Information leak via power sidechannel

ISSUE DESCRIPTION

Researchers have demonstrated using software power/energy monitoring interfaces to create covert channels, and infer the operations/data used by other contexts within the system.
Access to these interfaces should be restricted to privileged software, but it was found that Xen doesn’t restrict access suitably, and the interfaces are accessible to all guests.
For more information, see: <a href=“https://platypusattack.com”>https://platypusattack.com</a> <a href=“https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html”>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html</a>

IMPACT

An unprivileged guest administrator can sample platform power/energy data. This may be used to infer the operations/data used by other contexts within the system.
The research demonstrates using this sidechannel to leak the AES keys used elsewhere in the system.

VULNERABLE SYSTEMS

Power/energy monitoring interfaces are platform and architecture specific. Consult your hardware vendor to ascertain what power feedback interfaces are available.
For ARM systems, all versions of Xen are vulnerable. The fix restricts access to the AMU (Activity Monitors Unit) interface, introduced in Armv8.4.
For x86 systems, Xen 4.14 and earlier are vulnerable - master is not vulnerable, as these issues have been addressed in a more general fashion.
The x86 fixes restrict access to: * Intel RAPL interface, introduced in SandyBridge CPUs. * Intel platform energy interface. * Intel perf_ctl interface, introduced in Pentium 4 CPUs and also implemented by other vendors. * AMD RAPL interface, introduced in Ryzen/EPYC CPUs. * AMD compute unit energy interface, present in Fam15/16 CPUs.