One might think of this as follow-on to XSA-451, but that's not quite
the right order of events.
There are a few open aspects; see in particular the final patch.
v3 addresses review feedback, which includes one new (prereq) patch. See
individual patches for details.
1: HVM: don't (almost) open-code POP_GPRS
2: record SSP at non-guest entry points
3: traps: use entry_ssp in fixup_exception_return()
4: prefer shadow stack for producing call traces
Jan