From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Gonglei <arei.gonglei@huawei.com>,
Longpeng <longpeng2@huawei.com>,
Jay Zhou <jianjay.zhou@huawei.com>
Subject: [Qemu-devel] [PULL 17/26] cryptodev-vhost-user: add crypto session handler
Date: Thu, 8 Feb 2018 21:09:14 +0200 [thread overview]
Message-ID: <1518116908-10852-18-git-send-email-mst@redhat.com> (raw)
In-Reply-To: <1518116908-10852-1-git-send-email-mst@redhat.com>
From: Gonglei <arei.gonglei@huawei.com>
Introduce two vhost-user meassges: VHOST_USER_CREATE_CRYPTO_SESSION
and VHOST_USER_CLOSE_CRYPTO_SESSION. At this point, the QEMU side
support crypto operation in cryptodev host-user backend.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
docs/interop/vhost-user.txt | 26 ++++++++++
include/hw/virtio/vhost-backend.h | 8 +++
backends/cryptodev-vhost-user.c | 48 ++++++++++++++----
hw/virtio/vhost-user.c | 104 ++++++++++++++++++++++++++++++++++++++
4 files changed, 175 insertions(+), 11 deletions(-)
diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
index 9fcf48d..cb3a759 100644
--- a/docs/interop/vhost-user.txt
+++ b/docs/interop/vhost-user.txt
@@ -368,6 +368,7 @@ Protocol features
#define VHOST_USER_PROTOCOL_F_MTU 4
#define VHOST_USER_PROTOCOL_F_SLAVE_REQ 5
#define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN 6
+#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
Master message types
--------------------
@@ -663,6 +664,31 @@ Master message types
field, and slaves MUST NOT accept SET_CONFIG for read-only
configuration space fields unless the live migration bit is set.
+* VHOST_USER_CREATE_CRYPTO_SESSION
+
+ Id: 26
+ Equivalent ioctl: N/A
+ Master payload: crypto session description
+ Slave payload: crypto session description
+
+ Create a session for crypto operation. The server side must return the
+ session id, 0 or positive for success, negative for failure.
+ This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+ feature has been successfully negotiated.
+ It's a required feature for crypto devices.
+
+* VHOST_USER_CLOSE_CRYPTO_SESSION
+
+ Id: 27
+ Equivalent ioctl: N/A
+ Master payload: u64
+
+ Close a session for crypto operation which was previously
+ created by VHOST_USER_CREATE_CRYPTO_SESSION.
+ This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+ feature has been successfully negotiated.
+ It's a required feature for crypto devices.
+
Slave message types
-------------------
diff --git a/include/hw/virtio/vhost-backend.h b/include/hw/virtio/vhost-backend.h
index 592254f..5dac61f 100644
--- a/include/hw/virtio/vhost-backend.h
+++ b/include/hw/virtio/vhost-backend.h
@@ -95,6 +95,12 @@ typedef int (*vhost_set_config_op)(struct vhost_dev *dev, const uint8_t *data,
typedef int (*vhost_get_config_op)(struct vhost_dev *dev, uint8_t *config,
uint32_t config_len);
+typedef int (*vhost_crypto_create_session_op)(struct vhost_dev *dev,
+ void *session_info,
+ uint64_t *session_id);
+typedef int (*vhost_crypto_close_session_op)(struct vhost_dev *dev,
+ uint64_t session_id);
+
typedef struct VhostOps {
VhostBackendType backend_type;
vhost_backend_init vhost_backend_init;
@@ -130,6 +136,8 @@ typedef struct VhostOps {
vhost_send_device_iotlb_msg_op vhost_send_device_iotlb_msg;
vhost_get_config_op vhost_get_config;
vhost_set_config_op vhost_set_config;
+ vhost_crypto_create_session_op vhost_crypto_create_session;
+ vhost_crypto_close_session_op vhost_crypto_close_session;
} VhostOps;
extern const VhostOps user_ops;
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 0b1f049..7bd0929 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -233,7 +233,25 @@ static int64_t cryptodev_vhost_user_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
{
- return 0;
+ CryptoDevBackendClient *cc =
+ backend->conf.peers.ccs[queue_index];
+ CryptoDevBackendVhost *vhost_crypto;
+ uint64_t session_id = 0;
+ int ret;
+
+ vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index);
+ if (vhost_crypto) {
+ struct vhost_dev *dev = &(vhost_crypto->dev);
+ ret = dev->vhost_ops->vhost_crypto_create_session(dev,
+ sess_info,
+ &session_id);
+ if (ret < 0) {
+ return -1;
+ } else {
+ return session_id;
+ }
+ }
+ return -1;
}
static int cryptodev_vhost_user_sym_close_session(
@@ -241,15 +259,23 @@ static int cryptodev_vhost_user_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
{
- return 0;
-}
-
-static int cryptodev_vhost_user_sym_operation(
- CryptoDevBackend *backend,
- CryptoDevBackendSymOpInfo *op_info,
- uint32_t queue_index, Error **errp)
-{
- return VIRTIO_CRYPTO_OK;
+ CryptoDevBackendClient *cc =
+ backend->conf.peers.ccs[queue_index];
