The idea is simple, do what we do for virt. Don't send IPI's to CPUs that don't need them (in virt's case because the vCPU isn't running, in our case because we're not in fact running a user process), but mark the CPU as having needed a TLB flush.
I am really uncomfortable with that idea. You really can't run code safely on a cpu where the TLBs in the CPU are invalid or where a CPU that does (partial) page walks would install invalid PTEs either through actual or through speculative execution. (in the virt case there's a cheat, since the code is not actually running there isn't a cpu with TLBs live. You can't do that same cheat for this case)
