PCID support #11
Description
PCID and INVPCID Support
Should the OS switch to using PCID instead of regular CR3?
What are PCID and INVPCID?
PCID (Process Context Identifier) and INVPCID (Invalidate Process Context Identifier) are features introduced to improve CPU performance and security.
-
PCID allows CPUs to avoid flushing the entire TLB when switching context by associating a PCID to TLB entries.
-
INVPCID is an x86 instruction that allows for more granular invalidation of the TLB. It can invalidate TLB entries for a specific PCID, avoiding full TLB invalidation.
Benefits of PCID and INVPCID
- Performance improvements: Reduces the performance overhead of context switches by avoiding the need to flush the entire TLB (by avoiding any flush at all).
- Security enhancements: Helps mitigate Meltdown-like attacks by giving a PCID for kernel-space and a PCID for user-space, controlling TLB entries and reducing the side-channel information leakage.
Problems and Challenges
Despite the clear benefits, there are several challenges and limitations associated with PCID and INVPCID:
- AMD Support: AMD processors only support PCID and INVPCID starting from Zen architecture (2017).
- Limited Number of PCIDs: The number of PCIDs is limited to 4096 per CPU, which means that if we have more than 4096 processes running simultaneously, it will run into a complex situation. Even though this situation should be very rare, it is still unsatisfying.