[PATCH 00/11] fixes and improvements to cnxk crypto PMD

[PATCH 00/11] fixes and improvements to cnxk crypto PMD

[Tejasree Kondoj]

Adding new PMD APIs and improvements to cnxk crypto PMD.

Anoob Joseph (9):
  common/cnxk: ensure CPTR is 128B aligned
  common/cnxk: rearrange to remove hole
  common/cnxk: remove abort from flush API
  common/cnxk: move algo enums to common
  crypto/cnxk: use opaque pointer for PMD APIs
  crypto/cnxk: add PMD API for getting CPTR
  crypto/cnxk: add PMD API to flush CTX
  crypto/cnxk: add CPTR read and write
  crypto/cnxk: add PMD API to get qp stats

Vidya Sagar Velumuri (2):
  crypto/cnxk: align passthrough data for SM ciphers
  crypto/cnxk: add multi segment support for Rx inject

 drivers/common/cnxk/cnxk_security.c       | 106 ++++++------
 drivers/common/cnxk/roc_cpt.c             |   7 +-
 drivers/common/cnxk/roc_ie.h              |  22 +++
 drivers/common/cnxk/roc_ie_on.h           |  22 ---
 drivers/common/cnxk/roc_ie_ot.h           |  19 ---
 drivers/common/cnxk/roc_platform.h        |   1 +
 drivers/common/cnxk/roc_se.h              |   2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  53 ++++--
 drivers/crypto/cnxk/cn10k_ipsec.c         |  12 +-
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  |   6 +-
 drivers/crypto/cnxk/cn10k_tls.c           |  12 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 188 +++++++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   9 +-
 drivers/crypto/cnxk/cnxk_se.h             |  29 ++--
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 171 +++++++++++++++++++-
 drivers/crypto/cnxk/version.map           |   7 +
 drivers/net/cnxk/cn10k_ethdev_sec.c       |   8 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c        |  12 +-
 18 files changed, 532 insertions(+), 154 deletions(-)

-- 
2.25.1

[PATCH 01/11] crypto/cnxk: align passthrough data for SM ciphers

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add required padding to make passthrough data length multiple of 16
bytes for SM ciphers

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cnxk_se.h | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index dbd36a8a54..426147a9d4 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -1100,6 +1100,7 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 {
 	int32_t inputlen, outputlen, enc_dlen;
 	union cpt_inst_w4 cpt_inst_w4;
+	uint32_t passthr_len, pad_len;
 	uint32_t passthrough_len = 0;
 	const uint8_t *src = NULL;
 	struct roc_se_ctx *se_ctx;
@@ -1119,21 +1120,18 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 	if (unlikely(!(flags & ROC_SE_VALID_IV_BUF)))
 		iv_len = 0;
 
-	encr_offset += iv_len;
-	enc_dlen = RTE_ALIGN_CEIL(encr_data_len, 8) + encr_offset;
+	passthr_len = encr_offset + iv_len;
+	passthr_len = RTE_ALIGN_CEIL(passthr_len, 8);
+	pad_len = passthr_len - encr_offset - iv_len;
+	enc_dlen = RTE_ALIGN_CEIL(encr_data_len, 8) + passthr_len;
 
 	inputlen = enc_dlen;
 	outputlen = enc_dlen;
 
 	cpt_inst_w4.s.param1 = encr_data_len;
 
-	if (unlikely(encr_offset >> 8)) {
-		plt_dp_err("Offset not supported");
-		plt_dp_err("enc_offset: %d", encr_offset);
-		return -1;
-	}
-
-	offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset);
+	offset_ctrl = passthr_len & 0xff;
+	offset_ctrl = rte_cpu_to_be_64(offset_ctrl);
 
 	/*
 	 * In cn9k, cn10k since we have a limitation of
@@ -1146,14 +1144,14 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 
 		/* Use Direct mode */
 
-		offset_vaddr = PLT_PTR_SUB(dm_vaddr, ROC_SE_OFF_CTRL_LEN + iv_len);
+		offset_vaddr = PLT_PTR_SUB(dm_vaddr, ROC_SE_OFF_CTRL_LEN + pad_len + iv_len);
 		*(uint64_t *)offset_vaddr = offset_ctrl;
 
 		/* DPTR */
 		inst->dptr = (uint64_t)offset_vaddr;
 
 		/* RPTR should just exclude offset control word */
-		inst->rptr = (uint64_t)dm_vaddr - iv_len;
+		inst->rptr = (uint64_t)dm_vaddr - iv_len - pad_len;
 
 		cpt_inst_w4.s.dlen = inputlen + ROC_SE_OFF_CTRL_LEN;
 
@@ -1171,12 +1169,13 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 		inst->w4.u64 = cpt_inst_w4.u64;
 
 		if (is_sg_ver2)
-			ret = sg2_inst_prep(fc_params, inst, offset_ctrl, src, iv_len, 0, 0,
-					    inputlen, outputlen, passthrough_len, flags, 0,
+			ret = sg2_inst_prep(fc_params, inst, offset_ctrl, src, iv_len + pad_len, 0,
+					    0, inputlen, outputlen, passthrough_len, flags, 0,
 					    decrypt);
 		else
-			ret = sg_inst_prep(fc_params, inst, offset_ctrl, src, iv_len, 0, 0,
-					   inputlen, outputlen, passthrough_len, flags, 0, decrypt);
+			ret = sg_inst_prep(fc_params, inst, offset_ctrl, src, iv_len + pad_len, 0,
+					   0, inputlen, outputlen, passthrough_len, flags, 0,
+					   decrypt);
 
 		if (unlikely(ret)) {
 			plt_dp_err("sg prep failed");
-- 
2.25.1

[PATCH 02/11] crypto/cnxk: add multi segment support for Rx inject

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add support for multi segmented packet in Rx inject.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 53 ++++++++++++++++++-----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |  9 +++-
 2 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 780785d656..64d015aba2 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -1366,8 +1366,8 @@ cn10k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
 	union cpt_fc_write_s fc;
 	struct cnxk_cpt_vf *vf;
 	struct rte_mbuf *m;
+	uint64_t u64_dptr;
 	uint64_t *fc_addr;
-	uint64_t dptr;
 	int i;
 
 	vf = cdev->data->dev_private;
@@ -1401,11 +1401,6 @@ cn10k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
 			break;
 		}
 
-		if (unlikely(!rte_pktmbuf_is_contiguous(m))) {
-			plt_dp_err("Multi seg is not supported");
-			break;
-		}
-
 		l2_len = m->l2_len;
 
 		*rte_security_dynfield(m) = (uint64_t)sec_sess->userdata;
@@ -1415,6 +1410,46 @@ cn10k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
 		hw_res = RTE_PTR_ALIGN_CEIL(hw_res, 16);
 
