From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1CFC3A0C52; Mon, 18 Oct 2021 23:35:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 06B02410E4; Mon, 18 Oct 2021 23:35:21 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8141540DDE for ; Mon, 18 Oct 2021 23:35:18 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19IK0Kph000865; Mon, 18 Oct 2021 14:35:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=C79X0lopcf+J9TlskefW7cLhaD52yVtMV3G8q+0kIz4=; b=bySjlkHGH1GkUjpWLNDNLQ88/u00vGzhIzkgkKnqGtgwNS7WjH8uLsuEwkfJL+abCTP0 RWIEDj7x8Nv7/QTU7Fpnzb6CxUWT99h43sx6EVkOgmOIPtTjgXEfZiBxs52A3M1Szi1/ eE21yWvlmiArVc+pSqYiXengn7lbV4tYjNhLNqWB3nVuy4kiqvEXOibBCkh31c4cXJcj hFB2MxHoeyE36NlhrB1n6blDHZC49MHhJJ8yuYFjnpiFCrgpi22Di3+QR0H+S/99tFHT EeiI7HXm4yEzou86Na1dQU+nC43/tOOGy8H2sPQ4OHGMb2nNJtTvA1ZOnImXUdVKRuE2 PA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bsfk489pu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 18 Oct 2021 14:35:12 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 18 Oct 2021 14:35:09 -0700 Received: from maili.marvell.com (10.68.76.51) by dc5-exch01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 18 Oct 2021 14:35:09 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id DD9943F7043; Mon, 18 Oct 2021 14:35:02 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , , , , Akhil Goyal Date: Tue, 19 Oct 2021 03:04:45 +0530 Message-ID: <20211018213452.2734720-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211018213452.2734720-1-gakhil@marvell.com> References: <20211013192222.1582631-2-gakhil@marvell.com> <20211018213452.2734720-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: tIPVMzQnjBCKuRIV9ycO9JXf2FxQAkc2 X-Proofpoint-GUID: tIPVMzQnjBCKuRIV9ycO9JXf2FxQAkc2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-18_07,2021-10-18_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 1/8] security: rework session framework X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" As per current design, rte_security_session_create() unnecessarily use 2 mempool objects for a single session. And structure rte_security_session is not directly used by the application, it may cause ABI breakage if the structure is modified in future. To address these two issues, the API will now take only 1 mempool object instead of 2 and return a void pointer directly to the session private data. With this change, the library layer will get the object from mempool and pass session_private_data to the PMD for filling the PMD data. Since set and get pkt metadata for security sessions are now made inline for Inline crypto/proto mode, a new member fast_mdata is added to the rte_security_session. To access opaque data and fast_mdata will be accessed via inline APIs which can do pointer manipulations inside library from session_private_data pointer coming from application. Signed-off-by: Akhil Goyal --- app/test-crypto-perf/cperf_ops.c | 13 +- .../cperf_test_pmd_cyclecount.c | 2 +- app/test/test_cryptodev.c | 17 +- app/test/test_ipsec.c | 11 +- app/test/test_security.c | 193 ++++-------------- drivers/crypto/caam_jr/caam_jr.c | 32 +-- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 6 +- drivers/crypto/cnxk/cn10k_ipsec.c | 53 +---- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 2 +- drivers/crypto/cnxk/cn9k_ipsec.c | 50 +---- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 +--- drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 3 +- drivers/crypto/dpaa_sec/dpaa_sec.c | 34 +-- drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c | 3 +- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 32 +-- drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +- drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 11 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 54 +---- drivers/crypto/qat/qat_sym.c | 3 +- drivers/crypto/qat/qat_sym.h | 8 +- drivers/crypto/qat/qat_sym_session.c | 21 +- drivers/crypto/qat/qat_sym_session.h | 4 +- drivers/net/ixgbe/ixgbe_ipsec.c | 38 +--- drivers/net/meson.build | 2 +- drivers/net/octeontx2/otx2_ethdev_sec.c | 51 ++--- drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +- drivers/net/txgbe/txgbe_ipsec.c | 38 +--- examples/ipsec-secgw/ipsec.c | 9 +- lib/security/rte_security.c | 28 +-- lib/security/rte_security.h | 41 ++-- lib/security/rte_security_driver.h | 16 +- 32 files changed, 204 insertions(+), 617 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 263841c339..6c3aa77dec 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -67,8 +67,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops, for (i = 0; i < nb_ops; i++) { struct rte_crypto_sym_op *sym_op = ops[i]->sym; - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; uint32_t buf_sz; uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i], @@ -76,7 +74,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, *per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN; ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; - rte_security_attach_session(ops[i], sec_sess); + rte_security_attach_session(ops[i], (void *)sess); sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); @@ -608,7 +606,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, static struct rte_cryptodev_sym_session * create_ipsec_session(struct rte_mempool *sess_mp, - struct rte_mempool *priv_mp, uint8_t dev_id, const struct cperf_options *options, const struct cperf_test_vector *test_vector, @@ -720,7 +717,7 @@ create_ipsec_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } static struct rte_cryptodev_sym_session * @@ -831,11 +828,11 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } if (options->op_type == CPERF_IPSEC) { - return create_ipsec_session(sess_mp, priv_mp, dev_id, + return create_ipsec_session(sess_mp, dev_id, options, test_vector, iv_offset); } @@ -880,7 +877,7 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } #endif sess = rte_cryptodev_sym_session_create(sess_mp); diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index fda97e8ab9..e43e2a3b96 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } else #endif { diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 