All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Gonglei (Arei)" <arei.gonglei@huawei.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"virtio-dev@lists.oasis-open.org"
	<virtio-dev@lists.oasis-open.org>,
	Luonengjun <luonengjun@huawei.com>,
	"mst@redhat.com" <mst@redhat.com>,
	"pbonzini@redhat.com" <pbonzini@redhat.com>,
	"berrange@redhat.com" <berrange@redhat.com>,
	"Huangweidong (C)" <weidong.huang@huawei.com>,
	"Wubin (H)" <wu.wubin@huawei.com>,
	"mike.caraman@nxp.com" <mike.caraman@nxp.com>,
	"agraf@suse.de" <agraf@suse.de>,
	"xin.zeng@intel.com" <xin.zeng@intel.com>,
	Claudio Fontana <Claudio.Fontana@huawei.com>,
	"nmorey@kalray.eu" <nmorey@kalray.eu>,
	"vincent.jardin@6wind.com" <vincent.jardin@6wind.com>,
	"Zhoujian (jay, Euler)" <jianjay.zhou@huawei.com>,
	"Hanweidong (Randy)" <hanweidong@huawei.com>,
	"Huangpeng (Peter)" <peter.huangpeng@huawei.com>
Subject: Re: [Qemu-devel] [PATCH v4 04/13] cryptodev: introduce a new cryptodev backend
Date: Wed, 5 Oct 2016 03:19:44 +0000	[thread overview]
Message-ID: <33183CC9F5247A488A2544077AF19020B03E658A@SZXEMA503-MBS.china.huawei.com> (raw)
In-Reply-To: <20161003163140.GX10245@stefanha-x1.localdomain>


> -----Original Message-----
> From: Stefan Hajnoczi [mailto:stefanha@redhat.com]
> Sent: Tuesday, October 04, 2016 12:32 AM
> Subject: Re: [PATCH v4 04/13] cryptodev: introduce a new cryptodev backend
> 
> On Wed, Sep 28, 2016 at 04:25:43PM +0800, Gonglei wrote:
> > +/* Max number of symetrical sessions */
> 
> s/symetrical/symmetric/
> 
> But why does the comment say "symetrical" when the constant name
> MAX_NUM_SESSIONS seems to be a global limit for *all* sessions (not just
> symmetric)?
> 
> > +#define MAX_NUM_SESSIONS 256
> 
> The guest can only have 256 sessions open?
> 
For cipher API backend, it's a experimental cryptodev backend, which
can't be applied in production environment because of the poor performance. 
The limit is just for simplifying code logic, of course we can increase the number
as well, but it doesn't necessary IMO.

> What are the limits of real crypto libraries and accelerators?
> 
The hardware accelerators maybe have a limit, for example the
Intel QAT pmd driver in DPDK limit the maximum num of session is 2048.

