From: Dave Hansen <dave.hansen@xxxxxxxxx> Sent: Tuesday, January 21, 2025 9:15 AM > > On 1/16/25 10:14, Michael Kelley wrote: > > So CoCo VMs may still use the paravirtualization that makes > > hypercalls to do TLB flushes. It's future work to *always* use > > INVLPGB (if available) in a CoCo VM. > > How would this actually work, though? > > One of the reasons that we have the whole TLB_NR_DYN_ASIDS mechanism is > that picking a PCID to shove in CR3 is an entirely CPU local operation. > The PCID is in a CPU-local namespace and nobody else cares what it is. > > Rik obviously now has a system-wide set of IDs which are globally > visible and globally valid. But his mechanism is also a bit choosy so > that the global resource management doesn't get to be a choke point. > > But if we move to INVLPGB-only, we're all of a sudden *forced* to do > some kind of wide global resource management, even for single-threaded > processes. Rik doesn't have a scheme for that in the current set. > > So I think this would be a whole separate conversation from this series. Yes, I agree completely. The topic initially came up when I was wondering whether INVLPGB is ever enabled in a VM, in which case Rik's patch set would be active in the VM. I was somewhat surprised to find that INVLPGB *is* enabled in Azure CoCo VMs. But that turned out to be for the entirely different use case of avoiding a dependency on the untrusted hypervisor to do TLB flushes. The thread perhaps went a bit too far afield from Rik's patch set, but there's value in having some discussion about the CoCo use case. Michael