814a0b401d..996b3b4de6 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -83,7 +83,7 @@ struct crypto_unittest_params { union { struct rte_cryptodev_sym_session *sess; #ifdef RTE_LIB_SECURITY - struct rte_security_session *sec_session; + void *sec_session; #endif }; #ifdef RTE_LIB_SECURITY @@ -8403,8 +8403,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -8675,8 +8674,7 @@ test_pdcp_proto_SGL(int i, int oop, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -9175,8 +9173,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (ut_params->sec_session == NULL) return TEST_SKIPPED; @@ -9597,8 +9594,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", @@ -9773,8 +9769,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index c6d6b88d6d..2ffa2a8e79 100644 --- a/app/test/test_ipsec.c +++ b/app/test/test_ipsec.c @@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = { static int dummy_sec_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mp) + void *sess) { RTE_SET_USED(device); RTE_SET_USED(conf); - RTE_SET_USED(mp); - - sess->sess_private_data = NULL; + RTE_SET_USED(sess); return 0; } static int -dummy_sec_destroy(void *device, struct rte_security_session *sess) +dummy_sec_destroy(void *device, void *sess) { RTE_SET_USED(device); RTE_SET_USED(sess); @@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut, static struct rte_security_session_conf conf; ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx, - &conf, qp->mp_session, - qp->mp_session_private); + &conf, qp->mp_session); if (ut->ss[j].security.ses == NULL) return -ENOMEM; diff --git a/app/test/test_security.c b/app/test/test_security.c index 060cf1ffa8..1cea756880 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -200,25 +200,6 @@ expected_mempool_usage, mempool_usage); \ } while (0) -/** - * Verify usage of mempool by checking if number of allocated objects matches - * expectations. The mempool is used to manage objects for sessions priv data. - * A single object is acquired from mempool during session_create - * and put back in session_destroy. - * - * @param expected_priv_mp_usage expected number of used priv mp objects - */ -#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do { \ - struct security_testsuite_params *ts_params = &testsuite_params;\ - unsigned int priv_mp_usage; \ - priv_mp_usage = rte_mempool_in_use_count( \ - ts_params->session_priv_mpool); \ - TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage, \ - "Expecting %u priv mempool allocations, " \ - "but there are %u allocated objects", \ - expected_priv_mp_usage, priv_mp_usage); \ -} while (0) - /** * Mockup structures and functions for rte_security_ops; * @@ -253,39 +234,28 @@ static struct mock_session_create_data { void *device; struct rte_security_session_conf *conf; - struct rte_security_session *sess; + void *sess; struct rte_mempool *mp; - struct rte_mempool *priv_mp; int ret; int called; int failed; -} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0}; +} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0}; static int mock_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *priv_mp) + void *sess) { - void *sess_priv; - int ret; mock_session_create_exp.called++; MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf); - MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp); - if (mock_session_create_exp.ret == 0) { - ret = rte_mempool_get(priv_mp, &sess_priv); - TEST_ASSERT_EQUAL(0, ret, - "priv mempool does not have enough objects"); - - set_sec_session_private_data(sess, sess_priv); + if (mock_session_create_exp.ret == 0) mock_session_create_exp.sess = sess; - } return mock_session_create_exp.ret; } @@ -297,7 +267,7 @@ mock_session_create(void *device, */ static struct mock_session_update_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_session_conf *conf; int ret; @@ -308,7 +278,7 @@ static struct mock_session_update_data { static int mock_session_update(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { mock_session_update_exp.called++; @@ -351,7 +321,7 @@ mock_session_get_size(void *device) */ static struct mock_session_stats_get_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_stats *stats; int ret; @@ -362,7 +332,7 @@ static struct mock_session_stats_get_data { static int mock_session_stats_get(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats) { mock_session_stats_get_exp.called++; @@ -381,7 +351,7 @@ mock_session_stats_get(void *device, */ static struct mock_session_destroy_data { void *device; - struct rte_security_session *sess; + void *sess; int ret; @@ -390,15 +360,9 @@ static struct mock_session_destroy_data { } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0}; static int -mock_session_destroy(void *device, struct rte_security_session *sess) +mock_session_destroy(void *device, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - mock_session_destroy_exp.called++; - if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) { - rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv); - set_sec_session_private_data(sess, NULL); - } MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess); @@ -412,7 +376,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess) */ static struct mock_set_pkt_metadata_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_mbuf *m; void *params; @@ -424,7 +388,7 @@ static struct mock_set_pkt_metadata_data { static int mock_set_pkt_metadata(void *device, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { @@ -536,7 +500,6 @@ struct rte_security_ops mock_ops = { */ static struct security_testsuite_params { struct rte_mempool *session_mpool; - struct rte_mempool *session_priv_mpool; } testsuite_params = { NULL }; /** @@ -549,7 +512,7 @@ static struct security_testsuite_params { static struct security_unittest_params { struct rte_security_ctx ctx; struct rte_security_session_conf conf; - struct rte_security_session *sess; + void *sess; } unittest_params = { .ctx = { .device = NULL, @@ -563,7 +526,7 @@ static struct security_unittest_params { #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp" #define SECURITY_TEST_MEMPOOL_SIZE 