[RFC PATCH v2 04/25] KVM: x86/mmu: Support specifying a minimum TLB tag

From: Yosry Ahmed

Date: Mon Jun 15 2026 - 20:48:02 EST


In preparation for using the TLB tags allocator for SVM, which has a
range of ASIDs allocated for SEV/SNP, pass in a minimum TLB tag when
initializing the TLB tags allocator. The bitmap is conceptually shifted
such that bit=0 corresponds to tag=min.

Specifying the minimum value during initialization also makes the API
clearer, as the passed number of tags becomes the actual number of
*usable* tags, and tag=0 is explicitly excluded by the caller.

No functional change intended for VMX as VPID=0 is not used anyway.

Signed-off-by: Yosry Ahmed <yosry@xxxxxxxxxx>
---
arch/x86/kvm/mmu.h | 2 +-
arch/x86/kvm/mmu/mmu.c | 38 +++++++++++++++++++++++---------------
arch/x86/kvm/vmx/vmx.h | 3 ++-
3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index 9a2916012cbff..cfffee92b8b71 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -337,7 +337,7 @@ static inline bool kvm_is_gfn_alias(struct kvm *kvm, gfn_t gfn)

typedef unsigned int kvm_tlb_tag_t;

-int kvm_init_tlb_tags(unsigned int nr);
+int kvm_init_tlb_tags(kvm_tlb_tag_t min, unsigned int nr);
void kvm_destroy_tlb_tags(void);
kvm_tlb_tag_t kvm_alloc_tlb_tag(void);
void kvm_free_tlb_tag(kvm_tlb_tag_t tag);
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index e021ed562502f..bf2e0c2205631 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -8197,24 +8197,26 @@ static struct {
spinlock_t lock;
unsigned long *bitmap;
unsigned int nr;
+ kvm_tlb_tag_t min;
} tlb_tags;

-int kvm_init_tlb_tags(unsigned int nr)
+int kvm_init_tlb_tags(kvm_tlb_tag_t min, unsigned int nr)
{
- if (WARN_ON_ONCE(!nr))
- return -EINVAL;
-
- tlb_tags.bitmap = bitmap_zalloc(nr, GFP_KERNEL);
- if (!tlb_tags.bitmap)
- return -ENOMEM;
+ unsigned int end;

/*
* 0 is the host's TLB tag for both VMX's VPID and SVM's ASID, and is
* returned on failed allocations (e.g. no more tags left).
*/
- __set_bit(0, tlb_tags.bitmap);
+ if (WARN_ON_ONCE(!min || !nr || check_add_overflow(min, nr, &end)))
+ return -EINVAL;
+
+ tlb_tags.bitmap = bitmap_zalloc(nr, GFP_KERNEL);
+ if (!tlb_tags.bitmap)
+ return -ENOMEM;

tlb_tags.nr = nr;
+ tlb_tags.min = min;
spin_lock_init(&tlb_tags.lock);
return 0;
}
@@ -8229,30 +8231,36 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_destroy_tlb_tags);

kvm_tlb_tag_t kvm_alloc_tlb_tag(void)
{
- kvm_tlb_tag_t tag;
+ unsigned int bit;

if (WARN_ON_ONCE(!tlb_tags.bitmap))
return 0;

guard(spinlock)(&tlb_tags.lock);

- tag = find_first_zero_bit(tlb_tags.bitmap, tlb_tags.nr);
- if (tag >= tlb_tags.nr)
+ bit = find_first_zero_bit(tlb_tags.bitmap, tlb_tags.nr);
+ if (bit >= tlb_tags.nr)
return 0;

- __set_bit(tag, tlb_tags.bitmap);
- return tag;
+ __set_bit(bit, tlb_tags.bitmap);
+ return tlb_tags.min + bit;
}
EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_alloc_tlb_tag);

void kvm_free_tlb_tag(kvm_tlb_tag_t tag)
{
- if (!tag || WARN_ON_ONCE(tag >= tlb_tags.nr))
+ unsigned int bit;
+
+ if (!tag || WARN_ON_ONCE(tag < tlb_tags.min))
+ return;
+
+ bit = tag - tlb_tags.min;
+ if (WARN_ON_ONCE(bit >= tlb_tags.nr))
return;

guard(spinlock)(&tlb_tags.lock);

- __clear_bit(tag, tlb_tags.bitmap);
+ __clear_bit(bit, tlb_tags.bitmap);
}
EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_free_tlb_tag);

diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index d6d35637d94f8..0ddfe9626c126 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -336,7 +336,8 @@ static __always_inline u32 vmx_get_intr_info(struct kvm_vcpu *vcpu)

static __always_inline int init_vpids(void)
{
- return enable_vpid ? kvm_init_tlb_tags(VMX_NR_VPIDS) : 0;
+ /* Exclude VPID=0 as it is used for the host */
+ return enable_vpid ? kvm_init_tlb_tags(1, VMX_NR_VPIDS - 1) : 0;
}

static __always_inline void destroy_vpids(void)
--
2.54.0.1136.gdb2ca164c4-goog