From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <thomas@monjalon.net>, <david.marchand@redhat.com>,
<hemant.agrawal@nxp.com>, <anoobj@marvell.com>,
<pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>,
<declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>,
<roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>,
<asomalap@amd.com>, <ruifeng.wang@arm.com>,
<konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>,
<ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>,
<adwivedi@marvell.com>, <ciara.power@intel.com>,
<haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>,
<jianwang@trustnetic.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [dpdk-dev] [PATCH v3 1/8] security: rework session framework
Date: Tue, 19 Oct 2021 03:04:45 +0530 [thread overview]
Message-ID: <20211018213452.2734720-2-gakhil@marvell.com> (raw)
In-Reply-To: <20211018213452.2734720-1-gakhil@marvell.com>
As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
app/test-crypto-perf/cperf_ops.c | 13 +-
.../cperf_test_pmd_cyclecount.c | 2 +-
app/test/test_cryptodev.c | 17 +-
app/test/test_ipsec.c | 11 +-
app/test/test_security.c | 193 ++++--------------
drivers/crypto/caam_jr/caam_jr.c | 32 +--
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 6 +-
drivers/crypto/cnxk/cn10k_ipsec.c | 53 +----
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 2 +-
drivers/crypto/cnxk/cn9k_ipsec.c | 50 +----
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 +---
drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 3 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 34 +--
drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c | 3 +-
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 32 +--
drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +-
drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 11 +-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +-
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 54 +----
drivers/crypto/qat/qat_sym.c | 3 +-
drivers/crypto/qat/qat_sym.h | 8 +-
drivers/crypto/qat/qat_sym_session.c | 21 +-
drivers/crypto/qat/qat_sym_session.h | 4 +-
drivers/net/ixgbe/ixgbe_ipsec.c | 38 +---
drivers/net/meson.build | 2 +-
drivers/net/octeontx2/otx2_ethdev_sec.c | 51 ++---
drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +-
drivers/net/txgbe/txgbe_ipsec.c | 38 +---
examples/ipsec-secgw/ipsec.c | 9 +-
lib/security/rte_security.c | 28 +--
lib/security/rte_security.h | 41 ++--
lib/security/rte_security_driver.h | 16 +-
32 files changed, 204 insertions(+), 617 deletions(-)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 263841c339..6c3aa77dec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -67,8 +67,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
for (i = 0; i < nb_ops; i++) {
struct rte_crypto_sym_op *sym_op = ops[i]->sym;
- struct rte_security_session *sec_sess =
- (struct rte_security_session *)sess;
uint32_t buf_sz;
uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -76,7 +74,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
- rte_security_attach_session(ops[i], sec_sess);
+ rte_security_attach_session(ops[i], (void *)sess);
sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
src_buf_offset);
@@ -608,7 +606,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
static struct rte_cryptodev_sym_session *
create_ipsec_session(struct rte_mempool *sess_mp,
- struct rte_mempool *priv_mp,
uint8_t dev_id,
const struct cperf_options *options,
const struct cperf_test_vector *test_vector,
@@ -720,7 +717,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
/* Create security session */
return (void *)rte_security_session_create(ctx,
- &sess_conf, sess_mp, priv_mp);
+ &sess_conf, sess_mp);
}
static struct rte_cryptodev_sym_session *
@@ -831,11 +828,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
/* Create security session */
return (void *)rte_security_session_create(ctx,
- &sess_conf, sess_mp, priv_mp);
+ &sess_conf, sess_mp);
}
if (options->op_type == CPERF_IPSEC) {
- return create_ipsec_session(sess_mp, priv_mp, dev_id,
+ return create_ipsec_session(sess_mp, dev_id,
options, test_vector, iv_offset);
}
@@ -880,7 +877,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
/* Create security session */
return (void *)rte_security_session_create(ctx,
- &sess_conf, sess_mp, priv_mp);
+ &sess_conf, sess_mp);
}
#endif
sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index fda97e8ab9..e43e2a3b96 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
(struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx,
- (struct rte_security_session *)ctx->sess);
+ (void *)ctx->sess);
} else
#endif
{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 814a0b401d..996b3b4de6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -83,7 +83,7 @@ struct crypto_unittest_params {
union {
struct rte_cryptodev_sym_session *sess;
#ifdef RTE_LIB_SECURITY
- struct rte_security_session *sec_session;
+ void *sec_session;
#endif
};
#ifdef RTE_LIB_SECURITY
@@ -8403,8 +8403,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx,
- &sess_conf, ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ &sess_conf, ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s()-%d line %d failed %s: ",
@@ -8675,8 +8674,7 @@ test_pdcp_proto_SGL(int i, int oop,
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx,
- &sess_conf, ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ &sess_conf, ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s()-%d line %d failed %s: ",
@@ -9175,8 +9173,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (ut_params->sec_session == NULL)
return TEST_SKIPPED;
@@ -9597,8 +9594,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s(%d) line %d: %s\n",
@@ -9773,8 +9769,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = {
static int
dummy_sec_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess, struct rte_mempool *mp)
+ void *sess)
{
RTE_SET_USED(device);
RTE_SET_USED(conf);
- RTE_SET_USED(mp);
-
- sess->sess_private_data = NULL;
+ RTE_SET_USED(sess);
return 0;
}
static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
{
RTE_SET_USED(device);
RTE_SET_USED(sess);
@@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
static struct rte_security_session_conf conf;
ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
- &conf, qp->mp_session,
- qp->mp_session_private);
+ &conf, qp->mp_session);
if (ut->ss[j].security.ses == NULL)
return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..1cea756880 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
expected_mempool_usage, mempool_usage); \
} while (0)
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param expected_priv_mp_usage expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do { \
