[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v10 0/2] virtio-crypto: virtio crypto device spe
|
From: |
Gonglei (Arei) |
|
Subject: |
Re: [Qemu-devel] [PATCH v10 0/2] virtio-crypto: virtio crypto device specification |
|
Date: |
Mon, 26 Sep 2016 01:15:48 +0000 |
Hi,
Virtio-1 device (virtio_pci_modern) is supported since 2015 in Linux kernel, so
that lots of existing Guest can't support virtio-1.0 device. But the scenario of
virtio crypto device is mostly NFV, which require the existing Guest can't need
to do any changes to support virtio crypto, so that they can easily migrate the
existing network units to VM. That's also a basic requirement came from our
customers.
So I'd like to emulate the virtio crypto device as a transitional device by
default
(Of course you can easily emulate it as a modern device by
'disable-legacy=on disable-modren = off'), then it's require a transitional PCI
device ID.
I want to reserve 0x1014 (20) because virtio crypto device ID is 20.
What's your opinion? Thanks!
If your don't object it, I'll add this in next virtio crypto spec version and
update
corresponding code in QEMU.
Regards,
-Gonglei
> -----Original Message-----
> From: Gonglei (Arei)
> Sent: Tuesday, September 20, 2016 5:46 PM
> To: address@hidden; address@hidden
> Cc: Huangpeng (Peter); Luonengjun; address@hidden;
> address@hidden; address@hidden;
> address@hidden; Jani Kokkonen; address@hidden;
> address@hidden; address@hidden; address@hidden;
> address@hidden; address@hidden; Hanweidong (Randy);
> Huangweidong (C); address@hidden; address@hidden; Claudio Fontana;
> Zhoujian (jay, Euler); address@hidden; address@hidden; Wubin (H);
> Gonglei (Arei)
> Subject: [PATCH v10 0/2] virtio-crypto: virtio crypto device specification
>
> This is the specification about a new virtio crypto device.
>
> You can get the source code from the below website:
>
> [PATCH v3 00/10] virtio-crypto: introduce framework and device emulation
> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04132.html
>
> Please help to review, thanks.
>
> CC: Michael S. Tsirkin <address@hidden>
> CC: Cornelia Huck <address@hidden>
> CC: Stefan Hajnoczi <address@hidden>
> CC: Lingli Deng <address@hidden>
> CC: Jani Kokkonen <address@hidden>
> CC: Ola Liljedahl <address@hidden>
> CC: Varun Sethi <address@hidden>
> CC: Zeng Xin <address@hidden>
> CC: Keating Brian <address@hidden>
> CC: Ma Liang J <address@hidden>
> CC: Griffin John <address@hidden>
> CC: Hanweidong <address@hidden>
> CC: Mihai Claudiu Caraman <address@hidden>
>
> Changes since v9:
> - request a native speaker go over the text and fix corresponding grammar
> issues. [mst]
> - make some description more appropriated over here and there. [mst]
> - rewrite some requirement for both device and driver. [mst]
> - use RFC 2119 keywords. [mst]
> - fix some complaints by Xelatex and typoes. [Xin Zeng]
> - add scatter/getter chain support for possible large block data.
>
> Thanks for your review, Michael and Xin.
>
> Changes from v8:
> - add additional auth gpa and length to struct virtio_crypto_sym_data_req;
> - add definition of op in struct virtio_crypto_cipher_session_para,
> VIRTIO_CRYPTO_OP_ENCRYPT and VIRTIO_CRYPTO_OP_DECRYPT;
> - make all structures 64bit aligned in order to support different
> architectures more conveniently [Alex & Stefan]
> - change to devicenormative{\subsection} and \drivernormative{\subsection}
> in some sections [Stefan]
> - driver does not have to initialize all data virtqueues if it wants to use
> fewer
> [Stefan]
> - drop VIRTIO_CRYPTO_NO_SERVICE definition [Stefan]
> - many grammatical problems and typos. [Stefan]
> - rename VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9 to
> VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9,
> and VIRTIO_CRYPTO_MAC_CMAC_SNOW3G_UIA2 to
> VIRTIO_CRYPTO_MAC_SNOW3G_UIA2. [Liang Ma]
> - drop queue_id property of struct virtio_crypto_op_data_req.
> - reconstruct some structures about session operation request.