> > +
> > +
> > +struct QCryptoCryptoDevBackendBuiltin {
> > +    QCryptoCryptoDevBackend parent_obj;
> > +
> > +    QCryptoCryptoDevBackendBuiltinSession
> *sessions[MAX_NUM_SESSIONS];
> > +};
> > +
> > +static void qcrypto_cryptodev_backend_builtin_init(
> > +             QCryptoCryptoDevBackend *backend, Error **errp)
> > +{
> > +    /* Only support one queue */
> > +    int queues = MAX(backend->conf.peers.queues, 1);
> > +    size_t i;
> > +    QCryptoCryptoDevBackendClientState *cc;
> > +
> > +    for (i = 0; i < queues; i++) {
> > +        cc = qcrypto_cryptodev_backend_new_client(
> > +                  "cryptodev-builtin", NULL);
> > +        snprintf(cc->info_str, sizeof(cc->info_str),
> > +                 "cryptodev-builtin%lu", i);
> > +        cc->queue_index = i;
> > +
> > +        backend->conf.peers.ccs[i] = cc;
> > +    }
> > +
> > +    backend->conf.crypto_services =
> > +                         1u << VIRTIO_CRYPTO_SERVICE_CIPHER |
> > +                         1u << VIRTIO_CRYPTO_SERVICE_HASH |
> > +                         1u << VIRTIO_CRYPTO_SERVICE_MAC;
> > +    backend->conf.cipher_algo_l = 1u <<
> VIRTIO_CRYPTO_CIPHER_AES_CBC;
> > +    backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
> > +}
> > +
> > +static int
> > +qcrypto_cryptodev_backend_builtin_get_unused_session_index(
> > +      QCryptoCryptoDevBackendBuiltin *builtin)
> > +{
> > +    size_t i;
> > +
> > +    for (i = 0; i < MAX_NUM_SESSIONS; i++) {
> > +        if (builtin->sessions[i] == NULL) {
> > +            return i;
> > +        }
> > +    }
> > +
> > +    return -1;
> > +}
> > +
> > +static int
> > +qcrypto_cryptodev_backend_builtin_get_algo(uint32_t key_len,
> > +                                           Error **errp)
> > +{
> > +    int algo;
> > +
> > +    if (key_len == 128 / 8) {
> > +        algo = QCRYPTO_CIPHER_ALG_AES_128;
> > +    } else if (key_len == 192 / 8) {
> > +        algo = QCRYPTO_CIPHER_ALG_AES_192;
> > +    } else if (key_len == 256 / 8) {
> > +        algo = QCRYPTO_CIPHER_ALG_AES_256;
> > +    } else {
> > +        error_setg(errp, "unsupported key length :%u", key_len);
> > +        return -1;
> > +    }
> > +
> > +    return algo;
> > +}
> > +
> > +static int qcrypto_cryptodev_backend_builtin_create_cipher_session(
> > +                    QCryptoCryptoDevBackendBuiltin *builtin,
> > +                    QCryptoCryptoDevBackendSymSessionInfo
> *sess_info,
> > +                    Error **errp)
> > +{
> > +    int algo;
> > +    int mode;
> > +    QCryptoCipher *cipher;
> > +    int index;
> > +    QCryptoCryptoDevBackendBuiltinSession *sess;
> > +
> > +    if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) {
> > +        error_setg(errp, "unsupported optype :%u", sess_info->op_type);
> > +        return -1;
> > +    }
> > +
> > +    index =
> qcrypto_cryptodev_backend_builtin_get_unused_session_index(builtin);
> 
> Feel free to omit the function name prefix for static functions.  These
> names are very long.
> 
> > +    if (index < 0) {
> > +        error_setg(errp, "the total number of created session
> exceed %u",
> 
> "Total number of sessions created exceeds %u"
> 
> > +                  MAX_NUM_SESSIONS);
> > +        return -1;
> > +    }
> > +
> > +    switch (sess_info->cipher_alg) {
> > +    case VIRTIO_CRYPTO_CIPHER_AES_ECB:
> > +        algo =
> qcrypto_cryptodev_backend_builtin_get_algo(sess_info->key_len,
> > +
> errp);
> > +        if (algo < 0)  {
> > +            return -1;
> > +        }
> > +        mode = QCRYPTO_CIPHER_MODE_ECB;
> > +        break;
> > +    case VIRTIO_CRYPTO_CIPHER_AES_CBC:
> > +        algo =
> qcrypto_cryptodev_backend_builtin_get_algo(sess_info->key_len,
> > +
> errp);
> > +        if (algo < 0)  {
> > +            return -1;
> > +        }
> > +        mode = QCRYPTO_CIPHER_MODE_CBC;
> > +        break;
> > +    case VIRTIO_CRYPTO_CIPHER_AES_CTR:
> > +        algo =
> qcrypto_cryptodev_backend_builtin_get_algo(sess_info->key_len,
> > +
> errp);
> > +        if (algo < 0)  {
> > +            return -1;
> > +        }
> > +        mode = QCRYPTO_CIPHER_MODE_CTR;
> > +        break;
> > +    default:
> > +        error_setg(errp, "unsupported cipher alg :%u",
> > +                   sess_info->cipher_alg);
> > +        return -1;
> > +    }
> 
> Code duplication can be eliminated:
> 
> switch (sess_info->cipher_alg) {
> case VIRTIO_CRYPTO_CIPHER_AES_ECB:
>     mode = QCRYPTO_CIPHER_MODE_ECB;
>     break;
> ...
> }
> 
> algo = qcrypto_cryptodev_backend_builtin_get_algo(sess_info->key_len,
>                                                   errp);
> if (algo < 0) {
>     return -1;
> }
> 
Make sense. :)