- struct security_testsuite_params *ts_params = &testsuite_params;\
- unsigned int priv_mp_usage; \
- priv_mp_usage = rte_mempool_in_use_count( \
- ts_params->session_priv_mpool); \
- TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage, \
- "Expecting %u priv mempool allocations, " \
- "but there are %u allocated objects", \
- expected_priv_mp_usage, priv_mp_usage); \
-} while (0)
-
/**
* Mockup structures and functions for rte_security_ops;
*
@@ -253,39 +234,28 @@
static struct mock_session_create_data {
void *device;
struct rte_security_session_conf *conf;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mempool *mp;
- struct rte_mempool *priv_mp;
int ret;
int called;
int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
static int
mock_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *priv_mp)
+ void *sess)
{
- void *sess_priv;
- int ret;
mock_session_create_exp.called++;
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
- MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
- if (mock_session_create_exp.ret == 0) {
- ret = rte_mempool_get(priv_mp, &sess_priv);
- TEST_ASSERT_EQUAL(0, ret,
- "priv mempool does not have enough objects");
-
- set_sec_session_private_data(sess, sess_priv);
+ if (mock_session_create_exp.ret == 0)
mock_session_create_exp.sess = sess;
- }
return mock_session_create_exp.ret;
}
@@ -297,7 +267,7 @@ mock_session_create(void *device,
*/
static struct mock_session_update_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_session_conf *conf;
int ret;
@@ -308,7 +278,7 @@ static struct mock_session_update_data {
static int
mock_session_update(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf)
{
mock_session_update_exp.called++;
@@ -351,7 +321,7 @@ mock_session_get_size(void *device)
*/
static struct mock_session_stats_get_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_stats *stats;
int ret;
@@ -362,7 +332,7 @@ static struct mock_session_stats_get_data {
static int
mock_session_stats_get(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats)
{
mock_session_stats_get_exp.called++;
@@ -381,7 +351,7 @@ mock_session_stats_get(void *device,
*/
static struct mock_session_destroy_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
int ret;
@@ -390,15 +360,9 @@ static struct mock_session_destroy_data {
} mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
{
- void *sess_priv = get_sec_session_private_data(sess);
-
mock_session_destroy_exp.called++;
- if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
- rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
- set_sec_session_private_data(sess, NULL);
- }
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
@@ -412,7 +376,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
*/
static struct mock_set_pkt_metadata_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mbuf *m;
void *params;
@@ -424,7 +388,7 @@ static struct mock_set_pkt_metadata_data {
static int
mock_set_pkt_metadata(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m,
void *params)
{
@@ -536,7 +500,6 @@ struct rte_security_ops mock_ops = {
*/
static struct security_testsuite_params {
struct rte_mempool *session_mpool;
- struct rte_mempool *session_priv_mpool;
} testsuite_params = { NULL };
/**
@@ -549,7 +512,7 @@ static struct security_testsuite_params {
static struct security_unittest_params {
struct rte_security_ctx ctx;
struct rte_security_session_conf conf;
- struct rte_security_session *sess;
+ void *sess;
} unittest_params = {
.ctx = {
.device = NULL,
@@ -563,7 +526,7 @@ static struct security_unittest_params {
#define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
#define SECURITY_TEST_MEMPOOL_SIZE 15
#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
/**
* testsuite_setup initializes whole test suite parameters.
@@ -577,27 +540,13 @@ testsuite_setup(void)
ts_params->session_mpool = rte_mempool_create(
SECURITY_TEST_MEMPOOL_NAME,
SECURITY_TEST_MEMPOOL_SIZE,
- SECURITY_TEST_SESSION_OBJ_SZ,
+ SECURITY_TEST_SESSION_OBJ_SZ +
+ SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
0, 0, NULL, NULL, NULL, NULL,
SOCKET_ID_ANY, 0);
TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
"Cannot create mempool %s\n", rte_strerror(rte_errno));
- ts_params->session_priv_mpool = rte_mempool_create(
- SECURITY_TEST_PRIV_MEMPOOL_NAME,
- SECURITY_TEST_MEMPOOL_SIZE,
- SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
- 0, 0, NULL, NULL, NULL, NULL,
- SOCKET_ID_ANY, 0);
- if (ts_params->session_priv_mpool == NULL) {
- RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
- "Cannot create priv mempool %s\n",
- __func__, __LINE__, rte_strerror(rte_errno));
- rte_mempool_free(ts_params->session_mpool);
- ts_params->session_mpool = NULL;
- return TEST_FAILED;
- }
-
return TEST_SUCCESS;
}
@@ -612,10 +561,6 @@ testsuite_teardown(void)
rte_mempool_free(ts_params->session_mpool);
ts_params->session_mpool = NULL;
}
- if (ts_params->session_priv_mpool) {
- rte_mempool_free(ts_params->session_priv_mpool);
- ts_params->session_priv_mpool = NULL;
- }
}
/**
@@ -704,7 +649,7 @@ ut_setup_with_session(void)
{
struct security_unittest_params *ut_params = &unittest_params;
struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
+ void *sess;
int ret = ut_setup();
if (ret != TEST_SUCCESS)
@@ -713,12 +658,11 @@ ut_setup_with_session(void)
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = 0;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
+ mock_session_get_size_exp.called = 0;
TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
sess);
TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +701,14 @@ test_session_create_inv_context(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(NULL, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -781,18 +723,16 @@ test_session_create_inv_context_ops(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = NULL;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -807,18 +747,16 @@ test_session_create_inv_context_ops_fun(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = &empty_ops;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -832,16 +770,14 @@ test_session_create_inv_configuration(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, NULL,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -855,39 +791,14 @@ static int
test_session_create_inv_mempool(void)
{
struct security_unittest_params *ut_params = &unittest_params;
- struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- NULL, ts_params->session_priv_mpool);
+ NULL);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
- TEST_ASSERT_SESSION_COUNT(0);
-
- return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
- struct security_unittest_params *ut_params = &unittest_params;
- struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
-
- sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool, NULL);
- TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
- sess, NULL, "%p");
- TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
- TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -902,9 +813,8 @@ test_session_create_mempool_empty(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
- void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
- struct rte_security_session *sess;
+ void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+ void *sess;
/* Get all available objects from mempool. */
int i, ret;
@@ -914,34 +824,23 @@ test_session_create_mempool_empty(void)
TEST_ASSERT_EQUAL(0, ret,
"Expect getting %d object from mempool"
" to succeed", i);
- ret = rte_mempool_get(ts_params->session_priv_mpool,
- (void **)(&tmp1[i]));
- TEST_ASSERT_EQUAL(0, ret,
- "Expect getting %d object from priv mempool"
- " to succeed", i);
}
TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
- TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
- TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
TEST_ASSERT_SESSION_COUNT(0);
/* Put objects back to the pool. */
for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
rte_mempool_put(ts_params->session_mpool,
(void *)(tmp[i]));
- rte_mempool_put(ts_params->session_priv_mpool,
- (tmp1[i]));
}
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
return TEST_SUCCESS;
}
@@ -955,22 +854,19 @@ test_session_create_ops_failure(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = -1; /* Return failure status. */
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -984,17 +880,15 @@ test_session_create_success(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = 0; /* Return success status. */
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
sess);
TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +897,6 @@ test_session_create_success(void)
sess, mock_session_create_exp.sess);
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
/*
@@ -1389,7 +1282,6 @@ test_session_destroy_inv_context(void)
struct security_unittest_params *ut_params = &unittest_params;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1289,6 @@ test_session_destroy_inv_context(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1414,7 +1305,6 @@ test_session_destroy_inv_context_ops(void)
ut_params->ctx.ops = NULL;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1313,6 @@ test_session_destroy_inv_context_ops(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1440,7 +1329,6 @@ test_session_destroy_inv_context_ops_fun(void)
ut_params->ctx.ops = &empty_ops;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1337,6 @@ test_session_destroy_inv_context_ops_fun(void)
ret, -ENOTSUP, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1464,7 +1351,6 @@ test_session_destroy_inv_session(void)
struct security_unittest_params *ut_params = &unittest_params;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1358,6 @@ test_session_destroy_inv_session(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1492,7 +1377,6 @@ test_session_destroy_ops_failure(void)
mock_session_destroy_exp.ret = -1;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1385,6 @@ test_session_destroy_ops_failure(void)
ret, -1, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1519,7 +1402,6 @@ test_session_destroy_success(void)
mock_session_destroy_exp.sess = ut_params->sess;
mock_session_destroy_exp.ret = 0;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1410,6 @@ test_session_destroy_success(void)
ret, 0, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
/*
@@ -2495,8 +2376,6 @@ static struct unit_test_suite security_testsuite = {
test_session_create_inv_configuration),
TEST_CASE_ST(ut_setup, ut_teardown,
test_session_create_inv_mempool),
- TEST_CASE_ST(ut_setup, ut_teardown,
- test_session_create_inv_sess_priv_mempool),
TEST_CASE_ST(ut_setup, ut_teardown,
test_session_create_mempool_empty),
TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8c56610ac8..00e680cf03 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
cryptodev_driver_id);
break;
case RTE_CRYPTO_OP_SECURITY_SESSION:
- ses = (struct caam_jr_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ ses = (struct caam_jr_session *)(op->sym->sec_session);
break;
default:
CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
static int
caam_jr_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- CAAM_JR_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = caam_jr_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = caam_jr_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
@@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev,
}
if (ret != 0) {
CAAM_JR_ERR("failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/* Clear the memory of session so it doesn't leave key material behind */
static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ struct caam_jr_session *s = (struct caam_jr_session *)sess;
+ if (sess) {
rte_free(s->cipher_key.data);
rte_free(s->auth_key.data);
memset(sess, 0, sizeof(struct caam_jr_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index c25c8e67b2..de2eebd507 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -122,8 +122,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- sec_sess = get_sec_session_private_data(
- sym_op->sec_session);
+ sec_sess = (struct cn10k_sec_session *)
+ (sym_op->sec_session);
ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
&inst[0]);
if (unlikely(ret))
@@ -360,7 +360,7 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND))
return;
- sess = get_sec_session_private_data(cop->sym->sec_session);
+ sess = (struct cn10k_sec_session *)(cop->sym->sec_session);
sa = &sess->sa;
mbuf = cop->sym->m_src;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 27df1dcd64..425fe599e0 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,17 +35,15 @@ static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sess)
{
union roc_ot_ipsec_outb_param1 param1;
struct roc_ot_ipsec_outb_sa *out_sa;
struct cnxk_ipsec_outb_rlens rlens;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
out_sa = &sa->out_sa;
@@ -114,16 +112,14 @@ static int
cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sess)
{
union roc_ot_ipsec_inb_param1 param1;
struct roc_ot_ipsec_inb_sa *in_sa;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
in_sa = &sa->in_sa;
@@ -175,7 +171,7 @@ static int
cn10k_ipsec_session_create(void *dev,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sess)
+ struct cn10k_sec_session *sess)
{
struct rte_cryptodev *crypto_dev = dev;
struct roc_cpt *roc_cpt;
@@ -204,55 +200,28 @@ cn10k_ipsec_session_create(void *dev,
static int
cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct cn10k_sec_session *priv;
- int ret;
+ struct cn10k_sec_session *priv = sess;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
return -EINVAL;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- plt_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
- ret = -ENOTSUP;
- goto mempool_put;
+ return -ENOTSUP;
}
- ret = cn10k_ipsec_session_create(device, &conf->ipsec,
- conf->crypto_xform, sess);
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
+ return cn10k_ipsec_session_create(device, &conf->ipsec,
+ conf->crypto_xform, priv);
}
static int
-cn10k_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
{
- struct cn10k_sec_session *priv;
- struct rte_mempool *sess_mp;
-
- priv = get_sec_session_private_data(sess);
+ struct cn10k_sec_session *priv = sess;
if (priv == NULL)
return 0;
-
- sess_mp = rte_mempool_from_obj(priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
+ memset(priv, 0, sizeof(*priv));
return 0;
}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
return -ENOTSUP;
}
- priv = get_sec_session_private_data(op->sym->sec_session);
+ priv = (struct cn9k_sec_session *)(op->sym->sec_session);
sa = &priv->sa;
if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 53fb793654..a602d38a11 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -275,14 +275,13 @@ static int
cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct cn9k_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
struct roc_ie_on_ip_template *template = NULL;
struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_outb_sa *out_sa;
- struct cn9k_sec_session *sess;
struct roc_ie_on_sa_ctl *ctl;
struct cn9k_ipsec_sa *sa;
struct rte_ipv6_hdr *ip6;
@@ -294,7 +293,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
size_t ctx_len;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
out_sa = &sa->out_sa;
ctl = &out_sa->common_sa.ctl;
@@ -422,13 +420,12 @@ static int
cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct cn9k_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform = crypto_xform;
struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_inb_sa *in_sa;
- struct cn9k_sec_session *sess;
struct cn9k_ipsec_sa *sa;
const uint8_t *auth_key;
union cpt_inst_w4 w4;
@@ -437,7 +434,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
size_t ctx_len = 0;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
in_sa = &sa->in_sa;
@@ -501,7 +497,7 @@ static int
cn9k_ipsec_session_create(void *dev,
struct rte_security_ipsec_xform *ipsec_xform,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct cn9k_sec_session *sess)
{
struct rte_cryptodev *crypto_dev = dev;
struct cnxk_cpt_qp *qp;
@@ -532,53 +528,32 @@ cn9k_ipsec_session_create(void *dev,
static int
cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct cn9k_sec_session *priv;
- int ret;
+ struct cn9k_sec_session *priv = sess;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
return -EINVAL;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- plt_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
memset(priv, 0, sizeof(*priv));
- set_sec_session_private_data(sess, priv);
-
if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
- ret = -ENOTSUP;
- goto mempool_put;
+ return -ENOTSUP;
}
- ret = cn9k_ipsec_session_create(device, &conf->ipsec,
- conf->crypto_xform, sess);
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
+ return cn9k_ipsec_session_create(device, &conf->ipsec,
+ conf->crypto_xform, priv);
}
static int
-cn9k_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
{
struct roc_ie_on_outb_sa *out_sa;
struct cn9k_sec_session *priv;
- struct rte_mempool *sess_mp;
struct roc_ie_on_sa_ctl *ctl;
struct cn9k_ipsec_sa *sa;
- priv = get_sec_session_private_data(sess);
+ priv = sess;
if (priv == NULL)
return 0;
@@ -590,13 +565,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
rte_io_wmb();
- sess_mp = rte_mempool_from_obj(priv);
-
memset(priv, 0, sizeof(*priv));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
-
return 0;
}
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index cb2ad435bf..feaf3ccd4f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1351,8 +1351,7 @@ build_sec_fd(struct rte_crypto_op *op,
op->sym->session, cryptodev_driver_id);
#ifdef RTE_LIB_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = (dpaa2_sec_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess = (dpaa2_sec_session *)(op->sym->sec_session);
#endif
else
return -ENOTSUP;
@@ -1525,7 +1524,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
struct rte_crypto_op *op;
uint16_t len = DPAA2_GET_FD_LEN(fd);
int16_t diff = 0;
- dpaa2_sec_session *sess_priv __rte_unused;
+ dpaa2_sec_session *sess_priv;
struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1538,8 +1537,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
mbuf->buf_iova = op->sym->aead.digest.phys_addr;
op->sym->aead.digest.phys_addr = 0L;
- sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
if (sess_priv->dir == DIR_ENC)
mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
else
@@ -3388,63 +3386,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
static int
dpaa2_sec_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- DPAA2_SEC_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = dpaa2_sec_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
case RTE_SECURITY_PROTOCOL_PDCP:
- ret = dpaa2_sec_set_pdcp_session(cdev, conf,
- sess_private_data);
+ ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
break;
default:
return -EINVAL;
}
if (ret != 0) {
DPAA2_SEC_ERR("Failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/** Clear the memory of session so it doesn't leave key material behind */
static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
+ if (sess) {
rte_free(s->ctxt);
rte_free(s->cipher_key.data);
rte_free(s->auth_key.data);
memset(s, 0, sizeof(dpaa2_sec_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index a2ffc6c02f..387bd92ab0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1005,8 +1005,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
}
if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = (dpaa2_sec_session *)get_sec_session_private_data(
- session_ctx.sec_sess);
+ sess = (dpaa2_sec_session *)session_ctx.sec_sess;
else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
sess = (dpaa2_sec_session *)get_sym_session_private_data(
session_ctx.crypto_sess, cryptodev_driver_id);
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 454b9c4785..617c48298f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1790,8 +1790,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
#ifdef RTE_LIB_SECURITY
case RTE_CRYPTO_OP_SECURITY_SESSION:
ses = (dpaa_sec_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ (op->sym->sec_session);
break;
#endif
default:
@@ -2569,7 +2568,6 @@ static inline void
free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
{
struct dpaa_sec_dev_private *qi = dev->data->dev_private;
- struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
uint8_t i;
for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2579,7 +2577,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
s->qp[i] = NULL;
}
free_session_data(s);
- rte_mempool_put(sess_mp, (void *)s);
}
/** Clear the memory of session so it doesn't leave key material behind */
@@ -3114,26 +3111,17 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
static int
dpaa_sec_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- DPAA_SEC_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = dpaa_sec_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_PDCP:
- ret = dpaa_sec_set_pdcp_session(cdev, conf,
- sess_private_data);
+ ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
@@ -3142,29 +3130,21 @@ dpaa_sec_security_session_create(void *dev,
}
if (ret != 0) {
DPAA_SEC_ERR("failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/** Clear the memory of session so it doesn't leave key material behind */
static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+ dpaa_sec_session *s = (dpaa_sec_session *)sess;
- if (sess_priv) {
+ if (sess)
free_session_memory((struct rte_cryptodev *)dev, s);
- set_sec_session_private_data(sess, NULL);
- }
return 0;
}
#endif
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index 522685f8cf..a07901ebd3 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1010,8 +1010,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
}
if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = (dpaa_sec_session *)get_sec_session_private_data(
- session_ctx.sec_sess);
+ sess = (dpaa_sec_session *)session_ctx.sec_sess;
else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
sess = (dpaa_sec_session *)get_sym_session_private_data(
session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e05bc04c3b..58ca2a6e54 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1353,8 +1353,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
return -1;
}
- session = (struct aesni_mb_session *)
- get_sec_session_private_data(op->sym->sec_session);
+ session = (struct aesni_mb_session *)(op->sym->sec_session);
if (unlikely(session == NULL)) {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1491,7 +1490,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
* this is for DOCSIS
*/
is_docsis_sec = 1;
- sess = get_sec_session_private_data(op->sym->sec_session);
+ sess = (struct aesni_mb_session *)(op->sym->sec_session);
} else
#endif
{
@@ -1894,10 +1893,8 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
*/
static int
aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess_private_data)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
@@ -1907,41 +1904,24 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
return -EINVAL;
}
- if (rte_mempool_get(mempool, &sess_private_data)) {
- IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
sess_private_data);
if (ret != 0) {
IPSEC_MB_LOG(ERR, "Failed to configure session parameters");
-
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/** Clear the memory of session so it does not leave key material behind */
static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess_priv)
{
- void *sess_priv = get_sec_session_private_data(sess);
-
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
+ if (sess_priv)
memset(sess_priv, 0, sizeof(struct aesni_mb_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
- }
+
return 0;
}
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..94e3ff9e5b 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
return -EINVAL;
}
- sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
if (unlikely(sess == NULL)) {
MRVL_LOG(ERR, "Session was not created for this device! %d",
cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
/** Clear the memory of session so it doesn't leave key material behind */
static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
{
- void *sess_priv = get_sec_session_private_data(sess);
-
/* Zero out the whole structure */
- if (sess_priv) {
+ if (sess) {
struct mrvl_crypto_session *mrvl_sess =
(struct mrvl_crypto_session *)sess_priv;
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
if (mrvl_sess->sam_sess &&
sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
rte_free(mrvl_sess->sam_sess_params.cipher_key);
rte_free(mrvl_sess->sam_sess_params.auth_key);
rte_free(mrvl_sess->sam_sess_params.cipher_iv);
- memset(sess, 0, sizeof(struct rte_security_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
uint8_t esn;
int ret;
- priv = get_sec_session_private_data(op->sym->sec_session);
+ priv = (struct otx2_sec_session *)(op->sym->sec_session);
sess = &priv->ipsec.lp;
sa = &sess->in_sa;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@ static int
crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
struct otx2_ipsec_po_sa_ctl *ctl;
int cipher_key_len, auth_key_len;
struct otx2_ipsec_po_out_sa *sa;
- struct otx2_sec_session *sess;
struct otx2_cpt_inst_s inst;
struct rte_ipv6_hdr *ip6;
struct rte_ipv4_hdr *ip;
int ret, ctx_len;
- sess = get_sec_session_private_data(sec_sess);
sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
lp = &sess->ipsec.lp;
@@ -398,7 +396,7 @@ static int
crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
struct otx2_ipsec_po_sa_ctl *ctl;
int cipher_key_len, auth_key_len;
struct otx2_ipsec_po_in_sa *sa;
- struct otx2_sec_session *sess;
struct otx2_cpt_inst_s inst;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
lp = &sess->ipsec.lp;
@@ -512,7 +508,7 @@ static int
crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct otx2_sec_session *sess)
{
int ret;
@@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
static int
otx2_crypto_sec_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct otx2_sec_session *priv;
+ struct otx2_sec_session *priv = sess;
int ret;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device,
if (rte_security_dynfield_register() < 0)
return -rte_errno;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- otx2_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
priv->userdata = conf->userdata;
if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
conf->crypto_xform,
- sess);
+ priv);
else
ret = -ENOTSUP;
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
return ret;
}
static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
{
- struct otx2_sec_session *priv;
- struct rte_mempool *sess_mp;
+ struct otx2_sec_session *priv = sess;
- priv = get_sec_session_private_data(sess);
-
