[xen, xencomm] fix various xencomm invalid racy access.

[xen, xencomm] fix various xencomm invalid racy access.
- Xencomm should check struct xencomm_desc alignment.
- Xencomm should check whether struct xencomm_desc itself (8 bytes)
  doesn't cross page boundary. Otherwise a hostile guest kernel can
  pass such a pointer that may across page boundary. Then xencomm
  accesses an unrelated page.
- Xencomm shouldn't access struct xencomm_desc::nr_addrs multiple
  times. Copy it to local area and use the copy.
  Otherwise a hostile guest can modify at the same time.
- Xencomm should check whether struct xencomm_desc::address[] array
  crosses page boundary. Otherwise xencomm may access unrelated pages.
- Xencomm should get_page()/put_page() after address conversion from
  paddr to maddr because xen supports SMP and balloon driver.
  Otherwise another vcpu may free the page at the same time.
  Such a domain behaviour doesn't make sense, however nothing prevents
  it.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>