From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <thomas@monjalon.net>, <david.marchand@redhat.com>,
<hemant.agrawal@nxp.com>, <vattunuru@marvell.com>,
<ferruh.yigit@xilinx.com>, <andrew.rybchenko@oktetlabs.ru>,
<konstantin.v.ananyev@yandex.ru>, <jiawenwu@trustnetic.com>,
<yisen.zhuang@huawei.com>, <irusskikh@marvell.com>,
<jerinj@marvell.com>, <adwivedi@marvell.com>,
<maxime.coquelin@redhat.com>, <chandu@amd.com>,
<ruifeng.wang@arm.com>, <ajit.khaparde@broadcom.com>,
<anoobj@marvell.com>, <pablo.de.lara.guarch@intel.com>,
<matan@nvidia.com>, <g.singh@nxp.com>, <qiming.yang@intel.com>,
<wenjun1.wu@intel.com>, <jianwang@trustnetic.com>,
<jingjing.wu@intel.com>, <beilei.xing@intel.com>,
<ndabilpuram@marvell.com>, <roy.fan.zhang@intel.com>,
<lironh@marvell.com>, <royzhang1980@gmail.com>,
<sunilprakashrao.uttarwar@amd.com>, <kai.ji@intel.com>,
<rnagadheeraj@marvell.com>, <jianjay.zhou@huawei.com>,
<radu.nicolau@intel.com>, Akhil Goyal <gakhil@marvell.com>,
David Coyle <david.coyle@intel.com>,
Kevin O'Sullivan <kevin.osullivan@intel.com>
Subject: [PATCH v7 6/6] security: hide session structure
Date: Tue, 4 Oct 2022 16:40:35 +0530 [thread overview]
Message-ID: <20221004111035.3264904-7-gakhil@marvell.com> (raw)
In-Reply-To: <20221004111035.3264904-1-gakhil@marvell.com>
Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
app/test-crypto-perf/cperf_ops.c | 6 +-
.../cperf_test_pmd_cyclecount.c | 2 +-
app/test-crypto-perf/cperf_test_throughput.c | 2 +-
app/test/test_cryptodev.c | 2 +-
app/test/test_cryptodev_security_ipsec.c | 2 +-
app/test/test_cryptodev_security_ipsec.h | 2 +-
app/test/test_security.c | 32 ++++----
app/test/test_security_inline_proto.c | 10 +--
doc/guides/rel_notes/deprecation.rst | 4 -
doc/guides/rel_notes/release_22_11.rst | 5 ++
drivers/crypto/caam_jr/caam_jr.c | 2 +-
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +-
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 6 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +-
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 4 +-
drivers/crypto/qat/qat_sym.c | 4 +-
drivers/crypto/qat/qat_sym.h | 4 +-
drivers/net/iavf/iavf_ipsec_crypto.h | 2 +-
examples/ipsec-secgw/ipsec_worker.c | 2 +-
lib/cryptodev/rte_crypto_sym.h | 4 +-
lib/ipsec/rte_ipsec_group.h | 12 +--
lib/ipsec/ses.c | 2 +-
lib/security/rte_security.c | 13 ++-
lib/security/rte_security.h | 80 ++++++++++++-------
lib/security/rte_security_driver.h | 18 +++++
26 files changed, 137 insertions(+), 97 deletions(-)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 727eee6599..61a3967697 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
for (i = 0; i < nb_ops; i++) {
struct rte_crypto_sym_op *sym_op = ops[i]->sym;
- struct rte_security_session *sec_sess =
- (struct rte_security_session *)sess;
+ void *sec_sess = (void *)sess;
uint32_t buf_sz;
uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops,
uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
uint64_t *tsc_start)
{
- struct rte_security_session *sec_sess =
- (struct rte_security_session *)sess;
+ void *sec_sess = sess;
const uint32_t test_buffer_size = options->test_buffer_size;
const uint32_t headroom_sz = options->headroom_sz;
const uint32_t segment_sz = options->segment_sz;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index aa2654250f..0307e82996 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -71,7 +71,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
(struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx,
- (struct rte_security_session *)ctx->sess);
+ (void *)ctx->sess);
} else
#endif
rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index db89b7ddff..e892a70699 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -49,7 +49,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(
sec_ctx,
- (struct rte_security_session *)ctx->sess);
+ (void *)ctx->sess);
}
#endif
else
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9708fc87d2..c6d47a035e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -84,7 +84,7 @@ struct crypto_unittest_params {
union {
void *sess;
#ifdef RTE_LIB_SECURITY
- struct rte_security_session *sec_session;
+ void *sec_session;
#endif
};
#ifdef RTE_LIB_SECURITY
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3f691f0f56..cb77b39dbb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
int
test_ipsec_stats_verify(struct rte_security_ctx *ctx,
- struct rte_security_session *sess,
+ void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
{
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index acbb75d59d..67b783e637 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -279,7 +279,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