- if (priv == NULL)
- return 0;
-
- sess_mp = rte_mempool_from_obj(priv);
-
- memset(priv, 0, sizeof(*priv));
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
+ if (priv)
+ memset(priv, 0, sizeof(*priv));
return 0;
}
@@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused)
}
static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
- struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
op->sym->session, qat_sym_driver_id);
#ifdef RTE_LIB_SECURITY
} else {
- ctx = (struct qat_sym_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ ctx = (struct qat_sym_session *)(op->sym->sec_session);
if (likely(ctx)) {
if (unlikely(ctx->bpi_ctx == NULL)) {
QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
op = (struct rte_crypto_op *)ops[i];
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- ctx = (struct qat_sym_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ ctx = (struct qat_sym_session *)(op->sym->sec_session);
if (ctx == NULL || ctx->bpi_ctx == NULL)
continue;
@@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
* Assuming at this point that if it's a security
* op, that this is for DOCSIS
*/
- sess = (struct qat_sym_session *)
- get_sec_session_private_data(
- rx_op->sym->sec_session);
+ sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
is_docsis_sec = 1;
} else
#endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
int
qat_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess_private_data)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
@@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev,
return -EINVAL;
}
- if (rte_mempool_get(mempool, &sess_private_data)) {
- QAT_LOG(ERR, "Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
ret = qat_sec_session_set_docsis_parameters(cdev, conf,
sess_private_data);
if (ret != 0) {
QAT_LOG(ERR, "Failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
int
-qat_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
{
- void *sess_priv = get_sec_session_private_data(sess);
struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
if (sess_priv) {
if (s->bpi_ctx)
bpi_cipher_ctx_free(s->bpi_ctx);
memset(s, 0, qat_sym_session_get_private_size(dev));
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
#ifdef RTE_LIB_SECURITY
int
qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
- struct rte_security_session *sess, struct rte_mempool *mempool);
+ void *sess);
int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
#endif
#endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..cd54a3beee 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
static int
ixgbe_crypto_create_session(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *session,
- struct rte_mempool *mempool)
+ void *session)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
- struct ixgbe_crypto_session *ic_session = NULL;
+ struct ixgbe_crypto_session *ic_session = session;
struct rte_crypto_aead_xform *aead_xform;
struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf;
- if (rte_mempool_get(mempool, (void **)&ic_session)) {
- PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
- return -ENOMEM;
- }
-
if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
conf->crypto_xform->aead.algo !=
RTE_CRYPTO_AEAD_AES_GCM) {
PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
ic_session->spi = conf->ipsec.spi;
ic_session->dev = eth_dev;
- set_sec_session_private_data(session, ic_session);
-
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
if (ixgbe_crypto_add_sa(ic_session)) {
PMD_DRV_LOG(ERR, "Failed to add SA\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -EPERM;
}
}
@@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device)
}
static int
-ixgbe_crypto_remove_session(void *device,
- struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
{
struct rte_eth_dev *eth_dev = device;
struct ixgbe_crypto_session *ic_session =
- (struct ixgbe_crypto_session *)
- get_sec_session_private_data(session);
- struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+ (struct ixgbe_crypto_session *)session;
if (eth_dev != ic_session->dev) {
PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device,
return -EFAULT;
}
- rte_mempool_put(mempool, (void *)ic_session);
-
return 0;
}
@@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
}
static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
- struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
struct rte_mbuf *m, void *params __rte_unused)
{
- struct ixgbe_crypto_session *ic_session =
- get_sec_session_private_data(session);
+ struct ixgbe_crypto_session *ic_session = session;
+
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
union ixgbe_crypto_tx_desc_md *mdata =
(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,10 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
const void *ip_spec,
uint8_t is_ipv6)
{
- struct ixgbe_crypto_session *ic_session
- = get_sec_session_private_data(sess);
+ uint64_t sess_ptr = (uint64_t)sess;
+ struct ixgbe_crypto_session *ic_session =
+ (struct ixgbe_crypto_session *)sess_ptr;
+ /* TODO: A proper fix need to be added to remove above typecasting. */
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
if (is_ipv6) {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index bcf488f203..7a09f7183d 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@ drivers = [
'bnx2x',
'bnxt',
'bonding',
- 'cnxk',
+# 'cnxk',
'cxgbe',
'dpaa',
'dpaa2',
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@ static int
eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sec_sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
struct otx2_cpt_inst_s inst;
struct otx2_cpt_qp *qp;
- priv = get_sec_session_private_data(sec_sess);
+ priv = sec_sess;
priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
sess = &priv->ipsec.ip;
@@ -468,7 +468,7 @@ static int
eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sec_sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
ctl = &sa->ctl;
- priv = get_sec_session_private_data(sec_sess);
+ priv = sec_sess;
priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
sess = &priv->ipsec.ip;
@@ -619,7 +619,7 @@ static int
eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct otx2_sec_session *sess)
{
int ret;
@@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
static int
otx2_eth_sec_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct otx2_sec_session *priv;
+ struct otx2_sec_session *priv = sess;
int ret;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
return -ENOTSUP;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- otx2_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
/*
* Save userdata provided by the application. For ingress packets, this
* could be used to identify the SA.
