* KVM & VT-d2?
@ 2009-05-14 21:52 Fischer, Anna
2009-05-14 22:01 ` Kay, Allen M
0 siblings, 1 reply; 5+ messages in thread
From: Fischer, Anna @ 2009-05-14 21:52 UTC (permalink / raw)
To: kvm
Does KVM already take advantage of Intel VT-d2 features, e.g. interrupt remapping support? Has anyone verified how it improves interrupt delivery for PCI pass-through devices?
Thanks,
Anna
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: KVM & VT-d2?
2009-05-14 21:52 KVM & VT-d2? Fischer, Anna
@ 2009-05-14 22:01 ` Kay, Allen M
2009-05-14 23:12 ` Fischer, Anna
0 siblings, 1 reply; 5+ messages in thread
From: Kay, Allen M @ 2009-05-14 22:01 UTC (permalink / raw)
To: Fischer, Anna, kvm
We have verified VT-d2 features works with PCI passthrough on KVM. To enable it, you need to turn on interrupt remapping in kernel config.
Interrupt remapping is a security/isolation feature where interrupt delivery is qualified with device's bus/device/function in interrupt remapping table entry when source ID checking is turn on. It does not directly inject interrupt to the guest OS.
-----Original Message-----
From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On Behalf Of Fischer, Anna
Sent: Thursday, May 14, 2009 2:53 PM
To: kvm@vger.kernel.org
Subject: KVM & VT-d2?
Does KVM already take advantage of Intel VT-d2 features, e.g. interrupt remapping support? Has anyone verified how it improves interrupt delivery for PCI pass-through devices?
Thanks,
Anna
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: KVM & VT-d2?
2009-05-14 22:01 ` Kay, Allen M
@ 2009-05-14 23:12 ` Fischer, Anna
2009-05-15 1:25 ` Kay, Allen M
2009-05-17 19:50 ` Avi Kivity
0 siblings, 2 replies; 5+ messages in thread
From: Fischer, Anna @ 2009-05-14 23:12 UTC (permalink / raw)
To: Kay, Allen M; +Cc: kvm
I thought that one use case of VT-d2 interrupt remapping was to be able to safely and more efficiently deliver interrupts to the CPU that runs the particular VCPU of the guest that owns the I/O device that issues the interrupt. Shouldn't there at least be some performance (e.g. latency) improvement doing the remapping and checking in HW with a predefined table rather than multiplexing this in software in the hypervisor layer?
> -----Original Message-----
> From: Kay, Allen M [mailto:allen.m.kay@intel.com]
> Sent: 14 May 2009 15:02
> To: Fischer, Anna; kvm@vger.kernel.org
> Subject: RE: KVM & VT-d2?
>
> We have verified VT-d2 features works with PCI passthrough on KVM. To
> enable it, you need to turn on interrupt remapping in kernel config.
>
> Interrupt remapping is a security/isolation feature where interrupt
> delivery is qualified with device's bus/device/function in interrupt
> remapping table entry when source ID checking is turn on. It does not
> directly inject interrupt to the guest OS.
>
> -----Original Message-----
> From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On
> Behalf Of Fischer, Anna
> Sent: Thursday, May 14, 2009 2:53 PM
> To: kvm@vger.kernel.org
> Subject: KVM & VT-d2?
>
> Does KVM already take advantage of Intel VT-d2 features, e.g. interrupt
> remapping support? Has anyone verified how it improves interrupt
> delivery for PCI pass-through devices?
>
> Thanks,
> Anna
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: KVM & VT-d2?
2009-05-14 23:12 ` Fischer, Anna
@ 2009-05-15 1:25 ` Kay, Allen M
2009-05-17 19:50 ` Avi Kivity
1 sibling, 0 replies; 5+ messages in thread
From: Kay, Allen M @ 2009-05-15 1:25 UTC (permalink / raw)
To: Fischer, Anna; +Cc: kvm
In both interrupt remapping and no interrupt remapping cases, interrupts from the passthrough device are still delivered to the host kernel. KVM then injects the interrupt to guest via vlapic->vioapic->vmcs path.
The value add from interrupt remapping is that a new source ID field in interrupt remapping table entry is checked before the interrupt is delivered to the host kernel. This prevents malicious guests with PCI passthrough devices to generate DOS attacks via DMA writes to the apic area.
-----Original Message-----
From: Fischer, Anna [mailto:anna.fischer@hp.com]
Sent: Thursday, May 14, 2009 4:12 PM
To: Kay, Allen M
Cc: kvm@vger.kernel.org
Subject: RE: KVM & VT-d2?
I thought that one use case of VT-d2 interrupt remapping was to be able to safely and more efficiently deliver interrupts to the CPU that runs the particular VCPU of the guest that owns the I/O device that issues the interrupt. Shouldn't there at least be some performance (e.g. latency) improvement doing the remapping and checking in HW with a predefined table rather than multiplexing this in software in the hypervisor layer?
> -----Original Message-----
> From: Kay, Allen M [mailto:allen.m.kay@intel.com]
> Sent: 14 May 2009 15:02
> To: Fischer, Anna; kvm@vger.kernel.org
> Subject: RE: KVM & VT-d2?
>
> We have verified VT-d2 features works with PCI passthrough on KVM. To
> enable it, you need to turn on interrupt remapping in kernel config.
>
> Interrupt remapping is a security/isolation feature where interrupt
> delivery is qualified with device's bus/device/function in interrupt
> remapping table entry when source ID checking is turn on. It does not
> directly inject interrupt to the guest OS.
>
> -----Original Message-----
> From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On
> Behalf Of Fischer, Anna
> Sent: Thursday, May 14, 2009 2:53 PM
> To: kvm@vger.kernel.org
> Subject: KVM & VT-d2?
>
> Does KVM already take advantage of Intel VT-d2 features, e.g. interrupt
> remapping support? Has anyone verified how it improves interrupt
> delivery for PCI pass-through devices?
>
> Thanks,
> Anna
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: KVM & VT-d2?
2009-05-14 23:12 ` Fischer, Anna
2009-05-15 1:25 ` Kay, Allen M
@ 2009-05-17 19:50 ` Avi Kivity
1 sibling, 0 replies; 5+ messages in thread
From: Avi Kivity @ 2009-05-17 19:50 UTC (permalink / raw)
To: Fischer, Anna; +Cc: Kay, Allen M, kvm
Fischer, Anna wrote:
> I thought that one use case of VT-d2 interrupt remapping was to be able to safely and more efficiently deliver interrupts to the CPU that runs the particular VCPU of the guest that owns the I/O device that issues the interrupt. Shouldn't there at least be some performance (e.g. latency) improvement doing the remapping and checking in HW with a predefined table rather than multiplexing this in software in the hypervisor layer?
>
This can be done even without VT-d. Since qemu knows how the guest
affines its interrupts (via the MSI entry), it can affine the
corresponding host interrupt.
Right now Linux can affine the host interrupt to a cpu; this requires
periodic polling since the vcpu thread can move around. It would be
interesting to add an API to affine an interrupt to a thread, so
whenever the thread is migrated to a different cpu, the interrupt
follows it around. I imagine it would be useful for non-virtualization
applications as well.
--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2009-05-17 19:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-14 21:52 KVM & VT-d2? Fischer, Anna
2009-05-14 22:01 ` Kay, Allen M
2009-05-14 23:12 ` Fischer, Anna
2009-05-15 1:25 ` Kay, Allen M
2009-05-17 19:50 ` Avi Kivity
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.