int pkt_num);
int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
- struct rte_security_session *sess,
+ void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 7467211673..5e50a67c53 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,7 +234,7 @@
static struct mock_session_create_data {
void *device;
struct rte_security_session_conf *conf;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mempool *mp;
struct rte_mempool *priv_mp;
@@ -268,7 +268,7 @@ mock_session_create(void *device,
*/
static struct mock_session_update_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_session_conf *conf;
int ret;
@@ -322,7 +322,7 @@ mock_session_get_size(void *device)
*/
static struct mock_session_stats_get_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_stats *stats;
int ret;
@@ -352,7 +352,7 @@ mock_session_stats_get(void *device,
*/
static struct mock_session_destroy_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
int ret;
@@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
*/
static struct mock_set_pkt_metadata_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mbuf *m;
void *params;
@@ -475,7 +475,7 @@ static struct security_testsuite_params {
static struct security_unittest_params {
struct rte_security_ctx ctx;
struct rte_security_session_conf conf;
- struct rte_security_session *sess;
+ void *sess;
} unittest_params = {
.ctx = {
.device = NULL,
@@ -610,7 +610,7 @@ ut_setup_with_session(void)
{
struct security_unittest_params *ut_params = &unittest_params;
struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
+ void *sess;
int ret = ut_setup();
if (ret != TEST_SUCCESS)
@@ -661,7 +661,7 @@ test_session_create_inv_context(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(NULL, &ut_params->conf,
ts_params->session_mpool);
@@ -683,7 +683,7 @@ test_session_create_inv_context_ops(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = NULL;
@@ -707,7 +707,7 @@ test_session_create_inv_context_ops_fun(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = &empty_ops;
@@ -730,7 +730,7 @@ test_session_create_inv_configuration(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, NULL,
ts_params->session_mpool);
@@ -751,7 +751,7 @@ static int
test_session_create_inv_mempool(void)
{
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
@@ -772,8 +772,8 @@ test_session_create_mempool_empty(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
- struct rte_security_session *sess;
+ void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+ void *sess;
/* Get all available objects from mempool. */
int i, ret;
@@ -813,7 +813,7 @@ test_session_create_ops_failure(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
@@ -839,7 +839,7 @@ test_session_create_success(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index ee13c55dd6..f54cc90322 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
/* Create Inline IPsec session */
static int
create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
- struct rte_security_session **sess, struct rte_security_ctx **ctx,
+ void **sess, struct rte_security_ctx **ctx,
uint32_t *ol_flags, const struct ipsec_test_flags *flags,
struct rte_security_session_conf *sess_conf)
{
@@ -695,8 +695,8 @@ static int
test_ipsec_with_reassembly(struct reassembly_vector *vector,
const struct ipsec_test_flags *flags)
{
- struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
- struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
+ void *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
+ void *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
struct rte_eth_ip_reassembly_params reass_capa = {0};
struct rte_security_session_conf sess_conf_out = {0};
struct rte_security_session_conf sess_conf_in = {0};
@@ -1032,12 +1032,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
struct rte_crypto_sym_xform auth = {0};
struct rte_crypto_sym_xform aead = {0};
struct sa_expiry_vector vector = {0};
- struct rte_security_session *ses;
struct rte_security_ctx *ctx;
int nb_rx = 0, nb_sent;
uint32_t ol_flags;
int i, j = 0, ret;
bool outer_ipv4;
+ void *ses;
memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_pkts);
@@ -1301,7 +1301,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
struct rte_mbuf *rx_pkt = NULL;
struct rte_mbuf *tx_pkt = NULL;
int nb_rx, nb_sent;
- struct rte_security_session *ses;
+ void *ses;
struct rte_security_ctx *ctx;
uint32_t ol_flags;
bool outer_ipv4;
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 9775e0925b..6c2fc15c77 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -138,9 +138,5 @@ Deprecation Notices
which got error interrupt to the application,
so that application can reset that particular queue pair.
