Tim Shearer reported that "There is a guest which is running a packet
forwarding app based on the DPDK (dpdk.org). The packet receive routine
writes to 0xc070 using glibc's "outw_p" function which does an additional
write to I/O port 0x80. It does this write for every packet that's
received, causing a flood of KVM userspace context switches". He uses
mpstat to observe a CPU performing L2 packet forwarding on a pinned
guest vCPU, the guest time is 95 percent when allowing I/O port 0x80
bypass, however, it is 65.78 percent when I/O port 0x80 bypss is

This patchset introduces per-VM I/O permission bitmaps, the userspace
can disable the ioport intercept when they are more concern the
performance than the security.

Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Radim Krčmář <rkrc...@redhat.com>
Cc: Tim Shearer <tshea...@advaoptical.com>
Cc: Liran Alon <liran.a...@oracle.com>

Wanpeng Li (3):
  KVM: VMX: Introduce per-VM I/O permission bitmaps
  KVM: X86: Allow userspace to disable ioport intercept
  KVM: VMX: Allow I/O port 0x80 bypass when userspace prefer

 Documentation/virtual/kvm/api.txt | 11 +++++++++++
 arch/x86/include/asm/kvm_host.h   |  2 ++
 arch/x86/kvm/vmx.c                | 41 ++++++++++++++++++++++++++++++++++++---
 arch/x86/kvm/x86.c                |  5 +++++
 include/uapi/linux/kvm.h          |  1 +
 5 files changed, 57 insertions(+), 3 deletions(-)


Reply via email to