Received: by 10.192.165.156 with SMTP id m28csp1459830imm;
        Mon, 16 Apr 2018 22:48:16 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+0v9Q+SLoySL39h2PhozPEIMVHemWIbwulhrfwwq98WhaIxS71bmF5ydHWkYCyGktLguR9
X-Received: by 10.99.127.88 with SMTP id p24mr674068pgn.290.1523944096061;
        Mon, 16 Apr 2018 22:48:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523944096; cv=none;
        d=google.com; s=arc-20160816;
        b=uCwKpgnufRVt8aLCg1l1Ltjv2xfykPjI5xUJ6gpDSIzt1jgDXMXO5FMfmpd2FcRY8N
         1Ov9y6AwLu5HgkyrD2hjrWZRyb0aH+B1/7Nl77IapZbW9M/5XLQYSe3C4PuohZBaFD+k
         RBYc/S48WKxXo5vO4BQmZpIEWsrYKeLnLZn8Y+7qnTs7LXnHWW4i2+7Qygyzo5BwCvW5
         U8G6JUfI1tqnm3s0+jGfogHnofC/a5vh6vi5z3Ag6F1ZkC88IY6ehEbh90PE5NCqG6X1
         IY1kPUfMm8HsD1u2Uk3mLFVqdz55UeXXDtJZJWdFPS5j51IyCZnQy4q3LH259BoAEIfm
         M87w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=6GnJK3ZhieX+vAElF3HAkJBlZbe/iJuFKIGVvfR4spQ=;
        b=ZV0LXZ7iemFax6RRjABtThJ6SpYfHlR2NgOFpzWDm2fgeNFVosa+5bCGa3msRwMNW9
         xt80WiAQtYcqfTNnK3mJ3hpR77ji5cF4QKch0oZuK0AV9mF3FsPmcK6T17W1EHWbQt2v
         RHK0jc0U2obBMcdOMxaegYOOLKsqJmOVmlQYIHI6dyw5KxnE9Pm7n4mG6ypbUbcfLgGt
         2y+6UDhNqgeKzQRLRll/oo/uLGSaKWHeaPPWx1gelKmxEnDcO88tqatZ1qEVAsUXVjFX
         gK9yqIaecEesiEdwAnK5yTd/ZLga1RV6FhBg9Ruok2Hr4M1ky4kGpOjajCakFszcYY6u
         OMYg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=jkeXLi6J;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c139si2173657pfb.259.2018.04.16.22.48.01;
        Mon, 16 Apr 2018 22:48:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=jkeXLi6J;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751206AbeDQFqy (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Tue, 17 Apr 2018 01:46:54 -0400
Received: from mail-pl0-f67.google.com ([209.85.160.67]:38363 "EHLO
        mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750765AbeDQFqx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Apr 2018 01:46:53 -0400
Received: by mail-pl0-f67.google.com with SMTP id c7-v6so11374542plr.5;
        Mon, 16 Apr 2018 22:46:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=6GnJK3ZhieX+vAElF3HAkJBlZbe/iJuFKIGVvfR4spQ=;
        b=jkeXLi6JLNS0CyUcq0orM16qcMZ/kNYyz9Lm4+/3URg0GUuup5ezzY5WZfCj5QftHO
         GA2yQPXWMuH8JYYPurYKwkWu8PDawqZsQMEDyDYfMM1ARiGszsEA9cM8QHPTGfwA609m
         vIj5k9utRUGgerqKehAvkdeVo8FTR7KQF5j8s4zdNQL/zdwC/M0Gm1K1lbWgH7VpggUF
         qzFKw6uKj27YMZppXDLuRz/AfVsJdYCTQP9Kl6v1S4+wWqmLJ1DtwUD1E6L0JTkOBQO4
         U/CkRC15KcoN4yZL9CjK8+Pu6ZdSTmQd6M28tPlXFiyvcfkxe0MqIOewqacJfUF9TCR3
         S/sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=6GnJK3ZhieX+vAElF3HAkJBlZbe/iJuFKIGVvfR4spQ=;
        b=ZEwtohrE4vQs2ciCLK4VngX4b2eQFNOTep3Uq9l3TXWFZFTahl7GJ8bXHuXJWoAhDg
         ElQ4TikSn5B9JBIEkJmhq2IzHdvat6PYtpe7+PGHsY0TaXiWUwXHlgakAMAi7QDSL3PX
         7OBQIaGj6+wKctECUHLXca9qqyvnJIx8cCxTlLpNKfWMurRlQaZjhcl+mF5D+XRLxyEj
         xOdo9E8S//4UtX5Kl+3rK0sFxJGCHX48q3LHoF8/KwodGi2aERZS4pUU9reZDj/c42tM
         /h3i3GrmeBbchczcFAgN9LWkbjax9/8oPZsl2ZkWXDrkFo+a6fqjVBF7xKYMGgJiiZZF
         Uj9Q==
X-Gm-Message-State: ALQs6tCrxNw1wFpY9mExkpUzvwVlOodTmoUpqUkHRDD2Bicmt8ECbDNg
        O2kz+tjaK5CTBhx3O3Uqc7tOrg==
X-Received: by 2002:a17:902:bc3:: with SMTP id 61-v6mr769462plr.117.1523944012723;
        Mon, 16 Apr 2018 22:46:52 -0700 (PDT)
Received: from localhost.localdomain ([203.205.141.123])
        by smtp.googlemail.com with ESMTPSA id p71sm31429205pfl.89.2018.04.16.22.46.50
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 16 Apr 2018 22:46:52 -0700 (PDT)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpengli@tencent.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Tim Shearer <tshearer@advaoptical.com>,
        Liran Alon <liran.alon@oracle.com>
Subject: [PATCH 0/3] KVM: VMX: Allow to disable ioport intercept per-VM by userspace
Date:   Mon, 16 Apr 2018 22:45:59 -0700
Message-Id: <1523943962-25415-1-git-send-email-wanpengli@tencent.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Tim Shearer reported that "There is a guest which is running a packet
forwarding app based on the DPDK (dpdk.org). The packet receive routine
writes to 0xc070 using glibc's "outw_p" function which does an additional
write to I/O port 0x80. It does this write for every packet that's
received, causing a flood of KVM userspace context switches". He uses
mpstat to observe a CPU performing L2 packet forwarding on a pinned
guest vCPU, the guest time is 95 percent when allowing I/O port 0x80
bypass, however, it is 65.78 percent when I/O port 0x80 bypss is
disabled.

This patchset introduces per-VM I/O permission bitmaps, the userspace
can disable the ioport intercept when they are more concern the
performance than the security.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Tim Shearer <tshearer@advaoptical.com>
Cc: Liran Alon <liran.alon@oracle.com>

Wanpeng Li (3):
  KVM: VMX: Introduce per-VM I/O permission bitmaps
  KVM: X86: Allow userspace to disable ioport intercept
  KVM: VMX: Allow I/O port 0x80 bypass when userspace prefer

 Documentation/virtual/kvm/api.txt | 11 +++++++++++
 arch/x86/include/asm/kvm_host.h   |  2 ++
 arch/x86/kvm/vmx.c                | 41 ++++++++++++++++++++++++++++++++++++---
 arch/x86/kvm/x86.c                |  5 +++++
 include/uapi/linux/kvm.h          |  1 +
 5 files changed, 57 insertions(+), 3 deletions(-)

-- 
2.7.4