DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/3] crypto/security session framework rework
@ 2021-09-30 14:50 Akhil Goyal
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 1/3] security: rework session framework Akhil Goyal
                   ` (3 more replies)
  0 siblings, 4 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-09-30 14:50 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, Akhil Goyal

As discussed in last release deprecation notice,
crypto and security session framework are reworked
to reduce the need of two mempool objects and
remove the requirement to expose the rte_security_session
and rte_cryptodev_sym_session structures.

Similar work will need to be done for asymmetric sessions
as well.
Design methodology is explained in the patch description.

Please review this and help in filling the missing parts
for all the affected PMDs. The patches are compilable
and tested with dpdk-test app on CN9k platform.

Akhil Goyal (3):
  security: rework session framework
  drivers/net: temporary disable ixgbe and txgbe
  cryptodev: rework session framework

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  41 ++--
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   7 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +--
 app/test/test_cryptodev.c                     | 147 +++--------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   1 -
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +--
 app/test/test_ipsec.c                         |  33 +--
 app/test/test_security.c                      | 229 ++++++++----------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |   5 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  64 +----
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  64 ++---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  22 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +---
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  20 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  50 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 ++---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  13 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  68 ++----
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 ++----
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +--
 drivers/crypto/mlx5/mlx5_crypto.c             |  24 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  47 +---
 drivers/crypto/nitrox/nitrox_sym.c            |  31 +--
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +--
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 ++---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  54 ++---
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  54 +----
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +--
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  50 +---
 drivers/crypto/qat/qat_sym_session.h          |  10 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  31 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +--
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  36 +--
 drivers/net/meson.build                       |   4 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  51 +---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  36 +--
 examples/fips_validation/fips_dev_self_test.c |  32 +--
 examples/fips_validation/main.c               |  20 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  72 +++---
 examples/ipsec-secgw/ipsec.c                  |  12 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |   7 +-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  73 ++++--
 lib/cryptodev/rte_cryptodev.h                 |  23 +-
 lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/security/rte_security.c                   |  28 ++-
 lib/security/rte_security.h                   |  41 ++--
 lib/security/rte_security_driver.h            |  16 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 82 files changed, 665 insertions(+), 1633 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH 1/3] security: rework session framework
  2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
@ 2021-09-30 14:50 ` Akhil Goyal
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-09-30 14:50 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, Akhil Goyal

As per current design, rte_security_session_create()
unnecesarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

TODO:
- inline APIs for opaque data and fast_mdata
- move rte_security_session struct to security_driver.h

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |   8 +-
 .../cperf_test_pmd_cyclecount.c               |   2 +-
 app/test/test_cryptodev.c                     |  17 +-
 app/test/test_ipsec.c                         |  11 +-
 app/test/test_security.c                      | 229 ++++++++----------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |   5 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  30 +--
 drivers/crypto/caam_jr/caam_jr.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   4 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +---
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  50 +---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 +--
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  38 ++-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  11 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  54 +----
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  21 +-
 drivers/crypto/qat/qat_sym_session.h          |   4 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  36 +--
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  51 +---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  36 +--
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 lib/security/rte_security.c                   |  28 ++-
 lib/security/rte_security.h                   |  41 ++--
 lib/security/rte_security_driver.h            |  16 +-
 30 files changed, 264 insertions(+), 581 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 4b7d66edb2..1b3cbe77b9 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -49,8 +49,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -58,7 +56,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
 
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
-		rte_security_attach_session(ops[i], sec_sess);
+		rte_security_attach_session(ops[i], (void *)sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
 							src_buf_offset);
 
@@ -673,7 +671,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 	if (options->op_type == CPERF_DOCSIS) {
 		enum rte_security_docsis_direction direction;
@@ -716,7 +714,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 #endif
 	sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 844659aeca..cbbbedd9ba 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 		{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e6ceeb487f..82f819211a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -81,7 +81,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
@@ -8276,8 +8276,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8537,8 +8536,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9022,8 +9020,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -9420,8 +9417,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
@@ -9596,8 +9592,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
-
-	sess->sess_private_data = NULL;
+	RTE_SET_USED(sess);
 	return 0;
 }
 
 static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(sess);
@@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..b02c2cf207 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -207,7 +207,7 @@
  * and put back in session_destroy.
  *
  * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
+ *
 #define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
 	struct security_testsuite_params *ts_params = &testsuite_params;\
 	unsigned int priv_mp_usage;					\
@@ -218,7 +218,7 @@
 			"but there are %u allocated objects",		\
 			expected_priv_mp_usage, priv_mp_usage);		\
 } while (0)
-
+*/
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -253,37 +253,37 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
-	struct rte_mempool *priv_mp;
+//	struct rte_mempool *priv_mp;
 
 	int ret;
 
 	int called;
 	int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
 
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		void *sess)
+//		struct rte_mempool *priv_mp)
 {
-	void *sess_priv;
-	int ret;
+//	void *sess_priv;
+//	int ret;
 
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
+//	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
 	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
+//		ret = rte_mempool_get(priv_mp, &sess_priv);
+//		TEST_ASSERT_EQUAL(0, ret,
+//			"priv mempool does not have enough objects");
 
-		set_sec_session_private_data(sess, sess_priv);
+//		set_sec_session_private_data(sess, sess_priv);
 		mock_session_create_exp.sess = sess;
 	}
 
@@ -297,7 +297,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -308,7 +308,7 @@ static struct mock_session_update_data {
 
 static int
 mock_session_update(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_session_conf *conf)
 {
 	mock_session_update_exp.called++;
@@ -351,7 +351,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -362,7 +362,7 @@ static struct mock_session_stats_get_data {
 
 static int
 mock_session_stats_get(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_stats *stats)
 {
 	mock_session_stats_get_exp.called++;
@@ -381,7 +381,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -390,15 +390,9 @@ static struct mock_session_destroy_data {
 } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
 
 static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -412,7 +406,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -424,7 +418,7 @@ static struct mock_set_pkt_metadata_data {
 
 static int
 mock_set_pkt_metadata(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_mbuf *m,
 		void *params)
 {
@@ -536,7 +530,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -549,7 +542,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -563,7 +556,7 @@ static struct security_unittest_params {
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -577,26 +570,27 @@ testsuite_setup(void)
 	ts_params->session_mpool = rte_mempool_create(
 			SECURITY_TEST_MEMPOOL_NAME,
 			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_OBJ_SZ,
+			SECURITY_TEST_SESSION_OBJ_SZ +
+			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
 			0, 0, NULL, NULL, NULL, NULL,
 			SOCKET_ID_ANY, 0);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
+//	ts_params->session_priv_mpool = rte_mempool_create(
+//			SECURITY_TEST_PRIV_MEMPOOL_NAME,
+//			SECURITY_TEST_MEMPOOL_SIZE,
+//			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
+//			0, 0, NULL, NULL, NULL, NULL,
+//			SOCKET_ID_ANY, 0);
+//	if (ts_params->session_priv_mpool == NULL) {
+//		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
+//				"Cannot create priv mempool %s\n",
+//				__func__, __LINE__, rte_strerror(rte_errno));
+//		rte_mempool_free(ts_params->session_mpool);
+//		ts_params->session_mpool = NULL;
+//		return TEST_FAILED;
+//	}
 
 	return TEST_SUCCESS;
 }
@@ -612,10 +606,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -704,7 +694,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -713,12 +703,11 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+	mock_session_get_size_exp.called = 0;
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +746,14 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -781,18 +768,16 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -807,18 +792,16 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -832,16 +815,14 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,16 +836,14 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+			NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -874,24 +853,24 @@ test_session_create_inv_mempool(void)
  * Test execution of rte_security_session_create with NULL session
  * priv mempool
  */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
+//static int
+//test_session_create_inv_sess_priv_mempool(void)
+//{
+//	struct security_unittest_params *ut_params = &unittest_params;
+//	struct security_testsuite_params *ts_params = &testsuite_params;
+//	struct rte_security_session *sess;
+//
+//	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+//			ts_params->session_mpool, NULL);
+//	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+//			sess, NULL, "%p");
+//	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+//	TEST_ASSERT_MEMPOOL_USAGE(0);
+//	TEST_ASSERT_PRIV_MP_USAGE(0);
+//	TEST_ASSERT_SESSION_COUNT(0);
+//
+//	return TEST_SUCCESS;
+//}
 
