From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9A124A0C41; Thu, 30 Sep 2021 16:51:04 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8288041124; Thu, 30 Sep 2021 16:51:04 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3D52841120 for ; Thu, 30 Sep 2021 16:51:03 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18UDg4x2025474; Thu, 30 Sep 2021 07:50:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=uNosj5gPZhsAeMrlLwdHKmG6/s0Ms7+sjm5wIYLl1xk=; b=YOwr2lVCPKmIkHAqSzIDyPtkw2ZGEia+/x02qJiXcUJq8+RAfcnR4gNa1LSoXDHMvQhu orvgGZq3qJ8tRGdR7LD+d5g+d27B1kndUClP4CV/3zcrrfmZPw4bxDpkRTPuw6m10JCw d+isoBlsERnGrY28c07z6PzddE8+mhF9DCLXp0UJ4qHs80rq8Gc0qhezTx0ipHuNqb8v UPPcx2GyuS40majpfSuhicZQkDbRURsV/xJCUHlnmm8yUuNtjlPBnmDEJzJRUOanxOVj 8MrIAOyZqbvkYvBr4bZy26boXTo1LjwJczQyT12sUqWnltlu+HtW/4OBFzjwDzpFXAVW kg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3bdebtg9pw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 30 Sep 2021 07:50:55 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 30 Sep 2021 07:50:53 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 30 Sep 2021 07:50:53 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id C371E3F7071; Thu, 30 Sep 2021 07:50:44 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , Akhil Goyal Date: Thu, 30 Sep 2021 20:20:12 +0530 Message-ID: <20210930145014.2476799-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210930145014.2476799-1-gakhil@marvell.com> References: <20210930145014.2476799-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 3lQk-NYQuy8LGJ9MFbba9Z_CZbGtHQeR X-Proofpoint-GUID: 3lQk-NYQuy8LGJ9MFbba9Z_CZbGtHQeR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-30_05,2021-09-30_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/3] security: rework session framework X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" As per current design, rte_security_session_create() unnecesarily use 2 mempool objects for a single session. And structure rte_security_session is not directly used by the application, it may cause ABI breakage if the structure is modified in future. To address these two issues, the API will now take only 1 mempool object instead of 2 and return a void pointer directly to the session private data. With this change, the library layer will get the object from mempool and pass session_private_data to the PMD for filling the PMD data. Since set and get pkt metadata for security sessions are now made inline for Inline crypto/proto mode, a new member fast_mdata is added to the rte_security_session. To access opaque data and fast_mdata will be accessed via inline APIs which can do pointer manipulations inside library from session_private_data pointer coming from application. TODO: - inline APIs for opaque data and fast_mdata - move rte_security_session struct to security_driver.h Signed-off-by: Akhil Goyal --- app/test-crypto-perf/cperf_ops.c | 8 +- .../cperf_test_pmd_cyclecount.c | 2 +- app/test/test_cryptodev.c | 17 +- app/test/test_ipsec.c | 11 +- app/test/test_security.c | 229 ++++++++---------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 5 +- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 30 +-- drivers/crypto/caam_jr/caam_jr.c | 32 +-- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +- drivers/crypto/cnxk/cn10k_ipsec.c | 53 +--- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 2 +- drivers/crypto/cnxk/cn9k_ipsec.c | 50 +--- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 +-- drivers/crypto/dpaa_sec/dpaa_sec.c | 38 ++- drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +- drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 11 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 54 +---- drivers/crypto/qat/qat_sym.c | 3 +- drivers/crypto/qat/qat_sym.h | 8 +- drivers/crypto/qat/qat_sym_session.c | 21 +- drivers/crypto/qat/qat_sym_session.h | 4 +- drivers/net/ixgbe/ixgbe_ipsec.c | 36 +-- drivers/net/octeontx2/otx2_ethdev_sec.c | 51 +--- drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +- drivers/net/txgbe/txgbe_ipsec.c | 36 +-- examples/ipsec-secgw/ipsec.c | 9 +- lib/security/rte_security.c | 28 ++- lib/security/rte_security.h | 41 ++-- lib/security/rte_security_driver.h | 16 +- 30 files changed, 264 insertions(+), 581 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 4b7d66edb2..1b3cbe77b9 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -49,8 +49,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops, for (i = 0; i < nb_ops; i++) { struct rte_crypto_sym_op *sym_op = ops[i]->sym; - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; uint32_t buf_sz; uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i], @@ -58,7 +56,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, *per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN; ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; - rte_security_attach_session(ops[i], sec_sess); + rte_security_attach_session(ops[i], (void *)sess); sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); @@ -673,7 +671,7 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } if (options->op_type == CPERF_DOCSIS) { enum rte_security_docsis_direction direction; @@ -716,7 +714,7 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } #endif sess = rte_cryptodev_sym_session_create(sess_mp); diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index 844659aeca..cbbbedd9ba 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } else #endif { diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e6ceeb487f..82f819211a 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -81,7 +81,7 @@ struct crypto_unittest_params { union { struct rte_cryptodev_sym_session *sess; #ifdef RTE_LIB_SECURITY - struct rte_security_session *sec_session; + void *sec_session; #endif }; #ifdef RTE_LIB_SECURITY @@ -8276,8 +8276,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -8537,8 +8536,7 @@ test_pdcp_proto_SGL(int i, int oop, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -9022,8 +9020,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (ut_params->sec_session == NULL) return TEST_SKIPPED; @@ -9420,8 +9417,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", @@ -9596,8 +9592,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index c6d6b88d6d..2ffa2a8e79 100644 --- a/app/test/test_ipsec.c +++ b/app/test/test_ipsec.c @@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = { static int dummy_sec_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mp) + void *sess) { RTE_SET_USED(device); RTE_SET_USED(conf); - RTE_SET_USED(mp); - - sess->sess_private_data = NULL; + RTE_SET_USED(sess); return 0; } static int -dummy_sec_destroy(void *device, struct rte_security_session *sess) +dummy_sec_destroy(void *device, void *sess) { RTE_SET_USED(device); RTE_SET_USED(sess); @@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut, static struct rte_security_session_conf conf; ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx, - &conf, qp->mp_session, - qp->mp_session_private); + &conf, qp->mp_session); if (ut->ss[j].security.ses == NULL) return -ENOMEM; diff --git a/app/test/test_security.c b/app/test/test_security.c index 060cf1ffa8..b02c2cf207 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -207,7 +207,7 @@ * and put back in session_destroy. * * @param expected_priv_mp_usage expected number of used priv mp objects - */ + * #define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do { \ struct security_testsuite_params *ts_params = &testsuite_params;\ unsigned int priv_mp_usage; \ @@ -218,7 +218,7 @@ "but there are %u allocated objects", \ expected_priv_mp_usage, priv_mp_usage); \ } while (0) - +*/ /** * Mockup structures and functions for rte_security_ops; * @@ -253,37 +253,37 @@ static struct mock_session_create_data { void *device; struct rte_security_session_conf *conf; - struct rte_security_session *sess; + void *sess; struct rte_mempool *mp; - struct rte_mempool *priv_mp; +// struct rte_mempool *priv_mp; int ret; int called; int failed; -} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0}; +} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0}; static int mock_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *priv_mp) + void *sess) +// struct rte_mempool *priv_mp) { - void *sess_priv; - int ret; +// void *sess_priv; +// int ret; mock_session_create_exp.called++; MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf); - MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp); +// MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp); if (mock_session_create_exp.ret == 0) { - ret = rte_mempool_get(priv_mp, &sess_priv); - TEST_ASSERT_EQUAL(0, ret, - "priv mempool does not have enough objects"); +// ret = rte_mempool_get(priv_mp, &sess_priv); +// TEST_ASSERT_EQUAL(0, ret, +// "priv mempool does not have enough objects"); - set_sec_session_private_data(sess, sess_priv); +// set_sec_session_private_data(sess, sess_priv); mock_session_create_exp.sess = sess; } @@ -297,7 +297,7 @@ mock_session_create(void *device, */ static struct mock_session_update_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_session_conf *conf; int ret; @@ -308,7 +308,7 @@ static struct mock_session_update_data { static int mock_session_update(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { mock_session_update_exp.called++; @@ -351,7 +351,7 @@ mock_session_get_size(void *device) */ static struct mock_session_stats_get_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_stats *stats; int ret; @@ -362,7 +362,7 @@ static struct mock_session_stats_get_data { static int mock_session_stats_get(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats) { mock_session_stats_get_exp.called++; @@ -381,7 +381,7 @@ mock_session_stats_get(void *device, */ static struct mock_session_destroy_data { void *device; - struct rte_security_session *sess; + void *sess; int ret; @@ -390,15 +390,9 @@ static struct mock_session_destroy_data { } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0}; static int -mock_session_destroy(void *device, struct rte_security_session *sess) +mock_session_destroy(void *device, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - mock_session_destroy_exp.called++; - if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) { - rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv); - set_sec_session_private_data(sess, NULL); - } MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess); @@ -412,7 +406,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess) */ static struct mock_set_pkt_metadata_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_mbuf *m; void *params; @@ -424,7 +418,7 @@ static struct mock_set_pkt_metadata_data { static int mock_set_pkt_metadata(void *device, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { @@ -536,7 +530,6 @@ struct rte_security_ops mock_ops = { */ static struct security_testsuite_params { struct rte_mempool *session_mpool; - struct rte_mempool *session_priv_mpool; } testsuite_params = { NULL }; /** @@ -549,7 +542,7 @@ static struct security_testsuite_params { static struct security_unittest_params { struct rte_security_ctx ctx; struct rte_security_session_conf conf; - struct rte_security_session *sess; + void *sess; } unittest_params = { .ctx = { .device = NULL, @@ -563,7 +556,7 @@ static struct security_unittest_params { #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp" #define SECURITY_TEST_MEMPOOL_SIZE 15 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session) -#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64 +#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024 /** * testsuite_setup initializes whole test suite parameters. @@ -577,26 +570,27 @@ testsuite_setup(void) ts_params->session_mpool = rte_mempool_create( SECURITY_TEST_MEMPOOL_NAME, SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_OBJ_SZ, + SECURITY_TEST_SESSION_OBJ_SZ + + SECURITY_TEST_SESSION_PRIV_OBJ_SZ, 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0); TEST_ASSERT_NOT_NULL(ts_params->session_mpool, "Cannot create mempool %s\n", rte_strerror(rte_errno)); - ts_params->session_priv_mpool = rte_mempool_create( - SECURITY_TEST_PRIV_MEMPOOL_NAME, - SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_PRIV_OBJ_SZ, - 