On 02/03/2017 16:17, Brijesh Singh wrote: > ASID management: > - Reserve asid range for SEV guest, SEV asid range is obtained through > CPUID Fn8000_001f[ECX]. A non-SEV guest can use any asid outside the SEV > asid range. How is backwards compatibility handled? > - SEV guest must have asid value within asid range obtained through CPUID. > - SEV guest must have the same asid for all vcpu's. A TLB flush is required > if different vcpu for the same ASID is to be run on the same host CPU. [...] > + > + /* which host cpu was used for running this vcpu */ > + bool last_cpuid; Should be unsigned int. > > + /* Assign the asid allocated for this SEV guest */ > + svm->vmcb->control.asid = asid; > + > + /* Flush guest TLB: > + * - when different VMCB for the same ASID is to be run on the > + * same host CPU > + * or > + * - this VMCB was executed on different host cpu in previous VMRUNs. > + */ > + if (sd->sev_vmcbs[asid] != (void *)svm->vmcb || Why the cast? > + svm->last_cpuid != cpu) > + svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID; If there is a match, you don't need to do anything else (neither reset the asid, nor mark it as dirty, nor update the fields), so: if (sd->sev_vmcbs[asid] == svm->vmcb && svm->last_cpuid == cpu) return; svm->last_cpuid = cpu; sd->sev_vmcbs[asid] = svm->vmcb; svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID; svm->vmcb->control.asid = asid; mark_dirty(svm->vmcb, VMCB_ASID); (plus comments ;)). Also, why not TLB_CONTROL_FLUSH_ASID if possible? > + svm->last_cpuid = cpu; > + sd->sev_vmcbs[asid] = (void *)svm->vmcb; > + > + mark_dirty(svm->vmcb, VMCB_ASID); [...] > > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index fef7d83..9df37a2 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1284,6 +1284,104 @@ struct kvm_s390_ucas_mapping { > /* Memory Encryption Commands */ > #define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xb8, unsigned long) > > +/* Secure Encrypted Virtualization mode */ > +enum sev_cmd_id { Please add documentation in Documentation/virtual/kvm/memory_encrypt.txt. Paolo