> - introduce struct virtio_crypto_alg_chain_session_req and struct
> virtio_crypto_alg_chain_data_req,
> introduce chain para, output, input structures as well.
> - change some sections' layout for better compatibility, for asymmetric
> algos.
> [Xin Zeng]
>
> Changes from v7:
> - fix some grammar or typo problems.
> - add more detailed description at steps of encryption section.
>
> Changes from v6:
> - drop verion filed in struct virtio_crypto_config. [Michael & Cornelia]
> - change the incorrect description in initialization routine. [Zeng Xin]
> - redefine flag u16 to make structure alignment. [Zeng Xin]
> - move the content of virtio_crypto_hash_session_para into
> virtio_crypto_hash_session_input directly, Same to MAC/SYM/AEAD
> session creation. [Zeng Xin]
> - adjuest the sequence of idata and odata refer to the virtio scsi parts,
> meanwhile add the comments of device-readable/writable for them.
> - add restrictive documents for the guest memory in some structure, which
> MUST be gauranted to be allocated and physically-contiguous.
>
> Changes from v5:
> - add conformance clauses for virtio crypto device. [Michael]
> - drop VIRTIO_CRYPTO_S_STARTED. [Michael]
> - fix some characters problems. [Stefan]
> - add a MAC algorithm, named VIRTIO_CRYPTO_MAC_ZUC_EIA3. [Zeng Xin]
> - add the fourth return code, named VIRTIO_CRYPTO_OP_INVSESS used
> for invalid session id when executing crypto operations.
> - drop some gpu stuff forgot to delete. [Michael]
> - convert tab to space all over the content.
>
> Changes from v4:
> - introduce crypto services into virtio crypto device. The services
> currently defined are CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
> - define a unified crypto request format that is consisted of
> general header + service specific request, Where 'general header' is for
> all
> crypto request, 'service specific request' is composed of
> operation parameter + input data + output data in generally.
> operation parameter is algorithm-specific parameters,
> input data is the data should be operated ,
> output data is the "operation result + result buffer".
> - redefine the algorithms and structure based on above crypto services.
> - rearrange the title and subtitle
> - Only support CIPHER, MAC, HASH and AEAD crypto services, and Xin will
> focus KDF, ASYM and PRIMITIVE services.
> - Some other corresponding fixes.
> - Make a formal patch using tex type.
>
> This version is a big reconstruction based on Zeng, Xin' comments, thanks a
> lot.
>
> Changes from v3:
> - Don't use enum is the spec but macros in specific structures. [Michael &
> Stefan]
> - Add two complete structures for session creation and closing, so that
> the spec is clear on how to lay out the request. [Stefan]
> - Definite the crypto operation request with assigned structure, in this way,
> each data request only occupies *one entry* of the Vring descriptor table,
> which *improves* the *throughput* of data transferring.
>
> Changes from v2:
> - Reserve virtio device ID 20 for crypto device. [Cornelia]
> - Drop all feature bits, those capabilities are offered by the device all
> the time.
> [Stefan & Cornelia]
> - Add a new section 1.4.2 for driver requirements. [Stefan]
> - Use definite type definition instead of enum type in some structure.
> [Stefan]
> - Add virtio_crypto_cipher_alg definition. [Stefan]
> - Add a "Device requirements" section as using MUST. [Stefan]
> - Some grammar nits fixes and typo fixes. [Stefan & Cornelia]
> - Add one VIRTIO_CRYPTO_S_STARTED status for the driver as the flag of
> virtio-crypto device started and can work now.
>
> Great thanks for Stefan and Cornelia!
>
> Changes from v1:
> - Drop the feature bit definition for each algorithm, and using config space
> instead [Cornelia]
> - Add multiqueue support and add corresponding feature bit
> - Update Encryption process and header definition
> - Add session operation process and add corresponding header description
> - Other better description in order to fit for virtio spec [Michael]
> - Some other trivial fixes.
>
>
> Gonglei (2):
> virtio-crypto: Add virtio crypto device specification
> virtio-crypto: Add conformance clauses
>
> conformance.tex | 30 ++
> content.tex | 2 +
> virtio-crypto.tex | 942
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 974 insertions(+)
> create mode 100644 virtio-crypto.tex
>
> --
> 1.7.12.4
>