 		/* Prepare CPT instruction */
+		if (m->nb_segs > 1) {
+			struct rte_mbuf *last = rte_pktmbuf_lastseg(m);
+			uintptr_t dptr, rxphdr, wqe_hdr;
+			uint16_t i;
+
+			if ((m->nb_segs > CNXK_CPT_MAX_SG_SEGS) ||
+			    (rte_pktmbuf_tailroom(m) < CNXK_CPT_MIN_TAILROOM_REQ))
+				goto exit;
+
+			wqe_hdr = rte_pktmbuf_mtod_offset(last, uintptr_t, last->data_len);
+			wqe_hdr += BIT_ULL(7);
+			wqe_hdr = (wqe_hdr - 1) & ~(BIT_ULL(7) - 1);
+
+			/* Pointer to WQE header */
+			*(uint64_t *)(m + 1) = wqe_hdr;
+
+			/* Reserve SG list after end of last mbuf data location. */
+			rxphdr = wqe_hdr + 8;
+			dptr = rxphdr + 7 * 8;
+
+			/* Prepare Multiseg SG list */
+			i = fill_sg2_comp_from_pkt((struct roc_sg2list_comp *)dptr, 0, m);
+			u64_dptr = dptr | ((uint64_t)(i) << 60);
+		} else {
+			struct roc_sg2list_comp *sg2;
+			uintptr_t dptr, wqe_hdr;
+
+			/* Reserve space for WQE, NIX_RX_PARSE_S and SG_S.
+			 * Populate SG_S with num segs and seg length
+			 */
+			wqe_hdr = (uintptr_t)(m + 1);
+			*(uint64_t *)(m + 1) = wqe_hdr;
+
+			sg2 = (struct roc_sg2list_comp *)(wqe_hdr + 8 * 8);
+			sg2->u.s.len[0] = rte_pktmbuf_pkt_len(m);
+			sg2->u.s.valid_segs = 1;
+
+			dptr = (uint64_t)rte_pktmbuf_iova(m);
+			u64_dptr = dptr;
+		}
 
 		/* Word 0 and 1 */
 		inst_01 = vdupq_n_u64(0);
@@ -1434,16 +1469,12 @@ cn10k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
 		inst_45 = vdupq_n_u64(0);
 		u64_0 = sec_sess->inst.w4 | (rte_pktmbuf_pkt_len(m));
 		inst_45 = vsetq_lane_u64(u64_0, inst_45, 0);
-		dptr = (uint64_t)rte_pktmbuf_iova(m);
-		u64_1 = dptr;
-		inst_45 = vsetq_lane_u64(u64_1, inst_45, 1);
+		inst_45 = vsetq_lane_u64(u64_dptr, inst_45, 1);
 		vst1q_u64(&inst->w4.u64, inst_45);
 
 		/* Word 6 and 7 */
 		inst_67 = vdupq_n_u64(0);
-		u64_0 = dptr;
 		u64_1 = sec_sess->inst.w7;
-		inst_67 = vsetq_lane_u64(u64_0, inst_67, 0);
 		inst_67 = vsetq_lane_u64(u64_1, inst_67, 1);
 		vst1q_u64(&inst->w6.u64, inst_67);
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index caf6ac35e5..460e4803d3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -18,7 +18,14 @@
 
 /* Space for ctrl_word(8B), IV(48B), passthrough alignment(8B) */
 #define CNXK_CPT_MIN_HEADROOM_REQ 64
-#define CNXK_CPT_MIN_TAILROOM_REQ 102
+/* Tailroom required for RX-inject path.
+ * In RX-inject path, space is required for below entities:
+ * WQE header and NIX_RX_PARSE_S
+ * SG list format for 6 IOVA pointers
+ * Space for 128 byte alignment.
+ */
+#define CNXK_CPT_MIN_TAILROOM_REQ 256
+#define CNXK_CPT_MAX_SG_SEGS	  6
 
 /* Default command timeout in seconds */
 #define DEFAULT_COMMAND_TIMEOUT 4
-- 
2.25.1

[PATCH 03/11] common/cnxk: ensure CPTR is 128B aligned

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Make sure CPTR is 128B aligned.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/common/cnxk/roc_cpt.c      | 5 +++++
 drivers/common/cnxk/roc_platform.h | 1 +
 2 files changed, 6 insertions(+)

diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index aba2a49d19..64fa284b9a 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -1174,6 +1174,11 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr,
 	uint64_t *dptr;
 	int i;
 
+	if (!plt_is_aligned(sa_cptr, 128)) {
+		plt_err("Context pointer should be 128B aligned");
+		return -EINVAL;
+	}
+
 	/* Use this lcore's LMT line as no one else is using it */
 	ROC_LMT_BASE_ID_GET(lmt_base, lmt_id);
 	inst = (struct cpt_inst_s *)lmt_base;
diff --git a/drivers/common/cnxk/roc_platform.h b/drivers/common/cnxk/roc_platform.h
index 658bafb935..2b45cc3721 100644
--- a/drivers/common/cnxk/roc_platform.h
+++ b/drivers/common/cnxk/roc_platform.h
@@ -185,6 +185,7 @@ plt_thread_is_valid(plt_thread_t thr)
 #define plt_intr_efds_index_set		rte_intr_efds_index_set
 #define plt_intr_elist_index_get	rte_intr_elist_index_get
 #define plt_intr_elist_index_set	rte_intr_elist_index_set
+#define plt_is_aligned			rte_is_aligned
 
 #define plt_alarm_set	 rte_eal_alarm_set
 #define plt_alarm_cancel rte_eal_alarm_cancel
-- 
2.25.1

[PATCH 04/11] common/cnxk: rearrange to remove hole

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Rearrange fields to remove hole.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/common/cnxk/roc_se.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 50741a0b81..ede8d69c0e 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -331,6 +331,7 @@ struct roc_se_ctx {
 	/* auth_iv_offset passed to PDCP_CHAIN opcode based on FVC bit */
 	uint8_t pdcp_iv_offset;
 	union cpt_inst_w4 template_w4;
+	uint8_t *auth_key;
 	/* Below fields are accessed by hardware */
 	struct se_ctx_s {
 		/* Word0 */
@@ -355,7 +356,6 @@ struct roc_se_ctx {
 			struct roc_se_sm_context sm_ctx;
 		};
 	} se_ctx __plt_aligned(ROC_ALIGN);
-	uint8_t *auth_key;
 } __plt_aligned(ROC_ALIGN);
 
 struct roc_se_fc_params {
-- 
2.25.1

[PATCH 05/11] common/cnxk: remove abort from flush API

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Instead of calling abort() return error code so that the caller can
handle as required.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/common/cnxk/roc_cpt.c     |  2 +-
 drivers/crypto/cnxk/cn10k_ipsec.c | 12 ++++++++++--
 drivers/crypto/cnxk/cn10k_tls.c   | 12 ++++++++++--
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index 64fa284b9a..acbf5fa9d4 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -826,7 +826,7 @@ roc_cpt_lf_ctx_flush(struct roc_cpt_lf *lf, void *cptr, bool inval)
 
 	if (err.s.flush_st_flt) {
 		plt_err("CTX flush could not complete due to store fault");
-		abort();
+		return -EFAULT;
 	}
 
 	return 0;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index ef5f0ff4aa..7517602fa4 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -135,7 +135,11 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	}
 
 	/* Trigger CTX flush so that data is written back to DRAM */
-	roc_cpt_lf_ctx_flush(lf, out_sa, false);
+	ret = roc_cpt_lf_ctx_flush(lf, out_sa, false);
+	if (ret == -EFAULT) {
+		plt_err("Could not flush outbound session");
+		goto sa_dptr_free;
+	}
 
 	sec_sess->proto = RTE_SECURITY_PROTOCOL_IPSEC;
 	plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
@@ -236,7 +240,11 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	}
 
 	/* Trigger CTX flush so that data is written back to DRAM */
-	roc_cpt_lf_ctx_flush(lf, in_sa, true);
+	ret = roc_cpt_lf_ctx_flush(lf, in_sa, true);
+	if (ret == -EFAULT) {
+		plt_err("Could not flush inbound session");
+		goto sa_dptr_free;
+	}
 
 	sec_sess->proto = RTE_SECURITY_PROTOCOL_IPSEC;
 	plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index 7b73a58d2a..4bd2654499 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -707,7 +707,11 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	}
 
