Re: [PATCH v4 04/13] cryptodev: introduce a new cryptodev backend

[Stefan Hajnoczi <stefanha@redhat.com>]

On Wed, Oct 05, 2016 at 03:19:44AM +0000, Gonglei (Arei) wrote:
> > -----Original Message-----
> > From: Stefan Hajnoczi [mailto:stefanha@redhat.com]
> > Sent: Tuesday, October 04, 2016 12:32 AM
> > Subject: Re: [PATCH v4 04/13] cryptodev: introduce a new cryptodev backend
> > 
> > On Wed, Sep 28, 2016 at 04:25:43PM +0800, Gonglei wrote:
> > > +/* Max number of symetrical sessions */
> > 
> > s/symetrical/symmetric/
> > 
> > But why does the comment say "symetrical" when the constant name
> > MAX_NUM_SESSIONS seems to be a global limit for *all* sessions (not just
> > symmetric)?
> > 
> > > +#define MAX_NUM_SESSIONS 256
> > 
> > The guest can only have 256 sessions open?
> > 
> For cipher API backend, it's a experimental cryptodev backend, which
> can't be applied in production environment because of the poor performance. 
> The limit is just for simplifying code logic, of course we can increase the number
> as well, but it doesn't necessary IMO.
> 
> > What are the limits of real crypto libraries and accelerators?
> > 
> The hardware accelerators maybe have a limit, for example the
> Intel QAT pmd driver in DPDK limit the maximum num of session is 2048.

How do we prevent competing guests from creating idle sessions ahead of
time in order to "reserve" them?

Greedy guests could prevent other guests from creating sessions if the
hardware limit is 2048.

Perhaps the max sessions limit should be a user parameter so the host
administrator use it to guarantee session availability.

Attachment: signature.asc
Description: PGP signature