xfs: improve runtime refcountbt corruption detection

Fuzz testing of the refcount btree demonstrated a weakness in validation
of refcount btree records during normal runtime.  The idea of using the
upper bit of the rc_startblock field to separate the refcount records
into one group for shared space and another for CoW staging extents was
added at the last minute.  The incore struct left this bit encoded in
the upper bit of the startblock field, which makes it all too easy for
arithmetic operations to overflow if we don't detect the cowflag
properly.

When I ran a norepair fuzz tester, I was able to crash the kernel on one
of these accidental overflows by fuzzing a key record in a node block,
which broke lookups.  To fix the problem, make the domain (shared/cow) a
separate field in the incore record.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAmNJ0hwACgkQ+H93GTRK
tOuKUA//ReucLCs3uGDU6HanSoluwVxnfkq8cXSJpgzuKvs+CV29v43eRGeWE7vG
mkuaMoRFQDs5IAPANtj1Z1Q1WvgAxbwvuxHfSBrqljLvaPki2yXiaIVsqXBD+ekQ
ruVq5/fk1cXozSOwOet86R+4O0SBAu0A1HZk/VIaQQSg2BW5DW/vakCaWAVYFjCj
E/eVYA6B13JRo5/35YOEkOgkonr9UXfl6pmZZtzxCsKYHTP+KzmytGJWk3gUlNif
WNScVm/+9cncAdquEoDt4WDBcyC6Z5mo2AlmcmLwNoFrVmts045qU9PoOaeoU+Up
+rRxuW+TM1JBy6VGaUvGbsYORMtCazwUB3RrIBUD2jLZMi03j3q30/1FAafDFUPO
sUMbn0cCA16SyareWgd7o6qV2CsluHGp5FoV0W6rW5PhdFFVovhgEmAUviMXGd+y
LGtM+vz9oC2hMiy4FUEXcQSb4cYye60CpD7qWvorO8zb4V422YCCmVmNAggo1Irc
6g4iJUlNZBqsAr0uEx1nMEs5Wjbq/TLfW34QbYzhMtzhKuVAQFSo7UxsCnKM+Asa
//NfjCHvVj4vgbPyNvkzeeBlamBQ/3S4mY8JWqJkNzL5w0+yZK7cF5VMECBshXh6
jfzFLfN//NuOx2wxygTO7LSvg4J40E+dEhZrgPhr/ikVUASSq50=
=ibgf
-----END PGP SIGNATURE-----