 	/* Trigger CTX flush so that data is written back to DRAM */
-	roc_cpt_lf_ctx_flush(lf, read_sa, true);
+	ret = roc_cpt_lf_ctx_flush(lf, read_sa, true);
+	if (ret == -EFAULT) {
+		plt_err("Could not flush TLS read session to hardware");
+		goto sa_dptr_free;
+	}
 
 	rte_atomic_thread_fence(rte_memory_order_seq_cst);
 
@@ -796,7 +800,11 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	}
 
 	/* Trigger CTX flush so that data is written back to DRAM */
-	roc_cpt_lf_ctx_flush(lf, write_sa, false);
+	ret = roc_cpt_lf_ctx_flush(lf, write_sa, false);
+	if (ret == -EFAULT) {
+		plt_err("Could not flush TLS write session to hardware");
+		goto sa_dptr_free;
+	}
 
 	rte_atomic_thread_fence(rte_memory_order_seq_cst);
 
-- 
2.25.1

[PATCH 06/11] common/cnxk: move algo enums to common

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

The enums are same between 9k & 10k. Move to common.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/common/cnxk/cnxk_security.c      | 106 ++++++++++-------------
 drivers/common/cnxk/roc_ie.h             |  22 +++++
 drivers/common/cnxk/roc_ie_on.h          |  22 -----
 drivers/common/cnxk/roc_ie_ot.h          |  19 ----
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h |   6 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c      |   8 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c       |  12 +--
 7 files changed, 83 insertions(+), 112 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 15b0bedf43..e67c3f2331 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -66,15 +66,15 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_k
 
 		switch (crypto_xfrm->aead.algo) {
 		case RTE_CRYPTO_AEAD_AES_GCM:
-			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_GCM;
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL;
+			w2->s.enc_type = ROC_IE_SA_ENC_AES_GCM;
+			w2->s.auth_type = ROC_IE_SA_AUTH_NULL;
 			memcpy(salt_key, &ipsec_xfrm->salt, 4);
 			tmp_salt = (uint32_t *)salt_key;
 			*tmp_salt = rte_be_to_cpu_32(*tmp_salt);
 			break;
 		case RTE_CRYPTO_AEAD_AES_CCM:
-			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CCM;
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL;
+			w2->s.enc_type = ROC_IE_SA_ENC_AES_CCM;
+			w2->s.auth_type = ROC_IE_SA_AUTH_NULL;
 			ccm_flag = 0x07 & ~ROC_CPT_AES_CCM_CTR_LEN;
 			*salt_key = ccm_flag;
 			memcpy(PLT_PTR_ADD(salt_key, 1), &ipsec_xfrm->salt, 3);
@@ -88,16 +88,16 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_k
 		if (cipher_xfrm != NULL) {
 			switch (cipher_xfrm->cipher.algo) {
 			case RTE_CRYPTO_CIPHER_NULL:
-				w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
+				w2->s.enc_type = ROC_IE_SA_ENC_NULL;
 				break;
 			case RTE_CRYPTO_CIPHER_AES_CBC:
-				w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
+				w2->s.enc_type = ROC_IE_SA_ENC_AES_CBC;
 				break;
 			case RTE_CRYPTO_CIPHER_AES_CTR:
-				w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+				w2->s.enc_type = ROC_IE_SA_ENC_AES_CTR;
 				break;
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
-				w2->s.enc_type = ROC_IE_OT_SA_ENC_3DES_CBC;
+				w2->s.enc_type = ROC_IE_SA_ENC_3DES_CBC;
 				break;
 			default:
 				return -ENOTSUP;
@@ -113,25 +113,25 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_k
 				plt_err("anti-replay can't be supported with integrity service disabled");
 				return -EINVAL;
 			}
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL;
+			w2->s.auth_type = ROC_IE_SA_AUTH_NULL;
 			break;
 		case RTE_CRYPTO_AUTH_SHA1_HMAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;
+			w2->s.auth_type = ROC_IE_SA_AUTH_SHA1;
 			break;
 		case RTE_CRYPTO_AUTH_SHA256_HMAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256;
+			w2->s.auth_type = ROC_IE_SA_AUTH_SHA2_256;
 			break;
 		case RTE_CRYPTO_AUTH_SHA384_HMAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_384;
+			w2->s.auth_type = ROC_IE_SA_AUTH_SHA2_384;
 			break;
 		case RTE_CRYPTO_AUTH_SHA512_HMAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_512;
+			w2->s.auth_type = ROC_IE_SA_AUTH_SHA2_512;
 			break;
 		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128;
+			w2->s.auth_type = ROC_IE_SA_AUTH_AES_XCBC_128;
 			break;
 		case RTE_CRYPTO_AUTH_AES_GMAC:
-			w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_GMAC;
+			w2->s.auth_type = ROC_IE_SA_AUTH_AES_GMAC;
 			key = auth_xfrm->auth.key.data;
 			length = auth_xfrm->auth.key.length;
 			memcpy(salt_key, &ipsec_xfrm->salt, 4);
@@ -174,12 +174,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_k
 	}
 
 	/* Set AES key length */
-	if (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC ||
-	    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
-	    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||
-	    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
-	    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
-	    w2->s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {
+	if (w2->s.enc_type == ROC_IE_SA_ENC_AES_CBC || w2->s.enc_type == ROC_IE_SA_ENC_AES_CCM ||
+	    w2->s.enc_type == ROC_IE_SA_ENC_AES_CTR || w2->s.enc_type == ROC_IE_SA_ENC_AES_GCM ||
+	    w2->s.enc_type == ROC_IE_SA_ENC_AES_CCM || w2->s.auth_type == ROC_IE_SA_AUTH_AES_GMAC) {
 		switch (length) {
 		case ROC_CPT_AES128_KEY_LEN:
 			w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;
@@ -809,11 +806,11 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		switch (crypto_xform->aead.algo) {
 		case RTE_CRYPTO_AEAD_AES_GCM:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM;
+			ctl->enc_type = ROC_IE_SA_ENC_AES_GCM;
 			aes_key_len = crypto_xform->aead.key.length;
 			break;
 		case RTE_CRYPTO_AEAD_AES_CCM:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CCM;
+			ctl->enc_type = ROC_IE_SA_ENC_AES_CCM;
 			aes_key_len = crypto_xform->aead.key.length;
 			break;
 		default:
@@ -824,20 +821,20 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 		if (cipher_xform != NULL) {
 			switch (cipher_xform->cipher.algo) {
 			case RTE_CRYPTO_CIPHER_NULL:
-				ctl->enc_type = ROC_IE_ON_SA_ENC_NULL;
+				ctl->enc_type = ROC_IE_SA_ENC_NULL;
 				break;
 			case RTE_CRYPTO_CIPHER_DES_CBC:
-				ctl->enc_type = ROC_IE_ON_SA_ENC_DES_CBC;
+				ctl->enc_type = ROC_IE_SA_ENC_DES_CBC;
 				break;
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
-				ctl->enc_type = ROC_IE_ON_SA_ENC_3DES_CBC;
+				ctl->enc_type = ROC_IE_SA_ENC_3DES_CBC;
 				break;
 			case RTE_CRYPTO_CIPHER_AES_CBC:
-				ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
+				ctl->enc_type = ROC_IE_SA_ENC_AES_CBC;
 				aes_key_len = cipher_xform->cipher.key.length;
 				break;
 			case RTE_CRYPTO_CIPHER_AES_CTR:
-				ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+				ctl->enc_type = ROC_IE_SA_ENC_AES_CTR;
 				aes_key_len = cipher_xform->cipher.key.length;
 				break;
 			default:
@@ -848,32 +845,32 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 
 		switch (auth_xform->auth.algo) {
 		case RTE_CRYPTO_AUTH_NULL:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;
+			ctl->auth_type = ROC_IE_SA_AUTH_NULL;
 			break;
 		case RTE_CRYPTO_AUTH_MD5_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_MD5;
+			ctl->auth_type = ROC_IE_SA_AUTH_MD5;
 			break;
 		case RTE_CRYPTO_AUTH_SHA1_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA1;
+			ctl->auth_type = ROC_IE_SA_AUTH_SHA1;
 			break;
 		case RTE_CRYPTO_AUTH_SHA224_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_224;
+			ctl->auth_type = ROC_IE_SA_AUTH_SHA2_224;
 			break;
 		case RTE_CRYPTO_AUTH_SHA256_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_256;
+			ctl->auth_type = ROC_IE_SA_AUTH_SHA2_256;
 			break;
 		case RTE_CRYPTO_AUTH_SHA384_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_384;
+			ctl->auth_type = ROC_IE_SA_AUTH_SHA2_384;
 			break;
 		case RTE_CRYPTO_AUTH_SHA512_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_512;
+			ctl->auth_type = ROC_IE_SA_AUTH_SHA2_512;
 			break;
 		case RTE_CRYPTO_AUTH_AES_GMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_GMAC;
+			ctl->auth_type = ROC_IE_SA_AUTH_AES_GMAC;
 			aes_key_len = auth_xform->auth.key.length;
 			break;
 		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128;
+			ctl->auth_type = ROC_IE_SA_AUTH_AES_XCBC_128;
 			break;
 		default:
 			plt_err("Unsupported auth algorithm");
@@ -882,12 +879,9 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 	}
 
