RE: [PATCH v8 1/1] crypto: add virtio-crypto driver
> > On Thu, Jan 12, 2017 at 03:10:25PM +0100, Christian Borntraeger wrote: > > On 01/10/2017 01:56 PM, Christian Borntraeger wrote: > > > On 01/10/2017 01:36 PM, Gonglei (Arei) wrote: > > >> Hi, > > >> > > >>> > > >>> On 12/15/2016 03:03 AM, Gonglei wrote: > > >>> [...] > > + > > +static struct crypto_alg virtio_crypto_algs[] = { { > > + .cra_name = "cbc(aes)", > > + .cra_driver_name = "virtio_crypto_aes_cbc", > > + .cra_priority = 501, > > >>> > > >>> > > >>> This is still higher than the hardware-accelerators (like intel aesni > > >>> or the > > >>> s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported > by the > > >>> hardware virtualization and available to the guests. I do not see a way > how > > >>> virtio > > >>> crypto can be faster than that (in the end it might be cpacf/aesni + > overhead) > > >>> instead it will very likely be slower. > > >>> So we should use a number that is higher than software implementations > but > > >>> lower than the hw ones. > > >>> > > >>> Just grepping around, the software ones seem be be around 100 and the > > >>> hardware > > >>> ones around 200-400. So why was 150 not enough? > > >>> > > >> I didn't find a documentation about how we use the priority, and I > > >> assumed > > >> people use virtio-crypto will configure hardware accelerators in the > > >> host. So I choosed the number which bigger than aesni's priority. > > > > > > Yes, but the aesni driver will only bind if there is HW support in the > > > guest. > > > And if aesni is available in the guest (or the s390 aes function from > > > cpacf) > > > it will always be faster than the same in the host via virtio.So your > > > priority > > > should be smaller. > > > > > > any opinion on this? > > Going forward, we might add an emulated aesni device and that might > become slower than virtio. OTOH if or when this happens, we can solve it > by adding a priority or a feature flag to virtio to raise its priority. > > So I think I agree with Christian here, let's lower the priority. > Gonglei, could you send a patch like this? > OK, will do. Thanks, -Gonglei -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v8 1/1] crypto: add virtio-crypto driver
On Thu, Jan 12, 2017 at 03:10:25PM +0100, Christian Borntraeger wrote: > On 01/10/2017 01:56 PM, Christian Borntraeger wrote: > > On 01/10/2017 01:36 PM, Gonglei (Arei) wrote: > >> Hi, > >> > >>> > >>> On 12/15/2016 03:03 AM, Gonglei wrote: > >>> [...] > + > +static struct crypto_alg virtio_crypto_algs[] = { { > +.cra_name = "cbc(aes)", > +.cra_driver_name = "virtio_crypto_aes_cbc", > +.cra_priority = 501, > >>> > >>> > >>> This is still higher than the hardware-accelerators (like intel aesni or > >>> the > >>> s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported > >>> by the > >>> hardware virtualization and available to the guests. I do not see a way > >>> how > >>> virtio > >>> crypto can be faster than that (in the end it might be cpacf/aesni + > >>> overhead) > >>> instead it will very likely be slower. > >>> So we should use a number that is higher than software implementations but > >>> lower than the hw ones. > >>> > >>> Just grepping around, the software ones seem be be around 100 and the > >>> hardware > >>> ones around 200-400. So why was 150 not enough? > >>> > >> I didn't find a documentation about how we use the priority, and I assumed > >> people use virtio-crypto will configure hardware accelerators in the > >> host. So I choosed the number which bigger than aesni's priority. > > > > Yes, but the aesni driver will only bind if there is HW support in the > > guest. > > And if aesni is available in the guest (or the s390 aes function from cpacf) > > it will always be faster than the same in the host via virtio.So your > > priority > > should be smaller. > > > any opinion on this? Going forward, we might add an emulated aesni device and that might become slower than virtio. OTOH if or when this happens, we can solve it by adding a priority or a feature flag to virtio to raise its priority. So I think I agree with Christian here, let's lower the priority. Gonglei, could you send a patch like this? -- MST -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v8 1/1] crypto: add virtio-crypto driver
