Hi, On 07/04/2017 11:49 AM, Maxime Coquelin wrote:
This first RFC, which targets v17.11, adds support for VIRTIO_F_IOMMU_PLATFORM feature, by implementing device IOTLB in the vhost-user backend. It improves the guest safety by enabling the possibility to isolate the Virtio device.It makes possible to use Virtio PMD in guest with using VFIO driver without enable_unsafe_noiommu_mode parameter set, so that the DPDK application on guest can only access memory its has been allowed to, and preventing malicious/buggy DPDK application in guest to make vhost-user backend write random guest memory. Note that Virtio-net Kernel driver also support IOMMU. The series depends on Qemu's "vhost-user: Specify and implement device IOTLB support" [0], available upstream and which will be part of Qemu v2.10 release. Performance-wise, even if this RFC has still room for optimizations, no performance degradation is noticed with static mappings (i.e. DPDK on guest) with PVP benchmark: Traffic Generator: Moongen (lua-trafficgen) Acceptable Loss: 0.005% Validation run time: 1 min Guest DPDK version/commit: v17.05 QEMU version/commit: master (6db174aed1fd) Virtio features: default CPU: Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz NIC: 2 x X710 Page size: 1G host/1G guest Results (bidirectional, total of the two flows): - base: 18.8Mpps - base + IOTLB series, IOMMU OFF: 18.8Mpps - base + IOTLB series, IOMMU ON: 18.8Mpps
It seems that I did a mistake when benchmarking with IOMMU on. Actually, with this RFC, the result is 14.5Mpps, which is a noticeable performance degradation. Next revision fixing this issue is coming soon, performance is recovered to 18.8Mpps. Cheers, Maxime
