[IA64] Fix vulnerability of copy_to_user in PAL emulation

[IA64] Fix vulnerability of copy_to_user in PAL emulation

There is a security vulnerability in PAL emulation since alt-dtlb
miss handler of HVM absolutely inserts a identity-mapped TLB when
psr.vm=0.  HVM guest can access an arbitrary machine physical
memory with this security hole.  Actually windows 2008 destroys
the content of machine physical address 0x108000.

I think this patch is enough for normal usage.  Please see SDM
Vol2 11.10.2.1.3 "Making PAL Procedure Calls in Physical or
Virtual Mode".  If the caller has a responsibility of providing
DTR or DTC mapping, xencomm for PAL might be unnecessary.

I confirmed there is no problem in linux, windows 2003, windows
2008 with this patch.

As for PV domain, the same logic can't be used due to only one
vTLB. This patch only checks that the buffer never points VMM
address, that would avoid the vulnerability.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>