+ CryptoDevBackendVhost *vhost_crypto;
+ int ret;
+
+ vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index);
+ if (vhost_crypto) {
+ struct vhost_dev *dev = &(vhost_crypto->dev);
+ ret = dev->vhost_ops->vhost_crypto_close_session(dev,
+ session_id);
+ if (ret < 0) {
+ return -1;
+ } else {
+ return 0;
+ }
+ }
+ return -1;
}
static void cryptodev_vhost_user_cleanup(
@@ -328,7 +354,7 @@ cryptodev_vhost_user_class_init(ObjectClass *oc, void *data)
bc->cleanup = cryptodev_vhost_user_cleanup;
bc->create_session = cryptodev_vhost_user_sym_create_session;
bc->close_session = cryptodev_vhost_user_sym_close_session;
- bc->do_sym_op = cryptodev_vhost_user_sym_operation;
+ bc->do_sym_op = NULL;
}
static const TypeInfo cryptodev_vhost_user_info = {
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 6eb9798..41ff5cf 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -17,6 +17,7 @@
#include "sysemu/kvm.h"
#include "qemu/error-report.h"
#include "qemu/sockets.h"
+#include "sysemu/cryptodev.h"
#include <sys/ioctl.h>
#include <sys/socket.h>
@@ -39,6 +40,7 @@ enum VhostUserProtocolFeature {
VHOST_USER_PROTOCOL_F_NET_MTU = 4,
VHOST_USER_PROTOCOL_F_SLAVE_REQ = 5,
VHOST_USER_PROTOCOL_F_CROSS_ENDIAN = 6,
+ VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
VHOST_USER_PROTOCOL_F_MAX
};
@@ -72,6 +74,8 @@ typedef enum VhostUserRequest {
VHOST_USER_SET_VRING_ENDIAN = 23,
VHOST_USER_GET_CONFIG = 24,
VHOST_USER_SET_CONFIG = 25,
+ VHOST_USER_CREATE_CRYPTO_SESSION = 26,
+ VHOST_USER_CLOSE_CRYPTO_SESSION = 27,
VHOST_USER_MAX
} VhostUserRequest;
@@ -107,6 +111,17 @@ typedef struct VhostUserConfig {
uint8_t region[VHOST_USER_MAX_CONFIG_SIZE];
} VhostUserConfig;
+#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512
+#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64
+
+typedef struct VhostUserCryptoSession {
+ /* session id for success, -1 on errors */
+ int64_t session_id;
+ CryptoDevBackendSymSessionInfo session_setup_data;
+ uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
+ uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
+} VhostUserCryptoSession;
+
static VhostUserConfig c __attribute__ ((unused));
#define VHOST_USER_CONFIG_HDR_SIZE (sizeof(c.offset) \
+ sizeof(c.size) \
@@ -132,6 +147,7 @@ typedef union {
VhostUserLog log;
struct vhost_iotlb_msg iotlb;
VhostUserConfig config;
+ VhostUserCryptoSession session;
} VhostUserPayload;
typedef struct VhostUserMsg {
@@ -1054,6 +1070,92 @@ static int vhost_user_set_config(struct vhost_dev *dev, const uint8_t *data,
return 0;
}
+static int vhost_user_crypto_create_session(struct vhost_dev *dev,
+ void *session_info,
+ uint64_t *session_id)
+{
+ bool crypto_session = virtio_has_feature(dev->protocol_features,
+ VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
+ CryptoDevBackendSymSessionInfo *sess_info = session_info;
+ VhostUserMsg msg = {
+ .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
+ .hdr.flags = VHOST_USER_VERSION,
+ .hdr.size = sizeof(msg.payload.session),
+ };
+
+ assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER);
+
+ if (!crypto_session) {
+ error_report("vhost-user trying to send unhandled ioctl");
+ return -1;
+ }
+
+ memcpy(&msg.payload.session.session_setup_data, sess_info,
+ sizeof(CryptoDevBackendSymSessionInfo));
+ if (sess_info->key_len) {
+ memcpy(&msg.payload.session.key, sess_info->cipher_key,
+ sess_info->key_len);
+ }
+ if (sess_info->auth_key_len > 0) {
+ memcpy(&msg.payload.session.auth_key, sess_info->auth_key,
+ sess_info->auth_key_len);
+ }
+ if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
+ error_report("vhost_user_write() return -1, create session failed");
+ return -1;
+ }
+
+ if (vhost_user_read(dev, &msg) < 0) {
+ error_report("vhost_user_read() return -1, create session failed");
+ return -1;
+ }
+
+ if (msg.hdr.request != VHOST_USER_CREATE_CRYPTO_SESSION) {
+ error_report("Received unexpected msg type. Expected %d received %d",
+ VHOST_USER_CREATE_CRYPTO_SESSION, msg.hdr.request);
+ return -1;
+ }
+
+ if (msg.hdr.size != sizeof(msg.payload.session)) {
+ error_report("Received bad msg size.");
+ return -1;
+ }
+
+ if (msg.payload.session.session_id < 0) {
+ error_report("Bad session id: %" PRId64 "",
+ msg.payload.session.session_id);
+ return -1;
+ }
+ *session_id = msg.payload.session.session_id;
+
+ return 0;
+}
+
+static int
+vhost_user_crypto_close_session(struct vhost_dev *dev, uint64_t session_id)
+{
+ bool crypto_session = virtio_has_feature(dev->protocol_features,
+ VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
+ VhostUserMsg msg = {
+ .hdr.request = VHOST_USER_CLOSE_CRYPTO_SESSION,
