hammer2 - Fix focus vs modify race
* Fixes rare panics when e.g. removing large numbers (as in hundreds of
millions) of directory entries.
The XOP collection code holds the collected cluster but cannot
safely lock it without risking a deadlock against backend operations
or dead backends. The hold on the chain prevents its destruction,
but does not prevent another thread from locking it and issuing
hammer2_chain_modify().
* Fix bugs due to the unsafe nature of an unlocked chain's content,
especially chain->data and chain->dio, by adding an interlock between
frontend access to the data and backend hammer2_chain_modify() calls.
Held but unlocked chains are used by the XOP API to pass chains back to
the frontend.
* Remove the automatic (because it is unsafe) dio synchronization
in hammer2_xop_collect() and instead implement an API that the
frontend can use to safely access the data. The API is
hammer2_xop_gdata()/hammer2_xop_pdata().
* Remove the unsafe hammer2_cluster_rdata(). Use gdata/pdata for this
too.
* Rewire hammer2_inode_get() to pass-in a hammer2_xop_head instead
of a hammer2_cluster so it can use the gdata/pdata API too.