On Fri, Sep 26, 2025 at 10:46:15AM +0100, Patrick Roy wrote: > > > On Thu, 2025-09-25 at 21:13 +0100, David Hildenbrand wrote: > > On 25.09.25 21:59, Dave Hansen wrote: > >> On 9/25/25 12:20, David Hildenbrand wrote: > >>> On 25.09.25 20:27, Dave Hansen wrote: > >>>> On 9/24/25 08:22, Roy, Patrick wrote: > >>>>> Add an option to not perform TLB flushes after direct map manipulations. > >>>> > >>>> I'd really prefer this be left out for now. It's a massive can of worms. > >>>> Let's agree on something that works and has well-defined behavior before > >>>> we go breaking it on purpose. > >>> > >>> May I ask what the big concern here is? > >> > >> It's not a _big_ concern. > > > > Oh, I read "can of worms" and thought there is something seriously > > problematic :) > > > >> I just think we want to start on something > >> like this as simple, secure, and deterministic as possible. > > > > Yes, I agree. And it should be the default. Less secure would have to be > > opt-in and documented thoroughly. > > Yes, I am definitely happy to have the 100% secure behavior be the > default, and the skipping of TLB flushes be an opt-in, with thorough > documentation! > > But I would like to include the "skip tlb flushes" option as part of > this patch series straight away, because as I was alluding to in the > commit message, with TLB flushes this is not usable for Firecracker for > performance reasons :(
I really don't want that option for arm64. If we're going to bother unmapping from the linear map, we should invalidate the TLB. Will
