ASID handling for encrypted VMs (x86)
Owner: vaishali
Time: Thu 9:00 AM 6 Jun +0100 (Europe/Lisbon) Final

Current ASID allocator of Xen is incompatible with the AMD SEV technologies. SEV technologies associate ASID with encryption keys so encrypted domains needs to have a fixed ASID throughout their lifecycle. Having a fixed ASID for a domain and for all vcpus associated with that domain also presents us with the opportunity to make use of instructions like TLBSYNC and INVLPGB to invalidate TLB entries with broadcast. I would like to discuss more about the design of a modern ASID allocator which can take use of above technologies.

I’ve sent an RFC with open questions before the summit so that folks can also have a reference point for the discussion:

Few things to discuss:
- How should it be handled for nested virtualization? Should nested VMs have a same ASID or a different ASID?
- Where should xen-wide initialization for ASID management happen?
- Does changes related to using TLBSYNC and INVLPGB need to be part of the same patchset?