xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests

The Xen Project reports:

Instructions touching FPU, MMX, or XMM registers are required to
raise a Device Not Available Exception (#NM) when either CR0.EM or
CR0.TS are set. (Their AVX or AVX-512 extensions would consider only
CR0.TS.) While during normal operation this is ensured by the
hardware, if a guest modifies instructions while the hypervisor is
preparing to emulate them, the #NM delivery could be missed.
Guest code in one task may thus (unintentionally or maliciously)
read or modify register state belonging to another task in the same
VM.
A malicious unprivileged guest user may be able to obtain or
corrupt sensitive information (including cryptographic material) in
other programs in the same guest.