Re: [RFC PATCH v2 2/3] x86/mm/tlb: Defer PTI flushes

From: Andy Lutomirski
Date: Tue Aug 27 2019 - 19:13:17 EST

On Fri, Aug 23, 2019 at 11:13 PM Nadav Amit <namit@xxxxxxxxxx> wrote:
> INVPCID is considerably slower than INVLPG of a single PTE. Using it to
> flush the user page-tables when PTI is enabled therefore introduces
> significant overhead.
> Instead, unless page-tables are released, it is possible to defer the
> flushing of the user page-tables until the time the code returns to
> userspace. These page tables are not in use, so deferring them is not a
> security hazard.

I agree and, in fact, I argued against ever using INVPCID in the
original PTI code.

However, I don't see what freeing page tables has to do with this. If
the CPU can actually do speculative page walks based on the contents
of non-current-PCID TLB entries, then we have major problems, since we
don't actively flush the TLB for non-running mms at all.

I suppose that, if we free a page table, then we can't activate the
PCID by writing to CR3 before flushing things. But we can still defer
the flush and just set the flush bit when we write to CR3.