I believe the phrase "it is architecturally specified that these would be delivered sequentially" means that #DF doesn't always occur, depending on what the two exception types were; this goes back to the 80386:
That has always been there, but I guess the wording is a bit unclear/the edge case where a "benign exception" occurs while handling another one was never really considered. If I had time I'd try these scenarios on real hardware to see if double or triple-fault happens, or if the CPU does get stuck in a loop.
The real problem might not be this edge-case itself, if real hardware can also get into an infinite loop (after all, some process running in a VM can easily execute one of those); it's the fact that the host loses control of the virtualised CPU.
http://intel80386.com/386htm/s09_08.htm
That has always been there, but I guess the wording is a bit unclear/the edge case where a "benign exception" occurs while handling another one was never really considered. If I had time I'd try these scenarios on real hardware to see if double or triple-fault happens, or if the CPU does get stuck in a loop.
The real problem might not be this edge-case itself, if real hardware can also get into an infinite loop (after all, some process running in a VM can easily execute one of those); it's the fact that the host loses control of the virtualised CPU.