 /**
  * Test execution of rte_security_session_create in case when mempool
@@ -902,9 +881,9 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+//	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -914,34 +893,34 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
+//		ret = rte_mempool_get(ts_params->session_priv_mpool,
+//				(void **)(&tmp1[i]));
+//		TEST_ASSERT_EQUAL(0, ret,
+//				"Expect getting %d object from priv mempool"
+//				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+//	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+//			ts_params->session_priv_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+//	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
+//		rte_mempool_put(ts_params->session_priv_mpool,
+//				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
+//	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -955,22 +934,22 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
+//	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+//			ts_params->session_priv_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
+//	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -984,17 +963,17 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
+//	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+//			ts_params->session_priv_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +982,7 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
+//	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1368,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1375,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1391,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1399,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1415,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1423,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1437,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1444,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1463,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1471,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1488,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1496,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2462,8 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
+//		TEST_CASE_ST(ut_setup, ut_teardown,
+//				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 60963a8208..93a56994da 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1022,8 +1022,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 	} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		if (likely(op->sym->sec_session != NULL))
 			sess = (struct aesni_mb_session *)
-					get_sec_session_private_data(
-						op->sym->sec_session);
+					(op->sym->sec_session);
 #endif
 	} else {
 		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
@@ -1639,7 +1638,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = (struct aesni_mb_session *)(op->sym->sec_session);
 	} else
 #endif
 	{
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 48a8f91868..39c67e3952 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,10 +1056,8 @@ struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+			     void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -1069,40 +1067,22 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
-			sess_private_data);
-
+	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess);
 	if (ret != 0) {
 		AESNI_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_mb_session));
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
 	return 0;
 }
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 258750afe7..ce7a100778 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 					cryptodev_driver_id);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = (struct caam_jr_session *)(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = caam_jr_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = caam_jr_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 3caf05aab9..99968cc353 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -120,8 +120,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = (struct cn10k_sec_session *)
+						(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index ebb2a7ec48..6f31fd04c6 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,16 +35,14 @@ static int
 cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sec_sess)
+			   struct cn10k_sec_session *sess)
 {
 	struct roc_ot_ipsec_outb_sa *out_sa;
 	struct cnxk_ipsec_outb_rlens rlens;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -93,15 +91,13 @@ static int
 cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
 			  struct rte_security_ipsec_xform *ipsec_xfrm,
 			  struct rte_crypto_sym_xform *crypto_xfrm,
-			  struct rte_security_session *sec_sess)
+			  struct cn10k_sec_session *sess)
 {
 	struct roc_ot_ipsec_inb_sa *in_sa;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -132,7 +128,7 @@ static int
 cn10k_ipsec_session_create(void *dev,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sess)
+			   struct cn10k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct roc_cpt *roc_cpt;
@@ -161,55 +157,28 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 void *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
+	struct cn10k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
-					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
+					 conf->crypto_xform, priv);
 }
 
 static int
-cn10k_sec_session_destroy(void *device __rte_unused,
-			  struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct cn10k_sec_session *priv;
-	struct rte_mempool *sess_mp;
-
-	priv = get_sec_session_private_data(sess);
+	struct cn10k_sec_session *priv = sess;
 
 	if (priv == NULL)
 		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 		return -ENOTSUP;
 	}
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct cn9k_sec_session *)(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 63ae025030..f3a6df0145 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -274,13 +274,12 @@ static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sec_sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_outb_sa *out_sa;
-	struct cn9k_sec_session *sess;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 	struct rte_ipv6_hdr *ip6;
@@ -292,7 +291,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 	ctl = &out_sa->common_sa.ctl;
@@ -420,12 +418,11 @@ static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct rte_security_session *sec_sess)
+			 struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_inb_sa *in_sa;
-	struct cn9k_sec_session *sess;
 	struct cn9k_ipsec_sa *sa;
 	const uint8_t *auth_key;
 	union cpt_inst_w4 w4;
@@ -434,7 +431,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len = 0;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -498,7 +494,7 @@ static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -529,53 +525,32 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			void *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
 
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
+					conf->crypto_xform, priv);
 }
 
 static int
-cn9k_sec_session_destroy(void *device __rte_unused,
-			 struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = sess;
 	if (priv == NULL)
 		return 0;
 
@@ -587,13 +562,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index dfa72f3f93..176f1a27a0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1358,8 +1358,7 @@ build_sec_fd(struct rte_crypto_op *op,
 				op->sym->session, cryptodev_driver_id);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = (dpaa2_sec_session *)(op->sym->sec_session);
 #endif
 	else
 		return -ENOTSUP;
@@ -1532,7 +1531,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	struct rte_crypto_op *op;
 	uint16_t len = DPAA2_GET_FD_LEN(fd);
 	int16_t diff = 0;
-	dpaa2_sec_session *sess_priv __rte_unused;
+	dpaa2_sec_session *sess_priv;
 
 	struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
 		DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1545,8 +1544,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -3395,63 +3393,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa2_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	default:
 		return -EINVAL;
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d5aa2748d6..5a087df090 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1793,8 +1793,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
 				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+					(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -2572,7 +2571,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2582,7 +2580,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -3117,26 +3114,23 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 void *sess)
 {
-	void *sess_private_data;
+//	void *sess_private_data = sess;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+//	if (rte_mempool_get(mempool, &sess_private_data)) {
+//		DPAA_SEC_ERR("Couldn't get object from session mempool");
+//		return -ENOMEM;
+//	}
 
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -3146,28 +3140,24 @@ dpaa_sec_security_session_create(void *dev,
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
+//		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
+//	set_sec_session_private_data(sess, sess_private_data);
 
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
-	}
 	return 0;
 }
 #endif
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index a72642a772..245a4ad353 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.cipher_key);
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
-		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	uint8_t esn;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct otx2_sec_session *)(op->sym->sec_session);
 	sess = &priv->ipsec.lp;
 	sa = &sess->in_sa;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@ static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct rte_security_session *sec_sess)
+				     struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_out_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	int ret, ctx_len;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -398,7 +396,7 @@ static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct rte_security_session *sec_sess)
+				    struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_in_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -512,7 +508,7 @@ static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct rte_security_session *sess)
+				struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       struct rte_security_session *sess,
-			       struct rte_mempool *mempool)
+			       void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device,
 	if (rte_security_dynfield_register() < 0)
 		return -rte_errno;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	priv->userdata = conf->userdata;
 
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      sess);
+						      priv);
 	else
 		ret = -ENOTSUP;
 
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
 	return ret;
 }
 
 static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
-				struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 
-	priv = get_sec_session_private_data(sess);
-
-	if (priv == NULL)
-		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	memset(priv, 0, sizeof(*priv));
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	if (priv)
+		memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
@@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
-			      struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
 			      struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				op->sym->session, qat_sym_driver_id);
 #ifdef RTE_LIB_SECURITY
 	} else {
-		ctx = (struct qat_sym_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		ctx = (struct qat_sym_session *)(op->sym->sec_session);
 		if (likely(ctx)) {
 			if (unlikely(ctx->bpi_ctx == NULL)) {
 				QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = (struct qat_sym_session *)(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess_private_data)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 int
-qat_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		void *sess);
 int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..7e3f05a067 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-ixgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct ixgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,8 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	struct ixgbe_crypto_session *ic_session =
+				(struct ixgbe_crypto_session *)sess;
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@ static int
 eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 			      struct rte_security_ipsec_xform *ipsec,
 			      struct rte_crypto_sym_xform *crypto_xform,
-			      struct rte_security_session *sec_sess)
+			      struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 	struct otx2_cpt_inst_s inst;
 	struct otx2_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -468,7 +468,7 @@ static int
 eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 			     struct rte_security_ipsec_xform *ipsec,
 			     struct rte_crypto_sym_xform *crypto_xform,
-			     struct rte_security_session *sec_sess)
+			     struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 
 	ctl = &sa->ctl;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -619,7 +619,7 @@ static int
 eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
 		return -ENOTSUP;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	/*
 	 * Save userdata provided by the application. For ingress packets, this
 	 * could be used to identify the SA.
@@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
 						conf->crypto_xform,
-						sess);
+						priv);
 	else
 		ret = -ENOTSUP;
 
 	if (ret)
-		goto mempool_put;
+		return ret;
 
 	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static void
@@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
 }
 
 static int
-otx2_eth_sec_session_destroy(void *device,
-			     struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
 {
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
 	struct otx2_sec_session_ipsec_ip *sess_ip;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
-	if (priv == NULL)
-		return -EINVAL;
-
 	sess_ip = &priv->ipsec.ip;
 
 	if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device,
 			return ret;
 	}
 
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
@@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
-			    struct rte_security_session *session,
-			    struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
 	*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
 		struct nix_iova_s nix_iova;
 	} *sd;
 
-	priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+	priv = (void *)(*rte_security_dynfield(m));
 	sess = &priv->ipsec.ip;
 	sa = &sess->out_sa;
 
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..cc6370c2f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-txgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct txgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-txgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
-		       struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -662,7 +644,7 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      uint8_t is_ipv6)
 {
 	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+				(struct txgbe_crypto_session *)sess;
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, ipsec_ctx->session_pool,
-					ipsec_ctx->session_priv_pool);
+					&sess_conf, ipsec_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	if (mp->elt_size < sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
 	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+				sess->sess_private_data)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return sess->sess_private_data;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
-			       struct rte_security_stats *stats)
+			       void *sess, struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
 			-ENOTSUP);
@@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
+	struct rte_security_session *s;
 	int ret;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	if (ret != 0)
 		return ret;
 
-	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+	s = container_of(sess, struct rte_security_session, sess_private_data);
+	rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index ab1a6e1f65..bef42c0686 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -457,10 +457,12 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	__extension__ void *sess_private_data[0];
+	/**< Private session material */
 };
 
 /**
@@ -474,11 +476,10 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -493,7 +494,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -524,7 +525,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+			     void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -570,7 +571,7 @@ static inline bool rte_security_dynfield_is_registered(void)
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -588,13 +589,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess);
 		return 0;
 	}
 