 	/* Set AES key length */
-	if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CBC ||
-	    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM ||
-	    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CTR ||
-	    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||
-	    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM ||
-	    ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) {
+	if (ctl->enc_type == ROC_IE_SA_ENC_AES_CBC || ctl->enc_type == ROC_IE_SA_ENC_AES_CCM ||
+	    ctl->enc_type == ROC_IE_SA_ENC_AES_CTR || ctl->enc_type == ROC_IE_SA_ENC_AES_GCM ||
+	    ctl->enc_type == ROC_IE_SA_ENC_AES_CCM || ctl->auth_type == ROC_IE_SA_AUTH_AES_GMAC) {
 		switch (aes_key_len) {
 		case 16:
 			ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;
@@ -998,30 +992,26 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
 	if (ret)
 		return ret;
 
-	if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||
-	    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM || ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL ||
-	    ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) {
+	if (ctl->enc_type == ROC_IE_SA_ENC_AES_GCM || ctl->enc_type == ROC_IE_SA_ENC_AES_CCM ||
+	    ctl->auth_type == ROC_IE_SA_AUTH_NULL || ctl->auth_type == ROC_IE_SA_AUTH_AES_GMAC) {
 		template = &out_sa->aes_gcm.template;
 		ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template);
 	} else {
 		switch (ctl->auth_type) {
-		case ROC_IE_ON_SA_AUTH_MD5:
-		case ROC_IE_ON_SA_AUTH_SHA1:
+		case ROC_IE_SA_AUTH_MD5:
+		case ROC_IE_SA_AUTH_SHA1:
 			template = &out_sa->sha1.template;
-			ctx_len = offsetof(struct roc_ie_on_outb_sa,
-					   sha1.template);
+			ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template);
 			break;
-		case ROC_IE_ON_SA_AUTH_SHA2_256:
-		case ROC_IE_ON_SA_AUTH_SHA2_384:
-		case ROC_IE_ON_SA_AUTH_SHA2_512:
+		case ROC_IE_SA_AUTH_SHA2_256:
+		case ROC_IE_SA_AUTH_SHA2_384:
+		case ROC_IE_SA_AUTH_SHA2_512:
 			template = &out_sa->sha2.template;
-			ctx_len = offsetof(struct roc_ie_on_outb_sa,
-					   sha2.template);
+			ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template);
 			break;
-		case ROC_IE_ON_SA_AUTH_AES_XCBC_128:
+		case ROC_IE_SA_AUTH_AES_XCBC_128:
 			template = &out_sa->aes_xcbc.template;
-			ctx_len = offsetof(struct roc_ie_on_outb_sa,
-					   aes_xcbc.template);
+			ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_xcbc.template);
 			break;
 		default:
 			plt_err("Unsupported auth algorithm");
diff --git a/drivers/common/cnxk/roc_ie.h b/drivers/common/cnxk/roc_ie.h
index 31b83948e1..fe0e281df9 100644
--- a/drivers/common/cnxk/roc_ie.h
+++ b/drivers/common/cnxk/roc_ie.h
@@ -31,4 +31,26 @@ enum {
 	ROC_IE_SA_AES_KEY_LEN_256 = 3,
 };
 
+enum {
+	ROC_IE_SA_ENC_NULL = 0,
+	ROC_IE_SA_ENC_DES_CBC = 1,
+	ROC_IE_SA_ENC_3DES_CBC = 2,
+	ROC_IE_SA_ENC_AES_CBC = 3,
+	ROC_IE_SA_ENC_AES_CTR = 4,
+	ROC_IE_SA_ENC_AES_GCM = 5,
+	ROC_IE_SA_ENC_AES_CCM = 6,
+};
+
+enum {
+	ROC_IE_SA_AUTH_NULL = 0,
+	ROC_IE_SA_AUTH_MD5 = 1,
+	ROC_IE_SA_AUTH_SHA1 = 2,
+	ROC_IE_SA_AUTH_SHA2_224 = 3,
+	ROC_IE_SA_AUTH_SHA2_256 = 4,
+	ROC_IE_SA_AUTH_SHA2_384 = 5,
+	ROC_IE_SA_AUTH_SHA2_512 = 6,
+	ROC_IE_SA_AUTH_AES_GMAC = 7,
+	ROC_IE_SA_AUTH_AES_XCBC_128 = 8,
+};
+
 #endif /* __ROC_IE_H__ */
diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h
index 11c995e9d1..d3e463e105 100644
--- a/drivers/common/cnxk/roc_ie_on.h
+++ b/drivers/common/cnxk/roc_ie_on.h
@@ -31,28 +31,6 @@ enum roc_ie_on_ucc_ipsec {
 #define ROC_IE_ON_PER_PKT_IV	BIT(43)
 #define ROC_IE_ON_INPLACE_BIT	BIT(6)
 
