[dpdk-dev] [PATCH v7 0/8] vhost: introduce vhost crypto backend

Maxime Coquelin maxime.coquelin at redhat.com
Thu Apr 5 21:28:22 CEST 2018



On 04/05/2018 06:01 PM, Fan Zhang wrote:
> This patchset depends on the following patch and must be applied first:
> 
> "lib/librte_vhost: add virtio_crypto.h header file"
> (https://dpdk.org/dev/patchwork/patch/37308/)
> 
> This patchset adds crypto backend suppport to vhost library
> including a proof-of-concept sample application. The implementation
> follows the virtio-crypto specification and have been tested
> with qemu 2.11.50 (with several patches applied, detailed later)
> with Fedora 24 running in the frontend.
> 
> The vhost_crypto library acts as a "bridge" method that translate
> the virtio-crypto crypto requests to DPDK crypto operations, so it
> is purely software implementation. However it does require the user
> to provide the DPDK Cryptodev ID so it knows how to handle the
> virtio-crypto session creation and deletion mesages.
> 
> Currently the implementation supports AES-CBC-128 and HMAC-SHA1
> cipher only/chaining modes and does not support sessionless mode
> yet. The guest can use standard virtio-crypto driver to set up
> session and sends encryption/decryption requests to backend. The
> vhost-crypto sample application provided in this patchset will
> do the actual crypto work.
> 
> The following steps are involved to enable vhost-crypto support.
> 
> In the host:
> 1. Download the qemu source code.
> 
> 2. Recompile your qemu with vhost-crypto option enabled.
> 
> 3. Apply this patchset to latest DPDK code and recompile DPDK.
> 
> 4. Compile and run vhost-crypto sample application.
> 
> ./examples/vhost_crypto/build/vhost-crypto -l 11,12 -w 0000:86:01.0 \
>   --socket-mem 2048,2048
> 
> Where 0000:86:01.0 is the QAT PCI address. You may use AES-NI-MB if it is
> not available. The sample application requires 2 lcores: 1 master and 1
> worker. The application will create a UNIX socket file
> /tmp/vhost_crypto1.socket.
> 
> 5. Start your qemu application. Here is my command:
> 
> qemu/x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -cpu host \
> -smp 2 -m 1G -hda ~/path-to-your/image.qcow \
> -object memory-backend-file,id=mem,size=1G,mem-path=/dev/hugepages,share=on \
> -mem-prealloc -numa node,memdev=mem -chardev \
> socket,id=charcrypto0,path=/tmp/vhost_crypto1.socket \
> -object cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \
> -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0
> 
> 6. Once guest is booted. The Linux virtio_crypto kernel module is loaded by
> default. You shall see the following logs in your demsg:
> 
> [   17.611044] virtio_crypto: loading out-of-tree module taints kernel.
> [   17.611083] virtio_crypto: module verification failed: signature and/or ...
> [   17.611723] virtio_crypto virtio0: max_queues: 1, max_cipher_key_len: ...
> [   17.612156] virtio_crypto virtio0: will run requests pump with realtime ...
> [   18.376100] virtio_crypto virtio0: Accelerator is ready
> 
> The virtio_crypto driver in the guest is now up and running.
> 
> 7. The rest steps can be as same as the Testing section in
> https://wiki.qemu.org/Features/VirtioCrypto
> 
> 8. It is possible to use DPDK Virtio Crypto PMD
> (https://dpdk.org/dev/patchwork/patch/36921/) in the guest to work with
> this patchset to achieve optimal performance.
> 
> v7:
> - Rebased on top of dpdk-next-virtio
> - Removed dependency of linux virtio crypto header
> - Fixed a typo
> 
> v6:
> - Changed commit message
> - removed rte prefix in handler prototype
> 
> v5:
> - removed external ops register API.
> - patch cleaned.
> 
> v4:
> - Changed external vhost backend ops register API.
> - Fixed a bug.
> 
> v3:
> - Changed external vhost backend private data and message handling
> - Added experimental tag to rte_vhost_crypto_set_zero_copy()
> 
> v2:
> - Moved vhost_crypto_data_req data from crypto op to source mbuf.
> - Removed ZERO-COPY flag from config option and make it run-timely changeable.
> - Guest-polling mode possible.
> - Simplified vring descriptor access procedure.
> - Work with both LKCF and DPDK Virtio-Crypto PMD guest drivers.
> 
> Fan Zhang (8):
>    lib/librte_vhost: add vhost user message handlers
>    lib/librte_vhost: add virtio-crypto user message structure
>    lib/librte_vhost: add session message handler
>    lib/librte_vhost: add request handler
>    lib/librte_vhost: add public function implementation
>    lib/librte_vhost: update makefile
>    examples/vhost_crypto: add vhost crypto sample application
>    doc: update for vhost crypto support
> 
>   doc/guides/prog_guide/vhost_lib.rst       |   25 +
>   doc/guides/rel_notes/release_18_05.rst    |    5 +
>   doc/guides/sample_app_ug/index.rst        |    1 +
>   doc/guides/sample_app_ug/vhost_crypto.rst |   82 ++
>   examples/vhost_crypto/Makefile            |   32 +
>   examples/vhost_crypto/main.c              |  541 ++++++++++++
>   examples/vhost_crypto/meson.build         |   14 +
>   lib/librte_vhost/Makefile                 |    5 +-
>   lib/librte_vhost/meson.build              |    8 +-
>   lib/librte_vhost/rte_vhost.h              |    4 +
>   lib/librte_vhost/rte_vhost_crypto.h       |  109 +++
>   lib/librte_vhost/rte_vhost_version.map    |    6 +
>   lib/librte_vhost/vhost.c                  |    2 +-
>   lib/librte_vhost/vhost.h                  |   53 +-
>   lib/librte_vhost/vhost_crypto.c           | 1311 +++++++++++++++++++++++++++++
>   lib/librte_vhost/vhost_user.c             |   33 +-
>   lib/librte_vhost/vhost_user.h             |   34 +-
>   17 files changed, 2252 insertions(+), 13 deletions(-)
>   create mode 100644 doc/guides/sample_app_ug/vhost_crypto.rst
>   create mode 100644 examples/vhost_crypto/Makefile
>   create mode 100644 examples/vhost_crypto/main.c
>   create mode 100644 examples/vhost_crypto/meson.build
>   create mode 100644 lib/librte_vhost/rte_vhost_crypto.h
>   create mode 100644 lib/librte_vhost/vhost_crypto.c
> 

Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>

Thanks!
Maxime


More information about the dev mailing list