The current code has a subtle race where 2 hash PTEs can be inserted
for the same virtual address for a short period of time. There should
not be a stale one as the "old" one ultimately gets flushed, but the
architecture specifies that having two hash PTE is illegal and can
result in undefined behaviour.

This patch fixes it by never clearing the _PAGE_HASHPTE bit when
doing test_and_clear_{young,dirty}. That means that subsequent faults
on those pages will have a bit more overhead to "discover" that the
hash entry was indeed evicted.

It also adds a small optisation to avoid doing the atomic operation
and the hash flush in test_and_clear_dirty when the page isn't dirty
or when setting write protect while it's already set.