Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1164605imm; Tue, 15 May 2018 14:58:39 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoyLr6QLcGWQ3BdS6qPIxaPF9Eys11slJJkeGyZ1bCZXRbgD550UGWVqbWNZGWLkwLo/cka X-Received: by 2002:a63:7f18:: with SMTP id a24-v6mr13613908pgd.312.1526421519910; Tue, 15 May 2018 14:58:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526421519; cv=none; d=google.com; s=arc-20160816; b=teJFnKyzimsuifAU33COc+rOPo4096DQtxZuVMGTpqOcXXew6uGfDZtOTZAWY+dEmn scdx/0N6ayBRR3yhUg1HvtVMQ4DZ5LN8KszKFodleD8lodQ70BaiGrfMOm9CjrHOqr50 DVrDnnCjgB2r2nL6/vmqTQJz1Ow5/GC0tTPRJZGc6MzsHMe5kodog+4pofVO5xCRWqM7 02WAjWmNGNczvOLb7RT9kHUhji6tMLPsj/dgwhfMFBv0G/FXemm8cwI7C3JJ7c9sRjnv PaWSMU8mHn2CB3Mb9P8vBqMZ/VAw6uI0WdJwmG7Wk9MKg7eHZxkYHpM0gZLWlp1NSaaM iR9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=w/fl5ZcyhcMxNckHqZpOM02PfN1KmNOUELUGPvkST7I=; b=FKtTWiTN5IKpDBae2uBKBCDo5LScWQPJK9Jojk/Xa+xphvqEuBapI5i3w/wYeh0ySL UtcAFpKrBXIhnb13cAyXCSFR3CEmDM2eDbpbBCTIXvmJFAr69f0Zi66FlFwKi3bPDOCi PXFDDOGv5hA1z723K9cGI8D1/Qua9Sak6X2LhtJysuE0Dlr3XYgnbVUHeqGFctzkotJF +ExAlNUUsQfX1LCgsSMZyGL+iNEhO3C63u9xLhrWB1VkoDm7ovCSQ0IEvLdJHRjjuX+5 x5d5Zlty7S05Da256/qsMXGTsMfrYyLQnWuKWFbsn8mFz6bRnaViZz1UUeFnJa3/uTG8 3jsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CDxqnDMT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r2-v6si926111pli.370.2018.05.15.14.58.25; Tue, 15 May 2018 14:58:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CDxqnDMT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752366AbeEOV5z (ORCPT + 99 others); Tue, 15 May 2018 17:57:55 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:39200 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751664AbeEOV5x (ORCPT ); Tue, 15 May 2018 17:57:53 -0400 Received: by mail-oi0-f66.google.com with SMTP id n65-v6so1610171oig.6 for ; Tue, 15 May 2018 14:57:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=w/fl5ZcyhcMxNckHqZpOM02PfN1KmNOUELUGPvkST7I=; b=CDxqnDMTC6ReHidxf8rqVozXffxSjRK23vHZH7Q18tuAoG4DgcNqMqTSSIaScnWP31 f1o/ZzwYzY8Uasam+v6ml3Hq330GQDqJ93LQTQY8PW5modzYK33TzsFjnlHqXyChXqXf ZadMM4Kg+83PcLS6Q4HF1ZKYBKwNpD+YO2klW8t8yCaiRNav19V/kl5e++kKJTPR0HuS e39fpUIDU37wkiOxME/19x4sQhB0dSFfwHVb8xtw5iqT+XWTMhN+CgkUAtMMjRLetjOO lsjbwMXfsRue0xpTvul4WqIQSe6W8iQYgWDiOGdZPXs71v1hC0dvRbOfywuLerinRZIz yEOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=w/fl5ZcyhcMxNckHqZpOM02PfN1KmNOUELUGPvkST7I=; b=geobHdwWEojZ593gaab/n6bY6kdud2Atad2O20+Kvp4RBFm/uJ/UBKIkonlvHh9ocW jyKjZvA0xJ9hl+YXPtJqyhT3w6to7R8RblxH6WW2B4HjQFPM5DemBdIL7LnndBdzTYM1 lEbsDIalnUjjPQLVe8+Iut+ix5RTW/Jo2B2Wad2U2UBBDCvyEWvPcemmmf4KoJZipCNw GLDkvYvmSg7STaB21VN1oNSQxOyr2dAzS4OkYVI7ziw1nRlL9XyQMVKqLCu1vC9xZUrO oyzFN/xViphGVCb3bv3hdGLma83MmftVonOK7gmGIpab2pk9wQJLe+Fy4PkdhVaL/+1r