> > +static void qcrypto_cryptodev_backend_builtin_cleanup(
> > +             QCryptoCryptoDevBackend *backend,
> > +             Error **errp)
> > +{
> > +    QCryptoCryptoDevBackendBuiltin *builtin =
> > +
> QCRYPTO_CRYPTODEV_BACKEND_BUILTIN(backend);
> > +    size_t i;
> > +    int queues = backend->conf.peers.queues;
> > +    QCryptoCryptoDevBackendClientState *cc;
> > +
> > +    for (i = 0; i < MAX_NUM_SESSIONS; i++) {
> > +        if (builtin->sessions[i] != NULL) {
> > +            qcrypto_cryptodev_backend_builtin_sym_close_session(
> > +                    backend, i, 0, errp);
> > +        }
> > +    }
> > +
> > +    for (i = 0; i < queues; i++) {
> 
> This device doesn't seem to support queues because queue_index is
> ignored by all functions that take it.
> 
> Perhaps there should be an error if the device is realized with more
> than 1 queue?

Yes, we can add the check for cryptodev-builtin backend.


Regards,
-Gonglei

  reply	other threads:[~2016-10-05  3:20 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-28  8:25 [Qemu-devel] [PATCH v4 00/13] virtio-crypto: introduce framework and device emulation Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 01/13] cryptodev: introduce cryptodev backend interface Gonglei
2016-10-03 16:10   ` Stefan Hajnoczi
2016-10-03 16:15     ` Daniel P. Berrange
2016-10-05  3:06     ` Gonglei (Arei)
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 02/13] cryptodev: add symmetric algorithm operation stuff Gonglei
2016-10-03 16:13   ` Stefan Hajnoczi
2016-10-05  3:07     ` [Qemu-devel] [virtio-dev] " Gonglei (Arei)
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 03/13] virtio-crypto: introduce virtio_crypto.h Gonglei
2016-10-03 16:14   ` Stefan Hajnoczi
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 04/13] cryptodev: introduce a new cryptodev backend Gonglei
2016-10-03 16:31   ` Stefan Hajnoczi
2016-10-05  3:19     ` Gonglei (Arei) [this message]
2016-10-05 12:53       ` Stefan Hajnoczi
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 05/13] virtio-crypto: add virtio crypto device emulation Gonglei
2016-10-04  9:38   ` Stefan Hajnoczi
2016-10-05  3:26     ` Gonglei (Arei)
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 06/13] virtio-crypto-pci: add virtio crypto pci support Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 07/13] virtio-crypto: set capacity of algorithms supported Gonglei
2016-10-04  9:46   ` Stefan Hajnoczi
2016-10-05  3:30     ` [Qemu-devel] [virtio-dev] " Gonglei (Arei)
2016-10-05 12:55       ` Stefan Hajnoczi
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 08/13] virtio-crypto: add control queue handler Gonglei
2016-10-04 10:09   ` Stefan Hajnoczi
2016-10-05  3:38     ` Gonglei (Arei)
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 09/13] virtio-crypto: add data queue processing handler Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 10/13] cryptodev: introduce an unified wrapper for crypto operation Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 11/13] virtio-crypto: emulate virtio crypto as a legacy device by default Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 12/13] virtio-crypto-test: add qtest case for virtio-crypto Gonglei
2016-09-28  8:25 ` [Qemu-devel] [PATCH v4 13/13] virtio-crypto: add myself as virtio-crypto and cryptodev backends maintainer Gonglei
2016-09-28  9:14 ` [Qemu-devel] [PATCH v4 00/13] virtio-crypto: introduce framework and device emulation no-reply
2016-09-28  9:18   ` Gonglei (Arei)
2016-10-03 12:02 ` Gonglei (Arei)
2016-10-04 10:13 ` Stefan Hajnoczi
2016-10-05  3:42   ` [Qemu-devel] [virtio-dev] " Gonglei (Arei)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33183CC9F5247A488A2544077AF19020B03E658A@SZXEMA503-MBS.china.huawei.com \
    --to=arei.gonglei@huawei.com \
    --cc=Claudio.Fontana@huawei.com \
    --cc=agraf@suse.de \
    --cc=berrange@redhat.com \
    --cc=hanweidong@huawei.com \
    --cc=jianjay.zhou@huawei.com \
    --cc=luonengjun@huawei.com \
    --cc=mike.caraman@nxp.com \
    --cc=mst@redhat.com \
    --cc=nmorey@kalray.eu \
    --cc=pbonzini@redhat.com \
    --cc=peter.huangpeng@huawei.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=vincent.jardin@6wind.com \
    --cc=virtio-dev@lists.oasis-open.org \
    --cc=weidong.huang@huawei.com \
    --cc=wu.wubin@huawei.com \
    --cc=xin.zeng@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.