In the HVM case an attacker can't generate hypervisor addresses because the hypervisor runs in a separate address space, so HVM isn't vulnerable to the most easily exploitable of the disclosed issues.
I don’t know enough about Xen to be sure, but I know typically your dom0 is a Linux kernel even (or especially) with HVM. If it’s been patched and is performing any paging on behalf of the guest, this will indeed affect performance of both paravirt and HVM instances.
Amazon suggests moving to higher-performance instances to offset offset the performance hit from the fix.
HVM and m3 instances have higher performance for the same price, but they may also have been degraded by the fix.