15 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session) -#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64 +#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024 /** * testsuite_setup initializes whole test suite parameters. @@ -577,27 +540,13 @@ testsuite_setup(void) ts_params->session_mpool = rte_mempool_create( SECURITY_TEST_MEMPOOL_NAME, SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_OBJ_SZ, + SECURITY_TEST_SESSION_OBJ_SZ + + SECURITY_TEST_SESSION_PRIV_OBJ_SZ, 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0); TEST_ASSERT_NOT_NULL(ts_params->session_mpool, "Cannot create mempool %s\n", rte_strerror(rte_errno)); - ts_params->session_priv_mpool = rte_mempool_create( - SECURITY_TEST_PRIV_MEMPOOL_NAME, - SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_PRIV_OBJ_SZ, - 0, 0, NULL, NULL, NULL, NULL, - SOCKET_ID_ANY, 0); - if (ts_params->session_priv_mpool == NULL) { - RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): " - "Cannot create priv mempool %s\n", - __func__, __LINE__, rte_strerror(rte_errno)); - rte_mempool_free(ts_params->session_mpool); - ts_params->session_mpool = NULL; - return TEST_FAILED; - } - return TEST_SUCCESS; } @@ -612,10 +561,6 @@ testsuite_teardown(void) rte_mempool_free(ts_params->session_mpool); ts_params->session_mpool = NULL; } - if (ts_params->session_priv_mpool) { - rte_mempool_free(ts_params->session_priv_mpool); - ts_params->session_priv_mpool = NULL; - } } /** @@ -704,7 +649,7 @@ ut_setup_with_session(void) { struct security_unittest_params *ut_params = &unittest_params; struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; int ret = ut_setup(); if (ret != TEST_SUCCESS) @@ -713,12 +658,11 @@ ut_setup_with_session(void) mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); + mock_session_get_size_exp.called = 0; TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -757,16 +701,14 @@ test_session_create_inv_context(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(NULL, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -781,18 +723,16 @@ test_session_create_inv_context_ops(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = NULL; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -807,18 +747,16 @@ test_session_create_inv_context_ops_fun(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = &empty_ops; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -832,16 +770,14 @@ test_session_create_inv_configuration(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, NULL, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -855,39 +791,14 @@ static int test_session_create_inv_mempool(void) { struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - NULL, ts_params->session_priv_mpool); + NULL); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); - TEST_ASSERT_SESSION_COUNT(0); - - return TEST_SUCCESS; -} - -/** - * Test execution of rte_security_session_create with NULL session - * priv mempool - */ -static int -test_session_create_inv_sess_priv_mempool(void) -{ - struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; - - sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, NULL); - TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, - sess, NULL, "%p"); - TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); - TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -902,9 +813,8 @@ test_session_create_mempool_empty(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; - void *tmp1[SECURITY_TEST_MEMPOOL_SIZE]; - struct rte_security_session *sess; + void *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *sess; /* Get all available objects from mempool. */ int i, ret; @@ -914,34 +824,23 @@ test_session_create_mempool_empty(void) TEST_ASSERT_EQUAL(0, ret, "Expect getting %d object from mempool" " to succeed", i); - ret = rte_mempool_get(ts_params->session_priv_mpool, - (void **)(&tmp1[i])); - TEST_ASSERT_EQUAL(0, ret, - "Expect getting %d object from priv mempool" - " to succeed", i); } TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); TEST_ASSERT_SESSION_COUNT(0); /* Put objects back to the pool. */ for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) { rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i])); - rte_mempool_put(ts_params->session_priv_mpool, - (tmp1[i])); } TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); return TEST_SUCCESS; } @@ -955,22 +854,19 @@ test_session_create_ops_failure(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = -1; /* Return failure status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -984,17 +880,15 @@ test_session_create_success(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; /* Return success status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -1003,7 +897,6 @@ test_session_create_success(void) sess, mock_session_create_exp.sess); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); /* @@ -1389,7 +1282,6 @@ test_session_destroy_inv_context(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(NULL, ut_params->sess); @@ -1397,7 +1289,6 @@ test_session_destroy_inv_context(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1414,7 +1305,6 @@ test_session_destroy_inv_context_ops(void) ut_params->ctx.ops = NULL; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1423,7 +1313,6 @@ test_session_destroy_inv_context_ops(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1440,7 +1329,6 @@ test_session_destroy_inv_context_ops_fun(void) ut_params->ctx.ops = &empty_ops; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1449,7 +1337,6 @@ test_session_destroy_inv_context_ops_fun(void) ret, -ENOTSUP, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1464,7 +1351,6 @@ test_session_destroy_inv_session(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, NULL); @@ -1472,7 +1358,6 @@ test_session_destroy_inv_session(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1492,7 +1377,6 @@ test_session_destroy_ops_failure(void) mock_session_destroy_exp.ret = -1; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1501,7 +1385,6 @@ test_session_destroy_ops_failure(void) ret, -1, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1519,7 +1402,6 @@ test_session_destroy_success(void) mock_session_destroy_exp.sess = ut_params->sess; mock_session_destroy_exp.ret = 0; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1528,7 +1410,6 @@ test_session_destroy_success(void) ret, 0, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); /* @@ -2495,8 +2376,6 @@ static struct unit_test_suite security_testsuite = { test_session_create_inv_configuration), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_inv_mempool), - TEST_CASE_ST(ut_setup, ut_teardown, - test_session_create_inv_sess_priv_mempool), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_mempool_empty), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index 8c56610ac8..00e680cf03 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) cryptodev_driver_id); break; case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = (struct caam_jr_session *) - get_sec_session_private_data( - op->sym->sec_session); + ses = (struct caam_jr_session *)(op->sym->sec_session); break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); @@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, static int caam_jr_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - CAAM_JR_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = caam_jr_set_ipsec_session(cdev, conf, - sess_private_data); + ret = caam_jr_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev, } if (ret != 0) { CAAM_JR_ERR("failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /* Clear the memory of session so it doesn't leave key material behind */ static int -caam_jr_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +caam_jr_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - struct caam_jr_session *s = (struct caam_jr_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + struct caam_jr_session *s = (struct caam_jr_session *)sess; + if (sess) { rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(sess, 0, sizeof(struct caam_jr_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index c25c8e67b2..de2eebd507 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -122,8 +122,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = get_sec_session_private_data( - sym_op->sec_session); + sec_sess = (struct cn10k_sec_session *) + (sym_op->sec_session); ret = cpt_sec_inst_fill(op, sec_sess, infl_req, &inst[0]); if (unlikely(ret)) @@ -360,7 +360,7 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop, if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND)) return; - sess = get_sec_session_private_data(cop->sym->sec_session); + sess = (struct cn10k_sec_session *)(cop->sym->sec_session); sa = &sess->sa; mbuf = cop->sym->m_src; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 27df1dcd64..425fe599e0 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -35,17 +35,15 @@ static int cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { union roc_ot_ipsec_outb_param1 param1; struct roc_ot_ipsec_outb_sa *out_sa; struct cnxk_ipsec_outb_rlens rlens; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; @@ -114,16 +112,14 @@ static int cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { union roc_ot_ipsec_inb_param1 param1; struct roc_ot_ipsec_inb_sa *in_sa; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -175,7 +171,7 @@ static int cn10k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sess) + struct cn10k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct roc_cpt *roc_cpt; @@ -204,55 +200,28 @@ cn10k_ipsec_session_create(void *dev, static int cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn10k_sec_session *priv; - int ret; + struct cn10k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn10k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn10k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn10k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn10k_sec_session_destroy(void *device __rte_unused, void *sess) { - struct cn10k_sec_session *priv; - struct rte_mempool *sess_mp; - - priv = get_sec_session_private_data(sess); + struct cn10k_sec_session *priv = sess; if (priv == NULL) return 0; - - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + memset(priv, 0, sizeof(*priv)); return 0; } diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 75277936b0..4c2dc5b080 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, return -ENOTSUP; } - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct cn9k_sec_session *)(op->sym->sec_session); sa = &priv->sa; if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 53fb793654..a602d38a11 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -275,14 +275,13 @@ static int cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; struct roc_ie_on_ip_template *template = NULL; struct roc_cpt *roc_cpt = qp->lf.roc_cpt; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_outb_sa *out_sa; - struct cn9k_sec_session *sess; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; struct rte_ipv6_hdr *ip6; @@ -294,7 +293,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; ctl = &out_sa->common_sa.ctl; @@ -422,13 +420,12 @@ static int cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform; struct roc_cpt *roc_cpt = qp->lf.roc_cpt; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_inb_sa *in_sa; - struct cn9k_sec_session *sess; struct cn9k_ipsec_sa *sa; const uint8_t *auth_key; union cpt_inst_w4 w4; @@ -437,7 +434,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len = 0; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -501,7 +497,7 @@ static int cn9k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xform, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct cn9k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct cnxk_cpt_qp *qp; @@ -532,53 +528,32 @@ cn9k_ipsec_session_create(void *dev, static int cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn9k_sec_session *priv; - int ret; + struct cn9k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn9k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn9k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn9k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn9k_sec_session_destroy(void *device __rte_unused, void *sess) { struct roc_ie_on_outb_sa *out_sa; struct cn9k_sec_session *priv; - struct rte_mempool *sess_mp; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; - priv = get_sec_session_private_data(sess); + priv = sess; if (priv == NULL) return 0; @@ -590,13 +565,8 @@ cn9k_sec_session_destroy(void *device __rte_unused, rte_io_wmb(); - sess_mp = rte_mempool_from_obj(priv); - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index cb2ad435bf..feaf3ccd4f 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1351,8 +1351,7 @@ build_sec_fd(struct rte_crypto_op *op, op->sym->session, cryptodev_driver_id); #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (dpaa2_sec_session *)(op->sym->sec_session); #endif else return -ENOTSUP; @@ -1525,7 +1524,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) struct rte_crypto_op *op; uint16_t len = DPAA2_GET_FD_LEN(fd); int16_t diff = 0; - dpaa2_sec_session *sess_priv __rte_unused; + dpaa2_sec_session *sess_priv; struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF( DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)), @@ -1538,8 +1537,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) mbuf->buf_iova = op->sym->aead.digest.phys_addr; op->sym->aead.digest.phys_addr = 0L; - sess_priv = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess_priv = (dpaa2_sec_session *)(op->sym->sec_session); if (sess_priv->dir == DIR_ENC) mbuf->data_off += SEC_FLC_DHR_OUTBOUND; else @@ -3388,63 +3386,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa2_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA2_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa2_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa2_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess); break; default: return -EINVAL; } if (ret != 0) { DPAA2_SEC_ERR("Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa2_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + dpaa2_sec_session *s = (dpaa2_sec_session *)sess; + if (sess) { rte_free(s->ctxt); rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(s, 0, sizeof(dpaa2_sec_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c index a2ffc6c02f..387bd92ab0 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c @@ -1005,8 +1005,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, } if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa2_sec_session *)get_sec_session_private_data( - session_ctx.sec_sess); + sess = (dpaa2_sec_session *)session_ctx.sec_sess; else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) sess = (dpaa2_sec_session *)get_sym_session_private_data( session_ctx.crypto_sess, cryptodev_driver_id); diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 454b9c4785..617c48298f 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -1790,8 +1790,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, #ifdef RTE_LIB_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: ses = (dpaa_sec_session *) - get_sec_session_private_data( - op->sym->sec_session); + (op->sym->sec_session); break; #endif default: @@ -2569,7 +2568,6 @@ static inline void free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) { struct dpaa_sec_dev_private *qi = dev->data->dev_private; - struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s); uint8_t i; for (i = 0; i < MAX_DPAA_CORES; i++) { @@ -2579,7 +2577,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) s->qp[i] = NULL; } free_session_data(s); - rte_mempool_put(sess_mp, (void *)s); } /** Clear the memory of session so it doesn't leave key material behind */ @@ -3114,26 +3111,17 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_pdcp_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -3142,29 +3130,21 @@ dpaa_sec_security_session_create(void *dev, } if (ret != 0) { DPAA_SEC_ERR("failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa_sec_session *s = (dpaa_sec_session *)sess_priv; + dpaa_sec_session *s = (dpaa_sec_session *)sess; - if (sess_priv) { + if (sess) free_session_memory((struct rte_cryptodev *)dev, s); - set_sec_session_private_data(sess, NULL); - } return 0; } #endif diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c index 522685f8cf..a07901ebd3 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c @@ -1010,8 +1010,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, } if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa_sec_session *)get_sec_session_private_data( - session_ctx.sec_sess); + sess = (dpaa_sec_session *)session_ctx.sec_sess; else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) sess = (dpaa_sec_session *)get_sym_session_private_data( session_ctx.crypto_sess, dpaa_cryptodev_driver_id); diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index e05bc04c3b..58ca2a6e54 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1353,8 +1353,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return -1; } - session = (struct aesni_mb_session *) - get_sec_session_private_data(op->sym->sec_session); + session = (struct aesni_mb_session *)(op->sym->sec_session); if (unlikely(session == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; @@ -1491,7 +1490,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job) * this is for DOCSIS */ is_docsis_sec = 1; - sess = get_sec_session_private_data(op->sym->sec_session); + sess = (struct aesni_mb_session *)(op->sym->sec_session); } else #endif { @@ -1894,10 +1893,8 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = { */ static int aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_private_data) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -1907,41 +1904,24 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess_private_data); if (ret != 0) { IPSEC_MB_LOG(ERR, "Failed to configure session parameters"); - - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it does not leave key material behind */ static int -aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess_priv) { - void *sess_priv = get_sec_session_private_data(sess); - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - + if (sess_priv) memset(sess_priv, 