On 01/10/2017 01:56 PM, Christian Borntraeger wrote: > On 01/10/2017 01:36 PM, Gonglei (Arei) wrote: >> Hi, >> >>> >>> On 12/15/2016 03:03 AM, Gonglei wrote: >>> [...] + +static struct crypto_alg virtio_crypto_algs[] = { { + .cra_name = "cbc(aes)", + .cra_driver_name = "virtio_crypto_aes_cbc", + .cra_priority = 501, >>> >>> >>> This is still higher than the hardware-accelerators (like intel aesni or the >>> s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported by >>> the >>> hardware virtualization and available to the guests. I do not see a way how >>> virtio >>> crypto can be faster than that (in the end it might be cpacf/aesni + >>> overhead) >>> instead it will very likely be slower. >>> So we should use a number that is higher than software implementations but >>> lower than the hw ones. >>> >>> Just grepping around, the software ones seem be be around 100 and the >>> hardware >>> ones around 200-400. So why was 150 not enough? >>> >> I didn't find a documentation about how we use the priority, and I assumed >> people use virtio-crypto will configure hardware accelerators in the >> host. So I choosed the number which bigger than aesni's priority. > > Yes, but the aesni driver will only bind if there is HW support in the guest. > And if aesni is available in the guest (or the s390 aes function from cpacf) > it will always be faster than the same in the host via virtio.So your priority > should be smaller. any opinion on this? -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v8 1/1] crypto: add virtio-crypto driver
On 01/10/2017 01:36 PM, Gonglei (Arei) wrote: > Hi, > >> >> On 12/15/2016 03:03 AM, Gonglei wrote: >> [...] >>> + >>> +static struct crypto_alg virtio_crypto_algs[] = { { >>> + .cra_name = "cbc(aes)", >>> + .cra_driver_name = "virtio_crypto_aes_cbc", >>> + .cra_priority = 501, >> >> >> This is still higher than the hardware-accelerators (like intel aesni or the >> s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported by >> the >> hardware virtualization and available to the guests. I do not see a way how >> virtio >> crypto can be faster than that (in the end it might be cpacf/aesni + >> overhead) >> instead it will very likely be slower. >> So we should use a number that is higher than software implementations but >> lower than the hw ones. >> >> Just grepping around, the software ones seem be be around 100 and the >> hardware >> ones around 200-400. So why was 150 not enough? >> > I didn't find a documentation about how we use the priority, and I assumed > people use virtio-crypto will configure hardware accelerators in the > host. So I choosed the number which bigger than aesni's priority. Yes, but the aesni driver will only bind if there is HW support in the guest. And if aesni is available in the guest (or the s390 aes function from cpacf) it will always be faster than the same in the host via virtio.So your priority should be smaller. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v8 1/1] crypto: add virtio-crypto driver
Hi, > > On 12/15/2016 03:03 AM, Gonglei wrote: > [...] > > + > > +static struct crypto_alg virtio_crypto_algs[] = { { > > + .cra_name = "cbc(aes)", > > + .cra_driver_name = "virtio_crypto_aes_cbc", > > + .cra_priority = 501, > > > This is still higher than the hardware-accelerators (like intel aesni or the > s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported by the > hardware virtualization and available to the guests. I do not see a way how > virtio > crypto can be faster than that (in the end it might be cpacf/aesni + overhead) > instead it will very likely be slower. > So we should use a number that is higher than software implementations but > lower than the hw ones. > > Just grepping around, the software ones seem be be around 100 and the > hardware > ones around 200-400. So why was 150 not enough? > I didn't find a documentation about how we use the priority, and I assumed people use virtio-crypto will configure hardware accelerators in the host. So I choosed the number which bigger than aesni's priority. Regards, -Gonglei -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v8 1/1] crypto: add virtio-crypto driver
On 12/15/2016 03:03 AM, Gonglei wrote: [...] > + > +static struct crypto_alg virtio_crypto_algs[] = { { > + .cra_name = "cbc(aes)", > + .cra_driver_name = "virtio_crypto_aes_cbc", > + .cra_priority = 501, This is still higher than the hardware-accelerators (like intel aesni or the s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported by the hardware virtualization and available to the guests. I do not see a way how virtio crypto can be faster than that (in the end it might be cpacf/aesni + overhead) instead it will very likely be slower. So we should use a number that is higher than software implementations but lower than the hw ones. Just grepping around, the software ones seem be be around 100 and the hardware ones around 200-400. So why was 150 not enough? Christian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v8 1/1] crypto: add virtio-crypto driver
