msm: kgsl: prevent race between mmap() and free on timestamp

When KGSL_MEMFLAGS_USE_CPU_MAP is set, we must check that the
address from get_unmapped_area() is not used as part of a
mapping that is present only in the GPU pagetable and not the
CPU pagetable. These mappings can occur because when a buffer
is freed on timestamp, the CPU mapping is destroyed immediately
but the GPU mapping is not destroyed until the GPU timestamp
has passed.

Because kgsl_mem_entry_detach_process() removed the rbtree
entry before removing the iommu mapping, there was a window
of time where kgsl thought the address was available even
though it was still present in the iommu pagetable. This
could cause the address to get assigned to a new buffer,
which would cause iommu_map_range() to fail since the old
mapping was still in the pagetable. Prevent this race by
removing the iommu mapping before removing the rbtree entry
tracking the address.

Change-Id: I8f42d6d97833293b55fcbc272d180564862cef8a
CRs-Fixed: 480222
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>