On 08/05/2018 09:55, Wanpeng Li wrote: > 2018-04-17 13:45 GMT+08:00 Wanpeng Li <kernellwp@xxxxxxxxx>: >> Tim Shearer reported that "There is a guest which is running a packet >> forwarding app based on the DPDK (dpdk.org). The packet receive routine >> writes to 0xc070 using glibc's "outw_p" function which does an additional >> write to I/O port 0x80. It does this write for every packet that's >> received, causing a flood of KVM userspace context switches". He uses >> mpstat to observe a CPU performing L2 packet forwarding on a pinned >> guest vCPU, the guest time is 95 percent when allowing I/O port 0x80 >> bypass, however, it is 65.78 percent when I/O port 0x80 bypss is >> disabled. >> >> This patchset introduces per-VM I/O permission bitmaps, the userspace >> can disable the ioport intercept when they are more concern the >> performance than the security. >> >> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> >> Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx> >> Cc: Tim Shearer <tshearer@xxxxxxxxxxxxxxx> >> Cc: Liran Alon <liran.alon@xxxxxxxxxx> >> > > Hi Paolo, > > Did you send the patch to glibc or the patchset still can be considered? I haven't, but I'm still not sure about the usefulness of these patches. Paolo > > Regards, > Wanpeng Li > >> Wanpeng Li (3): >> KVM: VMX: Introduce per-VM I/O permission bitmaps >> KVM: X86: Allow userspace to disable ioport intercept >> KVM: VMX: Allow I/O port 0x80 bypass when userspace prefer >> >> Documentation/virtual/kvm/api.txt | 11 +++++++++++ >> arch/x86/include/asm/kvm_host.h | 2 ++ >> arch/x86/kvm/vmx.c | 41 ++++++++++++++++++++++++++++++++++++--- >> arch/x86/kvm/x86.c | 5 +++++ >> include/uapi/linux/kvm.h | 1 + >> 5 files changed, 57 insertions(+), 3 deletions(-) >> >> -- >> 2.7.4 >>
