I have a very simple question, does QEMU emulate TLB? What happens when a guest linux system executes an "invlpg" instruction as it is for the invalidation of a TLB entry. I am aware that QEMU has softmmu link which is used for translating the guest virtual address to host virtual address but does QEMU emulate an actual TLB, and what is the effect of "invlpg" instruction. Or does QEMU simply ignores this instruction?
The answer is somewhere between "yes" and "no". QEMU doesn't attempt to emulate the actual guest CPU's TLB (which is a piece of hardware which accelerates lookups from guest virtual addresses to guest physical addresses). However it does implement its own rather similar data structure which it calls a TLB -- this accelerates lookups from guest virtual addresses directly to host virtual addresses for RAM, or from guest virtual addresses to the read/write functions for emulated devices.
Since there are similarities between the CPU TLB and QEMU's TLB, we can use the guest instructions to invalidate or otherwise operate on the TLB as the triggers to perform QEMU TLB invalidations (which is what the tlb_flush_page() call in helper_invlpg() is doing); so these instructions are not simple no-ops. We also lie to the guest and tell it plausible things about the size of its TLB if it uses the cpuid instructions which query cache and TLB information. But we don't actually model the guest TLB -- so you won't see performance changes around the size of the guest TLB, and you can't log information about guest TLB hits and misses, and we don't implement TLB lockdown on CPU architectures that have it.
Finally, the monitor "info tlb" command is rather misnamed, because it's actually displaying information about the guest's page table setup, which is nothing to do with the TLB state.