@@ -95,6 +95,9 @@ static void cryptodev_builtin_init(
backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
+ backend->sym_stat = g_new0(QCryptodevBackendSymStat, 1);
+ backend->asym_stat = g_new0(QCryptodevBackendAsymStat, 1);
+
cryptodev_backend_set_ready(backend, true);
}
@@ -433,6 +436,7 @@ static int cryptodev_builtin_close_session(
}
static int cryptodev_builtin_sym_operation(
+ CryptoDevBackend *backend,
CryptoDevBackendBuiltinSession *sess,
CryptoDevBackendSymOpInfo *op_info, Error **errp)
{
@@ -458,12 +462,14 @@ static int cryptodev_builtin_sym_operation(
if (ret < 0) {
return -VIRTIO_CRYPTO_ERR;
}
+ QCryptodevSymStatIncEncrypt(backend, op_info->src_len);
} else {
ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src,
op_info->dst, op_info->src_len, errp);
if (ret < 0) {
return -VIRTIO_CRYPTO_ERR;
}
+ QCryptodevSymStatIncDecrypt(backend, op_info->src_len);
}
return VIRTIO_CRYPTO_OK;
@@ -551,7 +557,7 @@ static int cryptodev_builtin_operation(
sess = builtin->sessions[op_info->session_id];
if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
sym_op_info = op_info->u.sym_op_info;
- status = cryptodev_builtin_sym_operation(sess, sym_op_info,
+ status = cryptodev_builtin_sym_operation(backend, sess, sym_op_info,
&local_error);
} else if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
asym_op_info = op_info->u.asym_op_info;
@@ -233,6 +233,7 @@ static void cryptodev_lkcf_init(CryptoDevBackend *backend, Error **errp)
1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER;
backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
lkcf->running = true;
+ backend->asym_stat = g_new0(QCryptodevBackendAsymStat, 1);
QSIMPLEQ_INIT(&lkcf->requests);
QSIMPLEQ_INIT(&lkcf->responses);
@@ -48,6 +48,18 @@ static int qmp_query_cryptodev_foreach(Object *obj, void *data)
info->id = g_strdup(object_get_canonical_path_component(obj));
backend = CRYPTODEV_BACKEND(obj);
+ if (backend->sym_stat) {
+ info->has_sym_stat = true;
+ info->sym_stat = g_memdup2(backend->sym_stat,
+ sizeof(QCryptodevBackendSymStat));
+ }
+
+ if (backend->asym_stat) {
+ info->has_asym_stat = true;
+ info->asym_stat = g_memdup2(backend->asym_stat,
+ sizeof(QCryptodevBackendAsymStat));
+ }
+
services = backend->conf.crypto_services;
for (uint32_t i = 0; i < QCRYPTODEV_BACKEND_SERVICE__MAX; i++) {
if (services & (1 << i)) {
@@ -111,6 +123,9 @@ void cryptodev_backend_cleanup(
if (bc->cleanup) {
bc->cleanup(backend, errp);
}
+
+ g_free(backend->sym_stat);
+ g_free(backend->asym_stat);
}
int cryptodev_backend_create_session(
@@ -171,8 +186,26 @@ int cryptodev_backend_crypto_operation(
CryptoDevBackendOpInfo *op_info = &req->op_info;
enum QCryptodevBackendAlgType algtype = req->flags;
- if ((algtype != QCRYPTODEV_BACKEND_ALG_SYM)
- && (algtype != QCRYPTODEV_BACKEND_ALG_ASYM)) {
+ /* symmetric statistics need to be recorded in driver */
+ if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
+ CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
+ switch (op_info->op_code) {
+ case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT:
+ QCryptodevAsymStatIncEncrypt(backend, asym_op_info->src_len);
+ break;
+ case VIRTIO_CRYPTO_AKCIPHER_DECRYPT:
+ QCryptodevAsymStatIncDecrypt(backend, asym_op_info->src_len);
+ break;
+ case VIRTIO_CRYPTO_AKCIPHER_SIGN:
+ QCryptodevAsymStatIncSign(backend, asym_op_info->src_len);
+ break;
+ case VIRTIO_CRYPTO_AKCIPHER_VERIFY:
+ QCryptodevAsymStatIncVerify(backend, asym_op_info->src_len);
+ break;
+ default:
+ return -VIRTIO_CRYPTO_NOTSUPP;
+ }
+ } else if (algtype != QCRYPTODEV_BACKEND_ALG_SYM) {
error_report("Unsupported cryptodev alg type: %" PRIu32 "", algtype);
return -VIRTIO_CRYPTO_NOTSUPP;
}
@@ -252,8 +252,38 @@ struct CryptoDevBackend {
/* Tag the cryptodev backend is used by virtio-crypto or not */
bool is_used;
CryptoDevBackendConf conf;
+ QCryptodevBackendSymStat *sym_stat;
+ QCryptodevBackendAsymStat *asym_stat;
};
+#define QCryptodevSymStatInc(be, op, bytes) do { \
+ be->sym_stat->op##_bytes += (bytes); \
+ be->sym_stat->op##_ops += 1; \
+} while (/*CONSTCOND*/0)
+
+#define QCryptodevSymStatIncEncrypt(be, bytes) \
+ QCryptodevSymStatInc(be, encrypt, bytes)
+
+#define QCryptodevSymStatIncDecrypt(be, bytes) \
+ QCryptodevSymStatInc(be, decrypt, bytes)
+
+#define QCryptodevAsymStatInc(be, op, bytes) do { \
+ be->asym_stat->op##_bytes += (bytes); \
+ be->asym_stat->op##_ops += 1; \
+} while (/*CONSTCOND*/0)
+
+#define QCryptodevAsymStatIncEncrypt(be, bytes) \
+ QCryptodevAsymStatInc(be, encrypt, bytes)
+
+#define QCryptodevAsymStatIncDecrypt(be, bytes) \
+ QCryptodevAsymStatInc(be, decrypt, bytes)
+
+#define QCryptodevAsymStatIncSign(be, bytes) \
+ QCryptodevAsymStatInc(be, sign, bytes)
+
+#define QCryptodevAsymStatIncVerify(be, bytes) \
+ QCryptodevAsymStatInc(be, verify, bytes)
+
/**
* cryptodev_backend_new_client:
*
@@ -60,6 +60,60 @@
'type': 'QCryptodevBackendType',
'*info': 'str' } }
+##
+# @QCryptodevBackendSymStat:
+#
+# The statistics of symmetric operation.
