Information leak on AVX and/or LWP capable CPUs

ISSUE DESCRIPTION

When a guest increases the set of extended state components for a vCPU saved/ restored via XSAVE/XRSTOR (to date this can only be the upper halves of YMM registers, or AMD’s LWP state) after already having touched other extended registers restored via XRSTOR (e.g. floating point or XMM ones) during its current scheduled CPU quantum, the hypervisor would make those registers accessible without discarding the values an earlier scheduled vCPU may have left in them.

IMPACT

A malicious domain may be able to leverage this to obtain sensitive information such as cryptographic keys from another domain.

VULNERABLE SYSTEMS

Xen 4.0 and onwards are vulnerable when run on systems with processors supporting AVX and/or LWP. Any kind of guest can exploit the vulnerability.
In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default; therefore systems running these versions are not vulnerable unless support is explicitly enabled using the “xsave” hypervisor command line option.
Systems using processors supporting neither AVX nor LWP are not vulnerable.
Xen 3.x and earlier are not vulnerable.