-* security: Hide structure ``rte_security_session`` and expose an opaque
- pointer for the private data to the application which can be attached
- to the packet while enqueuing.
-
* raw/dpaa2_cmdif: The ``dpaa2_cmdif`` rawdev driver will be deprecated
in DPDK 22.11, as it is no longer in use, no active user known.
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 24d59e9571..4e64710a69 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -269,6 +269,11 @@ API Changes
All sample applications were updated to attach an opaque pointer for the session
to the ``rte_crypto_op`` while enqueuing.
+* security: The structure ``rte_security_session`` was made internal and corresponding
+ APIs were updated to take/return an opaque session pointer. The API
+ ``rte_security_session_create`` was updated to take only one mempool which has enough
+ space to hold session and driver private data.
+
* security: MACsec support is added which resulted in updates
to structures ``rte_security_macsec_xform``, ``rte_security_macsec_stats``
and security capability structure ``rte_security_capability``
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 67d9bb89e5..b55258689b 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
break;
case RTE_CRYPTO_OP_SECURITY_SESSION:
- ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ ses = SECURITY_GET_SESS_PRIV(op->sym->session);
break;
default:
CAAM_JR_DP_ERR("sessionless crypto op not supported");
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index d911deef55..1d7a9e2952 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -122,7 +122,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+ sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session);
ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
if (unlikely(ret))
return 0;
@@ -338,7 +338,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
- priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ priv = SECURITY_GET_SESS_PRIV(op->sym->session);
sa = &priv->sa;
*qp = sa->qp;
*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b395f830b1..2ed298e01f 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
struct cn9k_ipsec_sa *sa;
int ret;
- priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ priv = SECURITY_GET_SESS_PRIV(op->sym->session);
sa = &priv->sa;
if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
struct cn9k_sec_session *priv;
struct cn9k_ipsec_sa *sa;
- priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ priv = SECURITY_GET_SESS_PRIV(op->sym->session);
sa = &priv->sa;
*qp = sa->qp;
inst->w2.u64 = sa->inst.w2;
@@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
int ret;
- priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+ priv = SECURITY_GET_SESS_PRIV(sym_op->session);
sa = &priv->sa;
ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 49f08f69f0..c25e40030b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
#ifdef RTE_LIB_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ sess = SECURITY_GET_SESS_PRIV(op->sym->session);
#endif
else {
DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
mbuf->buf_iova = op->sym->aead.digest.phys_addr;
op->sym->aead.digest.phys_addr = 0L;
- sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
if (sess_priv->dir == DIR_ENC)
mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
else
@@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
#ifdef RTE_LIBRTE_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ sess = SECURITY_GET_SESS_PRIV(op->sym->session);
#endif
if (sess == NULL)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0df63aaf3f..b1e7027823 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,7 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
#ifdef RTE_LIBRTE_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ sess = SECURITY_GET_SESS_PRIV(op->sym->session);
#endif
if (sess == NULL) {
printf("session is NULL\n");
@@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
break;
#ifdef RTE_LIB_SECURITY
case RTE_CRYPTO_OP_SECURITY_SESSION:
- ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ ses = SECURITY_GET_SESS_PRIV(op->sym->session);
break;
#endif
default:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index fc9ee01124..8ec2364aa7 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
return -1;
}
- session = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ session = SECURITY_GET_SESS_PRIV(op->sym->session);
if (unlikely(session == NULL)) {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
* this is for DOCSIS
*/
is_docsis_sec = 1;
- sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ sess = SECURITY_GET_SESS_PRIV(op->sym->session);
} else
#endif
sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 6eca40276a..54c3d59a51 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
#ifdef RTE_LIB_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
if (unlikely(!ctx)) {
QAT_DP_LOG(ERR, "No session for this device");
return -EINVAL;
@@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