0, sizeof(struct aesni_mb_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); - } + return 0; } diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c index 04efd9aaa8..94e3ff9e5b 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c @@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request, return -EINVAL; } - sess = (struct mrvl_crypto_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (struct mrvl_crypto_session *)(op->sym->sec_session); if (unlikely(sess == NULL)) { MRVL_LOG(ERR, "Session was not created for this device! %d", cryptodev_driver_id); diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c index 3064b1f136..e04a2c88c7 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c @@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev, /** Clear the memory of session so it doesn't leave key material behind */ static int -mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - /* Zero out the whole structure */ - if (sess_priv) { + if (sess) { struct mrvl_crypto_session *mrvl_sess = (struct mrvl_crypto_session *)sess_priv; - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); if (mrvl_sess->sam_sess && sam_session_destroy(mrvl_sess->sam_sess) < 0) { @@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, rte_free(mrvl_sess->sam_sess_params.cipher_key); rte_free(mrvl_sess->sam_sess_params.auth_key); rte_free(mrvl_sess->sam_sess_params.cipher_iv); - memset(sess, 0, sizeof(struct rte_security_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 37fad11d91..7b744cd4b4 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, uint8_t esn; int ret; - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct otx2_sec_session *)(op->sym->sec_session); sess = &priv->ipsec.lp; sa = &sess->in_sa; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index a5db40047d..56900e3187 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -203,7 +203,7 @@ static int crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_ipsec_po_ip_template *template = NULL; @@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_out_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; struct rte_ipv6_hdr *ip6; struct rte_ipv4_hdr *ip; int ret, ctx_len; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; lp = &sess->ipsec.lp; @@ -398,7 +396,7 @@ static int crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; const uint8_t *cipher_key, *auth_key; @@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_in_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; int ret; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; lp = &sess->ipsec.lp; @@ -512,7 +508,7 @@ static int crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, static int otx2_crypto_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) @@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device, if (rte_security_dynfield_register() < 0) return -rte_errno; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - priv->userdata = conf->userdata; if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = crypto_sec_ipsec_session_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); return ret; } static int -otx2_crypto_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess) { - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; - priv = get_sec_session_private_data(sess); - - if (priv == NULL) - return 0; - - sess_mp = rte_mempool_from_obj(priv); - - memset(priv, 0, sizeof(*priv)); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + if (priv) + memset(priv, 0, sizeof(*priv)); return 0; } @@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused) } static int -otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, +otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 93b257522b..fbb17e61ff 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, op->sym->session, qat_sym_driver_id); #ifdef RTE_LIB_SECURITY } else { - ctx = (struct qat_sym_session *)get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (likely(ctx)) { if (unlikely(ctx->bpi_ctx == NULL)) { QAT_DP_LOG(ERR, "QAT PMD only supports security" diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index e3ec7f0de4..8904aabd3d 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops) op = (struct rte_crypto_op *)ops[i]; if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = (struct qat_sym_session *) - get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (ctx == NULL || ctx->bpi_ctx == NULL) continue; @@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie) * Assuming at this point that if it's a security * op, that this is for DOCSIS */ - sess = (struct qat_sym_session *) - get_sec_session_private_data( - rx_op->sym->sec_session); + sess = (struct qat_sym_session *)(rx_op->sym->sec_session); is_docsis_sec = 1; } else #endif diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 3f2f6736fc..2a22347c7f 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_private_data) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - QAT_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { QAT_LOG(ERR, "Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } int -qat_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +qat_security_session_destroy(void *dev __rte_unused, void *sess_priv) { - void *sess_priv = get_sec_session_private_data(sess); struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; if (sess_priv) { if (s->bpi_ctx) bpi_cipher_ctx_free(s->bpi_ctx); memset(s, 0, qat_sym_session_get_private_size(dev)); - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index 6ebc176729..7fcc1d6f7b 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); #ifdef RTE_LIB_SECURITY int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mempool); + void *sess); int -qat_security_session_destroy(void *dev, struct rte_security_session *sess); +qat_security_session_destroy(void *dev, void *sess); #endif #endif /* _QAT_SYM_SESSION_H_ */ diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index e45c5501e6..cd54a3beee 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int ixgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct ixgbe_crypto_session *ic_session = NULL; + struct ixgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (ixgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device) } static int -ixgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +ixgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct ixgbe_crypto_session *ic_session = - (struct ixgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct ixgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -ixgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, +ixgbe_crypto_update_mb(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { - struct ixgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct ixgbe_crypto_session *ic_session = session; + if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { union ixgbe_crypto_tx_desc_md *mdata = (union ixgbe_crypto_tx_desc_md *) @@ -685,8 +667,10 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, uint8_t is_ipv6) { - struct ixgbe_crypto_session *ic_session - = get_sec_session_private_data(sess); + uint64_t sess_ptr = (uint64_t)sess; + struct ixgbe_crypto_session *ic_session = + (struct ixgbe_crypto_session *)sess_ptr; + /* TODO: A proper fix need to be added to remove above typecasting. */ if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/drivers/net/meson.build b/drivers/net/meson.build index bcf488f203..7a09f7183d 100644 --- a/drivers/net/meson.build +++ b/drivers/net/meson.build @@ -12,7 +12,7 @@ drivers = [ 'bnx2x', 'bnxt', 'bonding', - 'cnxk', +# 'cnxk', 'cxgbe', 'dpaa', 'dpaa2', diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index c2a36883cb..ef851fe52c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -350,7 +350,7 @@ static int eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_sec_session_ipsec_ip *sess; @@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct otx2_cpt_inst_s inst; struct otx2_cpt_qp *qp; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; sess = &priv->ipsec.ip; @@ -468,7 +468,7 @@ static int eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev); @@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, ctl = &sa->ctl; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; sess = &priv->ipsec.ip; @@ -619,7 +619,7 @@ static int eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, static int otx2_eth_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) return -ENOTSUP; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - /* * Save userdata provided by the application. For ingress packets, this * could be used to identify the SA. @@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device, if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = eth_sec_ipsec_sess_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; if (ret) - goto mempool_put; + return ret; return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; } static void @@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa) } static int -otx2_eth_sec_session_destroy(void *device, - struct rte_security_session *sess) +otx2_eth_sec_session_destroy(void *device, void *sess) { struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device); struct otx2_sec_session_ipsec_ip *sess_ip; struct otx2_ipsec_fp_in_sa *sa; - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; int ret; - priv = get_sec_session_private_data(sess); - if (priv == NULL) - return -EINVAL; - sess_ip = &priv->ipsec.ip; if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { @@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device, return ret; } - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } @@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused) } static int -otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ *rte_security_dynfield(m) = (rte_security_dynfield_t)session; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h index 623a2a841e..9ecb786947 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h @@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m, struct nix_iova_s nix_iova; } *sd; - priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m))); + priv = (void *)(*rte_security_dynfield(m)); sess = &priv->ipsec.ip; sa = &sess->out_sa; diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c index ccd747973b..444da5b8f3 100644 --- a/drivers/net/txgbe/txgbe_ipsec.c +++ b/drivers/net/txgbe/txgbe_ipsec.c @@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int txgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct txgbe_crypto_session *ic_session = NULL; + struct txgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (txgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device) } static int -txgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +txgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct txgbe_crypto_session *ic_session = - (struct txgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct txgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -txgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +txgbe_crypto_update_mb(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { - struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct txgbe_crypto_session *ic_session = session; + if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { union txgbe_crypto_tx_desc_md *mdata = (union txgbe_crypto_tx_desc_md *) @@ -661,8 +643,10 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, uint8_t is_ipv6) { + uint64_t sess_ptr = (uint64_t)sess; struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(sess); + (struct txgbe_crypto_session *)sess_ptr; + /* TODO: A proper fix need to be added to remove above typecasting. */ if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 6817139663..03d907cba8 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa, set_ipsec_conf(sa, &(sess_conf.ipsec)); ips->security.ses = rte_security_session_create(ctx, - &sess_conf, ipsec_ctx->session_pool, - ipsec_ctx->session_priv_pool); + &sess_conf, ipsec_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, } ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.userdata = (void *) sa; ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index fe81ed3e4c..06560b9cba 