Add an ipi for executing INVEPT to flush EPT on remote cpus.
Similar to how the fast ipi for tlb flush is implemented, this adds
one for calling INVEPT to invalidate EPT caches on the cpu. This
is the first step to allowing guest memory to not be wired by UVM
and decreases the behavioral differences between Intel and AMD's
nested paging in vmm(4) and pmap(9).
This change does not hook EPT ptes into the PV list, so the ipi is
only used during address space teardown and pte removal. (With the
removal of the "mprotect" ioctl, vmm(4) no longer modifies EPT ptes
other than inserting them and removing them.)
ok mlarkin@