}
}
- sess = (uintptr_t)op->sym->sec_session;
+ sess = (uintptr_t)op->sym->session;
build_request = ctx->build_request[proc_type];
opaque[0] = sess;
opaque[1] = (uintptr_t)build_request;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 033ec0de85..9a4251e08b 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
op = (struct rte_crypto_op *)ops[i];
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+ ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
if (ctx == NULL || ctx->bpi_ctx == NULL)
continue;
@@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
* Assuming at this point that if it's a security
* op, that this is for DOCSIS
*/
- sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session);
+ sess = SECURITY_GET_SESS_PRIV(rx_op->sym->session);
is_docsis_sec = 1;
} else
#endif
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 8ea0f9540e..49f9202aca 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -5,7 +5,7 @@
#ifndef _IAVF_IPSEC_CRYPTO_H_
#define _IAVF_IPSEC_CRYPTO_H_
-#include <rte_security.h>
+#include <rte_security_driver.h>
#include "iavf.h"
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 5e69450d27..49b1b951f1 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -17,7 +17,7 @@
#endif
struct port_drv_mode_data {
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_ctx *ctx;
};
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 7781a013c9..bd59fe4d26 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -626,11 +626,9 @@ struct rte_crypto_sym_op {
RTE_STD_C11
union {
void *session;
- /**< Handle for the initialised session context */
+ /**< Handle for the initialised crypto/security session context */
struct rte_crypto_sym_xform *xform;
/**< Session-less API crypto operation parameters */
- struct rte_security_session *sec_session;
- /**< Handle for the initialised security session context */
};
RTE_STD_C11
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index a4e0e128f8..c6458ef81e 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
static inline struct rte_ipsec_session *
rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
{
- const struct rte_security_session *ss;
- void *cs;
+ void *ses;
if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- ss = cop->sym[0].sec_session;
- return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
+ ses = cop->sym[0].session;
+ return (struct rte_ipsec_session *)(uintptr_t)
+ rte_security_session_opaque_data_get(ses);
} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
- cs = cop->sym[0].session;
+ ses = cop->sym[0].session;
return (struct rte_ipsec_session *)(uintptr_t)
- rte_cryptodev_sym_session_opaque_data_get(cs);
+ rte_cryptodev_sym_session_opaque_data_get(ses);
}
return NULL;
}
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 0d3c932302..d9ab1e6d2b 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
(uintptr_t)ss);
else
- ss->security.ses->opaque_data = (uintptr_t)ss;
+ rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss);
return 0;
}
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 7c0e86968b..29af5f3e4b 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -42,7 +42,7 @@ rte_security_dynfield_register(void)
return rte_security_dynfield_offset;
}
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp)
@@ -72,12 +72,12 @@ rte_security_session_create(struct rte_security_ctx *instance,
}
instance->sess_cnt++;
- return sess;
+ return (void *)sess;
}
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -99,7 +99,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
@@ -111,8 +111,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
}
int
-rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
{
int ret;
@@ -220,7 +219,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_
int
__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params)
{
#ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 07f3c2c365..4bacf9fcd9 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -673,20 +673,6 @@ struct rte_security_session_conf {
/**< Application specific userdata to be saved with session */
};
-struct rte_security_session {
- RTE_MARKER cacheline0;
- uint64_t opaque_data;
- /**< Opaque user defined data */
- uint64_t fast_mdata;
- /**< Fast metadata to be used for inline path */
- rte_iova_t driver_priv_data_iova;
- /**< session private data IOVA address */
-
- RTE_MARKER cacheline1 __rte_cache_min_aligned;
- uint8_t driver_priv_data[0];
- /**< Private session material, variable size (depends on driver) */
-};
-
/**
* Create security session as specified by the session configuration
*
@@ -697,7 +683,7 @@ struct rte_security_session {
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
@@ -715,7 +701,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
__rte_experimental
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf);
/**
@@ -745,8 +731,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
* - other negative values in case of freeing private data errors.
