2018-05-11 23:40 GMT+08:00 Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>: > On Mon, Apr 16, 2018 at 10:45:59PM -0700, Wanpeng Li wrote: >> Tim Shearer reported that "There is a guest which is running a packet >> forwarding app based on the DPDK (dpdk.org). The packet receive routine >> writes to 0xc070 using glibc's "outw_p" function which does an additional >> write to I/O port 0x80. It does this write for every packet that's >> received, causing a flood of KVM userspace context switches". He uses >> mpstat to observe a CPU performing L2 packet forwarding on a pinned >> guest vCPU, the guest time is 95 percent when allowing I/O port 0x80 >> bypass, however, it is 65.78 percent when I/O port 0x80 bypss is >> disabled. >> >> This patchset introduces per-VM I/O permission bitmaps, the userspace >> can disable the ioport intercept when they are more concern the >> performance than the security. > > Could you kindly also add: > > Suggested-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Yeah, both you and Liran give the original idea. :) Tim and Liran, any review for the patchset? Regards, Wanpeng Li
