On Sun, Oct 7, 2018 at 1:14 PM, Liran Alon <liran.alon@xxxxxxxxxx> wrote: > I understand the concern raised here as even a non-malicious L1 guest will likely hurt other guests > performance when executing a non-individual-address type INVVPID. You are assuming that L1 guests are CPU-overcommitted, so that multiple L1 guests are time-sharing a logical CPU, and that the TLB footprints of these L1 guests are small enough to share the TLBs. Is this really a common scenario, particularly when one or more of the L1 guests are large enough to be running nested guests? Even a non-malicious L1 guest may quickly evict all of the TLB entries for other L1 guests just through normal operation. The TLBs are not so big that there's typically a lot of unused capacity just lying around.
