x86: Intercept #AC and #DB to prevent guest-triggered microcode loops
This addresses CVE-2015-5307 and CVE-2015-8104 [1] for Jailhouse:
malicious cells may bring VCPUs into a state where the CPU will
infinitely loop over microcode, providing the hypervisor no chance to
interrupt these loops anymore. For this we have to intercept the #DB and
the exceptions to the cell.
If a guest is trapped in an exception loop can be detected by checking
the exception exit statistics which are now recorded: a large number of
exception exists per second (>1 million typically) will indicate this.