Current ASID allocator of Xen is incompatible with the AMD SEV technologies. SEV technologies associate ASID with encryption keys so encrypted domains needs to have a fixed ASID throughout their lifecycle. Having a fixed ASID for a domain and for all vcpus associated with that domain also presents us with the opportunity to make use of instructions like TLBSYNC and INVLPGB to invalidate TLB entries with broadcast. I would like to discuss more about the design of a modern ASID allocator which can take use of above technologies.
I’ve sent an RFC with open questions before the summit so that folks can also have a reference point for the discussion: https://lore.kernel.org/xen-devel/cover.1716551380.git.vaishali.thakkar@vates.tech/T/#t
Few things to discuss:
- How should it be handled for nested virtualization? Should nested VMs have a same ASID or a different ASID?
- Where should xen-wide initialization for ASID management happen?
- Does changes related to using TLBSYNC and INVLPGB need to be part of the same patchset?