On Mon, Apr 16, 2018 at 10:45:59PM -0700, Wanpeng Li wrote: > Tim Shearer reported that "There is a guest which is running a packet > forwarding app based on the DPDK (dpdk.org). The packet receive routine > writes to 0xc070 using glibc's "outw_p" function which does an additional > write to I/O port 0x80. It does this write for every packet that's > received, causing a flood of KVM userspace context switches". He uses > mpstat to observe a CPU performing L2 packet forwarding on a pinned > guest vCPU, the guest time is 95 percent when allowing I/O port 0x80 > bypass, however, it is 65.78 percent when I/O port 0x80 bypss is > disabled. > > This patchset introduces per-VM I/O permission bitmaps, the userspace > can disable the ioport intercept when they are more concern the > performance than the security. Could you kindly also add: Suggested-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Thank you.
