| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2017 16:23:16 +0200
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Christian Borntraeger <borntraeger@...ibm.com>
Cc: "Gonglei (Arei)" <arei.gonglei@...wei.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"qemu-devel@...gnu.org" <qemu-devel@...gnu.org>,
"virtio-dev@...ts.oasis-open.org" <virtio-dev@...ts.oasis-open.org>,
"virtualization@...ts.linux-foundation.org"
<virtualization@...ts.linux-foundation.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"Huangweidong (C)" <weidong.huang@...wei.com>,
Claudio Fontana <Claudio.Fontana@...wei.com>,
Luonengjun <luonengjun@...wei.com>,
"Hanweidong (Randy)" <hanweidong@...wei.com>,
"Xuquan (Quan Xu)" <xuquan8@...wei.com>,
"Wanzongshun (Vincent)" <wanzongshun@...wei.com>,
"stefanha@...hat.com" <stefanha@...hat.com>,
"Zhoujian (jay, Euler)" <jianjay.zhou@...wei.com>,
longpeng <longpeng2@...wei.com>,
"arei.gonglei@...mail.com" <arei.gonglei@...mail.com>,
"Wubin (H)" <wu.wubin@...wei.com>
Subject: Re: [PATCH v8 1/1] crypto: add virtio-crypto driver
On Thu, Jan 12, 2017 at 03:10:25PM +0100, Christian Borntraeger wrote:
> On 01/10/2017 01:56 PM, Christian Borntraeger wrote:
> > On 01/10/2017 01:36 PM, Gonglei (Arei) wrote:
> >> Hi,
> >>
> >>>
> >>> On 12/15/2016 03:03 AM, Gonglei wrote:
> >>> [...]
> >>>> +
> >>>> +static struct crypto_alg virtio_crypto_algs[] = { {
> >>>> + .cra_name = "cbc(aes)",
> >>>> + .cra_driver_name = "virtio_crypto_aes_cbc",
> >>>> + .cra_priority = 501,
> >>>
> >>>
> >>> This is still higher than the hardware-accelerators (like intel aesni or the
> >>> s390 cpacf functions or the arm hw). aesni and s390/cpacf are supported by the
> >>> hardware virtualization and available to the guests. I do not see a way how
> >>> virtio
> >>> crypto can be faster than that (in the end it might be cpacf/aesni + overhead)
> >>> instead it will very likely be slower.
> >>> So we should use a number that is higher than software implementations but
> >>> lower than the hw ones.
> >>>
> >>> Just grepping around, the software ones seem be be around 100 and the
> >>> hardware
> >>> ones around 200-400. So why was 150 not enough?
> >>>
> >> I didn't find a documentation about how we use the priority, and I assumed
> >> people use virtio-crypto will configure hardware accelerators in the
> >> host. So I choosed the number which bigger than aesni's priority.
> >
> > Yes, but the aesni driver will only bind if there is HW support in the guest.
> > And if aesni is available in the guest (or the s390 aes function from cpacf)
> > it will always be faster than the same in the host via virtio.So your priority
> > should be smaller.
>
>
> any opinion on this?
Going forward, we might add an emulated aesni device and that might
become slower than virtio. OTOH if or when this happens, we can solve it
by adding a priority or a feature flag to virtio to raise its priority.
So I think I agree with Christian here, let's lower the priority.
Gonglei, could you send a patch like this?
--
MST
Powered by blists - more mailing lists