Upstream commit b2d7a075a1ccef2fb321d595802190c8e9b39004
("x86/pae: use 64 bit atomic xchg function in
native_ptep_get_and_clear") should be considered for stable kernels from
4.17 up (I'll send backports for older kernels when I know you are
taking the patch).
The patch seems not only to avoid intermediate L1TF vulnerable PTEs,
but there are reports of it fixing the issue mentioned in
https://bugzilla.kernel.org/show_bug.cgi?id=198497
Juergen