0, 0, NULL, NULL, NULL, NULL, - SOCKET_ID_ANY, 0); - if (ts_params->session_priv_mpool == NULL) { - RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): " - "Cannot create priv mempool %s\n", - __func__, __LINE__, rte_strerror(rte_errno)); - rte_mempool_free(ts_params->session_mpool); - ts_params->session_mpool = NULL; - return TEST_FAILED; - } +// ts_params->session_priv_mpool = rte_mempool_create( +// SECURITY_TEST_PRIV_MEMPOOL_NAME, +// SECURITY_TEST_MEMPOOL_SIZE, +// SECURITY_TEST_SESSION_PRIV_OBJ_SZ, +// 0, 0, NULL, NULL, NULL, NULL, +// SOCKET_ID_ANY, 0); +// if (ts_params->session_priv_mpool == NULL) { +// RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): " +// "Cannot create priv mempool %s\n", +// __func__, __LINE__, rte_strerror(rte_errno)); +// rte_mempool_free(ts_params->session_mpool); +// ts_params->session_mpool = NULL; +// return TEST_FAILED; +// } return TEST_SUCCESS; } @@ -612,10 +606,6 @@ testsuite_teardown(void) rte_mempool_free(ts_params->session_mpool); ts_params->session_mpool = NULL; } - if (ts_params->session_priv_mpool) { - rte_mempool_free(ts_params->session_priv_mpool); - ts_params->session_priv_mpool = NULL; - } } /** @@ -704,7 +694,7 @@ ut_setup_with_session(void) { struct security_unittest_params *ut_params = &unittest_params; struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; int ret = ut_setup(); if (ret != TEST_SUCCESS) @@ -713,12 +703,11 @@ ut_setup_with_session(void) mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); + mock_session_get_size_exp.called = 0; TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -757,16 +746,14 @@ test_session_create_inv_context(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(NULL, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -781,18 +768,16 @@ test_session_create_inv_context_ops(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = NULL; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -807,18 +792,16 @@ test_session_create_inv_context_ops_fun(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = &empty_ops; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -832,16 +815,14 @@ test_session_create_inv_configuration(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, NULL, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -855,16 +836,14 @@ static int test_session_create_inv_mempool(void) { struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - NULL, ts_params->session_priv_mpool); + NULL); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -874,24 +853,24 @@ test_session_create_inv_mempool(void) * Test execution of rte_security_session_create with NULL session * priv mempool */ -static int -test_session_create_inv_sess_priv_mempool(void) -{ - struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; - - sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, NULL); - TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, - sess, NULL, "%p"); - TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); - TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); - TEST_ASSERT_SESSION_COUNT(0); - - return TEST_SUCCESS; -} +//static int +//test_session_create_inv_sess_priv_mempool(void) +//{ +// struct security_unittest_params *ut_params = &unittest_params; +// struct security_testsuite_params *ts_params = &testsuite_params; +// struct rte_security_session *sess; +// +// sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, +// ts_params->session_mpool, NULL); +// TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, +// sess, NULL, "%p"); +// TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); +// TEST_ASSERT_MEMPOOL_USAGE(0); +// TEST_ASSERT_PRIV_MP_USAGE(0); +// TEST_ASSERT_SESSION_COUNT(0); +// +// return TEST_SUCCESS; +//} /** * Test execution of rte_security_session_create in case when mempool @@ -902,9 +881,9 @@ test_session_create_mempool_empty(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; - void *tmp1[SECURITY_TEST_MEMPOOL_SIZE]; - struct rte_security_session *sess; +// struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *sess; /* Get all available objects from mempool. */ int i, ret; @@ -914,34 +893,34 @@ test_session_create_mempool_empty(void) TEST_ASSERT_EQUAL(0, ret, "Expect getting %d object from mempool" " to succeed", i); - ret = rte_mempool_get(ts_params->session_priv_mpool, - (void **)(&tmp1[i])); - TEST_ASSERT_EQUAL(0, ret, - "Expect getting %d object from priv mempool" - " to succeed", i); +// ret = rte_mempool_get(ts_params->session_priv_mpool, +// (void **)(&tmp1[i])); +// TEST_ASSERT_EQUAL(0, ret, +// "Expect getting %d object from priv mempool" +// " to succeed", i); } TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); +// TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); +// ts_params->session_priv_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); +// TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); TEST_ASSERT_SESSION_COUNT(0); /* Put objects back to the pool. */ for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) { rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i])); - rte_mempool_put(ts_params->session_priv_mpool, - (tmp1[i])); +// rte_mempool_put(ts_params->session_priv_mpool, +// (tmp1[i])); } TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); +// TEST_ASSERT_PRIV_MP_USAGE(0); return TEST_SUCCESS; } @@ -955,22 +934,22 @@ test_session_create_ops_failure(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; +// mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = -1; /* Return failure status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); +// ts_params->session_priv_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); +// TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -984,17 +963,17 @@ test_session_create_success(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; +// mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; /* Return success status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); +// ts_params->session_priv_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -1003,7 +982,7 @@ test_session_create_success(void) sess, mock_session_create_exp.sess); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); +// TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); /* @@ -1389,7 +1368,6 @@ test_session_destroy_inv_context(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(NULL, ut_params->sess); @@ -1397,7 +1375,6 @@ test_session_destroy_inv_context(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1414,7 +1391,6 @@ test_session_destroy_inv_context_ops(void) ut_params->ctx.ops = NULL; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1423,7 +1399,6 @@ test_session_destroy_inv_context_ops(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1440,7 +1415,6 @@ test_session_destroy_inv_context_ops_fun(void) ut_params->ctx.ops = &empty_ops; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1449,7 +1423,6 @@ test_session_destroy_inv_context_ops_fun(void) ret, -ENOTSUP, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1464,7 +1437,6 @@ test_session_destroy_inv_session(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, NULL); @@ -1472,7 +1444,6 @@ test_session_destroy_inv_session(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1492,7 +1463,6 @@ test_session_destroy_ops_failure(void) mock_session_destroy_exp.ret = -1; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1501,7 +1471,6 @@ test_session_destroy_ops_failure(void) ret, -1, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1519,7 +1488,6 @@ test_session_destroy_success(void) mock_session_destroy_exp.sess = ut_params->sess; mock_session_destroy_exp.ret = 0; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1528,7 +1496,6 @@ test_session_destroy_success(void) ret, 0, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); /* @@ -2495,8 +2462,8 @@ static struct unit_test_suite security_testsuite = { test_session_create_inv_configuration), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_inv_mempool), - TEST_CASE_ST(ut_setup, ut_teardown, - test_session_create_inv_sess_priv_mempool), +// TEST_CASE_ST(ut_setup, ut_teardown, +// test_session_create_inv_sess_priv_mempool), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_mempool_empty), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 60963a8208..93a56994da 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -1022,8 +1022,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op) } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { if (likely(op->sym->sec_session != NULL)) sess = (struct aesni_mb_session *) - get_sec_session_private_data( - op->sym->sec_session); + (op->sym->sec_session); #endif } else { void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp); @@ -1639,7 +1638,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) * this is for DOCSIS */ is_docsis_sec = 1; - sess = get_sec_session_private_data(op->sym->sec_session); + sess = (struct aesni_mb_session *)(op->sym->sec_session); } else #endif { diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 48a8f91868..39c67e3952 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -1056,10 +1056,8 @@ struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops; */ static int aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -1069,40 +1067,22 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - - ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, - sess_private_data); - + ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess); if (ret != 0) { AESNI_MB_LOG(ERR, "Failed to configure session parameters"); - - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); + if (sess) + memset(sess, 0, sizeof(struct aesni_mb_session)); - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - memset(sess_priv, 0, sizeof(struct aesni_mb_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); - } return 0; } diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index 258750afe7..ce7a100778 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) cryptodev_driver_id); break; case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = (struct caam_jr_session *) - get_sec_session_private_data( - op->sym->sec_session); + ses = (struct caam_jr_session *)(op->sym->sec_session); break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); @@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, static int caam_jr_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - CAAM_JR_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = caam_jr_set_ipsec_session(cdev, conf, - sess_private_data); + ret = caam_jr_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev, } if (ret != 0) { CAAM_JR_ERR("failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /* Clear the memory of session so it doesn't leave key material behind */ static int -caam_jr_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +caam_jr_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - struct caam_jr_session *s = (struct caam_jr_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + struct caam_jr_session *s = (struct caam_jr_session *)sess; + if (sess) { rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(sess, 0, sizeof(struct caam_jr_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 3caf05aab9..99968cc353 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -120,8 +120,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = get_sec_session_private_data( - sym_op->sec_session); + sec_sess = (struct cn10k_sec_session *) + (sym_op->sec_session); ret = cpt_sec_inst_fill(op, sec_sess, &inst[0]); if (unlikely(ret)) return 0; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index ebb2a7ec48..6f31fd04c6 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -35,16 +35,14 @@ static int cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { struct roc_ot_ipsec_outb_sa *out_sa; struct cnxk_ipsec_outb_rlens rlens; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; @@ -93,15 +91,13 @@ static int cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { struct roc_ot_ipsec_inb_sa *in_sa; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -132,7 +128,7 @@ static int cn10k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sess) + struct