arm32: The cache may not be properly cleaned/invalidated (take two)

ISSUE DESCRIPTION

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest.
Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.
This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

IMPACT

A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.

VULNERABLE SYSTEMS

Systems running all version of Xen are affected.
Only systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit is not affected.