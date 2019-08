INVPCID is considerably slower than INVLPG of a single PTE, but it is currently used to flush PTEs in the user page-table when PTI is used.



Instead, it is possible to defer TLB flushes until after the user page-tables are loaded. Preventing speculation over the TLB flushes should keep the whole thing safe. In some cases, deferring TLB flushes in such a way can result in more full TLB flushes, but arguably this behavior is oftentimes beneficial.



These patches are based and evaluated on top of the concurrent TLB-flushes v4 patch-set.

VMware engineer Nadav Amit who previously pursued " Optpolines " and other possible performance optimizations in light of Spectre / Meltdown vulnerabilities is now proposing patches for deferring PTI flushes to help with addressing the performance overhead caused by Meltdown.Kernel page table isolation (PTI) for mitigating Meltdown caused a sizable hit in affected workloads while now Nadav is hoping that improving the behavior around flushes could help in offsetting some of that slowdown. He explained in a new kernel patch series His patches did help with the flush performance, but he doesn't appear confident yet over any possible affects on security or performance. No other kernel developers have commented on this ~200 line change, so we'll need to wait and see where this possible PTI/Meltdown optimization leads.