cn10k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct roc_cpt *roc_cpt; @@ -161,55 +157,28 @@ cn10k_ipsec_session_create(void *dev, static int cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn10k_sec_session *priv; - int ret; + struct cn10k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn10k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn10k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn10k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn10k_sec_session_destroy(void *device __rte_unused, void *sess) { - struct cn10k_sec_session *priv; - struct rte_mempool *sess_mp; - - priv = get_sec_session_private_data(sess); + struct cn10k_sec_session *priv = sess; if (priv == NULL) return 0; - - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + memset(priv, 0, sizeof(*priv)); return 0; } diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 75277936b0..4c2dc5b080 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, return -ENOTSUP; } - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct cn9k_sec_session *)(op->sym->sec_session); sa = &priv->sa; if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 63ae025030..f3a6df0145 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -274,13 +274,12 @@ static int cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; struct roc_ie_on_ip_template *template = NULL; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_outb_sa *out_sa; - struct cn9k_sec_session *sess; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; struct rte_ipv6_hdr *ip6; @@ -292,7 +291,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; ctl = &out_sa->common_sa.ctl; @@ -420,12 +418,11 @@ static int cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_inb_sa *in_sa; - struct cn9k_sec_session *sess; struct cn9k_ipsec_sa *sa; const uint8_t *auth_key; union cpt_inst_w4 w4; @@ -434,7 +431,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len = 0; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -498,7 +494,7 @@ static int cn9k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xform, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct cn9k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct cnxk_cpt_qp *qp; @@ -529,53 +525,32 @@ cn9k_ipsec_session_create(void *dev, static int cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn9k_sec_session *priv; - int ret; + struct cn9k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn9k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn9k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn9k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn9k_sec_session_destroy(void *device __rte_unused, void *sess) { struct roc_ie_on_outb_sa *out_sa; struct cn9k_sec_session *priv; - struct rte_mempool *sess_mp; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; - priv = get_sec_session_private_data(sess); + priv = sess; if (priv == NULL) return 0; @@ -587,13 +562,8 @@ cn9k_sec_session_destroy(void *device __rte_unused, rte_io_wmb(); - sess_mp = rte_mempool_from_obj(priv); - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index dfa72f3f93..176f1a27a0 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1358,8 +1358,7 @@ build_sec_fd(struct rte_crypto_op *op, op->sym->session, cryptodev_driver_id); #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (dpaa2_sec_session *)(op->sym->sec_session); #endif else return -ENOTSUP; @@ -1532,7 +1531,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) struct rte_crypto_op *op; uint16_t len = DPAA2_GET_FD_LEN(fd); int16_t diff = 0; - dpaa2_sec_session *sess_priv __rte_unused; + dpaa2_sec_session *sess_priv; struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF( DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)), @@ -1545,8 +1544,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) mbuf->buf_iova = op->sym->aead.digest.phys_addr; op->sym->aead.digest.phys_addr = 0L; - sess_priv = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess_priv = (dpaa2_sec_session *)(op->sym->sec_session); if (sess_priv->dir == DIR_ENC) mbuf->data_off += SEC_FLC_DHR_OUTBOUND; else @@ -3395,63 +3393,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa2_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA2_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa2_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa2_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess); break; default: return -EINVAL; } if (ret != 0) { DPAA2_SEC_ERR("Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa2_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + dpaa2_sec_session *s = (dpaa2_sec_session *)sess; + if (sess) { rte_free(s->ctxt); rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(s, 0, sizeof(dpaa2_sec_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index d5aa2748d6..5a087df090 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -1793,8 +1793,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, #ifdef RTE_LIB_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: ses = (dpaa_sec_session *) - get_sec_session_private_data( - op->sym->sec_session); + (op->sym->sec_session); break; #endif default: @@ -2572,7 +2571,6 @@ static inline void free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) { struct dpaa_sec_dev_private *qi = dev->data->dev_private; - struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s); uint8_t i; for (i = 0; i < MAX_DPAA_CORES; i++) { @@ -2582,7 +2580,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) s->qp[i] = NULL; } free_session_data(s); - rte_mempool_put(sess_mp, (void *)s); } /** Clear the memory of session so it doesn't leave key material behind */ @@ -3117,26 +3114,23 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; +// void *sess_private_data = sess; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } +// if (rte_mempool_get(mempool, &sess_private_data)) { +// DPAA_SEC_ERR("Couldn't get object from session mempool"); +// return -ENOMEM; +// } switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_pdcp_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -3146,28 +3140,24 @@ dpaa_sec_security_session_create(void *dev, if (ret != 0) { DPAA_SEC_ERR("failed to configure session parameters"); /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); +// rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); +// set_sec_session_private_data(sess, sess_private_data); return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa_sec_session *s = (dpaa_sec_session *)sess_priv; + dpaa_sec_session *s = (dpaa_sec_session *)sess; - if (sess_priv) { + if (sess) free_session_memory((struct rte_cryptodev *)dev, s); - set_sec_session_private_data(sess, NULL); - } return 0; } #endif diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c index a72642a772..245a4ad353 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c @@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request, return -EINVAL; } - sess = (struct mrvl_crypto_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (struct mrvl_crypto_session *)(op->sym->sec_session); if (unlikely(sess == NULL)) { MRVL_LOG(ERR, "Session was not created for this device! %d", cryptodev_driver_id); diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c index 3064b1f136..e04a2c88c7 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c @@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev, /** Clear the memory of session so it doesn't leave key material behind */ static int -mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - /* Zero out the whole structure */ - if (sess_priv) { + if (sess) { struct mrvl_crypto_session *mrvl_sess = (struct mrvl_crypto_session *)sess_priv; - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); if (mrvl_sess->sam_sess && sam_session_destroy(mrvl_sess->sam_sess) < 0) { @@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, rte_free(mrvl_sess->sam_sess_params.cipher_key); rte_free(mrvl_sess->sam_sess_params.auth_key); rte_free(mrvl_sess->sam_sess_params.cipher_iv); - memset(sess, 0, sizeof(struct rte_security_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 37fad11d91..7b744cd4b4 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, uint8_t esn; int ret; - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct otx2_sec_session *)(op->sym->sec_session); sess = &priv->ipsec.lp; sa = &sess->in_sa; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index a5db40047d..56900e3187 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -203,7 +203,7 @@ static int crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_ipsec_po_ip_template *template = NULL; @@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_out_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; struct rte_ipv6_hdr *ip6; struct rte_ipv4_hdr *ip; int ret, ctx_len; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; lp = &sess->ipsec.lp; @@ -398,7 +396,7 @@ static int crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; const uint8_t *cipher_key, *auth_key; @@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_in_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; int ret; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; lp = &sess->ipsec.lp; @@ -512,7 +508,7 @@ static int crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, static int otx2_crypto_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) @@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device, if (rte_security_dynfield_register() < 0) return -rte_errno; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - priv->userdata = conf->userdata; if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = crypto_sec_ipsec_session_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); return ret; } static int -otx2_crypto_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess) { - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; - priv = get_sec_session_private_data(sess); - - if (priv == NULL) - return 0; - - sess_mp = rte_mempool_from_obj(priv); - - memset(priv, 0, sizeof(*priv)); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + if (priv) + memset(priv, 0, sizeof(*priv)); return 0; } @@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused) } static int -otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, +otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 93b257522b..fbb17e61ff 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, op->sym->session, qat_sym_driver_id); #ifdef RTE_LIB_SECURITY } else { - ctx = (struct qat_sym_session *)get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (likely(ctx)) { if (unlikely(ctx->bpi_ctx == NULL)) { QAT_DP_LOG(ERR, "QAT PMD only supports security" diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index e3ec7f0de4..8904aabd3d 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops) op = (struct rte_crypto_op *)ops[i]; if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = (struct qat_sym_session *) - get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (ctx == NULL || ctx->bpi_ctx == NULL) continue; @@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie) * Assuming at this point that if it's a security * op, that this is for DOCSIS */ - sess = (struct qat_sym_session *) - get_sec_session_private_data( - rx_op->sym->sec_session); + sess = (struct qat_sym_session *)(rx_op->sym->sec_session); is_docsis_sec = 1; } else #endif diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 3f2f6736fc..2a22347c7f 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_private_data) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - QAT_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { QAT_LOG(ERR, "Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } int -qat_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +qat_security_session_destroy(void *dev __rte_unused, void *sess_priv) { - void *sess_priv = get_sec_session_private_data(sess); struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; if (sess_priv) { if (s->bpi_ctx) bpi_cipher_ctx_free(s->bpi_ctx); memset(s, 0, qat_sym_session_get_private_size(dev)); - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index 6ebc176729..7fcc1d6f7b 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); #ifdef