Xen project Mailing List

[RFC PATCH v3 0/3] x86/hvm: Introduce Xen-wide ASID allocator

From: "Teddy Astie" <teddy.astie@xxxxxxxxxx>

Date: Thu, 26 Jun 2025 14:01:47 +0000

Cc: "Teddy Astie" <teddy.astie@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Roger Pau Monné" <roger.pau@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, "Michal Orzel" <michal.orzel@xxxxxxx>, "Julien Grall" <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>

Delivery-date: Thu, 26 Jun 2025 14:01:58 +0000

Feedback-id: 30504962:30504962.20250626:md

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Vaishali Thakkar <vaishali.thakkar@xxxxxxxx> (formely vates.tech) original v2: https://lore.kernel.org/xen-devel/cover.1723574652.git.vaishali.thakkar@xxxxxxxxxx/ This is part of the effort to enable AMD SEV technologies in Xen. For AMD SEV support, we need a fixed ASID associated with all vcpus of the same domain throughout the domain's lifetime. This is because for SEV/ SEV-{ES,SNP} VM, the ASID is the index which is associated with the encryption key. Currently, ASID generation and management is done per-PCPU in Xen. And at the time of each VMENTER, the ASID associated with vcpus of the domain is changed. This implementation is incompatible with SEV technologies for the above mentioned reasons. In a discussion with Andrew Cooper, it came up that it'll be nice to have fixed ASIDs not only for SEV VMs but also for all VMs. Because it opens up the opportunity to use features like TLBSYNC/INVLPGB (Section 5.5.3 in AMD Architecture manual[0]) and Intel RAR [1] for broadcasting the TLB Invalidations. Changes since v2: ----------------- A lot has changed since v2, though the concept is still the same. The asid management logic is a lot simpler, by relying a bitmap to track all used ASIDs, and freeing them individually instead of using a ASID reclaim strategy. When a vCPU needs to be flushed, it is signaled through vcpu.needs_tlb_flush, indicating that the next time the guest is re-entered, a TLB flush will have to be issued (either using per-context invvpid on Intel or flush-by-asid tlb_control on AMD). Changes were tested on Intel Haswell, KVM AMD virtual machine and AMD EPYC Genoa. Teddy Astie (3): vmx: Rewrite vpid_sync_vcpu_gva vmx: Introduce vcpu single context VPID invalidation x86/hvm: Introduce Xen-wide ASID allocator xen/arch/x86/flushtlb.c | 31 +++--- xen/arch/x86/hvm/asid.c | 148 +++++++++---------------- xen/arch/x86/hvm/emulate.c | 2 +- xen/arch/x86/hvm/hvm.c | 14 ++- xen/arch/x86/hvm/nestedhvm.c | 6 +- xen/arch/x86/hvm/svm/asid.c | 77 ++++++++----- xen/arch/x86/hvm/svm/nestedsvm.c | 1 - xen/arch/x86/hvm/svm/svm.c | 36 +++--- xen/arch/x86/hvm/svm/svm.h | 4 - xen/arch/x86/hvm/vmx/vmcs.c | 5 +- xen/arch/x86/hvm/vmx/vmx.c | 68 ++++++------ xen/arch/x86/hvm/vmx/vvmx.c | 5 +- xen/arch/x86/include/asm/flushtlb.h | 7 -- xen/arch/x86/include/asm/hvm/asid.h | 25 ++--- xen/arch/x86/include/asm/hvm/domain.h | 1 + xen/arch/x86/include/asm/hvm/hvm.h | 15 +-- xen/arch/x86/include/asm/hvm/svm/svm.h | 5 + xen/arch/x86/include/asm/hvm/vcpu.h | 10 +- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 44 ++++---- xen/arch/x86/mm/hap/hap.c | 6 +- xen/arch/x86/mm/p2m.c | 7 +- xen/arch/x86/mm/paging.c | 2 +- xen/arch/x86/mm/shadow/hvm.c | 1 + xen/arch/x86/mm/shadow/multi.c | 12 +- xen/include/xen/sched.h | 2 + 25 files changed, 249 insertions(+), 285 deletions(-) -- 2.50.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.