-enum {
-	ROC_IE_ON_SA_ENC_NULL = 0,
-	ROC_IE_ON_SA_ENC_DES_CBC = 1,
-	ROC_IE_ON_SA_ENC_3DES_CBC = 2,
-	ROC_IE_ON_SA_ENC_AES_CBC = 3,
-	ROC_IE_ON_SA_ENC_AES_CTR = 4,
-	ROC_IE_ON_SA_ENC_AES_GCM = 5,
-	ROC_IE_ON_SA_ENC_AES_CCM = 6,
-};
-
-enum {
-	ROC_IE_ON_SA_AUTH_NULL = 0,
-	ROC_IE_ON_SA_AUTH_MD5 = 1,
-	ROC_IE_ON_SA_AUTH_SHA1 = 2,
-	ROC_IE_ON_SA_AUTH_SHA2_224 = 3,
-	ROC_IE_ON_SA_AUTH_SHA2_256 = 4,
-	ROC_IE_ON_SA_AUTH_SHA2_384 = 5,
-	ROC_IE_ON_SA_AUTH_SHA2_512 = 6,
-	ROC_IE_ON_SA_AUTH_AES_GMAC = 7,
-	ROC_IE_ON_SA_AUTH_AES_XCBC_128 = 8,
-};
-
 enum {
 	ROC_IE_ON_SA_FRAG_POST = 0,
 	ROC_IE_ON_SA_FRAG_PRE = 1,
diff --git a/drivers/common/cnxk/roc_ie_ot.h b/drivers/common/cnxk/roc_ie_ot.h
index af2691e0eb..1420e3d586 100644
--- a/drivers/common/cnxk/roc_ie_ot.h
+++ b/drivers/common/cnxk/roc_ie_ot.h
@@ -110,25 +110,6 @@ enum {
 	ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
 };
 
-enum {
-	ROC_IE_OT_SA_ENC_NULL = 0,
-	ROC_IE_OT_SA_ENC_3DES_CBC = 2,
-	ROC_IE_OT_SA_ENC_AES_CBC = 3,
-	ROC_IE_OT_SA_ENC_AES_CTR = 4,
-	ROC_IE_OT_SA_ENC_AES_GCM = 5,
-	ROC_IE_OT_SA_ENC_AES_CCM = 6,
-};
-
-enum {
-	ROC_IE_OT_SA_AUTH_NULL = 0,
-	ROC_IE_OT_SA_AUTH_SHA1 = 2,
-	ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
-	ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
-	ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
-	ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
-	ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
-};
-
 enum {
 	ROC_IE_OT_SA_ENCAP_NONE = 0,
 	ROC_IE_OT_SA_ENCAP_UDP = 1,
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 4e95fbb6eb..2c500afbca 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -61,9 +61,9 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k_s
 
 #ifdef LA_IPSEC_DEBUG
 	if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
-		if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
-		    sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
-		    sess->sa.out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)
+		if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM ||
+		    sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_CCM ||
+		    sess->sa.out_sa.w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC)
 			ipsec_po_sa_aes_gcm_iv_set(sess, cop);
 		else
 			ipsec_po_sa_iv_set(sess, cop);
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 5e509e97d4..8857c38355 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -660,10 +660,10 @@ outb_dbg_iv_update(struct roc_ot_ipsec_outb_sa *outb_sa, const char *__iv_str)
 	if (!iv_str)
 		return;
 
-	if (outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
-	    outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||
-	    outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
-	    outb_sa->w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {
+	if (outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM ||
+	    outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_CTR ||
+	    outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_CCM ||
+	    outb_sa->w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC) {
 		memset(outb_sa->iv.s.iv_dbg1, 0, sizeof(outb_sa->iv.s.iv_dbg1));
 		memset(outb_sa->iv.s.iv_dbg2, 0, sizeof(outb_sa->iv.s.iv_dbg2));
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index a0e0a73639..25110d1a5b 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -422,10 +422,10 @@ outb_dbg_iv_update(struct roc_ie_on_common_sa *common_sa, const char *__iv_str)
 	if (!iv_str)
 		return;
 
-	if (common_sa->ctl.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
-	    common_sa->ctl.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||
-	    common_sa->ctl.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
-	    common_sa->ctl.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {
+	if (common_sa->ctl.enc_type == ROC_IE_SA_ENC_AES_GCM ||
+	    common_sa->ctl.enc_type == ROC_IE_SA_ENC_AES_CTR ||
+	    common_sa->ctl.enc_type == ROC_IE_SA_ENC_AES_CCM ||
+	    common_sa->ctl.auth_type == ROC_IE_SA_AUTH_AES_GMAC) {
 		iv_dbg = common_sa->iv.gcm.iv;
 		iv_len = 8;
 	}
@@ -534,7 +534,7 @@ cn9k_eth_sec_session_update(void *device,
 	outb_priv->esn = ipsec->esn.value;
 
 	memcpy(&outb_priv->nonce, outb_sa->common_sa.iv.gcm.nonce, 4);
-	if (outb_sa->common_sa.ctl.enc_type == ROC_IE_ON_SA_ENC_AES_GCM)
+	if (outb_sa->common_sa.ctl.enc_type == ROC_IE_SA_ENC_AES_GCM)
 		outb_priv->copy_salt = 1;
 
 	rlens = &outb_priv->rlens;
@@ -750,7 +750,7 @@ cn9k_eth_sec_session_create(void *device,
 		outb_priv->seq = 1;
 
 		memcpy(&outb_priv->nonce, outb_sa->common_sa.iv.gcm.nonce, 4);
-		if (outb_sa->common_sa.ctl.enc_type == ROC_IE_ON_SA_ENC_AES_GCM)
+		if (outb_sa->common_sa.ctl.enc_type == ROC_IE_SA_ENC_AES_GCM)
 			outb_priv->copy_salt = 1;
 
 		/* Save rlen info */
-- 
2.25.1

[PATCH 07/11] crypto/cnxk: use opaque pointer for PMD APIs

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Use opaque pointer instead of void * for PMD APIs. Usage of forward
declaration and opaque pointer would allow compiler to prevent
unintended usage which cannot be prevented with void *.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 12 ++++++------
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 18 +++++++++++++++---
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cfcfa79fdf..d0ad2d9a4b 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -945,7 +945,7 @@ cnxk_cpt_queue_pair_event_error_query(struct rte_cryptodev *dev, uint16_t qp_id)
 	return 0;
 }
 
-void *
+struct rte_pmd_cnxk_crypto_qptr *
 rte_pmd_cnxk_crypto_qptr_get(uint8_t dev_id, uint16_t qp_id)
 {
 	const struct rte_crypto_fp_ops *fp_ops;
@@ -958,9 +958,9 @@ rte_pmd_cnxk_crypto_qptr_get(uint8_t dev_id, uint16_t qp_id)
 }
 
 static inline void
-cnxk_crypto_cn10k_submit(void *qptr, void *inst, uint16_t nb_inst)
+cnxk_crypto_cn10k_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, uint16_t nb_inst)
 {
-	struct cnxk_cpt_qp *qp = qptr;
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
 	uint64_t lmt_base, io_addr;
 	uint16_t lmt_id;
 	void *lmt_dst;
@@ -987,9 +987,9 @@ cnxk_crypto_cn10k_submit(void *qptr, void *inst, uint16_t nb_inst)
 }
 
 static inline void
-cnxk_crypto_cn9k_submit(void *qptr, void *inst, uint16_t nb_inst)
+cnxk_crypto_cn9k_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, uint16_t nb_inst)
 {
-	struct cnxk_cpt_qp *qp = qptr;
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
 
 	const uint64_t lmt_base = qp->lf.lmt_base;
 	const uint64_t io_addr = qp->lf.io_addr;
@@ -1008,7 +1008,7 @@ cnxk_crypto_cn9k_submit(void *qptr, void *inst, uint16_t nb_inst)
 }
 
 void
-rte_pmd_cnxk_crypto_submit(void *qptr, void *inst, uint16_t nb_inst)
+rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, uint16_t nb_inst)
 {
 	if (roc_model_is_cn10k())
 		return cnxk_crypto_cn10k_submit(qptr, inst, nb_inst);
diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index eab1243065..28d86b5a18 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -13,6 +13,16 @@
 