Y1rQ== X-Gm-Message-State: ALKqPwcao86Eab7BLFg4+EihVqUMu60AbNiLGHAbjMeDbTYPC04UQ3d7 cUME3bcbqJGWq4uVCMrb44awKliURwEWzp/opW3gDw== X-Received: by 2002:aca:3887:: with SMTP id f129-v6mr10345354oia.14.1526421472817; Tue, 15 May 2018 14:57:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.201.52.2 with HTTP; Tue, 15 May 2018 14:57:52 -0700 (PDT) In-Reply-To: <20180511154458.GI27459@char.us.oracle.com> References: <1523943962-25415-1-git-send-email-wanpengli@tencent.com> <1523943962-25415-4-git-send-email-wanpengli@tencent.com> <20180511154458.GI27459@char.us.oracle.com> From: Jim Mattson Date: Tue, 15 May 2018 14:57:52 -0700 Message-ID: Subject: Re: [PATCH 3/3] KVM: VMX: Allow I/O port 0x80 bypass when userspace prefer To: Konrad Rzeszutek Wilk Cc: Wanpeng Li , LKML , kvm list , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Tim Shearer , Liran Alon , Andrew Honig , Lars Bull Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This does seem to allow a DoS from userspace if userspace prefers it. That doesn't seem wise. On Fri, May 11, 2018 at 8:44 AM, Konrad Rzeszutek Wilk wrote: > On Mon, Apr 16, 2018 at 10:46:02PM -0700, Wanpeng Li wrote: >> From: Wanpeng Li >> >> Tim Shearer reported that "There is a guest which is running a packet >> forwarding app based on the DPDK (dpdk.org). The packet receive routine >> writes to 0xc070 using glibc's "outw_p" function which does an additiona= l >> write to I/O port 80. It does this write for every packet that's receive= d, >> causing a flood of KVM userspace context switches". He uses mpstat to >> observe a CPU performing L2 packet forwarding on a pinned guest vCPU, >> the guest time is 95 percent when allowing I/O port 0x80 bypass, however= , >> it is 65.78 percent when I/O port 0x80 bypss is disabled. >> >> This patch allows I/O port 0x80 bypass when userspace prefer. > > s/prefer/requests it/ >> > > Perhaps: > > Reported-by: Tim Shearer as well? > >> Cc: Paolo Bonzini >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> Cc: Tim Shearer >> Cc: Liran Alon >> Signed-off-by: Wanpeng Li >> --- >> arch/x86/kvm/vmx.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >> index ebf1140..d3e5fef 100644 >> --- a/arch/x86/kvm/vmx.c >> +++ b/arch/x86/kvm/vmx.c >> @@ -10118,6 +10118,13 @@ static int vmx_vm_init(struct kvm *kvm) >> goto out; >> memset(kvm_vmx->vmx_io_bitmap[i], 0xff, PAGE_SIZE); >> } >> + if (kvm->arch.ioport_disable_intercept) { >> + /* >> + * Allow direct access to the PC debug port (it is often u= sed for I/O >> + * delays, but the vmexits simply slow things down). >> + */ >> + clear_bit(0x80, kvm_vmx->vmx_io_bitmap[VMX_IO_BITMAP_A]); >> + } >> return 0; >> >> out: >> -- >> 2.7.4 >>