-----Original Message-----
From: Maxime Coquelin [mailto:maxime.coque...@redhat.com]
Sent: Wednesday, April 04, 2018 11:37 PM
To: Fan Zhang <roy.fan.zh...@intel.com>; dev@dpdk.org; Zhoujian (jay)
<jianjay.z...@huawei.com>
Cc: jianfeng....@intel.com; pawelx.wodkow...@intel.com
Subject: Re: [PATCH v6 0/8] vhost: introduce vhost crypto backend
Hi Fan,
On 04/04/2018 04:24 PM, Fan Zhang wrote:
This patchset adds crypto backend suppport to vhost library including
a proof-of-concept sample application. The implementation follows the
virtio-crypto specification and have been tested with qemu 2.11.50
(with several patches applied, detailed later) with Fedora 24 running
in the frontend.
The vhost_crypto library acts as a "bridge" method that translate the
virtio-crypto crypto requests to DPDK crypto operations, so it is
purely software implementation. However it does require the user to
provide the DPDK Cryptodev ID so it knows how to handle the
virtio-crypto session creation and deletion mesages.
Currently the implementation supports AES-CBC-128 and HMAC-SHA1 cipher
only/chaining modes and does not support sessionless mode yet. The
guest can use standard virtio-crypto driver to set up session and
sends encryption/decryption requests to backend. The vhost-crypto
sample application provided in this patchset will do the actual crypto
work.
The following steps are involved to enable vhost-crypto support.
In the host:
1. Download the qemu source code.
2. Recompile your qemu with vhost-crypto option enabled.
3. Apply this patchset to latest DPDK code and recompile DPDK.
4. Compile and run vhost-crypto sample application.
./examples/vhost_crypto/build/vhost-crypto -l 11,12 -w 0000:86:01.0 \
--socket-mem 2048,2048
Where 0000:86:01.0 is the QAT PCI address. You may use AES-NI-MB if it
is not available. The sample application requires 2 lcores: 1 master
and 1 worker. The application will create a UNIX socket file
/tmp/vhost_crypto1.socket.
5. Start your qemu application. Here is my command:
qemu/x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -cpu host \
-smp 2 -m 1G -hda ~/path-to-your/image.qcow \ -object
memory-backend-file,id=mem,size=1G,mem-path=/dev/hugepages,share=on \
-mem-prealloc -numa node,memdev=mem -chardev \
socket,id=charcrypto0,path=/tmp/vhost_crypto1.socket \ -object
cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \ -device
virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0
6. Once guest is booted. The Linux virtio_crypto kernel module is
loaded by default. You shall see the following logs in your demsg:
[ 17.611044] virtio_crypto: loading out-of-tree module taints kernel.
[ 17.611083] virtio_crypto: module verification failed: signature
and/or ...
[ 17.611723] virtio_crypto virtio0: max_queues: 1, max_cipher_key_len: ...
[ 17.612156] virtio_crypto virtio0: will run requests pump with
realtime ...
[ 18.376100] virtio_crypto virtio0: Accelerator is ready
The virtio_crypto driver in the guest is now up and running.
7. The rest steps can be as same as the Testing section in
https://wiki.qemu.org/Features/VirtioCrypto
8. It is possible to use DPDK Virtio Crypto PMD
(https://dpdk.org/dev/patchwork/patch/36921/) in the guest to work
with this patchset to achieve optimal performance.
v6:
- Changed commit message
- removed rte prefix in handler prototype
v5:
- removed external ops register API.
- patch cleaned.
v4:
- Changed external vhost backend ops register API.
- Fixed a bug.
v3:
- Changed external vhost backend private data and message handling
- Added experimental tag to rte_vhost_crypto_set_zero_copy()
v2:
- Moved vhost_crypto_data_req data from crypto op to source mbuf.
- Removed ZERO-COPY flag from config option and make it run-timely
changeable.
- Guest-polling mode possible.
- Simplified vring descriptor access procedure.
- Work with both LKCF and DPDK Virtio-Crypto PMD guest drivers.
Fan Zhang (8):
lib/librte_vhost: add vhost user message handlers
lib/librte_vhost: add virtio-crypto user message structure
lib/librte_vhost: add session message handler
lib/librte_vhost: add request handler
lib/librte_vhost: add public function implementation
lib/librte_vhost: update makefile
examples/vhost_crypto: add vhost crypto sample application
doc: update for vhost crypto support
doc/guides/prog_guide/vhost_lib.rst | 25 +
doc/guides/rel_notes/release_18_05.rst | 5 +
doc/guides/sample_app_ug/index.rst | 1 +
doc/guides/sample_app_ug/vhost_crypto.rst | 82 ++
examples/vhost_crypto/Makefile | 32 +
examples/vhost_crypto/main.c | 541 ++++++++++++
examples/vhost_crypto/meson.build | 14 +
lib/librte_vhost/Makefile | 6 +-
lib/librte_vhost/meson.build | 8 +-
lib/librte_vhost/rte_vhost_crypto.h | 109 +++
lib/librte_vhost/rte_vhost_version.map | 11 +
lib/librte_vhost/vhost.c | 2 +-
lib/librte_vhost/vhost.h | 53 +-
lib/librte_vhost/vhost_crypto.c | 1312
+++++++++++++++++++++++++++++
lib/librte_vhost/vhost_user.c | 33 +-
lib/librte_vhost/vhost_user.h | 35 +-
16 files changed, 2256 insertions(+), 13 deletions(-)
create mode 100644 doc/guides/sample_app_ug/vhost_crypto.rst
create mode 100644 examples/vhost_crypto/Makefile
create mode 100644 examples/vhost_crypto/main.c
create mode 100644 examples/vhost_crypto/meson.build
create mode 100644 lib/librte_vhost/rte_vhost_crypto.h
create mode 100644 lib/librte_vhost/vhost_crypto.c
For the series:
Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com>
Ideally, I would like to have it reviewed/acked by people having knowledge of
crypto.
Jianjay, is the series good for you?