This patch introduces virtio-crypto driver for Linux Kernel. The virtio crypto device is a virtual cryptography device as well as a kind of virtual hardware accelerator for virtual machines. The encryption anddecryption requests are placed in the data queue and are ultimately handled by thebackend crypto accelerators. The second queue is the control queue used to create or destroy sessions for symmetric algorithms and will control some advanced features in the future. The virtio crypto device provides the following cryptoservices: CIPHER, MAC, HASH, and AEAD. For more information about virtio-crypto device, please see: http://qemu-project.org/Features/VirtioCrypto CC: Michael S. TsirkinCC: Cornelia Huck CC: Stefan Hajnoczi CC: Herbert Xu CC: Halil Pasic CC: David S. Miller CC: Zeng Xin Signed-off-by: Gonglei --- MAINTAINERS | 9 + drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/virtio/Kconfig| 10 + drivers/crypto/virtio/Makefile | 5 + drivers/crypto/virtio/virtio_crypto_algs.c | 540 +++ drivers/crypto/virtio/virtio_crypto_common.h | 128 +++ drivers/crypto/virtio/virtio_crypto_core.c | 476 +++ drivers/crypto/virtio/virtio_crypto_mgr.c| 264 + include/uapi/linux/Kbuild| 1 + include/uapi/linux/virtio_crypto.h | 450 ++ include/uapi/linux/virtio_ids.h | 1 + 12 files changed, 1887 insertions(+) create mode 100644 drivers/crypto/virtio/Kconfig create mode 100644 drivers/crypto/virtio/Makefile create mode 100644 drivers/crypto/virtio/virtio_crypto_algs.c create mode 100644 drivers/crypto/virtio/virtio_crypto_common.h create mode 100644 drivers/crypto/virtio/virtio_crypto_core.c create mode 100644 drivers/crypto/virtio/virtio_crypto_mgr.c create mode 100644 include/uapi/linux/virtio_crypto.h diff --git a/MAINTAINERS b/MAINTAINERS index 1174508..b749f1d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12967,6 +12967,7 @@ F: drivers/net/virtio_net.c F: drivers/block/virtio_blk.c F: include/linux/virtio_*.h F: include/uapi/linux/virtio_*.h +F: drivers/crypto/virtio/ VIRTIO DRIVERS FOR S390 M: Christian Borntraeger @@ -13003,6 +13004,14 @@ S: Maintained F: drivers/virtio/virtio_input.c F: include/uapi/linux/virtio_input.h +VIRTIO CRYPTO DRIVER +M: Gonglei +L: virtualizat...@lists.linux-foundation.org +L: linux-crypto@vger.kernel.org +S: Maintained +F: drivers/crypto/virtio/ +F: include/uapi/linux/virtio_crypto.h + VIA RHINE NETWORK DRIVER S: Orphan F: drivers/net/ethernet/via/via-rhine.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 4d2b81f..7956478 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -555,4 +555,6 @@ config CRYPTO_DEV_ROCKCHIP source "drivers/crypto/chelsio/Kconfig" +source "drivers/crypto/virtio/Kconfig" + endif # CRYPTO_HW diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index ad7250f..bc53cb8 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -32,3 +32,4 @@ obj-$(CONFIG_CRYPTO_DEV_VMX) += vmx/ obj-$(CONFIG_CRYPTO_DEV_SUN4I_SS) += sunxi-ss/ obj-$(CONFIG_CRYPTO_DEV_ROCKCHIP) += rockchip/ obj-$(CONFIG_CRYPTO_DEV_CHELSIO) += chelsio/ +obj-$(CONFIG_CRYPTO_DEV_VIRTIO) += virtio/ diff --git a/drivers/crypto/virtio/Kconfig b/drivers/crypto/virtio/Kconfig new file mode 100644 index 000..d80f733 --- /dev/null +++ b/drivers/crypto/virtio/Kconfig @@ -0,0 +1,10 @@ +config CRYPTO_DEV_VIRTIO + tristate "VirtIO crypto driver" + depends on VIRTIO + select CRYPTO_AEAD + select CRYPTO_AUTHENC + select CRYPTO_BLKCIPHER + default m + help + This driver provides support for virtio crypto device. If you + choose 'M' here, this module will be called virtio_crypto. diff --git a/drivers/crypto/virtio/Makefile b/drivers/crypto/virtio/Makefile new file mode 100644 index 000..dd342c9 --- /dev/null +++ b/drivers/crypto/virtio/Makefile @@ -0,0 +1,5 @@ +obj-$(CONFIG_CRYPTO_DEV_VIRTIO) += virtio_crypto.o +virtio_crypto-objs := \ + virtio_crypto_algs.o \ + virtio_crypto_mgr.o \ + virtio_crypto_core.o diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c new file mode 100644 index 000..c2374df --- /dev/null +++ b/drivers/crypto/virtio/virtio_crypto_algs.c @@ -0,0 +1,540 @@ + /* Algorithms supported by virtio crypto device + * + * Authors: Gonglei + * + * Copyright 2016 HUAWEI TECHNOLOGIES CO.,