37. Vhost_Crypto Sample Application

The vhost_crypto sample application implemented a simple Crypto device, which used as the backend of Qemu vhost-user-crypto device. Similar with vhost-user-net and vhost-user-scsi device, the sample application used domain socket to communicate with Qemu, and the virtio ring was processed by vhost_crypto sample application.

37.1. Testing steps

This section shows the steps how to start a VM with the crypto device as fast data path for critical application.

37.2. Compiling the Application

To compile the sample application see Compiling the Sample Applications.

The application is located in the examples sub-directory.

37.2.1. Start the vhost_crypto example

./vhost_crypto [EAL options] -- [--socket-file PATH]
    [--cdev-id ID] [--cdev-queue-id ID] [--zero-copy] [--guest-polling]

where,

  • socket-file PATH: the path of UNIX socket file to be created, multiple instances of this config item is supported. Upon absence of this item, the default socket-file /tmp/vhost_crypto1.socket is used.
  • cdev-id ID: the target DPDK Cryptodev’s ID to process the actual crypto workload. Upon absence of this item the default value of 0 will be used. For details of DPDK Cryptodev, please refer to DPDK Cryptodev Library Programmers’ Guide.
  • cdev-queue-id ID: the target DPDK Cryptodev’s queue ID to process the actual crypto workload. Upon absence of this item the default value of 0 will be used. For details of DPDK Cryptodev, please refer to DPDK Cryptodev Library Programmers’ Guide.
  • zero-copy: the presence of this item means the ZERO-COPY feature will be enabled. Otherwise it is disabled. PLEASE NOTE the ZERO-COPY feature is still in experimental stage and may cause the problem like segmentation fault. If the user wants to use LKCF in the guest, this feature shall be turned off.
  • guest-polling: the presence of this item means the application assumes the guest works in polling mode, thus will NOT notify the guest completion of processing.

The application requires that crypto devices capable of performing the specified crypto operation are available on application initialization. This means that HW crypto device/s must be bound to a DPDK driver or a SW crypto device/s (virtual crypto PMD) must be created (using –vdev).

37.2.2. Start the VM

qemu-system-x86_64 -machine accel=kvm \
    -m $mem -object memory-backend-file,id=mem,size=$mem,\
    mem-path=/dev/hugepages,share=on -numa node,memdev=mem \
    -drive file=os.img,if=none,id=disk \
    -device ide-hd,drive=disk,bootindex=0 \
    -chardev socket,id={chardev_id},path={PATH} \
    -object cryptodev-vhost-user,id={obj_id},chardev={chardev_id} \
    -device virtio-crypto-pci,id={dev_id},cryptodev={obj_id} \
    ...

Note

You must check whether your Qemu can support “vhost-user-crypto” or not.