Re: [PATCH 1/2] KVM: introduce __vmx_flush_tlb to handle specific vpid

From: Paolo Bonzini
Date: Fri Sep 25 2015 - 04:02:03 EST

On 24/09/2015 18:12, Bandan Das wrote:
> Not sure myself what's the right thing to do but this may be undesirable
> in a nested environment. Assuming the processor supports global invalidation
> only, this seems like a easy way for the nested guest to invalidate *all*
> mappings - even the L1 specific mappings.

It's not a great thing but it's already what happens if you do a global
INVEPT (it calls vmx_flush_tlb, which results in a global INVVPID if the
single-context variant is not supported).

Even without nested virt a single guest could slow down all other guests
just by triggering frequent TLB flushes (e.g. by moving around a ROM BAR
thousands of times per second).

It would help to know _which_ processors actually don't support
single-context INVVPIDs...

