Would love to chat with you more about this — want to send me an email at jamesjoethomas at gmail?

I'll email you thanks.

is this reply for me?

I don't think that's right, Ctrl-F for "HVM" here: https://xenbits.xen.org/xsa/advisory-254.html

In the HVM case an attacker can't generate hypervisor addresses because the hypervisor runs in a separate address space, so HVM isn't vulnerable to the most easily exploitable of the disclosed issues.

Interesting point, we did have a pretty good discussion about operations and VMs/containers in the guest lecture by Aaron Davidson from Databricks on 11/13 (slides/notes on the website).