Re: Limitations for Running Xen on KVM Arm64

[Julien Grall <julien@xxxxxxx>]

Hi,

On 31/10/2025 11:54, Mohamed Mediouni wrote:
> > Per the Arm Arm each CPU have their own private TLBs. So we have to flush between vCPU of 
> > the same domains to avoid translations from vCPU 1 to "leak" to the vCPU 2 
> > (they may have confliected page-tables).
> Hm… it varies on whether the VM uses CnP or not (and whether the HW supports it)… 
> (Linux does…)
Skimming through the Arm Arm, it seems that CnP is a per page-table/ASID 
decision. So I think it would be difficult to take advantage of this 
knowlege in Xen unless we start trapping access to TTBRn_EL1 which is 
likely going to be expensive.
Obviously, if someone trusts and knows their VM then they could rely
on it. But that's not something I would want to accept in upstream
Xen at the moment.

> > KVM has a similar logic see "last_vcpu_ran" and "__kvm_flush_cpu_context()". That said... they are 
> > using "vmalle1" whereas we are using "vmalls12e1". So maybe we can relax it. Not sure if this would 
> > make any difference for the performance though.
> vmalle1 avoids the problem here (because it only invalidates stage-1 
> translations).
I saw Haseeb provided some good numbers. I think switching to vmalle1 is 
a no brainer.
Cheers,

--
Julien Grall