[dpdk-dev] [PATCH v6 0/8] vhost: introduce vhost crypto backend

Zhoujian (jay) jianjay.zhou at huawei.com
Wed Apr 4 18:50:55 CEST 2018
Previous message: [dpdk-dev] [PATCH v6 0/8] vhost: introduce vhost crypto backend
Next message: [dpdk-dev] [PATCH v6 0/8] vhost: introduce vhost crypto backend
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Maxime,

> -----Original Message-----
> From: Maxime Coquelin [mailto:maxime.coquelin at redhat.com]
> Sent: Wednesday, April 04, 2018 11:37 PM
> To: Fan Zhang <roy.fan.zhang at intel.com>; dev at dpdk.org; Zhoujian (jay)
> <jianjay.zhou at huawei.com>
> Cc: jianfeng.tan at intel.com; pawelx.wodkowski at intel.com
> Subject: Re: [PATCH v6 0/8] vhost: introduce vhost crypto backend
> 
> Hi Fan,
> 
> On 04/04/2018 04:24 PM, Fan Zhang wrote:
> > This patchset adds crypto backend suppport to vhost library including
> > a proof-of-concept sample application. The implementation follows the
> > virtio-crypto specification and have been tested with qemu 2.11.50
> > (with several patches applied, detailed later) with Fedora 24 running
> > in the frontend.
> >
> > The vhost_crypto library acts as a "bridge" method that translate the
> > virtio-crypto crypto requests to DPDK crypto operations, so it is
> > purely software implementation. However it does require the user to
> > provide the DPDK Cryptodev ID so it knows how to handle the
> > virtio-crypto session creation and deletion mesages.
> >
> > Currently the implementation supports AES-CBC-128 and HMAC-SHA1 cipher
> > only/chaining modes and does not support sessionless mode yet. The
> > guest can use standard virtio-crypto driver to set up session and
> > sends encryption/decryption requests to backend. The vhost-crypto
> > sample application provided in this patchset will do the actual crypto
> > work.
> >
> > The following steps are involved to enable vhost-crypto support.
> >
> > In the host:
> > 1. Download the qemu source code.
> >
> > 2. Recompile your qemu with vhost-crypto option enabled.
> >
> > 3. Apply this patchset to latest DPDK code and recompile DPDK.
> >
> > 4. Compile and run vhost-crypto sample application.
> >
> > ./examples/vhost_crypto/build/vhost-crypto -l 11,12 -w 0000:86:01.0 \
> >   --socket-mem 2048,2048
> >
> > Where 0000:86:01.0 is the QAT PCI address. You may use AES-NI-MB if it
> > is not available. The sample application requires 2 lcores: 1 master
> > and 1 worker. The application will create a UNIX socket file
> > /tmp/vhost_crypto1.socket.
> >
> > 5. Start your qemu application. Here is my command:
> >
> > qemu/x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -cpu host \
> > -smp 2 -m 1G -hda ~/path-to-your/image.qcow \ -object
> > memory-backend-file,id=mem,size=1G,mem-path=/dev/hugepages,share=on \
> > -mem-prealloc -numa node,memdev=mem -chardev \
> > socket,id=charcrypto0,path=/tmp/vhost_crypto1.socket \ -object
> > cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \ -device
> > virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0
> >
> > 6. Once guest is booted. The Linux virtio_crypto kernel module is
> > loaded by default. You shall see the following logs in your demsg:
> >
> > [   17.611044] virtio_crypto: loading out-of-tree module taints kernel.
> > [   17.611083] virtio_crypto: module verification failed: signature
> and/or ...
> > [   17.611723] virtio_crypto virtio0: max_queues: 1, max_cipher_key_len: ...
> > [   17.612156] virtio_crypto virtio0: will run requests pump with
> realtime ...
