Re: [Qemu-devel] [PATCH v2 00/15] virtio-crypto: introduce framework and device emulation

[Daniel P. Berrange]

On Tue, Sep 13, 2016 at 09:45:05AM +0000, Gonglei (Arei) wrote:
> Hi Daniel,
> 
> Thanks for your comments fristly, please see my embedded reply.
> 
> Regards,
> -Gonglei
> 
> 
> > -----Original Message-----
> > From: Daniel P. Berrange [mailto:address@hidden
> > Sent: Tuesday, September 13, 2016 4:58 PM
> > To: Gonglei (Arei)
> > Cc: address@hidden; address@hidden; Huangpeng
> > (Peter); Luonengjun; address@hidden; address@hidden;
> > address@hidden; Huangweidong (C); address@hidden;
> > address@hidden; address@hidden; Claudio Fontana; address@hidden;
> > address@hidden
> > Subject: Re: [PATCH v2 00/15] virtio-crypto: introduce framework and device
> > emulation
> > 
> > On Tue, Sep 13, 2016 at 11:52:06AM +0800, Gonglei wrote:
> > > Changes since v1:
> > >  - rmmove mixed endian-ness handler for virtio-crypto device, just
> > >    use little-endian. [mst]
> > >  - add sg list support according virtio-crypto spec v10 (will be posted 
> > > soon).
> > >  - fix a memory leak in session handler.
> > >  - add a feature page link in qemu.org
> > (http://qemu-project.org/Features/VirtioCrypto)
> > >  - fix some trivial problems, sush as 's/Since 2.7/Since 2.8/g' in
> > qapi-schema.json
> > >  - rebase the latest qemu master tree.
> > >
> > > Please review, thanks!
> > >
> > > This patch series realize the framework and emulation of a new
> > > virtio crypto device, which is similar with virtio net device.
> > >
> > >  - I introduce the cryptodev backend as the client of virtio crypto device
> > >    which can be realized by different methods, such as cryptodev-linux in 
> > > my
> > series,
> > >    vhost-crypto kernel module, vhost-user etc.
> > >  - The patch set abides by the virtio crypto speccification.
> > >  - The virtio crypto support symmetric algorithms (including CIPHER and
> > algorithm chainning)
> > >    at present, except HASH, MAC and AEAD services.
> > >  - unsupport hot plug/unplug cryptodev client at this moment.
> > >
> > > Cryptodev-linux is a device that allows access to Linux kernel 
> > > cryptographic
> > drivers;
> > > thus allowing of userspace applications to take advantage of hardware
> > accelerators.
> > > It can be found here:
> > >
> > >  http://cryptodev-linux.org/
> > >
> > > (please use the latest version)
> > >
> > > To use the cryptodev-linux as the client, the cryptodev.ko should be 
> > > insert on
> > the host.
> > >
> > >  # enter cryptodev-linux module root directory, then
> > >  make;make install
> > 
> > 
> > The cryptodev kernel module is not upstream and shows no sign of
> > ever being likely to be accepted & merged upstream. On that basis,
> > support for it in QEMU has a firm NACK from me, as trying to support
> > out of tree kernel modules long term never ends well. This is
> > particularly bad because it appears to be the only impl backend
> > you've provided in this series.
> > 
> 
> OK, I agree with you :)  But if we support multiple backends, can
> we keep cryptodev-linux module as one option?

I'm personally against any support for out of tree kernel modules
in QEMU, regardless of whether QEMU also implements alternative
backends, unless there is a strong sign that the module in question
is on the verge of being accepted into mainline Linux. That does
not seem to be the case there - mainline settled on AF_ALG as the
only supported approach AFAICT.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|