It turns out there are some real bugs attempting to shadow dom0, and it is because of these that XSA-273 went out with `pv-l1tf=` defaulting to not shadowing dom0. They aren't security issues themselves.
Patch 1 is a general problem with dom0 and 1G superpages, and wants to be taken onto all releases. Patches 2 and 3 are various backports of work already upstream, to fix the shadowing of PV guests with 2M superpages. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