@@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device,
if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
conf->crypto_xform,
- sess);
+ priv);
else
ret = -ENOTSUP;
if (ret)
- goto mempool_put;
+ return ret;
return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
}
static void
@@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
}
static int
-otx2_eth_sec_session_destroy(void *device,
- struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
{
struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
struct otx2_sec_session_ipsec_ip *sess_ip;
struct otx2_ipsec_fp_in_sa *sa;
- struct otx2_sec_session *priv;
- struct rte_mempool *sess_mp;
+ struct otx2_sec_session *priv = sess;
int ret;
- priv = get_sec_session_private_data(sess);
- if (priv == NULL)
- return -EINVAL;
-
sess_ip = &priv->ipsec.ip;
if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device,
return ret;
}
- sess_mp = rte_mempool_from_obj(priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
-
return 0;
}
@@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused)
}
static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
- struct rte_security_session *session,
- struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+ struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
struct nix_iova_s nix_iova;
} *sd;
- priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+ priv = (void *)(*rte_security_dynfield(m));
sess = &priv->ipsec.ip;
sa = &sess->out_sa;
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..444da5b8f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
static int
txgbe_crypto_create_session(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *session,
- struct rte_mempool *mempool)
+ void *session)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
- struct txgbe_crypto_session *ic_session = NULL;
+ struct txgbe_crypto_session *ic_session = session;
struct rte_crypto_aead_xform *aead_xform;
struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf;
- if (rte_mempool_get(mempool, (void **)&ic_session)) {
- PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
- return -ENOMEM;
- }
-
if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
conf->crypto_xform->aead.algo !=
RTE_CRYPTO_AEAD_AES_GCM) {
PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
ic_session->spi = conf->ipsec.spi;
ic_session->dev = eth_dev;
- set_sec_session_private_data(session, ic_session);
-
if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
if (txgbe_crypto_add_sa(ic_session)) {
PMD_DRV_LOG(ERR, "Failed to add SA\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -EPERM;
}
}
@@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device)
}
static int
-txgbe_crypto_remove_session(void *device,
- struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
{
struct rte_eth_dev *eth_dev = device;
struct txgbe_crypto_session *ic_session =
- (struct txgbe_crypto_session *)
- get_sec_session_private_data(session);
- struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+ (struct txgbe_crypto_session *)session;
if (eth_dev != ic_session->dev) {
PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device,
return -EFAULT;
}
- rte_mempool_put(mempool, (void *)ic_session);
-
return 0;
}
@@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
}
static int
-txgbe_crypto_update_mb(void *device __rte_unused,
- struct rte_security_session *session,
- struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+ struct rte_mbuf *m, void *params __rte_unused)
{
- struct txgbe_crypto_session *ic_session =
- get_sec_session_private_data(session);
+ struct txgbe_crypto_session *ic_session = session;
+
if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
union txgbe_crypto_tx_desc_md *mdata =
(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +643,10 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
const void *ip_spec,
uint8_t is_ipv6)
{
+ uint64_t sess_ptr = (uint64_t)sess;
struct txgbe_crypto_session *ic_session =
- get_sec_session_private_data(sess);
+ (struct txgbe_crypto_session *)sess_ptr;
+ /* TODO: A proper fix need to be added to remove above typecasting. */
if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
set_ipsec_conf(sa, &(sess_conf.ipsec));
ips->security.ses = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool,
- ipsec_ctx->session_priv_pool);
+ &sess_conf, ipsec_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
}
ips->security.ses = rte_security_session_create(sec_ctx,
- &sess_conf, skt_ctx->session_pool,
- skt_ctx->session_priv_pool);
+ &sess_conf, skt_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.userdata = (void *) sa;
ips->security.ses = rte_security_session_create(sec_ctx,
- &sess_conf, skt_ctx->session_pool,
- skt_ctx->session_priv_pool);
+ &sess_conf, skt_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@ rte_security_dynfield_register(void)
return rte_security_dynfield_offset;
}
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
- struct rte_mempool *mp,
- struct rte_mempool *priv_mp)
+ struct rte_mempool *mp)
{
struct rte_security_session *sess = NULL;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
RTE_PTR_OR_ERR_RET(conf, NULL);
RTE_PTR_OR_ERR_RET(mp, NULL);
- RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+ if (mp->elt_size < sizeof(struct rte_security_session) +
+ instance->ops->session_get_size(instance->device))
+ return NULL;
if (rte_mempool_get(mp, (void **)&sess))
return NULL;
if (instance->ops->session_create(instance->device, conf,
- sess, priv_mp)) {
+ sess->sess_private_data)) {
rte_mempool_put(mp, (void *)sess);
return NULL;
}
instance->sess_cnt++;
- return sess;
+ return sess->sess_private_data;
}
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_security_stats *stats)
+ void *sess, struct rte_security_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
-ENOTSUP);
@@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
}
int
-rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
{
+ struct rte_security_session *s;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
if (ret != 0)
return ret;
- rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+ s = container_of(sess, struct rte_security_session, sess_private_data);
+ rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
if (instance->sess_cnt)
instance->sess_cnt--;
@@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
int
__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params)
{
#ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 4c55dcd744..c5ceb3b588 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -509,10 +509,12 @@ struct rte_security_session_conf {
};
struct rte_security_session {
- void *sess_private_data;
- /**< Private session material */
uint64_t opaque_data;
/**< Opaque user defined data */
+ uint64_t fast_mdata;
+ /**< Fast metadata to be used for inline path */
+ __extension__ void *sess_private_data[0];
+ /**< Private session material */
};
/**
@@ -526,11 +528,10 @@ struct rte_security_session {
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
- struct rte_mempool *mp,
- struct rte_mempool *priv_mp);
+ struct rte_mempool *mp);
/**
* Update security session as specified by the session configuration
@@ -545,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
__rte_experimental
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf);
/**
@@ -576,7 +577,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
*/
int
rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess);
+ void *sess);
/** Device-specific metadata field type */
typedef uint64_t rte_security_dynfield_t;
@@ -622,7 +623,7 @@ static inline bool rte_security_dynfield_is_registered(void)
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params);
/**
@@ -640,13 +641,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
*/
static inline int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
*rte_security_dynfield(mb) =
- (rte_security_dynfield_t)(sess->sess_private_data);
+ (rte_security_dynfield_t)(sess);
return 0;
}
@@ -696,26 +697,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
*/
static inline int
__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
- struct rte_security_session *sess)
+ void *sess)
{
sym_op->sec_session = sess;
return 0;
}
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
- return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
- void *private_data)
-{
- sess->sess_private_data = private_data;
-}
-
/**
* Attach a session to a crypto operation.
