.