*/
int
-rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess);
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
/**
* @warning
@@ -863,10 +848,52 @@ static inline bool rte_security_dynfield_is_registered(void)
return rte_security_dynfield_offset >= 0;
}
+#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0
+#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+ return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+ uint64_t *data;
+ data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+ *data = opaque;
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+ return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+ uint64_t *data;
+ data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+ *data = fdata;
+}
+
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params);
/**
@@ -884,13 +911,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
*/
static inline int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
- *rte_security_dynfield(mb) =
- (rte_security_dynfield_t)(sess->fast_mdata);
+ *rte_security_dynfield(mb) = (rte_security_dynfield_t)
+ rte_security_session_fast_mdata_get(sess);
return 0;
}
@@ -905,10 +932,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
* @param sess security session
*/
static inline int
-__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
- struct rte_security_session *sess)
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
{
- sym_op->sec_session = sess;
+ sym_op->session = sess;
return 0;
}
@@ -924,7 +950,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
*/
static inline int
rte_security_attach_session(struct rte_crypto_op *op,
- struct rte_security_session *sess)
+ void *sess)
{
if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
return -EINVAL;
@@ -1040,7 +1066,7 @@ struct rte_security_stats {
__rte_experimental
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats);
/**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index cb16b55277..9a767226bd 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,24 @@ extern "C" {
#include "rte_security.h"
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+ RTE_MARKER cacheline0;
+ uint64_t opaque_data;
+ /**< Opaque user defined data */
+ uint64_t fast_mdata;
+ /**< Fast metadata to be used for inline path */
+ rte_iova_t driver_priv_data_iova;
+ /**< session private data IOVA address */
+
+ RTE_MARKER cacheline1 __rte_cache_min_aligned;
+ uint8_t driver_priv_data[0];
+ /**< Private session material, variable size (depends on driver) */
+};
+
/**
* Helper macro to get driver private data
*/
--
2.25.1
next prev parent reply other threads:[~2022-10-04 11:11 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-04 11:10 [PATCH v7 0/6] crypto/security session framework rework Akhil Goyal
2022-10-04 11:10 ` [PATCH v7 1/6] cryptodev: rework session framework Akhil Goyal
2022-10-04 11:10 ` [PATCH v7 2/6] crypto/scheduler: use unified session Akhil Goyal
2022-10-04 11:10 ` [PATCH v7 3/6] cryptodev: hide sym session structure Akhil Goyal
2022-10-04 11:10 ` [PATCH v7 4/6] security: remove priv mempool usage Akhil Goyal
2022-10-04 11:10 ` [PATCH v7 5/6] drivers/crypto: support security session get size op Akhil Goyal
2022-10-04 11:10 ` Akhil Goyal [this message]
2022-10-04 17:37 ` [PATCH v8 0/6] crypto/security session framework rework Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 1/6] cryptodev: rework session framework Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 2/6] crypto/scheduler: use unified session Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 3/6] cryptodev: hide sym session structure Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 4/6] security: remove priv mempool usage Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 5/6] drivers/crypto: support security session get size op Akhil Goyal
2022-10-04 17:37 ` [PATCH v8 6/6] security: hide session structure Akhil Goyal
2022-10-04 20:48 ` [PATCH v8 0/6] crypto/security session framework rework Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221004111035.3264904-7-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=adwivedi@marvell.com \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=anoobj@marvell.com \
--cc=beilei.xing@intel.com \
--cc=chandu@amd.com \
--cc=david.coyle@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@xilinx.com \
--cc=g.singh@nxp.com \
--cc=hemant.agrawal@nxp.com \
--cc=irusskikh@marvell.com \
--cc=jerinj@marvell.com \
--cc=jianjay.zhou@huawei.com \
--cc=jianwang@trustnetic.com \
--cc=jiawenwu@trustnetic.com \
--cc=jingjing.wu@intel.com \
--cc=kai.ji@intel.com \
--cc=kevin.osullivan@intel.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=lironh@marvell.com \
--cc=matan@nvidia.com \
--cc=maxime.coquelin@redhat.com \
--cc=ndabilpuram@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=qiming.yang@intel.com \
--cc=radu.nicolau@intel.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=royzhang1980@gmail.com \
--cc=ruifeng.wang@arm.com \
--cc=sunilprakashrao.uttarwar@amd.com \
--cc=thomas@monjalon.net \
--cc=vattunuru@marvell.com \
--cc=wenjun1.wu@intel.com \
--cc=yisen.zhuang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).