+ .hdr.flags = VHOST_USER_VERSION,
+ .hdr.size = sizeof(msg.payload.u64),
+ };
+ msg.payload.u64 = session_id;
+
+ if (!crypto_session) {
+ error_report("vhost-user trying to send unhandled ioctl");
+ return -1;
+ }
+
+ if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
+ error_report("vhost_user_write() return -1, close session failed");
+ return -1;
+ }
+
+ return 0;
+}
+
const VhostOps user_ops = {
.backend_type = VHOST_BACKEND_TYPE_USER,
.vhost_backend_init = vhost_user_init,
@@ -1082,4 +1184,6 @@ const VhostOps user_ops = {
.vhost_send_device_iotlb_msg = vhost_user_send_device_iotlb_msg,
.vhost_get_config = vhost_user_get_config,
.vhost_set_config = vhost_user_set_config,
+ .vhost_crypto_create_session = vhost_user_crypto_create_session,
+ .vhost_crypto_close_session = vhost_user_crypto_close_session,
};
--
MST
next prev parent reply other threads:[~2018-02-08 19:09 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-08 19:08 [Qemu-devel] [PULL 00/26] virtio, vhost, pci, pc: features, fixes and cleanups Michael S. Tsirkin
2018-02-08 19:08 ` [Qemu-devel] [PULL 01/26] Revert "vhost: add traces for memory listeners" Michael S. Tsirkin
2018-02-08 19:08 ` [Qemu-devel] [PULL 02/26] virtio: remove event notifier cleanup call on de-assign Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 04/26] vhost: Build temporary section list and deref after commit Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 07/26] vhost: Regenerate region list from changed sections list Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 06/26] vhost: Merge sections added to temporary list Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 05/26] vhost: Simplify ring verification checks Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 09/26] vhost: Merge and delete unused callbacks Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 08/26] vhost: Clean out old vhost_set_memory and friends Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 11/26] pci-bridge/i82801b11: clear bridge registers on platform reset Michael S. Tsirkin
2018-03-23 18:42 ` Laszlo Ersek
2018-04-05 21:32 ` Michael Roth
2018-02-08 19:09 ` [Qemu-devel] [PULL 10/26] vhost: Move log_dirty check Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 12/26] pci/bus: let it has higher migration priority Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 13/26] virtio-blk: enable multiple vectors when using multiple I/O queues Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 14/26] pci: removed the is_express field since a uniform interface was inserted Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 15/26] cryptodev: add vhost-user as a new cryptodev backend Michael S. Tsirkin
2018-02-13 16:54 ` Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 16/26] cryptodev: add vhost support Michael S. Tsirkin
2018-02-08 19:09 ` Michael S. Tsirkin [this message]
2018-02-08 19:09 ` [Qemu-devel] [PULL 19/26] virtio-balloon: unref the memory region before continuing Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 18/26] cryptodev-vhost-user: set the key length Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 20/26] libvhost-user: Fix resource leak Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 21/26] libvhost-user: Support across-memory-boundary access Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 22/26] hw/pci-bridge: fix pcie root port's IO hints capability Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 23/26] tests: acpi: fix FADT not being compared to reference table Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 24/26] lpc: drop pcie host dependency Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 25/26] acpi-test: update FADT Michael S. Tsirkin
2018-02-08 19:09 ` [Qemu-devel] [PULL 26/26] virtio-balloon: include statistics of disk/file caches Michael S. Tsirkin
2018-02-08 19:11 ` [Qemu-devel] [PULL 03/26] virtio: improve virtio devices initialization time Michael S. Tsirkin
2018-02-09 10:06 ` [Qemu-devel] [PULL 00/26] virtio, vhost, pci, pc: features, fixes and cleanups Peter Maydell
2018-02-09 17:07 ` Michael S. Tsirkin
2018-02-12 9:35 ` Peter Maydell
2018-02-13 16:33 ` Peter Maydell
2018-02-13 16:52 ` Michael S. Tsirkin
2018-02-13 18:23 ` Peter Maydell
2018-02-14 2:21 ` Zhoujian (jay)
2018-02-10 11:26 ` Gonglei (Arei)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1518116908-10852-18-git-send-email-mst@redhat.com \
--to=mst@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=jianjay.zhou@huawei.com \
--cc=longpeng2@huawei.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).