On Fri, Apr 20, 2012, Chegu Vinod wrote about "Re: Networking performance on a KVM Host (with no guests)": > Removing the "intel_iommu=on" boot time parameter in the Config 1 > case seemed to help "intel_iommu=on" is essential with you're mostly running guests *and* using device assignment. However, unfortunately, it also has a serious performance penalty for I/O in *host* processes: When intel_iommu=on, Linux (completely unrelated to KVM) adds a new level of protection which didn't exist without an IOMMU - the network card, which without an IOMMU could write (via DMA) to any memory location, now is not allowed - the card can only write to memory locates which the OS wanted it to write. Theoretically, this can protect the OS against various kinds of attacks. But what happens now is that every time that Linux passes a new buffer to the card, it needs to change the IOMMU mappings. This noticably slows down I/O, unfortunately. -- Nadav Har'El | Friday, Apr 20 2012, nyh@xxxxxxxxxxxxxxxxxxx |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |A bird in the hand is safer than one http://nadav.harel.org.il |overhead. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