@@ -644,26 +645,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  */
 static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+			      void *sess)
 {
 	sym_op->sec_session = sess;
 
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -674,8 +662,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	sess	security session
  */
 static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -737,7 +724,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 938373205c..9afefc8c4e 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@ extern "C" {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		void *sess);
 
 /**
  * Free driver private session data.
@@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device,
  * @param	device		Crypto/eth device pointer
  * @param	sess		Security session structure
  */
-typedef int (*security_session_destroy_t)(void *device,
-		struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
 
 /**
  * Update driver private session data.
@@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device,
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
  */
 typedef int (*security_session_update_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_session_conf *conf);
+		void *sess, struct rte_security_session_conf *conf);
 
 /**
  * Get the size of a security session
@@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device);
  *  - Returns -EINVAL if session parameters are invalid.
  */
 typedef int (*security_session_stats_get_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_stats *stats);
+		void *sess, struct rte_security_stats *stats);
 
 __rte_experimental
 int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@ int rte_security_dynfield_register(void);
  * Update the mbuf with provided metadata.
  *
  * @param	device		Crypto/eth device pointer
- * @param	sess		Security session structure
+ * @param	sess		Security session
  * @param	mb		Packet buffer
  * @param	params		Metadata
  *
@@ -105,7 +101,7 @@ int rte_security_dynfield_register(void);
  *  - Returns -ve value for errors.
  */
 typedef int (*security_set_pkt_metadata_t)(void *device,
-		struct rte_security_session *sess, struct rte_mbuf *mb,
+		void *sess, struct rte_mbuf *mb,
 		void *params);
 
 /**
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
  2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 1/3] security: rework session framework Akhil Goyal
@ 2021-09-30 14:50 ` Akhil Goyal
  2021-10-12 12:26   ` Zhang, Roy Fan
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  3 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-09-30 14:50 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, Akhil Goyal, Jian Wang, Jiawen Wu,
	Haiyue Wang

The PMDs ixgbe and txgbe are currently making
rte_security_session private data as constant,
but they are getting filled inside the API.
This was feasible as the session_private_data
and rte_security_session pointers were separate.
But now these two will be from same memory chunk.
Hence it cannot use them as const.
Need help from PMD owners to fix this.
Cc: Jian Wang <jianwang@trustnetic.com>
Cc: Jiawen Wu <jiawenwu@trustnetic.com>
Cc: Haiyue Wang <haiyue.wang@intel.com>
Cc: Fan Zhang <roy.fan.zhang@intel.com>

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/meson.build | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index bcf488f203..4c0cd50cd5 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -30,7 +30,7 @@ drivers = [
         'igc',
         'ionic',
         'ipn3ke',
-        'ixgbe',
+	#        'ixgbe',
         'kni',
         'liquidio',
         'memif',
@@ -55,7 +55,7 @@ drivers = [
         'szedata2',
         'tap',
         'thunderx',
-        'txgbe',
+#        'txgbe',
         'vdev_netvsc',
         'vhost',
         'virtio',
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework
  2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 1/3] security: rework session framework Akhil Goyal
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
@ 2021-09-30 14:50 ` Akhil Goyal
  2021-10-01 15:53   ` Zhang, Roy Fan
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  3 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-09-30 14:50 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, Akhil Goyal

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object for both the session and session
private data. The API rte_cryptodev_sym_session_init will now not
take mempool object.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app in rte_cryptodev_sym_session_init
and other APIs.

With this change, rte_cryptodev_sym_session_init will send
pointer to session private data of corresponding driver to the PMD
based on the driver_id for filling the PMD data.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

TODO:
- inline APIs for opaque data
- move rte_cryptodev_sym_session struct to cryptodev_pmd.h
- currently nb_drivers are getting updated in RTE_INIT which
result in increasing the memory requirements for session.
This will be moved to PMD probe so that memory is created
only for those PMDs which are probed and not just compiled in.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  33 ++---
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +---
 app/test/test_cryptodev.c                     | 130 +++++-------------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   1 -
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +---
 app/test/test_ipsec.c                         |  22 +--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +----
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  34 +----
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  32 ++---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +----
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  18 ++-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  18 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 +++-----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  13 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  31 +----
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +----
 drivers/crypto/mlx5/mlx5_crypto.c             |  24 +---
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  36 ++---
 drivers/crypto/nitrox/nitrox_sym.c            |  31 +----
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +----
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 +++-----
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  52 +++----
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +----
 drivers/crypto/qat/qat_sym_session.c          |  29 +---
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +----
 drivers/crypto/virtio/virtio_cryptodev.c      |  31 ++---
 drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +----
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  32 ++---
 examples/fips_validation/main.c               |  20 +--
 examples/ipsec-secgw/ipsec-secgw.c            |  72 +++++-----
 examples/ipsec-secgw/ipsec.c                  |   3 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +-----
 examples/vhost_crypto/main.c                  |  16 +--
 lib/cryptodev/cryptodev_pmd.h                 |   7 +-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  73 ++++++----
 lib/cryptodev/rte_cryptodev.h                 |  23 ++--
 lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 66 files changed, 399 insertions(+), 1050 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 1b3cbe77b9..f094bc656d 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -12,7 +12,7 @@ static int
 cperf_set_ops_asym(struct rte_crypto_op **ops,
 		   uint32_t src_buf_offset __rte_unused,
 		   uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops,
-		   struct rte_cryptodev_sym_session *sess,
+		   void *sess,
 		   const struct cperf_options *options __rte_unused,
 		   const struct cperf_test_vector *test_vector __rte_unused,
 		   uint16_t iv_offset __rte_unused,
@@ -40,7 +40,7 @@ static int
 cperf_set_ops_security(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset __rte_unused,
 		uint32_t dst_buf_offset __rte_unused,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options __rte_unused,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
@@ -106,7 +106,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
@@ -145,7 +145,7 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
@@ -184,7 +184,7 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx)
@@ -240,7 +240,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx)
@@ -340,7 +340,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx)
@@ -455,7 +455,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_aead(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx)
@@ -563,9 +563,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 	return 0;
 }
 
-static struct rte_cryptodev_sym_session *
+static void *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -590,7 +589,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (sess == NULL)
 			return NULL;
 		rc = rte_cryptodev_asym_session_init(dev_id, (void *)sess,
-						     &xform, priv_mp);
+						     &xform, sess_mp);
 		if (rc < 0) {
 			if (sess != NULL) {
 				rte_cryptodev_asym_session_clear(dev_id,
@@ -742,8 +741,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform);
 	/*
 	 *  auth only
 	 */
@@ -770,8 +768,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform);
 	/*
 	 * cipher and auth
 	 */
@@ -830,12 +827,12 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+					sess, &cipher_xform);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+					sess, &auth_xform);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -856,7 +853,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create crypto session */
 		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+					sess, &aead_xform);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index ff125d12cd..3ff10491a0 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -12,15 +12,15 @@
 #include "cperf_test_vectors.h"
 
 
-typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+typedef void *(*cperf_sessions_create_t)(
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx);
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 159fe8492b..4193f7e777 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -24,7 +24,7 @@ struct cperf_latency_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -59,7 +59,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -84,7 +83,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index cbbbedd9ba..3dd489376f 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -27,7 +27,7 @@ struct cperf_pmd_cyclecount_ctx {
 	struct rte_crypto_op **ops;
 	struct rte_crypto_op **ops_processed;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -93,7 +93,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -120,7 +119,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 76fcda47ff..dc5c48b4da 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -18,7 +18,7 @@ struct cperf_throughput_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -64,7 +64,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -87,7 +86,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 2939aeaa93..cf561dd700 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -18,7 +18,7 @@ struct cperf_verify_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -51,7 +51,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -74,7 +73,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 390380898e..c3327b7e55 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -118,35 +118,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size,
+					0, 0, socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -344,12 +323,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
@@ -704,7 +680,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 82f819211a..e5c7930c63 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -79,7 +79,7 @@ struct crypto_unittest_params {
 #endif
 
 	union {
-		struct rte_cryptodev_sym_session *sess;
+		void *sess;
 #ifdef RTE_LIB_SECURITY
 		void *sec_session;
 #endif
@@ -119,7 +119,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_param,
 		const uint8_t *cipher,
@@ -596,23 +596,11 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
-
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -620,7 +608,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -650,11 +637,6 @@ testsuite_teardown(void)
 	}
 
 	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
@@ -1330,7 +1312,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1552,7 +1533,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2146,8 +2126,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 
 	/* Create crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
@@ -2247,7 +2226,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2288,7 +2267,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2401,8 +2380,7 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2443,8 +2421,7 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2566,8 +2543,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2629,8 +2605,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2699,13 +2674,11 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	} else
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
@@ -7838,8 +7811,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -10992,8 +10964,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 
 	if (ut_params->sess == NULL)
 		return TEST_FAILED;
@@ -11206,7 +11177,7 @@ test_multi_session(void)
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 
 	uint16_t i;
 