RTE_LIB_SECURITY int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mempool); + void *sess); int -qat_security_session_destroy(void *dev, struct rte_security_session *sess); +qat_security_session_destroy(void *dev, void *sess); #endif #endif /* _QAT_SYM_SESSION_H_ */ diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index e45c5501e6..7e3f05a067 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int ixgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct ixgbe_crypto_session *ic_session = NULL; + struct ixgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (ixgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device) } static int -ixgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +ixgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct ixgbe_crypto_session *ic_session = - (struct ixgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct ixgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -ixgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, +ixgbe_crypto_update_mb(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { - struct ixgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct ixgbe_crypto_session *ic_session = session; + if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { union ixgbe_crypto_tx_desc_md *mdata = (union ixgbe_crypto_tx_desc_md *) @@ -685,8 +667,8 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, uint8_t is_ipv6) { - struct ixgbe_crypto_session *ic_session - = get_sec_session_private_data(sess); + struct ixgbe_crypto_session *ic_session = + (struct ixgbe_crypto_session *)sess; if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index c2a36883cb..ef851fe52c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -350,7 +350,7 @@ static int eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_sec_session_ipsec_ip *sess; @@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct otx2_cpt_inst_s inst; struct otx2_cpt_qp *qp; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; sess = &priv->ipsec.ip; @@ -468,7 +468,7 @@ static int eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev); @@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, ctl = &sa->ctl; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; sess = &priv->ipsec.ip; @@ -619,7 +619,7 @@ static int eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, static int otx2_eth_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) return -ENOTSUP; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - /* * Save userdata provided by the application. For ingress packets, this * could be used to identify the SA. @@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device, if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = eth_sec_ipsec_sess_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; if (ret) - goto mempool_put; + return ret; return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; } static void @@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa) } static int -otx2_eth_sec_session_destroy(void *device, - struct rte_security_session *sess) +otx2_eth_sec_session_destroy(void *device, void *sess) { struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device); struct otx2_sec_session_ipsec_ip *sess_ip; struct otx2_ipsec_fp_in_sa *sa; - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; int ret; - priv = get_sec_session_private_data(sess); - if (priv == NULL) - return -EINVAL; - sess_ip = &priv->ipsec.ip; if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { @@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device, return ret; } - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } @@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused) } static int -otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ *rte_security_dynfield(m) = (rte_security_dynfield_t)session; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h index 623a2a841e..9ecb786947 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h @@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m, struct nix_iova_s nix_iova; } *sd; - priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m))); + priv = (void *)(*rte_security_dynfield(m)); sess = &priv->ipsec.ip; sa = &sess->out_sa; diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c index ccd747973b..cc6370c2f3 100644 --- a/drivers/net/txgbe/txgbe_ipsec.c +++ b/drivers/net/txgbe/txgbe_ipsec.c @@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int txgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct txgbe_crypto_session *ic_session = NULL; + struct txgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (txgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device) } static int -txgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +txgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct txgbe_crypto_session *ic_session = - (struct txgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct txgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -txgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +txgbe_crypto_update_mb(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { - struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct txgbe_crypto_session *ic_session = session; + if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { union txgbe_crypto_tx_desc_md *mdata = (union txgbe_crypto_tx_desc_md *) @@ -662,7 +644,7 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess, uint8_t is_ipv6) { struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(sess); + (struct txgbe_crypto_session *)sess; if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 6817139663..03d907cba8 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa, set_ipsec_conf(sa, &(sess_conf.ipsec)); ips->security.ses = rte_security_session_create(ctx, - &sess_conf, ipsec_ctx->session_pool, - ipsec_ctx->session_priv_pool); + &sess_conf, ipsec_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, } ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.userdata = (void *) sa; ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index fe81ed3e4c..06560b9cba 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -39,35 +39,37 @@ rte_security_dynfield_register(void) return rte_security_dynfield_offset; } -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp) + struct rte_mempool *mp) { struct rte_security_session *sess = NULL; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); RTE_PTR_OR_ERR_RET(conf, NULL); RTE_PTR_OR_ERR_RET(mp, NULL); - RTE_PTR_OR_ERR_RET(priv_mp, NULL); + + if (mp->elt_size < sizeof(struct rte_security_session) + + instance->ops->session_get_size(instance->device)) + return NULL; if (rte_mempool_get(mp, (void **)&sess)) return NULL; if (instance->ops->session_create(instance->device, conf, - sess, priv_mp)) { + sess->sess_private_data)) { rte_mempool_put(mp, (void *)sess); return NULL; } instance->sess_cnt++; - return sess; + return sess->sess_private_data; } int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, @@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance) int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, - struct rte_security_stats *stats) + void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); @@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess) +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { + struct rte_security_session *s; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, @@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance, if (ret != 0) return ret; - rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess); + s = container_of(sess, struct rte_security_session, sess_private_data); + rte_mempool_put(rte_mempool_from_obj(s), (void *)s); if (instance->sess_cnt) instance->sess_cnt--; @@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index ab1a6e1f65..bef42c0686 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -457,10 +457,12 @@ struct rte_security_session_conf { }; struct rte_security_session { - void *sess_private_data; - /**< Private session material */ uint64_t opaque_data; /**< Opaque user defined data */ + uint64_t fast_mdata; + /**< Fast metadata to be used for inline path */ + __extension__ void *sess_private_data[0]; + /**< Private session material */ }; /** @@ -474,11 +476,10 @@ struct rte_security_session { * - On success, pointer to session * - On failure, NULL */ -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp); + struct rte_mempool *mp); /** * Update security session as specified by the session configuration @@ -493,7 +494,7 @@ rte_security_session_create(struct rte_security_ctx *instance, __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf); /** @@ -524,7 +525,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); */ int rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess); + void *sess); /** Device-specific metadata field type */ typedef uint64_t rte_security_dynfield_t; @@ -570,7 +571,7 @@ static inline bool rte_security_dynfield_is_registered(void) /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params); /** @@ -588,13 +589,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = - (rte_security_dynfield_t)(sess->sess_private_data); + (rte_security_dynfield_t)(sess); return 0; } @@ -644,26 +645,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) */ static inline int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, - struct rte_security_session *sess) + void *sess) { sym_op->sec_session = sess; return 0; } -static inline void * -get_sec_session_private_data(const struct rte_security_session *sess) -{ - return sess->sess_private_data; -} - -static inline void -set_sec_session_private_data(struct rte_security_session *sess, - void *private_data) -{ - sess->sess_private_data = private_data; -} - /** * Attach a session to a crypto operation. * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD @@ -674,8 +662,7 @@ set_sec_session_private_data(struct rte_security_session *sess, * @param sess security session */ static inline int -rte_security_attach_session(struct rte_crypto_op *op, - struct rte_security_session *sess) +rte_security_attach_session(struct rte_crypto_op *op, void *sess) { if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) return -EINVAL; @@ -737,7 +724,7 @@ struct rte_security_stats { __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index 938373205c..9afefc8c4e 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -35,8 +35,7 @@ extern "C" { */ typedef int (*security_session_create_t)(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mp); + void *sess); /** * Free driver private session data. @@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device, * @param device Crypto/eth device pointer * @param sess Security session structure */ -typedef int (*security_session_destroy_t)(void *device, - struct rte_security_session *sess); +typedef int (*security_session_destroy_t)(void *device, void *sess); /** * Update driver private session data. @@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device, * - Returns -ENOTSUP if crypto device does not support the crypto transform. */ typedef int (*security_session_update_t)(void *device, - struct rte_security_session *sess, - struct rte_security_session_conf *conf); + void *sess, struct rte_security_session_conf *conf); /** * Get the size of a security session @@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device); * - Returns -EINVAL if session parameters are invalid. */ typedef int (*security_session_stats_get_t)(void *device, - struct rte_security_session *sess, - struct rte_security_stats *stats); + void *sess, struct rte_security_stats *stats); __rte_experimental int rte_security_dynfield_register(void); @@ -96,7 +92,7 @@ int rte_security_dynfield_register(void); * Update the mbuf with provided metadata. * * @param device Crypto/eth device pointer - * @param sess Security session structure + * @param sess Security session * @param mb Packet buffer * @param params Metadata * @@ -105,7 +101,7 @@ int rte_security_dynfield_register(void); * - Returns -ve value for errors. */ typedef int (*security_set_pkt_metadata_t)(void *device, - struct rte_security_session *sess, struct rte_mbuf *mb, + void *sess, struct rte_mbuf *mb, void *params); /** -- 2.25.1