 #include <stdint.h>
 
+/* Forward declarations */
+
+/**
+ * @brief Crypto CNXK PMD QPTR opaque pointer.
+ *
+ * This structure represents the queue pair structure that would be the input to APIs that use
+ * hardware queues.
+ */
+struct rte_pmd_cnxk_crypto_qptr;
+
 /**
  * Get queue pointer of a specific queue in a cryptodev.
  *
@@ -21,10 +31,11 @@
  * @param qp_id
  *   Index of the queue pair.
  * @return
- *   Pointer to queue pair structure that would be the input to submit APIs.
+ *   - On success, pointer to queue pair structure that would be the input to submit APIs.
+ *   - NULL on error.
  */
 __rte_experimental
-void *rte_pmd_cnxk_crypto_qptr_get(uint8_t dev_id, uint16_t qp_id);
+struct rte_pmd_cnxk_crypto_qptr *rte_pmd_cnxk_crypto_qptr_get(uint8_t dev_id, uint16_t qp_id);
 
 /**
  * Submit CPT instruction (cpt_inst_s) to hardware (CPT).
@@ -43,6 +54,7 @@ void *rte_pmd_cnxk_crypto_qptr_get(uint8_t dev_id, uint16_t qp_id);
  *   Number of instructions.
  */
 __rte_experimental
-void rte_pmd_cnxk_crypto_submit(void *qptr, void *inst, uint16_t nb_inst);
+void rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst,
+				uint16_t nb_inst);
 
 #endif /* _PMD_CNXK_CRYPTO_H_ */
-- 
2.25.1

[PATCH 08/11] crypto/cnxk: add PMD API for getting CPTR

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

CPTR address is the context address used by hardware. Add PMD API to
retrieve the hardware address from rte_cryptodev/rte_security session.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 49 +++++++++++++++++++++++
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 42 +++++++++++++++++++
 drivers/crypto/cnxk/version.map           |  3 ++
 3 files changed, 94 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index d0ad2d9a4b..128f1b1ddd 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -25,7 +25,9 @@
 #include "cnxk_se.h"
 
 #include "cn10k_cryptodev_ops.h"
+#include "cn10k_cryptodev_sec.h"
 #include "cn9k_cryptodev_ops.h"
+#include "cn9k_ipsec.h"
 
 #include "rte_pmd_cnxk_crypto.h"
 
@@ -1017,3 +1019,50 @@ rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, ui
 
 	plt_err("Invalid cnxk model");
 }
+
+struct rte_pmd_cnxk_crypto_cptr *
+rte_pmd_cnxk_crypto_cptr_get(struct rte_pmd_cnxk_crypto_sess *rte_sess)
+{
+	if (rte_sess == NULL) {
+		plt_err("Invalid session pointer");
+		return NULL;
+	}
+
+	if (rte_sess->sec_sess == NULL) {
+		plt_err("Invalid RTE session pointer");
+		return NULL;
+	}
+
+	if (rte_sess->op_type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+		struct cnxk_ae_sess *ae_sess = PLT_PTR_CAST(rte_sess->crypto_asym_sess);
+		return PLT_PTR_CAST(&ae_sess->hw_ctx);
+	}
+
+	if (rte_sess->op_type != RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+		plt_err("Invalid crypto operation type");
+		return NULL;
+	}
+
+	if (rte_sess->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		struct cnxk_se_sess *se_sess = PLT_PTR_CAST(rte_sess->crypto_sym_sess);
+		return PLT_PTR_CAST(&se_sess->roc_se_ctx.se_ctx);
+	}
+
+	if (rte_sess->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+		if (roc_model_is_cn10k()) {
+			struct cn10k_sec_session *sec_sess = PLT_PTR_CAST(rte_sess->sec_sess);
+			return PLT_PTR_CAST(&sec_sess->sa);
+		}
+
+		if (roc_model_is_cn9k()) {
+			struct cn9k_sec_session *sec_sess = PLT_PTR_CAST(rte_sess->sec_sess);
+			return PLT_PTR_CAST(&sec_sess->sa);
+		}
+
+		plt_err("Invalid cnxk model");
+		return NULL;
+	}
+
+	plt_err("Invalid session type");
+	return NULL;
+}
diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index 28d86b5a18..dc5a6d57b0 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -23,6 +23,35 @@
  */
 struct rte_pmd_cnxk_crypto_qptr;
 
+/**
+ * @brief Crypto CNXK PMD CPTR opaque pointer.
+ *
+ * This structure represents the context pointer that would be used to store the hardware context.
+ */
+struct rte_pmd_cnxk_crypto_cptr;
+
+/**
+ * @brief Crypto CNXK PMD session structure.
+ *
+ * This structure represents the session structure that would be used to store the session
+ * information.
+ */
+struct rte_pmd_cnxk_crypto_sess {
+	/** Crypto type (symmetric or asymmetric). */
+	enum rte_crypto_op_type op_type;
+	/** Session type (Crypto or security). */
+	enum rte_crypto_op_sess_type sess_type;
+	/** Session pointer. */
+	union {
+		/** Security session pointer. */
+		struct rte_security_session *sec_sess;
+		/** Crypto symmetric session pointer. */
+		struct rte_cryptodev_sym_session *crypto_sym_sess;
+		/** Crypto asymmetric session pointer */
+		struct rte_cryptodev_asym_session *crypto_asym_sess;
+	};
+};
+
 /**
  * Get queue pointer of a specific queue in a cryptodev.
  *
@@ -57,4 +86,17 @@ __rte_experimental
 void rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst,
 				uint16_t nb_inst);
 
+/**
+ * Get the HW CPTR pointer from the rte_crypto/rte_security session.
+ *
+ * @param rte_sess
+ *   Pointer to the structure holding rte_cryptodev or rte_security session.
+ * @return
+ *   - On success, pointer to the HW CPTR.
+ *   - NULL on error.
+ */
+__rte_experimental
+struct rte_pmd_cnxk_crypto_cptr *rte_pmd_cnxk_crypto_cptr_get(
+	struct rte_pmd_cnxk_crypto_sess *rte_sess);
+
 #endif /* _PMD_CNXK_CRYPTO_H_ */
diff --git a/drivers/crypto/cnxk/version.map b/drivers/crypto/cnxk/version.map
index 7a77607774..b510ec4847 100644
--- a/drivers/crypto/cnxk/version.map
+++ b/drivers/crypto/cnxk/version.map
@@ -4,6 +4,9 @@ EXPERIMENTAL {
 	# added in 24.03
 	rte_pmd_cnxk_crypto_submit;
 	rte_pmd_cnxk_crypto_qptr_get;
+
+	# added in 24.07
+	rte_pmd_cnxk_crypto_cptr_get;
 };
 
 INTERNAL {
-- 
2.25.1

[PATCH 09/11] crypto/cnxk: add PMD API to flush CTX

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Add PMD API to flush CPT CTX entry.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 24 ++++++++++++++++++++++
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 25 +++++++++++++++++++++++
 drivers/crypto/cnxk/version.map           |  1 +
 3 files changed, 50 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 128f1b1ddd..ccb800730c 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -1020,6 +1020,30 @@ rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, ui
 	plt_err("Invalid cnxk model");
 }
 