@@ -11229,9 +11200,7 @@ test_multi_session(void)
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
-	sessions = rte_malloc(NULL,
-			sizeof(struct rte_cryptodev_sym_session *) *
-			(MAX_NB_SESSIONS + 1), 0);
+	sessions = rte_malloc(NULL, sizeof(void *) * (MAX_NB_SESSIONS + 1), 0);
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
@@ -11240,8 +11209,7 @@ test_multi_session(void)
 				ts_params->session_mpool);
 
 		rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				sessions[i], &ut_params->auth_xform);
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
@@ -11279,8 +11247,7 @@ test_multi_session(void)
 	sessions[i] = NULL;
 	/* Next session create should fail */
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			sessions[i], &ut_params->auth_xform);
 	TEST_ASSERT_NULL(sessions[i],
 			"Session creation succeeded unexpectedly!");
 
@@ -11311,7 +11278,7 @@ test_multi_session_random_usage(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 	uint32_t i, j;
 	struct multi_session_params ut_paramz[] = {
 
@@ -11355,8 +11322,7 @@ test_multi_session_random_usage(void)
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
 	sessions = rte_malloc(NULL,
-			(sizeof(struct rte_cryptodev_sym_session *)
-					* MAX_NB_SESSIONS) + 1, 0);
+			(sizeof(void *) * MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
 		sessions[i] = rte_cryptodev_sym_session_create(
@@ -11373,8 +11339,7 @@ test_multi_session_random_usage(void)
 		rte_cryptodev_sym_session_init(
 				ts_params->valid_devs[0],
 				sessions[i],
-				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_paramz[i].ut_params.auth_xform);
 
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
@@ -11457,8 +11422,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11475,8 +11439,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11521,8 +11484,7 @@ test_null_burst_operation(void)
 
 	/* Create Crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
@@ -11634,7 +11596,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -11734,7 +11695,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -11943,8 +11903,7 @@ static int create_gmac_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12588,8 +12547,7 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12641,8 +12599,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13149,8 +13106,7 @@ test_authenticated_encrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13281,8 +13237,7 @@ test_authenticated_decrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -14003,11 +13958,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
-
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
 			RTE_LOG(ERR, USER1,
@@ -14024,32 +13974,14 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
+						MAX_NB_SESSIONS,
+						session_size, 0, 0,
 						SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
index 1cdd84d01f..a3a10d484b 100644
--- a/app/test/test_cryptodev.h
+++ b/app/test/test_cryptodev.h
@@ -89,7 +89,6 @@ struct crypto_testsuite_params {
 	struct rte_mempool *large_mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9d19a6d6d9..35da574da8 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -924,7 +924,6 @@ testsuite_setup(void)
 	/* configure qp */
 	ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_mpool;
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			dev_id, qp_id, &ts_params->qp_conf,
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index 3cdb2c96e8..9417803f18 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -81,7 +80,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_crypto_sym_op *sym_op = NULL;
 	struct rte_crypto_op *op = NULL;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session *sess = NULL;
+	void *sess = NULL;
 
 	int status = TEST_SUCCESS;
 	const struct blockcipher_test_data *tdata = t->test_data;
@@ -514,7 +513,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		sess = rte_cryptodev_sym_session_create(sess_mpool);
 
 		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
+				init_xform);
 		if (status == -ENOTSUP) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
@@ -831,7 +830,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 3ad20921e2..59229a1cde 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -61,7 +61,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
 	uint8_t internal_port_op_fwd;
@@ -167,7 +166,7 @@ static int
 test_op_forward_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -203,7 +202,7 @@ test_op_forward_mode(uint8_t session_less)
 
 		/* Create Crypto session*/
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -367,7 +366,7 @@ static int
 test_op_new_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -411,7 +410,7 @@ test_op_new_mode(uint8_t session_less)
 						&m_data, sizeof(m_data));
 		}
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
@@ -553,22 +552,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 	conf.nb_queue_pairs = info.max_nb_queue_pairs;
 	conf.socket_id = SOCKET_ID_ANY;
@@ -580,7 +569,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -934,12 +922,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
-
 	/* Free ops mempool */
 	if (params.op_mpool != NULL) {
 		RTE_LOG(DEBUG, USER1, "EVENT_CRYPTO_SYM_OP_POOL count %u\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 2ffa2a8e79..134545efe1 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -355,20 +355,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -413,11 +402,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -644,7 +628,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
 	int32_t rc;
-	struct rte_cryptodev_sym_session *s;
+	void *s;
 
 	s = rte_cryptodev_sym_session_create(qp->mp_session);
 	if (s == NULL)
@@ -652,7 +636,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 
 	/* initiliaze SA crypto session for device */
 	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
+			ut->crypto_xforms);
 	if (rc == 0) {
 		ut->ss[j].crypto.ses = s;
 		return 0;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index edb7275e76..75330292af 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -235,7 +235,6 @@ aesni_gcm_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -259,10 +258,8 @@ aesni_gcm_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct aesni_gcm_private *internals = dev->data->dev_private;
 
@@ -271,42 +268,24 @@ aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_GCM_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
 	ret = aesni_gcm_set_session_parameters(internals->ops,
-				sess_private_data, xform);
+				sess, xform);
 	if (ret != 0) {
 		AESNI_GCM_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct aesni_gcm_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_gcm_session));
 }
 
 struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 39c67e3952..efdc05c45f 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -944,7 +944,6 @@ aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -974,11 +973,8 @@ aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 /** Configure a aesni multi-buffer session from a crypto xform chain */
 static int
 aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
-	void *sess_private_data;
 	struct aesni_mb_private *internals = dev->data->dev_private;
 	int ret;
 
@@ -987,43 +983,25 @@ aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_MB_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_session_parameters(internals->mb_mgr,
-			sess_private_data, xform);
+			sess, xform);
 	if (ret != 0) {
 		AESNI_MB_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	RTE_SET_USED(dev);
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_mb_session));
 }
 
 struct rte_cryptodev_ops aesni_mb_pmd_ops = {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 1b2749fe62..2d3b54b063 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -268,10 +267,8 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -279,42 +276,23 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
+	ret = armv8_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct armv8_crypto_session));
 }
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..b4b167d0c2 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -224,10 +224,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	void *sess_private_data;
+	RTE_SET_USED(dev);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -235,44 +234,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = crypto_set_session_parameters(sess_private_data, xform);
+	ret = crypto_set_session_parameters(sess, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct bcmfs_sym_session));
 }
 
 unsigned int
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..7faafe2fd5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,12 +93,10 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    void *sess);
 
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess);
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index ce7a100778..8a04820fa6 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1692,52 +1692,36 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 static int
 caam_jr_sym_session_configure(struct rte_cryptodev *dev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
-	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
+	memset(sess, 0, sizeof(struct caam_jr_session));
+	ret = caam_jr_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+caam_jr_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	RTE_SET_USED(dev);
+
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 0d615d311c..cac1268130 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -758,11 +757,9 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  void *sess)
 {
 	int ret;
-	void *sess_private_data;
 	struct ccp_private *internals;
 
 	if (unlikely(sess == NULL || xform == NULL)) {
@@ -770,39 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
 	internals = (struct ccp_private *)dev->data->dev_private;
-	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
+	ret = ccp_set_session_parameters(sess, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct ccp_session));
 }
 
 struct rte_cryptodev_ops ccp_ops = {
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 99968cc353..50cae5e3d6 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -32,17 +32,18 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, (void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -144,9 +145,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
-				rte_mempool_put(qp->sess_mp, op->sym->session);
+				sym_session_clear(op->sym->session);
 				return 0;
 			}
 			w7 = sess->cpt_inst_w7;
@@ -437,8 +436,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 4c2dc5b080..5f83581131 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -81,17 +81,19 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+			(void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -126,8 +128,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
 						     inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -484,8 +485,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 41d8fe49e1..52d9cf0cf3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -379,7 +379,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -493,27 +492,20 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      void *sess) 
 {
 	struct cnxk_se_sess *sess_priv;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret < 0))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct cnxk_se_sess));
 
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
+	sess_priv = sess;
 
 	switch (ret) {
 	case CNXK_CPT_CIPHER:
@@ -547,7 +539,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	if (ret)
-		goto priv_put;
+		return -ENOTSUP;
 
 	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
 	    cpt_mac_len_verify(&xform->auth)) {
@@ -557,66 +549,45 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 			sess_priv->roc_se_ctx.auth_key = NULL;
 		}
 
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
 
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
+	struct cnxk_se_sess *sess_priv = sess;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	sess_priv = priv;
-
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	RTE_SET_USED(dev);
+
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index c5332dec53..3c09d10582 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -111,18 +111,15 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   void *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  void *sess);
 
-void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(void *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 176f1a27a0..42229763f8 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3438,49 +3438,32 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa2_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa2_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 5a087df090..4727088b45 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2537,33 +2537,18 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
-
 	return 0;
 }
 
@@ -2584,18 +2569,14 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index f075054807..b2e5c92598 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -220,7 +220,6 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -243,10 +242,8 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct kasumi_private *internals = dev->data->dev_private;
 
