x86: PV kernel context switch corruption

ISSUE DESCRIPTION

On hardware supporting the fsgsbase feature, 64bit PV guests can set and clear the applicable control bit in its virtualised %cr4, but the feature remains fully active in hardware. Therefore, the associated instructions are actually usable.
Linux, which does not currently support this feature, has various optimisations in its context switch path which justifiably assume that userspace can’t actually make changes without a system call.
Xen’s behaviour of having this feature active behind the guest kernel’s back undermines the correctness of any context switch logic which depends on the feature being disabled.
Userspace can therefore corrupt fsbase or gsbase (commonly used for Thread Local Storage) in the next thread to be scheduled on the current vcpu.

IMPACT

A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system.
Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest.

VULNERABLE SYSTEMS

Xen versions 4.4 and later are vulnerable. Xen 4.3 and earlier are not vulnerable.
Only x86 hardware with the fsgsbase feature is vulnerable. This is believed to be Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.
ARM hardware is not affected.
Only 64bit PV guests can exploit the vulnerability. 32bit PV guests, and HVM/PVH guests cannot exploit the vulnerability.
Whether the bug is exploitable, and whether it will be triggered by accident, depend in a complicated way on the guest operating system and its configuration. Most guests are vulnerable to malicious userspace processes.