hw: fix the TrustZone VM entry path

Commit 6a3368ee that refactored the mode transition assembler path, and
high-level entry point, fundamentally broke that part for the TrustZone VMs.
Instead of jumping to the appropriated address, the instruction value at that
point where used as target address.
Moreover, the TrustZone part of the mode transition page was not included into
the boundary check.

Ref #1182

repos/base-hw/src/core/arm_v7/mode_transition.s

@@ -455,10 +455,6 @@
 	/* apply user pc which implies application of spsr as user psr */
 	ldm sp, {pc}^
 
-	/* end of the mode transition code */
-	.global _mt_end
-	_mt_end:
-
 	/*
 	 * On vm exceptions the CPU has to jump to one of the following
 	 * 7 entry vectors to switch to a kernel context.
@@ -488,3 +484,7 @@
 	.global _mt_vm_entry_pic
 	_mt_vm_entry_pic:
 		_kernel_to_vm
+
+	/* end of the mode transition code */
+	.global _mt_end
+	_mt_end:

repos/base-hw/src/core/kernel/pd.h

@@ -222,7 +222,7 @@ class Kernel::Mode_transition_control
 		void continue_vm(Cpu_state_modes * const context,
 		                 unsigned const processor_id)
 		{
-			_continue_client(context, processor_id, _mt_vm_entry_pic);
+			_continue_client(context, processor_id, (addr_t)&_mt_vm_entry_pic);
 		}
 };