@@ -255,43 +252,24 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		KASUMI_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = kasumi_set_session_parameters(internals->mgr,
-					sess_private_data, xform);
+					sess, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct kasumi_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct kasumi_session));
 }
 
 struct rte_cryptodev_ops kasumi_pmd_ops = {
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 682cf8b607..615ab9f45d 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -165,14 +165,12 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  void *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data = session;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -183,17 +181,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -228,27 +218,21 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
 
 static void
-mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
-			      struct rte_cryptodev_sym_session *sess)
+mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = sess;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index e04a2c88c7..2e4b27ea21 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -704,7 +704,6 @@ mrvl_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			break;
 
 		qp->sess_mp = qp_conf->mp_session;
-		qp->sess_mp_priv = qp_conf->mp_session_private;
 
 		memset(&qp->stats, 0, sizeof(qp->stats));
 		dev->data->queue_pairs[qp_id] = qp;
@@ -735,12 +734,9 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
  */
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
 	int ret;
 
 	if (sess == NULL) {
@@ -748,25 +744,16 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct mrvl_crypto_session));
 
-	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
-
-	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
+	ret = mrvl_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
-	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
+	mrvl_sess = (struct mrvl_crypto_session *)sess;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
 				&mrvl_sess->sam_sess) < 0) {
 		MRVL_LOG(DEBUG, "Failed to create session!");
@@ -789,17 +776,13 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
  * @returns 0. Always.
  */
 static void
-mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
-			(struct mrvl_crypto_session *)sess_priv;
+			(struct mrvl_crypto_session *)sess;
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -807,9 +790,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		}
 
 		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index f8b7edcd69..0c9bbfef46 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -532,22 +532,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 static int
 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *mp_obj;
 	struct nitrox_crypto_ctx *ctx;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
+	RTE_SET_USED(cdev);
+	ctx = sess;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -586,28 +580,17 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 	}
 
 	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev, void *sess)
 {
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
+	RTE_SET_USED(cdev);
+	if (sess)
+		memset(sess, 0, sizeof(struct nitrox_crypto_ctx));
 }
 
 static struct nitrox_crypto_ctx *
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index a8b5a06e7f..65bfa8dcf7 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -234,7 +234,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -258,10 +257,8 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -269,42 +266,23 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = null_crypto_set_session_parameters(sess_private_data, xform);
+	ret = null_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct null_crypto_session));
 }
 
 static struct rte_cryptodev_ops pmd_ops = {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index 7c6b1e45b4..95659e472b 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 9e8fd495cf..abd0963be0 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,29 +242,22 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -301,8 +293,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -316,56 +306,46 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static int
 otx_cpt_session_cfg(struct rte_cryptodev *dev,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
-		  struct rte_cryptodev_sym_session *sess)
+otx_cpt_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -576,7 +556,6 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
@@ -589,8 +568,12 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	sess->sess_data[otx_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -604,7 +587,7 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	return req;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -913,7 +896,6 @@ free_sym_session_data(const struct cpt_instance *instance,
 	memset(cop->sym->session, 0,
 	       rte_cryptodev_sym_get_existing_header_session_size(
 		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 7b744cd4b4..dcfbc49996 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -371,29 +371,21 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -414,7 +406,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		}
 
 		if (ret)
-			goto priv_put;
+			return -ENOTSUP;
 	}
 
 	if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
@@ -425,12 +417,9 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 			rte_free(ctx->auth_key);
 			ctx->auth_key = NULL;
 		}
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
-	set_sym_session_private_data(sess, driver_id, misc);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -451,11 +440,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	misc->cpt_inst_w7 = vq_cmd_w3.u64;
 
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 static __rte_always_inline int32_t __rte_hot
@@ -765,7 +749,6 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			      struct pending_queue *pend_q,
 			      unsigned int burst_index)
 {
-	const int driver_id = otx2_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	int ret;
@@ -775,8 +758,12 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	if (sess == NULL)
 		return -ENOMEM;
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    qp->sess_mp_priv);
+	sess->sess_data[otx2_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx2_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx2_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -790,7 +777,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	return 0;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return ret;
@@ -1035,8 +1022,7 @@ otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 					cop->sym->session);
 			memset(cop->sym->session, 0, sz);
@@ -1291,7 +1277,6 @@ otx2_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -1330,21 +1315,22 @@ otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 static void
 otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+			   void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
index 01c081a216..5f63eaf7b7 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
@@ -8,29 +8,21 @@
 #include "cpt_pmd_logs.h"
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static __rte_always_inline uint8_t
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 52715f86f8..1b48a6b400 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -741,7 +741,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -772,10 +771,8 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -783,24 +780,12 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = openssl_set_session_parameters(sess_private_data, xform);
+	ret = openssl_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1154,19 +1139,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+	if (sess) {
+		openssl_reset_session(sess);
+		memset(sess, 0, sizeof(struct openssl_session));
 	}
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2a22347c7f..114bf081c1 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -172,21 +172,14 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+qat_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (struct qat_sym_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
@@ -458,31 +451,17 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess_private_data)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 7fcc1d6f7b..6da29e2305 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -112,8 +112,7 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		void *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
@@ -135,8 +134,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 				struct qat_sym_session *session);
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *session);
+qat_sym_session_clear(struct rte_cryptodev *dev, void *session);
 
 unsigned int
 qat_sym_session_get_private_size(struct rte_cryptodev *dev);
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 465b88ade8..87260b5a22 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -476,9 +476,7 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+	struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
@@ -488,7 +486,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct scheduler_worker *worker = &sched_ctx->workers[i];
 
 		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
+					xform);
 		if (ret < 0) {
 			CR_SCHED_LOG(ERR, "unable to config sym session");
 			return ret;
@@ -500,8 +498,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 3f46014b7d..b0f8f6d86a 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -226,7 +226,6 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -250,10 +249,8 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct snow3g_private *internals = dev->data->dev_private;
 
@@ -262,43 +259,24 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		SNOW3G_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = snow3g_set_session_parameters(internals->mgr,
-					sess_private_data, xform);
+					sess, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct snow3g_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct snow3g_session));
 }
 
 struct rte_cryptodev_ops snow3g_pmd_ops = {
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 8faa39df4a..de52fec32e 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -37,11 +37,10 @@ static void virtio_crypto_dev_free_mbufs(struct rte_cryptodev *dev);
 static unsigned int virtio_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev);
 static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		void *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -927,7 +926,7 @@ virtio_crypto_check_sym_clear_session_paras(
 static void
 virtio_crypto_sym_clear_session(
 		struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	struct virtio_crypto_hw *hw;
 	struct virtqueue *vq;
@@ -1290,11 +1289,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		void *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1309,12 +1306,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1326,19 +1320,13 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
 
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1401,9 +1389,6 @@ virtio_crypto_sym_configure_session(
 		goto error_out;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 38642d45ab..04126c8a04 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -226,7 +226,6 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -250,10 +249,8 @@ zuc_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -261,43 +258,23 @@ zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		ZUC_LOG(ERR,
-			"Couldn't get object from session mempool");
-
-		return -ENOMEM;
-	}
-
-	ret = zuc_set_session_parameters(sess_private_data, xform);
+	ret = zuc_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		ZUC_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-zuc_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+zuc_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct zuc_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct zuc_session));
 }
 
 struct rte_cryptodev_ops zuc_pmd_ops = {
diff --git a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
index b33cb7e139..8522f2dfda 100644
--- a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
+++ b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
@@ -38,8 +38,7 @@ otx2_ca_deq_post_process(const struct otx2_cpt_qp *qp,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			memset(cop->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session));
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index b4eab05a98..bbc27a1b6f 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -981,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1173,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1212,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1251,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1464,7 +1463,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
@@ -1484,8 +1483,7 @@ run_single_test(uint8_t dev_id,
 	if (!sess)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
+	ret = rte_cryptodev_sym_session_init(dev_id, sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
@@ -1533,8 +1531,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 		rte_mempool_free(env->op_pool);
 	if (env->sess_pool)
 		rte_mempool_free(env->sess_pool);
-	if (env->sess_priv_pool)
-		rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1542,7 +1538,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1586,25 +1582,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index a8daad1f48..03c6ccb5b8 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -48,13 +48,12 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
 	uint16_t digest_len;
 	struct rte_crypto_op *op;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t self_test;
 	struct fips_dev_broken_test_config *broken_test_config;
 } env;
@@ -63,7 +62,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -103,16 +102,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -127,7 +121,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -141,8 +134,6 @@ cryptodev_fips_validate_app_int(void)
 	rte_mempool_free(env.mpool);
 	if (env.sess_mpool)
 		rte_mempool_free(env.sess_mpool);
-	if (env.sess_priv_mpool)
-		rte_mempool_free(env.sess_priv_mpool);
 	if (env.op_pool)
 		rte_mempool_free(env.op_pool);
 
@@ -158,7 +149,6 @@ cryptodev_fips_validate_app_uninit(void)
 	rte_cryptodev_sym_session_free(env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1179,7 +1169,7 @@ fips_run_test(void)
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
+			env.sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 7ad94cb822..65528ee2e7 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1216,15 +1216,11 @@ ipsec_poll_mode_worker(void)
 	qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	qconf->inbound.cdev_map = cdev_map_in;
 	qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	qconf->outbound.cdev_map = cdev_map_out;
 	qconf->outbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->frag.pool_dir = socket_ctx[socket_id].mbuf_pool;
 	qconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;
 
