Hi Maxime, > -----Original Message----- > From: Maxime Coquelin [mailto:maxime.coque...@redhat.com] > Sent: Wednesday, April 04, 2018 11:37 PM > To: Fan Zhang <roy.fan.zh...@intel.com>; dev@dpdk.org; Zhoujian (jay) > <jianjay.z...@huawei.com> > Cc: jianfeng....@intel.com; pawelx.wodkow...@intel.com > Subject: Re: [PATCH v6 0/8] vhost: introduce vhost crypto backend > > Hi Fan, > > On 04/04/2018 04:24 PM, Fan Zhang wrote: > > This patchset adds crypto backend suppport to vhost library including > > a proof-of-concept sample application. The implementation follows the > > virtio-crypto specification and have been tested with qemu 2.11.50 > > (with several patches applied, detailed later) with Fedora 24 running > > in the frontend. > > > > The vhost_crypto library acts as a "bridge" method that translate the > > virtio-crypto crypto requests to DPDK crypto operations, so it is > > purely software implementation. However it does require the user to > > provide the DPDK Cryptodev ID so it knows how to handle the > > virtio-crypto session creation and deletion mesages. > > > > Currently the implementation supports AES-CBC-128 and HMAC-SHA1 cipher > > only/chaining modes and does not support sessionless mode yet. The > > guest can use standard virtio-crypto driver to set up session and > > sends encryption/decryption requests to backend. The vhost-crypto > > sample application provided in this patchset will do the actual crypto > > work. > > > > The following steps are involved to enable vhost-crypto support. > > > > In the host: > > 1. Download the qemu source code. > > > > 2. Recompile your qemu with vhost-crypto option enabled. > > > > 3. Apply this patchset to latest DPDK code and recompile DPDK. > > > > 4. Compile and run vhost-crypto sample application. > > > > ./examples/vhost_crypto/build/vhost-crypto -l 11,12 -w 0000:86:01.0 \ > > --socket-mem 2048,2048 > > > > Where 0000:86:01.0 is the QAT PCI address. You may use AES-NI-MB if it > > is not available. The sample application requires 2 lcores: 1 master > > and 1 worker. The application will create a UNIX socket file > > /tmp/vhost_crypto1.socket. > > > > 5. Start your qemu application. Here is my command: > > > > qemu/x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -cpu host \ > > -smp 2 -m 1G -hda ~/path-to-your/image.qcow \ -object > > memory-backend-file,id=mem,size=1G,mem-path=/dev/hugepages,share=on \ > > -mem-prealloc -numa node,memdev=mem -chardev \ > > socket,id=charcrypto0,path=/tmp/vhost_crypto1.socket \ -object > > cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \ -device > > virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 > > > > 6. Once guest is booted. The Linux virtio_crypto kernel module is > > loaded by default. You shall see the following logs in your demsg: > > > > [ 17.611044] virtio_crypto: loading out-of-tree module taints kernel. > > [ 17.611083] virtio_crypto: module verification failed: signature > and/or ... > > [ 17.611723] virtio_crypto virtio0: max_queues: 1, max_cipher_key_len: ... > > [ 17.612156] virtio_crypto virtio0: will run requests pump with > realtime ... > > [ 18.376100] virtio_crypto virtio0: Accelerator is ready > > > > The virtio_crypto driver in the guest is now up and running. > > > > 7. The rest steps can be as same as the Testing section in > > https://wiki.qemu.org/Features/VirtioCrypto > > > > 8. It is possible to use DPDK Virtio Crypto PMD > > (https://dpdk.org/dev/patchwork/patch/36921/) in the guest to work > > with this patchset to achieve optimal performance. > > > > v6: > > - Changed commit message > > - removed rte prefix in handler prototype > > > > v5: > > - removed external ops register API. > > - patch cleaned. > > > > v4: > > - Changed external vhost backend ops register API. > > - Fixed a bug. > > > > v3: > > - Changed external vhost backend private data and message handling > > - Added experimental tag to rte_vhost_crypto_set_zero_copy() > > > > v2: > > - Moved vhost_crypto_data_req data from crypto op to source mbuf. > > - Removed ZERO-COPY flag from config option and make it run-timely > changeable. > > - Guest-polling mode possible. > > - Simplified vring descriptor access procedure. > > - Work with both LKCF and DPDK Virtio-Crypto PMD guest drivers. > > > > Fan Zhang (8): > > lib/librte_vhost: add vhost user message handlers > > lib/librte_vhost: add virtio-crypto user message structure > > lib/librte_vhost: add session message handler > > lib/librte_vhost: add request handler > > lib/librte_vhost: add public function implementation > > lib/librte_vhost: update makefile > > examples/vhost_crypto: add vhost crypto sample application > > doc: update for vhost crypto support > > > > doc/guides/prog_guide/vhost_lib.rst | 25 + > > doc/guides/rel_notes/release_18_05.rst | 5 + > > doc/guides/sample_app_ug/index.rst | 1 + > > doc/guides/sample_app_ug/vhost_crypto.rst | 82 ++ > > examples/vhost_crypto/Makefile | 32 + > > examples/vhost_crypto/main.c | 541 ++++++++++++ > > examples/vhost_crypto/meson.build | 14 + > > lib/librte_vhost/Makefile | 6 +- > > lib/librte_vhost/meson.build | 8 +- > > lib/librte_vhost/rte_vhost_crypto.h | 109 +++ > > lib/librte_vhost/rte_vhost_version.map | 11 + > > lib/librte_vhost/vhost.c | 2 +- > > lib/librte_vhost/vhost.h | 53 +- > > lib/librte_vhost/vhost_crypto.c | 1312 > +++++++++++++++++++++++++++++ > > lib/librte_vhost/vhost_user.c | 33 +- > > lib/librte_vhost/vhost_user.h | 35 +- > > 16 files changed, 2256 insertions(+), 13 deletions(-) > > create mode 100644 doc/guides/sample_app_ug/vhost_crypto.rst > > create mode 100644 examples/vhost_crypto/Makefile > > create mode 100644 examples/vhost_crypto/main.c > > create mode 100644 examples/vhost_crypto/meson.build > > create mode 100644 lib/librte_vhost/rte_vhost_crypto.h > > create mode 100644 lib/librte_vhost/vhost_crypto.c > > > > For the series: > Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com> > > Ideally, I would like to have it reviewed/acked by people having knowledge of > crypto. > Jianjay, is the series good for you?
With the typo of 8/8 fixed, this series looks good to me, so: Acked-by: Jay Zhou <jianjay.z...@huawei.com> > > Thanks, > Maxime
