[dpdk-dev] [PATCH v7 0/8] vhost: introduce vhost crypto backend
Maxime Coquelin
maxime.coquelin at redhat.com
Thu Apr 5 21:28:22 CEST 2018
On 04/05/2018 06:01 PM, Fan Zhang wrote:
> This patchset depends on the following patch and must be applied first:
>
> "lib/librte_vhost: add virtio_crypto.h header file"
> (https://dpdk.org/dev/patchwork/patch/37308/)
>
> This patchset adds crypto backend suppport to vhost library
> including a proof-of-concept sample application. The implementation
> follows the virtio-crypto specification and have been tested
> with qemu 2.11.50 (with several patches applied, detailed later)
> with Fedora 24 running in the frontend.
>
> The vhost_crypto library acts as a "bridge" method that translate
> the virtio-crypto crypto requests to DPDK crypto operations, so it
> is purely software implementation. However it does require the user
> to provide the DPDK Cryptodev ID so it knows how to handle the
> virtio-crypto session creation and deletion mesages.
>
> Currently the implementation supports AES-CBC-128 and HMAC-SHA1
> cipher only/chaining modes and does not support sessionless mode
> yet. The guest can use standard virtio-crypto driver to set up
> session and sends encryption/decryption requests to backend. The
> vhost-crypto sample application provided in this patchset will
> do the actual crypto work.
>
> The following steps are involved to enable vhost-crypto support.
>
> In the host:
> 1. Download the qemu source code.
>
> 2. Recompile your qemu with vhost-crypto option enabled.
>
> 3. Apply this patchset to latest DPDK code and recompile DPDK.
>
> 4. Compile and run vhost-crypto sample application.
>
> ./examples/vhost_crypto/build/vhost-crypto -l 11,12 -w 0000:86:01.0 \
> --socket-mem 2048,2048
>
> Where 0000:86:01.0 is the QAT PCI address. You may use AES-NI-MB if it is
> not available. The sample application requires 2 lcores: 1 master and 1
> worker. The application will create a UNIX socket file
> /tmp/vhost_crypto1.socket.
>
> 5. Start your qemu application. Here is my command:
>
> qemu/x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -cpu host \
> -smp 2 -m 1G -hda ~/path-to-your/image.qcow \
> -object memory-backend-file,id=mem,size=1G,mem-path=/dev/hugepages,share=on \
> -mem-prealloc -numa node,memdev=mem -chardev \
> socket,id=charcrypto0,path=/tmp/vhost_crypto1.socket \
> -object cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \
> -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0
>
> 6. Once guest is booted. The Linux virtio_crypto kernel module is loaded by
> default. You shall see the following logs in your demsg:
>
> [ 17.611044] virtio_crypto: loading out-of-tree module taints kernel.
> [ 17.611083] virtio_crypto: module verification failed: signature and/or ...
> [ 17.611723] virtio_crypto virtio0: max_queues: 1, max_cipher_key_len: ...
> [ 17.612156] virtio_crypto virtio0: will run requests pump with realtime ...
> [ 18.376100] virtio_crypto virtio0: Accelerator is ready
>
> The virtio_crypto driver in the guest is now up and running.
>
> 7. The rest steps can be as same as the Testing section in
> https://wiki.qemu.org/Features/VirtioCrypto
>
> 8. It is possible to use DPDK Virtio Crypto PMD
> (https://dpdk.org/dev/patchwork/patch/36921/) in the guest to work with
> this patchset to achieve optimal performance.
>
> v7:
> - Rebased on top of dpdk-next-virtio
> - Removed dependency of linux virtio crypto header
> - Fixed a typo
>
> v6:
> - Changed commit message
> - removed rte prefix in handler prototype
>
> v5:
> - removed external ops register API.
> - patch cleaned.
>
> v4:
> - Changed external vhost backend ops register API.
> - Fixed a bug.
>
> v3:
> - Changed external vhost backend private data and message handling
> - Added experimental tag to rte_vhost_crypto_set_zero_copy()
>
> v2:
> - Moved vhost_crypto_data_req data from crypto op to source mbuf.
> - Removed ZERO-COPY flag from config option and make it run-timely changeable.
> - Guest-polling mode possible.
> - Simplified vring descriptor access procedure.
> - Work with both LKCF and DPDK Virtio-Crypto PMD guest drivers.
>
> Fan Zhang (8):
> lib/librte_vhost: add vhost user message handlers
> lib/librte_vhost: add virtio-crypto user message structure
> lib/librte_vhost: add session message handler
> lib/librte_vhost: add request handler
> lib/librte_vhost: add public function implementation
> lib/librte_vhost: update makefile
> examples/vhost_crypto: add vhost crypto sample application
> doc: update for vhost crypto support
>
> doc/guides/prog_guide/vhost_lib.rst | 25 +
> doc/guides/rel_notes/release_18_05.rst | 5 +
> doc/guides/sample_app_ug/index.rst | 1 +
> doc/guides/sample_app_ug/vhost_crypto.rst | 82 ++
> examples/vhost_crypto/Makefile | 32 +
> examples/vhost_crypto/main.c | 541 ++++++++++++
> examples/vhost_crypto/meson.build | 14 +
> lib/librte_vhost/Makefile | 5 +-
> lib/librte_vhost/meson.build | 8 +-
> lib/librte_vhost/rte_vhost.h | 4 +
> lib/librte_vhost/rte_vhost_crypto.h | 109 +++
> lib/librte_vhost/rte_vhost_version.map | 6 +
> lib/librte_vhost/vhost.c | 2 +-
> lib/librte_vhost/vhost.h | 53 +-
> lib/librte_vhost/vhost_crypto.c | 1311 +++++++++++++++++++++++++++++
> lib/librte_vhost/vhost_user.c | 33 +-
> lib/librte_vhost/vhost_user.h | 34 +-
> 17 files changed, 2252 insertions(+), 13 deletions(-)
> create mode 100644 doc/guides/sample_app_ug/vhost_crypto.rst
> create mode 100644 examples/vhost_crypto/Makefile
> create mode 100644 examples/vhost_crypto/main.c
> create mode 100644 examples/vhost_crypto/meson.build
> create mode 100644 lib/librte_vhost/rte_vhost_crypto.h
> create mode 100644 lib/librte_vhost/vhost_crypto.c
>
Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
Thanks!
Maxime
More information about the dev
mailing list