@@ -2142,8 +2138,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2405,37 +2399,37 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
+//static void
+//session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
+//	size_t sess_sz)
+//{
+//	char mp_name[RTE_MEMPOOL_NAMESIZE];
+//	struct rte_mempool *sess_mp;
+//	uint32_t nb_sess;
+//
+//	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+//			"sess_mp_priv_%u", socket_id);
+//	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+//		rte_lcore_count());
+//	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
+//			CDEV_MP_CACHE_MULTIPLIER);
+//	sess_mp = rte_mempool_create(mp_name,
+//			nb_sess,
+//			sess_sz,
+//			CDEV_MP_CACHE_SZ,
+//			0, NULL, NULL, NULL,
+//			NULL, socket_id,
+//			0);
+//	ctx->session_priv_pool = sess_mp;
+//
+//	if (ctx->session_priv_pool == NULL)
+//		rte_exit(EXIT_FAILURE,
+//			"Cannot init session priv pool on socket %d\n",
+//			socket_id);
+//	else
+//		printf("Allocated session priv pool on socket %d\n",
+//			socket_id);
+//}
 
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
@@ -2938,8 +2932,8 @@ main(int32_t argc, char **argv)
 
 		pool_init(&socket_ctx[socket_id], socket_id, nb_bufs_in_pool);
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
+//		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
+//			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 03d907cba8..a5921de11c 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -143,8 +143,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 		ips->crypto.ses = rte_cryptodev_sym_session_create(
 				ipsec_ctx->session_pool);
 		rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
-				ips->crypto.ses, sa->xforms,
-				ipsec_ctx->session_priv_pool);
+				ips->crypto.ses, sa->xforms);
 
 		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
 				&cdev_info);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8405c48171..673c64e8dc 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -243,7 +243,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index c545497cee..04bcce49db 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -537,14 +537,10 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,
 	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
 	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 
 	RTE_LOG(INFO, IPSEC,
 		"Launching event mode worker (non-burst - Tx internal port - "
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 66d1491bf7..bdc3da731c 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -188,7 +188,7 @@ struct l2fwd_crypto_params {
 	struct l2fwd_iv auth_iv;
 	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
@@ -229,7 +229,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -671,11 +670,11 @@ generate_random_key(uint8_t *key, unsigned length)
 }
 
 /* Session is created and is later attached to the crypto operation. 8< */
-static struct rte_cryptodev_sym_session *
+static void *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -703,8 +702,7 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		return NULL;
 
 	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
+				first_xform) < 0)
 		return NULL;
 
 	return session;
@@ -730,7 +728,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			US_PER_S * BURST_TX_DRAIN_US;
 	struct l2fwd_crypto_params *cparams;
 	struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	if (qconf->nb_rx_ports == 0) {
 		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
@@ -2388,30 +2386,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
@@ -2421,7 +2395,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					rte_cryptodev_sym_session_pool_create(
 							mp_name,
 							sessions_needed,
-							0, 0, 0, socket_id);
+							max_sess_sz,
+							0, 0, socket_id);
 
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
@@ -2573,8 +2548,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index dea7dcbd07..cbb97aaf76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+					info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index ae3aac59ae..d758b3b85d 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -242,7 +242,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -251,9 +250,7 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_crypto_sym_xform *xform, void *session);
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -279,7 +276,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  * @param	sess		Cryptodev session structure
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 /**
  * Free asymmetric session private data.
  *
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index a864f5036f..200617f623 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -420,7 +420,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  */
 static inline int
 rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 58c0724743..848da1942c 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -932,7 +932,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 9fa3aff1d3..a31cae202a 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -199,6 +199,8 @@ struct rte_cryptodev_sym_session_pool_private_data {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t sess_priv_sz;
+	/**< session user data will be placed after sess_data */
 };
 
 int
@@ -1223,8 +1225,7 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
+	if (!qp_conf->mp_session) {
 		CDEV_LOG_ERR("Invalid mempools\n");
 		return -EINVAL;
 	}
@@ -1232,7 +1233,6 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
 		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
@@ -1244,11 +1244,11 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 
 		s.nb_drivers = pool_priv->nb_drivers;
 		s.user_data_sz = pool_priv->user_data_sz;
+		s.priv_sz = pool_priv->sess_priv_sz;
 
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (((rte_cryptodev_sym_get_existing_header_session_size(&s) +
+				(s.nb_drivers * s.priv_sz)) > obj_size) ||
+				(s.nb_drivers <= dev->driver_id)) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1710,11 +1710,11 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 
 int
 rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
+		void *sess_opaque,
+		struct rte_crypto_sym_xform *xforms)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = sess_opaque;
 	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
 			dev_id);
 	uint8_t index;
@@ -1727,10 +1727,10 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
+	if (sess == NULL || xforms == NULL || dev == NULL)
 		return -EINVAL;
 
-	if (mp->elt_size < sess_priv_sz)
+	if (sess->priv_sz < sess_priv_sz)
 		return -EINVAL;
 
 	index = dev->driver_id;
@@ -1740,8 +1740,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
 
 	if (sess->sess_data[index].refcnt == 0) {
+		sess->sess_data[index].data = (void *)((uint8_t *)sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(index * sess->priv_sz));
 		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
+				sess->sess_data[index].data);
 		if (ret < 0) {
 			CDEV_LOG_ERR(
 				"dev_id %d failed to configure session details",
@@ -1750,7 +1753,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 		}
 	}
 
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
+	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms);
 	sess->sess_data[index].refcnt++;
 	return 0;
 }
@@ -1795,6 +1798,21 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
 	rte_cryptodev_trace_asym_session_init(dev_id, sess, xforms, mp);
 	return 0;
 }
+static size_t
+get_max_sym_sess_priv_sz(void)
+{
+	size_t max_sz, sz;
+	int16_t cdev_id, n;
+
+	max_sz = 0;
+	n =  rte_cryptodev_count();
+	for (cdev_id = 0; cdev_id != n; cdev_id++) {
+		sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
+		if (sz > max_sz)
+			max_sz = sz;
+	}
+	return max_sz;
+}
 
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
@@ -1804,15 +1822,15 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_mempool *mp;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
+	uint32_t sess_priv_sz = get_max_sym_sess_priv_sz();
 
 	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
+	if (elt_size < obj_sz + (sess_priv_sz * nb_drivers)) {
 		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
-
-	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
+				obj_sz + (sess_priv_sz * nb_drivers));
+		elt_size = obj_sz + (sess_priv_sz * nb_drivers);
+	}
+	mp = rte_mempool_create(name, nb_elts, elt_size, cache_size,
 			(uint32_t)(sizeof(*pool_priv)),
 			NULL, NULL, NULL, NULL,
 			socket_id, 0);
@@ -1832,6 +1850,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 
 	pool_priv->nb_drivers = nb_drivers;
 	pool_priv->user_data_sz = user_data_size;
+	pool_priv->sess_priv_sz = sess_priv_sz;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
 		elt_size, cache_size, user_data_size, mp);
@@ -1865,7 +1884,7 @@ rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
 	return 1;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 {
 	struct rte_cryptodev_sym_session *sess;
@@ -1886,6 +1905,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 
 	sess->nb_drivers = pool_priv->nb_drivers;
 	sess->user_data_sz = pool_priv->user_data_sz;
+	sess->priv_sz = pool_priv->sess_priv_sz;
 	sess->opaque_data = 0;
 
 	/* Clear device session pointer.
@@ -1895,7 +1915,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 			rte_cryptodev_sym_session_data_size(sess));
 
 	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	return (void *)sess;
 }
 
 struct rte_cryptodev_asym_session *
@@ -1933,9 +1953,9 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mp)
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *s)
 {
+	struct rte_cryptodev_sym_session *sess = s;
 	struct rte_cryptodev *dev;
 	uint8_t driver_id;
 
@@ -1957,7 +1977,7 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
-	dev->dev_ops->sym_session_clear(dev, sess);
+	dev->dev_ops->sym_session_clear(dev, sess->sess_data[driver_id].data);
 
 	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
 	return 0;
@@ -1988,10 +2008,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(void *s)
 {
 	uint8_t i;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = s;
 
 	if (sess == NULL)
 		return -EINVAL;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index bb01f0f195..25af6fa7b9 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -537,8 +537,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -1126,6 +1124,8 @@ struct rte_cryptodev_sym_session {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t priv_sz;
+	/**< Maximum private session data size which each driver can use */
 	__extension__ struct {
 		void *data;
 		uint16_t refcnt;
@@ -1177,10 +1177,10 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   mempool    Symmetric session mempool to allocate session
  *                     objects from
  * @return
- *  - On success return pointer to sym-session
+ *  - On success return opaque pointer to sym-session
  *  - On failure returns NULL
  */
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
 
 /**
@@ -1209,7 +1209,7 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mempool);
  *  - -EBUSY if not all device private data has been freed.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(void *sess);
 
 /**
  * Frees asymmetric crypto session header, after checking that all
@@ -1229,25 +1229,23 @@ rte_cryptodev_asym_session_free(struct rte_cryptodev_asym_session *sess);
 
