summaryrefslogtreecommitdiffstats
path: root/doc/guides/sample_app_ug/vhost_crypto.rst
blob: bbc25bde1c09503b9834ce1a3401e9b3a858af94 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
..  SPDX-License-Identifier: BSD-3-Clause
    Copyright(c) 2017-2018 Intel Corporation.

Vhost_Crypto Sample Application
===============================

The vhost_crypto sample application implemented a simple Crypto device,
which used as the  backend of Qemu vhost-user-crypto device. Similar with
vhost-user-net and vhost-user-scsi device, the sample application used
domain socket to communicate with Qemu, and the virtio ring was processed
by vhost_crypto sample application.

Testing steps
-------------

This section shows the steps how to start a VM with the crypto device as
fast data path for critical application.

Compiling the Application
-------------------------

To compile the sample application see :doc:`compiling`.

The application is located in the ``examples`` sub-directory.

Start the vhost_crypto example
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. code-block:: console

    ./vhost_crypto [EAL options] --
    		--config (lcore,cdev-id,queue-id)[,(lcore,cdev-id,queue-id)]
    		--socket-file lcore,PATH
    		[--zero-copy]
    		[--guest-polling]

where,

* config (lcore,cdev-id,queue-id): build the lcore-cryptodev id-queue id
  connection. Once specified, the specified lcore will only work with
  specified cryptodev's queue.

* socket-file lcore,PATH: the path of UNIX socket file to be created and
  the lcore id that will deal with the all workloads of the socket. Multiple
  instances of this config item is supported and one lcore supports processing
  multiple sockets.

* zero-copy: the presence of this item means the ZERO-COPY feature will be
  enabled. Otherwise it is disabled. PLEASE NOTE the ZERO-COPY feature is still
  in experimental stage and may cause the problem like segmentation fault. If
  the user wants to use LKCF in the guest, this feature shall be turned off.

* guest-polling: the presence of this item means the application assumes the
  guest works in polling mode, thus will NOT notify the guest completion of
  processing.

The application requires that crypto devices capable of performing
the specified crypto operation are available on application initialization.
This means that HW crypto device/s must be bound to a DPDK driver or
a SW crypto device/s (virtual crypto PMD) must be created (using --vdev).

.. _vhost_crypto_app_run_vm:

Start the VM
~~~~~~~~~~~~

.. code-block:: console

    qemu-system-x86_64 -machine accel=kvm \
        -m $mem -object memory-backend-file,id=mem,size=$mem,\
        mem-path=/dev/hugepages,share=on -numa node,memdev=mem \
        -drive file=os.img,if=none,id=disk \
        -device ide-hd,drive=disk,bootindex=0 \
        -chardev socket,id={chardev_id},path={PATH} \
        -object cryptodev-vhost-user,id={obj_id},chardev={chardev_id} \
        -device virtio-crypto-pci,id={dev_id},cryptodev={obj_id} \
        ...

.. note::
    You must check whether your Qemu can support "vhost-user-crypto" or not.