x86: Nested VT-x usable even when disabled

ISSUE DESCRIPTION

When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing.
In the case that the guest hasn’t followed the correct (virtual) configuration procedure, it shouldn’t be able to use the instructions, and Xen should respond with #UD exception. When nested virtualisation is disabled for the guest, it is not permitted to complete the configuration procedure.
Unfortunately, when nested virtualisation is intended to be disabled for the guest, an incorrect default value leads Xen to believe that the configuration procedure has already been completed.

IMPACT

Guest software which blindly plays with the VT-x instructions can cause Xen to operate on uninitialised data. As the backing memory is zeroed, this causes Xen to suffer a NULL pointer dereference, causing a host Denial of Service.
Other behaviours such as memory corruption or privilege escalation have not been ruled out.

VULNERABLE SYSTEMS

Systems running Xen 4.9 or later are vulnerable. Systems running Xen 4.8 or earlier are not vulnerable.
Only Intel x86 systems are vulnerable. Systems from other x86 vendors, and other hardware vendors are not vulnerable.
Only x86 HVM and PVH guests can leverage this vulnerability. x86 PV guests cannot leverage this vulnerability.