+int
+rte_pmd_cnxk_crypto_cptr_flush(struct rte_pmd_cnxk_crypto_qptr *qptr,
+			       struct rte_pmd_cnxk_crypto_cptr *cptr, bool invalidate)
+{
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
+
+	if (unlikely(qptr == NULL)) {
+		plt_err("Invalid queue pair pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(cptr == NULL)) {
+		plt_err("Invalid CPTR pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(!roc_model_is_cn10k())) {
+		plt_err("Invalid cnxk model");
+		return -EINVAL;
+	}
+
+	return roc_cpt_lf_ctx_flush(&qp->lf, cptr, invalidate);
+}
+
 struct rte_pmd_cnxk_crypto_cptr *
 rte_pmd_cnxk_crypto_cptr_get(struct rte_pmd_cnxk_crypto_sess *rte_sess)
 {
diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index dc5a6d57b0..7a7d20c290 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -86,6 +86,31 @@ __rte_experimental
 void rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst,
 				uint16_t nb_inst);
 
+/**
+ * Flush the CPTR from CPT CTX cache.
+ *
+ * This API must be called only after the cryptodev and queue pair is configured and is started.
+ *
+ * @param qptr
+ *   Pointer obtained with ``rte_pmd_cnxk_crypto_qptr_get``.
+ * @param cptr
+ *   Pointer obtained with ``rte_pmd_cnxk_crypto_cptr_get`` or any valid CPTR address that can be
+ *   used with CPT CTX cache.
+ * @param invalidate
+ *   If true, invalidate the CTX cache entry. If false, flush the CTX cache entry.
+ * @return
+ *   - 0 on success.
+ *   - Negative value on error.
+ *     - -EINVAL if the input parameters are invalid.
+ *     - -ENOTSUP if the operation is not supported.
+ *     - -EAGAIN if the operation is not successful.
+ *     - -EFAULT if the operation failed.
+ */
+__rte_experimental
+int rte_pmd_cnxk_crypto_cptr_flush(struct rte_pmd_cnxk_crypto_qptr *qptr,
+				   struct rte_pmd_cnxk_crypto_cptr *cptr,
+				   bool invalidate);
+
 /**
  * Get the HW CPTR pointer from the rte_crypto/rte_security session.
  *
diff --git a/drivers/crypto/cnxk/version.map b/drivers/crypto/cnxk/version.map
index b510ec4847..7a8122dc1d 100644
--- a/drivers/crypto/cnxk/version.map
+++ b/drivers/crypto/cnxk/version.map
@@ -6,6 +6,7 @@ EXPERIMENTAL {
 	rte_pmd_cnxk_crypto_qptr_get;
 
 	# added in 24.07
+	rte_pmd_cnxk_crypto_cptr_flush;
 	rte_pmd_cnxk_crypto_cptr_get;
 };
 
-- 
2.25.1

[PATCH 10/11] crypto/cnxk: add CPTR read and write

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Add PMD API for CPTR read and write.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 71 +++++++++++++++++++++++
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 52 +++++++++++++++++
 drivers/crypto/cnxk/version.map           |  2 +
 3 files changed, 125 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index ccb800730c..a7d58a5445 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -2,6 +2,7 @@
  * Copyright(C) 2021 Marvell.
  */
 
+#include <rte_atomic.h>
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
 #include <rte_errno.h>
@@ -1090,3 +1091,73 @@ rte_pmd_cnxk_crypto_cptr_get(struct rte_pmd_cnxk_crypto_sess *rte_sess)
 	plt_err("Invalid session type");
 	return NULL;
 }
+
+int
+rte_pmd_cnxk_crypto_cptr_read(struct rte_pmd_cnxk_crypto_qptr *qptr,
+			      struct rte_pmd_cnxk_crypto_cptr *cptr, void *data, uint32_t len)
+{
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
+	int ret;
+
+	if (unlikely(qptr == NULL)) {
+		plt_err("Invalid queue pair pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(cptr == NULL)) {
+		plt_err("Invalid CPTR pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(data == NULL)) {
+		plt_err("Invalid data pointer");
+		return -EINVAL;
+	}
+
+	ret = roc_cpt_lf_ctx_flush(&qp->lf, cptr, false);
+	if (ret)
+		return ret;
+
+	/* Wait for the flush to complete. */
+	rte_delay_ms(1);
+
+	memcpy(data, cptr, len);
+	return 0;
+}
+
+int
+rte_pmd_cnxk_crypto_cptr_write(struct rte_pmd_cnxk_crypto_qptr *qptr,
+			       struct rte_pmd_cnxk_crypto_cptr *cptr, void *data, uint32_t len)
+{
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
+	int ret;
+
+	if (unlikely(qptr == NULL)) {
+		plt_err("Invalid queue pair pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(cptr == NULL)) {
+		plt_err("Invalid CPTR pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(data == NULL)) {
+		plt_err("Invalid data pointer");
+		return -EINVAL;
+	}
+
+	ret = roc_cpt_ctx_write(&qp->lf, data, cptr, len);
+	if (ret) {
+		plt_err("Could not write to CPTR");
+		return ret;
+	}
+
+	ret = roc_cpt_lf_ctx_flush(&qp->lf, cptr, false);
+	if (ret)
+		return ret;
+
+	rte_atomic_thread_fence(rte_memory_order_seq_cst);
+
+	return 0;
+}
diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index 7a7d20c290..454261022b 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -124,4 +124,56 @@ __rte_experimental
 struct rte_pmd_cnxk_crypto_cptr *rte_pmd_cnxk_crypto_cptr_get(
 	struct rte_pmd_cnxk_crypto_sess *rte_sess);
 
+/**
+ * Read HW context (CPTR).
+ *
+ * @param qptr
+ *   Pointer obtained with ``rte_pmd_cnxk_crypto_qptr_get``.
+ * @param cptr
+ *   Pointer obtained with ``rte_pmd_cnxk_crypto_cptr_get`` or any valid CPTR address that can be
+ *   used with CPT CTX cache.
+ * @param[out] data
+ *   Destination pointer to copy CPTR context for application.
+ * @param len
+ *   Length of CPTR context to copy into data parameter.
+ *
+ * @return
+ *   - 0 On success.
+ *   - Negative value on error.
+ *     - -EINVAL if the input parameters are invalid.
+ *     - -ENOTSUP if the operation is not supported.
+ *     - -EAGAIN if the operation is not successful.
+ *     - -EFAULT if the operation failed.
+ */
+__rte_experimental
+int rte_pmd_cnxk_crypto_cptr_read(struct rte_pmd_cnxk_crypto_qptr *qptr,
+				  struct rte_pmd_cnxk_crypto_cptr *cptr, void *data,
+				  uint32_t len);
+
+/**
+ * Write HW context (CPTR).
+ *
+ * @param qptr
+ *  Pointer obtained with ``rte_pmd_cnxk_crypto_qptr_get``.
+ * @param cptr
+ *  Pointer obtained with ``rte_pmd_cnxk_crypto_cptr_get`` or any valid CPTR address that can be
+ *  used with CPT CTX cache.
+ * @param data
+ *  Source pointer to copy CPTR context from application.
+ * @param len
+ *  Length of CPTR context to copy from data parameter.
+ *
+ * @return
+ *   - 0 On success.
+ *   - Negative value on error.
+ *     - -EINVAL if the input parameters are invalid.
+ *     - -ENOTSUP if the operation is not supported.
+ *     - -EAGAIN if the operation is not successful.
+ *     - -EFAULT if the operation failed.
+ */
+__rte_experimental
+int rte_pmd_cnxk_crypto_cptr_write(struct rte_pmd_cnxk_crypto_qptr *qptr,
+				   struct rte_pmd_cnxk_crypto_cptr *cptr, void *data,
+				   uint32_t len);
+
 #endif /* _PMD_CNXK_CRYPTO_H_ */
diff --git a/drivers/crypto/cnxk/version.map b/drivers/crypto/cnxk/version.map
index 7a8122dc1d..6e51f7be1a 100644
--- a/drivers/crypto/cnxk/version.map
+++ b/drivers/crypto/cnxk/version.map
@@ -8,6 +8,8 @@ EXPERIMENTAL {
 	# added in 24.07
 	rte_pmd_cnxk_crypto_cptr_flush;
 	rte_pmd_cnxk_crypto_cptr_get;
+	rte_pmd_cnxk_crypto_cptr_read;
+	rte_pmd_cnxk_crypto_cptr_write;
 };
 