* This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -726,8 +714,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
* @param sess security session
*/
static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
- struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
{
if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
return -EINVAL;
@@ -789,7 +776,7 @@ struct rte_security_stats {
__rte_experimental
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats);
/**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..5a177d72d7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@ extern "C" {
*/
typedef int (*security_session_create_t)(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mp);
+ void *sess);
/**
* Free driver private session data.
@@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device,
* @param device Crypto/eth device pointer
* @param sess Security session structure
*/
-typedef int (*security_session_destroy_t)(void *device,
- struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
/**
* Update driver private session data.
@@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device,
* - Returns -ENOTSUP if crypto device does not support the crypto transform.
*/
typedef int (*security_session_update_t)(void *device,
- struct rte_security_session *sess,
- struct rte_security_session_conf *conf);
+ void *sess, struct rte_security_session_conf *conf);
/**
* Get the size of a security session
@@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device);
* - Returns -EINVAL if session parameters are invalid.
*/
typedef int (*security_session_stats_get_t)(void *device,
- struct rte_security_session *sess,
- struct rte_security_stats *stats);
+ void *sess, struct rte_security_stats *stats);
__rte_internal
int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@ int rte_security_dynfield_register(void);
* Update the mbuf with provided metadata.
*
* @param device Crypto/eth device pointer
- * @param sess Security session structure
+ * @param sess Security session
* @param mb Packet buffer
* @param params Metadata
*
@@ -105,7 +101,7 @@ int rte_security_dynfield_register(void);
* - Returns -ve value for errors.
*/
typedef int (*security_set_pkt_metadata_t)(void *device,
- struct rte_security_session *sess, struct rte_mbuf *mb,
+ void *sess, struct rte_mbuf *mb,
void *params);
/**
--
2.25.1
next prev parent reply other threads:[~2021-10-18 21:35 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
2021-09-30 14:50 ` [dpdk-dev] [PATCH 1/3] security: rework session framework Akhil Goyal
2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
2021-10-12 12:26 ` Zhang, Roy Fan
2021-10-12 12:29 ` Akhil Goyal
2021-10-12 13:32 ` Zhang, Roy Fan
2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
2021-10-01 15:53 ` Zhang, Roy Fan
2021-10-04 19:07 ` Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
2021-10-18 21:34 ` Akhil Goyal [this message]
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 2/8] security: hide security session struct Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
2021-10-20 19:27 ` Ananyev, Konstantin
2021-10-21 6:53 ` Akhil Goyal
2021-10-21 10:38 ` Ananyev, Konstantin
2021-10-21 12:30 ` Akhil Goyal
2021-10-21 13:11 ` Ananyev, Konstantin
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-20 14:36 ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Hemant Agrawal
2021-10-20 15:45 ` Power, Ciara
2021-10-20 16:41 ` Akhil Goyal
2021-10-20 16:48 ` Akhil Goyal
2021-10-20 18:04 ` Akhil Goyal
2021-10-21 8:43 ` Zhang, Roy Fan
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 2/7] security: hide security session struct Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-14 11:47 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-14 12:30 ` Zhang, Roy Fan
2021-10-14 12:34 ` Akhil Goyal
2021-10-14 17:07 ` Zhang, Roy Fan
2021-10-14 18:23 ` Akhil Goyal
2021-10-14 18:57 ` Akhil Goyal
2021-10-15 15:33 ` Zhang, Roy Fan
2021-10-15 17:42 ` Akhil Goyal
2021-10-15 18:47 ` Akhil Goyal
2021-10-16 13:31 ` Zhang, Roy Fan
2021-10-16 13:21 ` Zhang, Roy Fan
2021-10-15 8:12 ` Zhang, Roy Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211018213452.2734720-2-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=adwivedi@marvell.com \
--cc=ajit.khaparde@broadcom.com \
--cc=anoobj@marvell.com \
--cc=asomalap@amd.com \
--cc=ciara.power@intel.com \
--cc=david.marchand@redhat.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=g.singh@nxp.com \
--cc=haiyue.wang@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jianjay.zhou@huawei.com \
--cc=jianwang@trustnetic.com \
--cc=jiawenwu@trustnetic.com \
--cc=konstantin.ananyev@intel.com \
--cc=matan@nvidia.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).