[dpdk-dev] [PATCH v3 2/8] security: hide security session struct

[Akhil Goyal <gakhil@marvell.com>]

rte_security_session struct is now hidden in the library.
application can access the opaque data and fast_mdata
using the set/get APIs introduced in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 11 ++----
 doc/guides/rel_notes/deprecation.rst   |  4 --
 doc/guides/rel_notes/release_21_11.rst |  7 ++++
 lib/ipsec/rte_ipsec.h                  |  2 +-
 lib/ipsec/rte_ipsec_group.h            |  5 ++-
 lib/ipsec/ses.c                        |  3 +-
 lib/security/rte_security.h            | 54 +++++++++++++++++++++-----
 lib/security/rte_security_driver.h     | 13 +++++++
 8 files changed, 74 insertions(+), 25 deletions(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index ad92c16868..af8f68d0e3 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -543,14 +543,11 @@ and this allows further acceleration of the offload of Crypto workloads.
 
 The Security framework provides APIs to create and free sessions for crypto/ethernet
 devices, where sessions are mempool objects. It is the application's responsibility
-to create and manage two session mempools - one for session and other for session
-private data. The private session data mempool object size should be able to
-accommodate the driver's private data of security session. The application can get
-the size of session private data using API ``rte_security_session_get_size``.
-And the session mempool object size should be enough to accommodate
-``rte_security_session``.
+to create and manage session mempool big enough for session and session
+private data. The application can get the size of session private data using API
+``rte_security_session_get_size``.
 
-Once the session mempools have been created, ``rte_security_session_create()``
+Once the session mempool has been created, ``rte_security_session_create()``
 is used to allocate and initialize a session for the required crypto/ethernet device.
 
 Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 73350e2a69..3add00a8be 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -179,10 +179,6 @@ Deprecation Notices
   session and the private data of session. An opaque pointer can be exposed
   directly to application which can be attached to the ``rte_crypto_op``.
 
-* security: Hide structure ``rte_security_session`` and expose an opaque
-  pointer for the private data to the application which can be attached
-  to the packet while enqueuing.
-
 * eventdev: The file ``rte_eventdev_pmd.h`` will be renamed to ``eventdev_driver.h``
   to make the driver interface as internal and the structures ``rte_eventdev_data``,
   ``rte_eventdev`` and ``rte_eventdevs`` will be moved to a new file named
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 1f3f777c0f..7f1872167e 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -281,6 +281,13 @@ API Changes
 * cryptodev: The structure ``rte_crypto_sym_vec`` was updated to add
   ``dest_sgl`` to support out of place processing.
 
+* security: The structure ``rte_security_session`` was moved to rte_security_driver.h
+  and was hidden from the application. The APIs to create and destroy session were
+  updated to take a single mempool with element size enough to hold session data
+  and session private data. Inline APIs are created to get and set the session data.
+  All sample applications were updated to attach an opaque pointer for the session
+  to the ``rte_crypto_op`` while enqueuing.
+
 * bbdev: Added device info related to data byte endianness processing.
 
 
diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index 5308f250a7..163a2d72b9 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -70,7 +70,7 @@ struct rte_ipsec_session {
 			uint8_t dev_id;
 		} crypto;
 		struct {
-			struct rte_security_session *ses;
+			void *ses;
 			struct rte_security_ctx *ctx;
 			uint32_t ol_flags;
 		} security;
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index ea3bdfad95..0cc5fedbf1 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,12 +44,13 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
+	void *ss;
 	const struct rte_cryptodev_sym_session *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
-		return (void *)(uintptr_t)ss->opaque_data;
+		return (void *)(uintptr_t)
+			rte_security_session_opaque_data_get(ss);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
 		return (void *)(uintptr_t)cs->opaque_data;
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..b12114269f 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -47,7 +47,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
 		ss->crypto.ses->opaque_data = (uintptr_t)ss;
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses,
+				(uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c5ceb3b588..912c79690d 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -508,14 +508,47 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	__extension__ void *sess_private_data[0];
-	/**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
 
 /**
  * Create security session as specified by the session configuration
@@ -646,8 +679,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess);
+		uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
 		return 0;
 	}
 
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 5a177d72d7..13f2f9da32 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,19 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	/** Opaque user defined data */
+	uint64_t opaque_data;
+	/** Fast metadata to be used for inline path */
+	uint64_t fast_mdata;
+	/** Private session material */
+	__extension__ void *sess_private_data[0];
+};
+
 /**
  * Configure a security session on a device.
  *
-- 
2.25.1