[XSA-273] L1 Terminal Fault speculative side channel

ISSUE DESCRIPTION

In x86 nomenclature, a Terminal Fault is a pagetable walk which aborts
due to the page being not present (e.g. paged out to disk), or because
of reserved bits being set.

Architecturally, such a memory access will result in a page fault
exception, but some processors will speculatively compute the physical
address and issue an L1D lookup. If data resides in the L1D cache, it
may be forwarded to dependent instructions, and may be leaked via a side
channel.

Furthermore:
* SGX protections are not applied
* EPT guest to host translations are not applied
* SMM protections are not applied

This issue is split into multiple CVEs depending on circumstance. The
CVEs which apply to Xen are:
* CVE-2018-3620 - Operating Systems and SMM
* CVE-2018-3646 - Hypervisors

For more details, see:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

IMPACT

An attacker can potentially read arbitrary host RAM. This includes data
belonging to Xen, data belonging to other guests, and data belonging to
different security contexts within the same guest.

An attacker could be a guest kernel (which can manipulate the pagetables
directly), or could be guest userspace either directly (e.g. with
mprotect() or similar system call) or indirectly (by gaming the guest
kernel's paging subsystem).

VULNERABLE SYSTEMS

Systems running all versions of Xen are affected.

Only x86 processors are vulnerable. ARM processors are not known to be
affected.

Only Intel Core based processors (from at least Merom onwards) are
potentially affected. Other processor designs (Intel Atom/Knights
range), and other manufacturers (AMD) are not known to be affected.

x86 PV guests fall into the CVE-2018-3620 (OS and SMM) category. x86
HVM and PVH guests fall into the CVE-2018-3646 (Hypervisors) category.