 /**
  * Fill out private data for the device id, based on its device type.
+ * Memory for private data is already allocated in sess, driver need
+ * to fill the content.
  *
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   sess     Session where the private data will be attached to
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
  *
  * @return
  *  - On success, zero.
  *  - -EINVAL if input parameters are invalid.
  *  - -ENOTSUP if crypto device does not support the crypto transform or
  *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
  */
 int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
+rte_cryptodev_sym_session_init(uint8_t dev_id, void *sess,
+			struct rte_crypto_sym_xform *xforms);
 
 /**
  * Initialize asymmetric session on a device with specific asymmetric xform
@@ -1286,8 +1284,7 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
  *  - -ENOTSUP if crypto device does not support symmetric operations.
  */
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *sess);
 
 /**
  * Frees resources held by asymmetric session during rte_cryptodev_session_init
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index d1f4f069a3..44da04c425 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -106,15 +105,13 @@ RTE_TRACE_POINT(
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_init,
 	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
+		struct rte_cryptodev_sym_session *sess, void *xforms),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
 	rte_trace_point_emit_u16(sess->nb_drivers);
 	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index ad7904c0ee..efdba9c899 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1719,7 +1719,7 @@ struct sym_crypto_data {
 	uint16_t op_mask;
 
 	/** Session pointer. */
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	/** Direction of crypto, encrypt or decrypt */
 	uint16_t direction;
@@ -1780,7 +1780,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 	const struct rte_crypto_auth_xform *auth_xform = NULL;
 	const struct rte_crypto_aead_xform *aead_xform = NULL;
 	struct rte_crypto_sym_xform *xform = p->xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	memset(data, 0, sizeof(*data));
@@ -1905,7 +1905,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
+			p->xform);
 	if (ret < 0) {
 		rte_cryptodev_sym_session_free(session);
 		return ret;
@@ -2858,7 +2858,7 @@ rte_table_action_time_read(struct rte_table_action *action,
 	return 0;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data)
 {
diff --git a/lib/pipeline/rte_table_action.h b/lib/pipeline/rte_table_action.h
index 82bc9d9ac9..68db453a8b 100644
--- a/lib/pipeline/rte_table_action.h
+++ b/lib/pipeline/rte_table_action.h
@@ -1129,7 +1129,7 @@ rte_table_action_time_read(struct rte_table_action *action,
  *   The pointer to the session on success, NULL otherwise.
  */
 __rte_experimental
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data);
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index f54d731139..d9b7beed9c 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -50,8 +50,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -61,7 +59,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 926b5c0bd9..b4464c4253 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -338,7 +338,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		VhostUserCryptoSessionParam *sess_param)
 {
 	struct rte_crypto_sym_xform xform1 = {0}, xform2 = {0};
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	switch (sess_param->op_type) {
@@ -383,8 +383,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
+	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1) < 0) {
 		VC_LOG_ERR("Failed to initialize session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
@@ -1425,7 +1424,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1447,7 +1445,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
@ 2021-10-01 15:53   ` Zhang, Roy Fan
  2021-10-04 19:07     ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-01 15:53 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj, De Lara Guarch,
	Pablo, Trahe, Fiona, Doherty, Declan, matan, g.singh,
	jianjay.zhou, asomalap, ruifeng.wang, Ananyev, Konstantin,
	Nicolau, Radu, ajit.khaparde, rnagadheeraj, adwivedi, Power,
	Ciara

Hi Akhil,

Your patch failed all QAT tests - maybe it will fail on all PMDs requiring to know the session's physical address (such as nitrox, caam).

The reason is QAT PMD driver cannot know the physical address of the session private data passed into it - as the private data is computed by 
rte_cryptodev_sym_session_init() from the start of the session (which has a mempool obj header with valid physical address) to the offset for that driver type. The session private data pointer - although is a valid buffer - does not have the obj header that contains the physical address.

I think the solution can be - instead of passing the session private data, the rte_cryptodev_sym_session pointer should be passed and a macro shall be provided to the drivers to manually compute the offset and then find the correct session private data from the session for itself.