> > [   18.376100] virtio_crypto virtio0: Accelerator is ready
> >
> > The virtio_crypto driver in the guest is now up and running.
> >
> > 7. The rest steps can be as same as the Testing section in
> > https://wiki.qemu.org/Features/VirtioCrypto
> >
> > 8. It is possible to use DPDK Virtio Crypto PMD
> > (https://dpdk.org/dev/patchwork/patch/36921/) in the guest to work
> > with this patchset to achieve optimal performance.
> >
> > v6:
> > - Changed commit message
> > - removed rte prefix in handler prototype
> >
> > v5:
> > - removed external ops register API.
> > - patch cleaned.
> >
> > v4:
> > - Changed external vhost backend ops register API.
> > - Fixed a bug.
> >
> > v3:
> > - Changed external vhost backend private data and message handling
> > - Added experimental tag to rte_vhost_crypto_set_zero_copy()
> >
> > v2:
> > - Moved vhost_crypto_data_req data from crypto op to source mbuf.
> > - Removed ZERO-COPY flag from config option and make it run-timely
> changeable.
> > - Guest-polling mode possible.
> > - Simplified vring descriptor access procedure.
> > - Work with both LKCF and DPDK Virtio-Crypto PMD guest drivers.
> >
> > Fan Zhang (8):
> >    lib/librte_vhost: add vhost user message handlers
> >    lib/librte_vhost: add virtio-crypto user message structure
> >    lib/librte_vhost: add session message handler
> >    lib/librte_vhost: add request handler
> >    lib/librte_vhost: add public function implementation
> >    lib/librte_vhost: update makefile
> >    examples/vhost_crypto: add vhost crypto sample application
> >    doc: update for vhost crypto support
> >
> >   doc/guides/prog_guide/vhost_lib.rst       |   25 +
> >   doc/guides/rel_notes/release_18_05.rst    |    5 +
> >   doc/guides/sample_app_ug/index.rst        |    1 +
> >   doc/guides/sample_app_ug/vhost_crypto.rst |   82 ++
> >   examples/vhost_crypto/Makefile            |   32 +
> >   examples/vhost_crypto/main.c              |  541 ++++++++++++
> >   examples/vhost_crypto/meson.build         |   14 +
> >   lib/librte_vhost/Makefile                 |    6 +-
> >   lib/librte_vhost/meson.build              |    8 +-
> >   lib/librte_vhost/rte_vhost_crypto.h       |  109 +++
> >   lib/librte_vhost/rte_vhost_version.map    |   11 +
> >   lib/librte_vhost/vhost.c                  |    2 +-
> >   lib/librte_vhost/vhost.h                  |   53 +-
> >   lib/librte_vhost/vhost_crypto.c           | 1312
> +++++++++++++++++++++++++++++
> >   lib/librte_vhost/vhost_user.c             |   33 +-
> >   lib/librte_vhost/vhost_user.h             |   35 +-
> >   16 files changed, 2256 insertions(+), 13 deletions(-)
> >   create mode 100644 doc/guides/sample_app_ug/vhost_crypto.rst
> >   create mode 100644 examples/vhost_crypto/Makefile
> >   create mode 100644 examples/vhost_crypto/main.c
> >   create mode 100644 examples/vhost_crypto/meson.build
> >   create mode 100644 lib/librte_vhost/rte_vhost_crypto.h
> >   create mode 100644 lib/librte_vhost/vhost_crypto.c
> >
> 
> For the series:
> Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> 
> Ideally, I would like to have it reviewed/acked by people having knowledge of
> crypto.
> Jianjay, is the series good for you?

With the typo of 8/8 fixed, this series looks good to me, so:
Acked-by: Jay Zhou <jianjay.zhou at huawei.com>

> 
> Thanks,
> Maxime
Previous message: [dpdk-dev] [PATCH v6 0/8] vhost: introduce vhost crypto backend
Next message: [dpdk-dev] [PATCH v6 0/8] vhost: introduce vhost crypto backend
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list