2018-04-17 13:45 GMT+08:00 Wanpeng Li <kernellwp@xxxxxxxxx>: > Tim Shearer reported that "There is a guest which is running a packet > forwarding app based on the DPDK (dpdk.org). The packet receive routine > writes to 0xc070 using glibc's "outw_p" function which does an additional > write to I/O port 0x80. It does this write for every packet that's > received, causing a flood of KVM userspace context switches". He uses > mpstat to observe a CPU performing L2 packet forwarding on a pinned > guest vCPU, the guest time is 95 percent when allowing I/O port 0x80 > bypass, however, it is 65.78 percent when I/O port 0x80 bypss is > disabled. > > This patchset introduces per-VM I/O permission bitmaps, the userspace > can disable the ioport intercept when they are more concern the > performance than the security. > > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> > Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx> > Cc: Tim Shearer <tshearer@xxxxxxxxxxxxxxx> > Cc: Liran Alon <liran.alon@xxxxxxxxxx> > Hi Paolo, Did you send the patch to glibc or the patchset still can be considered? Regards, Wanpeng Li > Wanpeng Li (3): > KVM: VMX: Introduce per-VM I/O permission bitmaps > KVM: X86: Allow userspace to disable ioport intercept > KVM: VMX: Allow I/O port 0x80 bypass when userspace prefer > > Documentation/virtual/kvm/api.txt | 11 +++++++++++ > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/vmx.c | 41 ++++++++++++++++++++++++++++++++++++--- > arch/x86/kvm/x86.c | 5 +++++ > include/uapi/linux/kvm.h | 1 + > 5 files changed, 57 insertions(+), 3 deletions(-) > > -- > 2.7.4 >
