[RFC PATCH v2 08/25] KVM: SEV: Stop using per-vCPU ASID for SEV VMs

From: Yosry Ahmed

Date: Mon Jun 15 2026 - 20:50:38 EST


svm->asid is only used by SEV in the pre-run check, to update the ASID
in the VMCB. Otherwise, svm->asid is only used for non-SEV VMs to keep
track of the per-vCPU ASID, as SEV VMs use a per-VM fixed ASID instead.

Initialize the ASID in the VMCB one time in sev_init_vmcb() instead of
checking it on every vCPU run, and change the pre-run check to a stopgap
with a WARNING.

Signed-off-by: Yosry Ahmed <yosry@xxxxxxxxxx>
---
arch/x86/kvm/svm/sev.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 3c873c88894b3..f5173cde76173 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3555,10 +3555,7 @@ int pre_sev_run(struct vcpu_svm *svm, int cpu)
if (!cpumask_test_cpu(cpu, to_kvm_sev_info(kvm)->have_run_cpus))
cpumask_set_cpu(cpu, to_kvm_sev_info(kvm)->have_run_cpus);

- /* Assign the asid allocated with this SEV guest */
- svm->asid = asid;
-
- if (unlikely(svm->asid != svm->vmcb->control.asid)) {
+ if (WARN_ON_ONCE(asid != svm->vmcb->control.asid)) {
svm->vmcb->control.asid = asid;
vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
}
@@ -4763,6 +4760,9 @@ void sev_init_vmcb(struct vcpu_svm *svm, bool init_event)
svm->vmcb->control.misc_ctl |= SVM_MISC_ENABLE_SEV;
clr_exception_intercept(svm, UD_VECTOR);

+ svm->vmcb->control.asid = sev_get_asid(vcpu->kvm);
+ vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
+
/*
* Don't intercept #GP for SEV guests, e.g. for the VMware backdoor, as
* KVM can't decrypt guest memory to decode the faulting instruction.
--
2.54.0.1136.gdb2ca164c4-goog