I'm developing a thin-hypervisor and have implemented Stage 2 Page Tables to protect and remap Exception Level (EL) 1/0 mappings. The issue I'm having is that dynamically constructing the page tables and frequent modification degrades the performance of the system a lot. Currently there is only 1 guest running and the simple act of breaking a descriptor say 2MB down to a table with 4KB entries that map to the same address as the 2MB descriptor impacts the performance a lot.
When this occurs I also need to invalidate the TLB as I'm changing permissions of some of the lower 4KB entries. My understanding is that I can invalidate by Intermediate Physical Address (IPA) in S2 but must invalidate all of S1 for EL1/0 as I can't be sure where or how they have mapped an IPA.
Does anyone have any thoughts on how I could optimize this. I know I can just focus specifically on refining my code but wonder if there are specific settings I should be using or that EL3 should set for example that will improve performance.