+#
+# @encrypt-ops: the operations of symmetric encryption
+#
+# @decrypt-ops: the operations of symmetric decryption
+#
+# @encrypt-bytes: the bytes of symmetric encryption
+#
+# @decrypt-bytes: the bytes of symmetric decryption
+#
+# Since: 8.0
+##
+{ 'struct': 'QCryptodevBackendSymStat',
+ 'data': { 'encrypt-ops': 'int',
+ 'decrypt-ops': 'int',
+ 'encrypt-bytes': 'int',
+ 'decrypt-bytes': 'int' } }
+
+##
+# @QCryptodevBackendAsymStat:
+#
+# The statistics of asymmetric operation.
+#
+# @encrypt-ops: the operations of asymmetric encryption
+#
+# @decrypt-ops: the operations of asymmetric decryption
+#
+# @sign-ops: the operations of asymmetric signature
+#
+# @verify-ops: the operations of asymmetric verification
+#
+# @encrypt-bytes: the bytes of asymmetric encryption
+#
+# @decrypt-bytes: the bytes of asymmetric decryption
+#
+# @sign-bytes: the bytes of asymmetric signature
+#
+# @verify-bytes: the bytes of asymmetric verification
+#
+# Since: 8.0
+##
+{ 'struct': 'QCryptodevBackendAsymStat',
+ 'data': { 'encrypt-ops': 'int',
+ 'decrypt-ops': 'int',
+ 'sign-ops': 'int',
+ 'verify-ops': 'int',
+ 'encrypt-bytes': 'int',
+ 'decrypt-bytes': 'int',
+ 'sign-bytes': 'int',
+ 'verify-bytes': 'int' } }
+
##
# @CryptodevInfo:
#
@@ -74,7 +128,9 @@
{ 'struct': 'CryptodevInfo',
'data': { 'id': 'str',
'service': ['QCryptodevBackendServiceType'],
- 'client': ['CryptodevBackendClient'] } }
+ 'client': ['CryptodevBackendClient'],
+ '*sym-stat': 'QCryptodevBackendSymStat',
+ '*asym-stat': 'QCryptodevBackendAsymStat' } }
##
# @query-cryptodev:
Introduce cryptodev statistics in QAPI, and record OPS/Bandwidth for each crypto device. Example of this feature: virsh qemu-monitor-command vm '{"execute": "query-cryptodev"}' | jq { "return": [ { "service": [ "akcipher", "mac", "hash", "cipher" ], "asym-stat": { "encrypt-ops": 0, "verify-bytes": 0, "sign-ops": 0, "verify-ops": 0, "sign-bytes": 0, "decrypt-bytes": 0, "decrypt-ops": 0, "encrypt-bytes": 0 }, "sym-stat": { "encrypt-ops": 40, "decrypt-bytes": 5376, "decrypt-ops": 40, "encrypt-bytes": 5376 }, "id": "cryptodev1", "client": [ { "queue": 0, "type": "builtin", "info": "cryptodev-builtin0" } ] }, { "service": [ "akcipher" ], "asym-stat": { "encrypt-ops": 54, "verify-bytes": 8704, "sign-ops": 17, "verify-ops": 34, "sign-bytes": 340, "decrypt-bytes": 9215, "decrypt-ops": 36, "encrypt-bytes": 13294 }, "id": "cryptodev0", "client": [ { "queue": 0, "type": "lkcf", "info": "cryptodev-lkcf0" } ] } ], "id": "libvirt-424" } Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- backends/cryptodev-builtin.c | 8 ++++- backends/cryptodev-lkcf.c | 1 + backends/cryptodev.c | 37 +++++++++++++++++++++-- include/sysemu/cryptodev.h | 30 +++++++++++++++++++ qapi/cryptodev.json | 58 +++++++++++++++++++++++++++++++++++- 5 files changed, 130 insertions(+), 4 deletions(-)