 INTERNAL {
-- 
2.25.1

[PATCH 11/11] crypto/cnxk: add PMD API to get qp stats

[Tejasree Kondoj]

From: Anoob Joseph <anoobj@marvell.com>

Add PMD API to get CPT LF(QP) stats.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 32 +++++++++++++++++++++
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 34 +++++++++++++++++++++++
 drivers/crypto/cnxk/version.map           |  1 +
 3 files changed, 67 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index a7d58a5445..2355bc3737 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -1161,3 +1161,35 @@ rte_pmd_cnxk_crypto_cptr_write(struct rte_pmd_cnxk_crypto_qptr *qptr,
 
 	return 0;
 }
+
+int
+rte_pmd_cnxk_crypto_qp_stats_get(struct rte_pmd_cnxk_crypto_qptr *qptr,
+				 struct rte_pmd_cnxk_crypto_qp_stats *stats)
+{
+	struct cnxk_cpt_qp *qp = PLT_PTR_CAST(qptr);
+	struct roc_cpt_lf *lf;
+
+	if (unlikely(qptr == NULL)) {
+		plt_err("Invalid queue pair pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(stats == NULL)) {
+		plt_err("Invalid stats pointer");
+		return -EINVAL;
+	}
+
+	if (unlikely(roc_model_is_cn9k())) {
+		plt_err("Invalid cnxk model");
+		return -EINVAL;
+	}
+
+	lf = &qp->lf;
+
+	stats->ctx_enc_pkts = plt_read64(lf->rbase + CPT_LF_CTX_ENC_PKT_CNT);
+	stats->ctx_enc_bytes = plt_read64(lf->rbase + CPT_LF_CTX_ENC_BYTE_CNT);
+	stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
+	stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
+
+	return 0;
+}
diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index 454261022b..02278605a2 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -30,6 +30,23 @@ struct rte_pmd_cnxk_crypto_qptr;
  */
 struct rte_pmd_cnxk_crypto_cptr;
 
+/**
+ *
+ * @brief Crypto CNXK queue pair stats.
+ *
+ * This structure represents the queue pair stats retrieved from CPT HW queue.
+ */
+struct rte_pmd_cnxk_crypto_qp_stats {
+	/** Packet counter of the packets that used CPT context cache and was encrypted */
+	uint64_t ctx_enc_pkts;
+	/** Byte counter of the packets that used CPT context cache and was encrypted */
+	uint64_t ctx_enc_bytes;
+	/** Packet counter of the packets that used CPT context cache and was decrypted */
+	uint64_t ctx_dec_pkts;
+	/** Byte counter of the packets that used CPT context cache and was decrypted */
+	uint64_t ctx_dec_bytes;
+};
+
 /**
  * @brief Crypto CNXK PMD session structure.
  *
@@ -176,4 +193,21 @@ int rte_pmd_cnxk_crypto_cptr_write(struct rte_pmd_cnxk_crypto_qptr *qptr,
 				   struct rte_pmd_cnxk_crypto_cptr *cptr, void *data,
 				   uint32_t len);
 
+/**
+ * Get the HW Queue Pair (LF) stats.
+ *
+ * @param qptr
+ *  Pointer obtained with ``rte_pmd_cnxk_crypto_qptr_get``.
+ * @param[out] stats
+ *  Pointer to the structure where stats will be copied.
+ *
+ * @return
+ *   - 0 On success.
+ *   - Negative value on error.
+ *     - -EINVAL if the input parameters are invalid.
+ */
+__rte_experimental
+int rte_pmd_cnxk_crypto_qp_stats_get(struct rte_pmd_cnxk_crypto_qptr *qptr,
+				     struct rte_pmd_cnxk_crypto_qp_stats *stats);
+
 #endif /* _PMD_CNXK_CRYPTO_H_ */
diff --git a/drivers/crypto/cnxk/version.map b/drivers/crypto/cnxk/version.map
index 6e51f7be1a..05724e69e4 100644
--- a/drivers/crypto/cnxk/version.map
+++ b/drivers/crypto/cnxk/version.map
@@ -10,6 +10,7 @@ EXPERIMENTAL {
 	rte_pmd_cnxk_crypto_cptr_get;
 	rte_pmd_cnxk_crypto_cptr_read;
 	rte_pmd_cnxk_crypto_cptr_write;
+	rte_pmd_cnxk_crypto_qp_stats_get;
 };
 
 INTERNAL {
-- 
2.25.1

RE: [PATCH 00/11] fixes and improvements to cnxk crypto PMD

[Akhil Goyal]

> Subject: [PATCH 00/11] fixes and improvements to cnxk crypto PMD
> 
> Adding new PMD APIs and improvements to cnxk crypto PMD.
> 
> Anoob Joseph (9):
>   common/cnxk: ensure CPTR is 128B aligned
>   common/cnxk: rearrange to remove hole
>   common/cnxk: remove abort from flush API
>   common/cnxk: move algo enums to common
>   crypto/cnxk: use opaque pointer for PMD APIs
>   crypto/cnxk: add PMD API for getting CPTR
>   crypto/cnxk: add PMD API to flush CTX
>   crypto/cnxk: add CPTR read and write
>   crypto/cnxk: add PMD API to get qp stats
> 
> Vidya Sagar Velumuri (2):
>   crypto/cnxk: align passthrough data for SM ciphers
>   crypto/cnxk: add multi segment support for Rx inject
> 
>  drivers/common/cnxk/cnxk_security.c       | 106 ++++++------
>  drivers/common/cnxk/roc_cpt.c             |   7 +-
>  drivers/common/cnxk/roc_ie.h              |  22 +++
>  drivers/common/cnxk/roc_ie_on.h           |  22 ---
>  drivers/common/cnxk/roc_ie_ot.h           |  19 ---
>  drivers/common/cnxk/roc_platform.h        |   1 +
>  drivers/common/cnxk/roc_se.h              |   2 +-
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  53 ++++--
>  drivers/crypto/cnxk/cn10k_ipsec.c         |  12 +-
>  drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  |   6 +-
>  drivers/crypto/cnxk/cn10k_tls.c           |  12 +-
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 188 +++++++++++++++++++++-
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   9 +-
>  drivers/crypto/cnxk/cnxk_se.h             |  29 ++--
>  drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 171 +++++++++++++++++++-
>  drivers/crypto/cnxk/version.map           |   7 +
>  drivers/net/cnxk/cn10k_ethdev_sec.c       |   8 +-
>  drivers/net/cnxk/cn9k_ethdev_sec.c        |  12 +-
>  18 files changed, 532 insertions(+), 154 deletions(-)
> 
Series Applied to dpdk-next-crypto
Thanks.