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -39,35 +39,37 @@ rte_security_dynfield_register(void) return rte_security_dynfield_offset; } -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp) + struct rte_mempool *mp) { struct rte_security_session *sess = NULL; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); RTE_PTR_OR_ERR_RET(conf, NULL); RTE_PTR_OR_ERR_RET(mp, NULL); - RTE_PTR_OR_ERR_RET(priv_mp, NULL); + + if (mp->elt_size < sizeof(struct rte_security_session) + + instance->ops->session_get_size(instance->device)) + return NULL; if (rte_mempool_get(mp, (void **)&sess)) return NULL; if (instance->ops->session_create(instance->device, conf, - sess, priv_mp)) { + sess->sess_private_data)) { rte_mempool_put(mp, (void *)sess); return NULL; } instance->sess_cnt++; - return sess; + return sess->sess_private_data; } int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, @@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance) int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, - struct rte_security_stats *stats) + void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); @@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess) +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { + struct rte_security_session *s; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, @@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance, if (ret != 0) return ret; - rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess); + s = container_of(sess, struct rte_security_session, sess_private_data); + rte_mempool_put(rte_mempool_from_obj(s), (void *)s); if (instance->sess_cnt) instance->sess_cnt--; @@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 4c55dcd744..c5ceb3b588 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -509,10 +509,12 @@ struct rte_security_session_conf { }; struct rte_security_session { - void *sess_private_data; - /**< Private session material */ uint64_t opaque_data; /**< Opaque user defined data */ + uint64_t fast_mdata; + /**< Fast metadata to be used for inline path */ + __extension__ void *sess_private_data[0]; + /**< Private session material */ }; /** @@ -526,11 +528,10 @@ struct rte_security_session { * - On success, pointer to session * - On failure, NULL */ -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp); + struct rte_mempool *mp); /** * Update security session as specified by the session configuration @@ -545,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance, __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf); /** @@ -576,7 +577,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); */ int rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess); + void *sess); /** Device-specific metadata field type */ typedef uint64_t rte_security_dynfield_t; @@ -622,7 +623,7 @@ static inline bool rte_security_dynfield_is_registered(void) /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params); /** @@ -640,13 +641,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = - (rte_security_dynfield_t)(sess->sess_private_data); + (rte_security_dynfield_t)(sess); return 0; } @@ -696,26 +697,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) */ static inline int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, - struct rte_security_session *sess) + void *sess) { sym_op->sec_session = sess; return 0; } -static inline void * -get_sec_session_private_data(const struct rte_security_session *sess) -{ - return sess->sess_private_data; -} - -static inline void -set_sec_session_private_data(struct rte_security_session *sess, - void *private_data) -{ - sess->sess_private_data = private_data; -} - /** * Attach a session to a crypto operation. * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD @@ -726,8 +714,7 @@ set_sec_session_private_data(struct rte_security_session *sess, * @param sess security session */ static inline int -rte_security_attach_session(struct rte_crypto_op *op, - struct rte_security_session *sess) +rte_security_attach_session(struct rte_crypto_op *op, void *sess) { if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) return -EINVAL; @@ -789,7 +776,7 @@ struct rte_security_stats { __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index b0253e962e..5a177d72d7 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -35,8 +35,7 @@ extern "C" { */ typedef int (*security_session_create_t)(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mp); + void *sess); /** * Free driver private session data. @@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device, * @param device Crypto/eth device pointer * @param sess Security session structure */ -typedef int (*security_session_destroy_t)(void *device, - struct rte_security_session *sess); +typedef int (*security_session_destroy_t)(void *device, void *sess); /** * Update driver private session data. @@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device, * - Returns -ENOTSUP if crypto device does not support the crypto transform. */ typedef int (*security_session_update_t)(void *device, - struct rte_security_session *sess, - struct rte_security_session_conf *conf); + void *sess, struct rte_security_session_conf *conf); /** * Get the size of a security session @@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device); * - Returns -EINVAL if session parameters are invalid. */ typedef int (*security_session_stats_get_t)(void *device, - struct rte_security_session *sess, - struct rte_security_stats *stats); + void *sess, struct rte_security_stats *stats); __rte_internal int rte_security_dynfield_register(void); @@ -96,7 +92,7 @@ int rte_security_dynfield_register(void); * Update the mbuf with provided metadata. * * @param device Crypto/eth device pointer - * @param sess Security session structure + * @param sess Security session * @param mb Packet buffer * @param params Metadata * @@ -105,7 +101,7 @@ int rte_security_dynfield_register(void); * - Returns -ve value for errors. */ typedef int (*security_set_pkt_metadata_t)(void *device, - struct rte_security_session *sess, struct rte_mbuf *mb, + void *sess, struct rte_mbuf *mb, void *params); /** -- 2.25.1