Use of Process Context Identifiers (PCID) was introduced into Xen in order to improve performance after XSA-254 (and in particular its Meltdown sub-issue). This enablement implied changes to the TLB flushing logic. The particular case of context switch to a vCPU of a PCID-enabled guest left open a time window between the full TLB flush, and the actual address space switch, during which additional TLB entries (from the address space about to be switched away from) can be accumulated, which will not subsequently be purged.
References: https://seclists.org/oss-sec/2019/q1/161
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1685577]