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, September 30, 2021 3:50 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; matan@nvidia.com;
> g.singh@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com;
> Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; ajit.khaparde@broadcom.com;
> rnagadheeraj@marvell.com; adwivedi@marvell.com; Power, Ciara
> <ciara.power@intel.com>; Akhil Goyal <gakhil@marvell.com>
> Subject: [PATCH 3/3] cryptodev: rework session framework
> 
> As per current design, rte_cryptodev_sym_session_create() and
> rte_cryptodev_sym_session_init() use separate mempool objects
> for a single session.
> And structure rte_cryptodev_sym_session is not directly used
> by the application, it may cause ABI breakage if the structure
> is modified in future.
> 
> To address these two issues, the rte_cryptodev_sym_session_create
> will take one mempool object for both the session and session
> private data. The API rte_cryptodev_sym_session_init will now not
> take mempool object.
> rte_cryptodev_sym_session_create will now return an opaque session
> pointer which will be used by the app in rte_cryptodev_sym_session_init
> and other APIs.
> 
> With this change, rte_cryptodev_sym_session_init will send
> pointer to session private data of corresponding driver to the PMD
> based on the driver_id for filling the PMD data.
> 
> In data path, opaque session pointer is attached to rte_crypto_op
> and the PMD can call an internal library API to get the session
> private data pointer based on the driver id.
> 
> TODO:
> - inline APIs for opaque data
> - move rte_cryptodev_sym_session struct to cryptodev_pmd.h
> - currently nb_drivers are getting updated in RTE_INIT which
> result in increasing the memory requirements for session.
> This will be moved to PMD probe so that memory is created
> only for those PMDs which are probed and not just compiled in.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  33 ++---
>  app/test-crypto-perf/cperf_ops.h              |   6 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   5 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |   5 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   5 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  29 +---
>  app/test/test_cryptodev.c                     | 130 +++++-------------
>  app/test/test_cryptodev.h                     |   1 -
>  app/test/test_cryptodev_asym.c                |   1 -
>  app/test/test_cryptodev_blockcipher.c         |   6 +-
>  app/test/test_event_crypto_adapter.c          |  28 +---
>  app/test/test_ipsec.c                         |  22 +--
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +----
>  .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  34 +----
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +----
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +----
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  32 ++---
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +----
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  18 ++-
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  18 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 +++-----
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  13 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  31 +----
>  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +----
>  drivers/crypto/mlx5/mlx5_crypto.c             |  24 +---
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  36 ++---
>  drivers/crypto/nitrox/nitrox_sym.c            |  31 +----
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +----
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 +++-----
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  52 +++----
>  .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +--
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +----
>  drivers/crypto/qat/qat_sym_session.c          |  29 +---
>  drivers/crypto/qat/qat_sym_session.h          |   6 +-
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +----
>  drivers/crypto/virtio/virtio_cryptodev.c      |  31 ++---
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +----
>  .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
>  examples/fips_validation/fips_dev_self_test.c |  32 ++---
>  examples/fips_validation/main.c               |  20 +--
>  examples/ipsec-secgw/ipsec-secgw.c            |  72 +++++-----
>  examples/ipsec-secgw/ipsec.c                  |   3 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   4 -
>  examples/l2fwd-crypto/main.c                  |  41 +-----
>  examples/vhost_crypto/main.c                  |  16 +--
>  lib/cryptodev/cryptodev_pmd.h                 |   7 +-
>  lib/cryptodev/rte_crypto.h                    |   2 +-
>  lib/cryptodev/rte_crypto_sym.h                |   2 +-
>  lib/cryptodev/rte_cryptodev.c                 |  73 ++++++----
>  lib/cryptodev/rte_cryptodev.h                 |  23 ++--
>  lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
>  lib/pipeline/rte_table_action.c               |   8 +-
>  lib/pipeline/rte_table_action.h               |   2 +-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |   7 +-
>  66 files changed, 399 insertions(+), 1050 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
> index 2b0aad095c..db58228dce 100644
> --- a/app/test-crypto-perf/cperf.h
> +++ b/app/test-crypto-perf/cperf.h
> @@ -15,7 +15,6 @@ struct cperf_op_fns;
> 
>  typedef void  *(*cperf_constructor_t)(
>  		struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id,
>  		uint16_t qp_id,
>  		const struct cperf_options *options,
> diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-
> perf/cperf_ops.c
> index 1b3cbe77b9..f094bc656d 100644
> --- a/app/test-crypto-perf/cperf_ops.c
> +++ b/app/test-crypto-perf/cperf_ops.c
> @@ -12,7 +12,7 @@ static int
>  cperf_set_ops_asym(struct rte_crypto_op **ops,
>  		   uint32_t src_buf_offset __rte_unused,
>  		   uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops,
> -		   struct rte_cryptodev_sym_session *sess,
> +		   void *sess,
>  		   const struct cperf_options *options __rte_unused,
>  		   const struct cperf_test_vector *test_vector __rte_unused,
>  		   uint16_t iv_offset __rte_unused,
> @@ -40,7 +40,7 @@ static int
>  cperf_set_ops_security(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset __rte_unused,
>  		uint32_t dst_buf_offset __rte_unused,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options __rte_unused,
>  		const struct cperf_test_vector *test_vector __rte_unused,
>  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> @@ -106,7 +106,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
>  static int
>  cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector __rte_unused,
>  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> @@ -145,7 +145,7 @@ cperf_set_ops_null_cipher(struct rte_crypto_op
> **ops,
>  static int
>  cperf_set_ops_null_auth(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector __rte_unused,
>  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> @@ -184,7 +184,7 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
>  static int
>  cperf_set_ops_cipher(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset, uint32_t *imix_idx)
> @@ -240,7 +240,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
>  static int
>  cperf_set_ops_auth(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset, uint32_t *imix_idx)
> @@ -340,7 +340,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
>  static int
>  cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset, uint32_t *imix_idx)
> @@ -455,7 +455,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op
> **ops,
>  static int
>  cperf_set_ops_aead(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset, uint32_t *imix_idx)
> @@ -563,9 +563,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
>  	return 0;
>  }
> 
> -static struct rte_cryptodev_sym_session *
> +static void *
>  cperf_create_session(struct rte_mempool *sess_mp,
> -	struct rte_mempool *priv_mp,
>  	uint8_t dev_id,
>  	const struct cperf_options *options,
>  	const struct cperf_test_vector *test_vector,
> @@ -590,7 +589,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
>  		if (sess == NULL)
>  			return NULL;
>  		rc = rte_cryptodev_asym_session_init(dev_id, (void *)sess,
> -						     &xform, priv_mp);
> +						     &xform, sess_mp);
>  		if (rc < 0) {
>  			if (sess != NULL) {
>  				rte_cryptodev_asym_session_clear(dev_id,
> @@ -742,8 +741,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
>  			cipher_xform.cipher.iv.length = 0;
>  		}
>  		/* create crypto session */
> -		rte_cryptodev_sym_session_init(dev_id, sess,
> &cipher_xform,
> -				priv_mp);
> +		rte_cryptodev_sym_session_init(dev_id, sess,
> &cipher_xform);
>  	/*
>  	 *  auth only
>  	 */
> @@ -770,8 +768,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
>  			auth_xform.auth.iv.length = 0;
>  		}
>  		/* create crypto session */
> -		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
> -				priv_mp);
> +		rte_cryptodev_sym_session_init(dev_id, sess,
> &auth_xform);
>  	/*
>  	 * cipher and auth
>  	 */
> @@ -830,12 +827,12 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
>  			cipher_xform.next = &auth_xform;
>  			/* create crypto session */
>  			rte_cryptodev_sym_session_init(dev_id,
> -					sess, &cipher_xform, priv_mp);
> +					sess, &cipher_xform);
>  		} else { /* auth then cipher */
>  			auth_xform.next = &cipher_xform;
>  			/* create crypto session */
>  			rte_cryptodev_sym_session_init(dev_id,
> -					sess, &auth_xform, priv_mp);
> +					sess, &auth_xform);
>  		}
>  	} else { /* options->op_type == CPERF_AEAD */
>  		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
> @@ -856,7 +853,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
> 
>  		/* Create crypto session */
>  		rte_cryptodev_sym_session_init(dev_id,
> -					sess, &aead_xform, priv_mp);
> +					sess, &aead_xform);
>  	}
> 
>  	return sess;
> diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-
> perf/cperf_ops.h
> index ff125d12cd..3ff10491a0 100644
> --- a/app/test-crypto-perf/cperf_ops.h
> +++ b/app/test-crypto-perf/cperf_ops.h
> @@ -12,15 +12,15 @@
>  #include "cperf_test_vectors.h"
> 
> 
> -typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
> -		struct rte_mempool *sess_mp, struct rte_mempool
> *sess_priv_mp,
> +typedef void *(*cperf_sessions_create_t)(
> +		struct rte_mempool *sess_mp,
>  		uint8_t dev_id, const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset);
> 
>  typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
>  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> +		uint16_t nb_ops, void *sess,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
>  		uint16_t iv_offset, uint32_t *imix_idx);
> diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-
> perf/cperf_test_latency.c
> index 159fe8492b..4193f7e777 100644
> --- a/app/test-crypto-perf/cperf_test_latency.c
> +++ b/app/test-crypto-perf/cperf_test_latency.c
> @@ -24,7 +24,7 @@ struct cperf_latency_ctx {
> 
>  	struct rte_mempool *pool;
> 
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
> 
>  	cperf_populate_ops_t populate_ops;
> 
> @@ -59,7 +59,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
> 
>  void *
>  cperf_latency_test_constructor(struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id, uint16_t qp_id,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
> @@ -84,7 +83,7 @@ cperf_latency_test_constructor(struct rte_mempool
> *sess_mp,
>  		sizeof(struct rte_crypto_sym_op) +
>  		sizeof(struct cperf_op_result *);
> 
> -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> options,
> +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
>  			test_vector, iv_offset);
>  	if (ctx->sess == NULL)
>  		goto err;
> diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-
> perf/cperf_test_latency.h
> index ed5b0a07bb..d3fc3218d7 100644
> --- a/app/test-crypto-perf/cperf_test_latency.h
> +++ b/app/test-crypto-perf/cperf_test_latency.h
> @@ -17,7 +17,6 @@
>  void *
>  cperf_latency_test_constructor(
>  		struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id,
>  		uint16_t qp_id,
>  		const struct cperf_options *options,
> diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-
> crypto-perf/cperf_test_pmd_cyclecount.c
> index cbbbedd9ba..3dd489376f 100644
> --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
> +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
> @@ -27,7 +27,7 @@ struct cperf_pmd_cyclecount_ctx {
>  	struct rte_crypto_op **ops;
>  	struct rte_crypto_op **ops_processed;
> 
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
> 
>  	cperf_populate_ops_t populate_ops;
> 
> @@ -93,7 +93,6 @@ cperf_pmd_cyclecount_test_free(struct
> cperf_pmd_cyclecount_ctx *ctx)
> 
>  void *
>  cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id, uint16_t qp_id,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
> @@ -120,7 +119,7 @@ cperf_pmd_cyclecount_test_constructor(struct
> rte_mempool *sess_mp,
>  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
>  			sizeof(struct rte_crypto_sym_op);
> 
> -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> options,
> +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
>  			test_vector, iv_offset);
>  	if (ctx->sess == NULL)
>  		goto err;
> diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-
> crypto-perf/cperf_test_pmd_cyclecount.h
> index 3084038a18..beb4419910 100644
> --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
> +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
> @@ -18,7 +18,6 @@
>  void *
>  cperf_pmd_cyclecount_test_constructor(
>  		struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id,
>  		uint16_t qp_id,
>  		const struct cperf_options *options,
> diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-
> perf/cperf_test_throughput.c
> index 76fcda47ff..dc5c48b4da 100644
> --- a/app/test-crypto-perf/cperf_test_throughput.c
> +++ b/app/test-crypto-perf/cperf_test_throughput.c
> @@ -18,7 +18,7 @@ struct cperf_throughput_ctx {
> 
>  	struct rte_mempool *pool;
> 
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
> 
>  	cperf_populate_ops_t populate_ops;
> 
> @@ -64,7 +64,6 @@ cperf_throughput_test_free(struct
> cperf_throughput_ctx *ctx)
> 
>  void *
>  cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id, uint16_t qp_id,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
> @@ -87,7 +86,7 @@ cperf_throughput_test_constructor(struct
> rte_mempool *sess_mp,
>  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
>  		sizeof(struct rte_crypto_sym_op);
> 
> -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> options,
> +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
>  			test_vector, iv_offset);
>  	if (ctx->sess == NULL)
>  		goto err;
> diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-
> crypto-perf/cperf_test_throughput.h
> index 91e1a4b708..439ec8e559 100644
> --- a/app/test-crypto-perf/cperf_test_throughput.h
> +++ b/app/test-crypto-perf/cperf_test_throughput.h
> @@ -18,7 +18,6 @@
>  void *
>  cperf_throughput_test_constructor(
>  		struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id,
>  		uint16_t qp_id,
>  		const struct cperf_options *options,
> diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-
> perf/cperf_test_verify.c
> index 2939aeaa93..cf561dd700 100644
> --- a/app/test-crypto-perf/cperf_test_verify.c
> +++ b/app/test-crypto-perf/cperf_test_verify.c
> @@ -18,7 +18,7 @@ struct cperf_verify_ctx {
> 
>  	struct rte_mempool *pool;
> 
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
> 
>  	cperf_populate_ops_t populate_ops;
> 
> @@ -51,7 +51,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
> 
>  void *
>  cperf_verify_test_constructor(struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id, uint16_t qp_id,
>  		const struct cperf_options *options,
>  		const struct cperf_test_vector *test_vector,
> @@ -74,7 +73,7 @@ cperf_verify_test_constructor(struct rte_mempool
> *sess_mp,
>  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
>  		sizeof(struct rte_crypto_sym_op);
> 
> -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> options,
> +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
>  			test_vector, iv_offset);
>  	if (ctx->sess == NULL)
>  		goto err;
> diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-
> perf/cperf_test_verify.h
> index ac2192ba99..9f70ad87ba 100644
> --- a/app/test-crypto-perf/cperf_test_verify.h
> +++ b/app/test-crypto-perf/cperf_test_verify.h
> @@ -18,7 +18,6 @@
>  void *
>  cperf_verify_test_constructor(
>  		struct rte_mempool *sess_mp,
> -		struct rte_mempool *sess_priv_mp,
>  		uint8_t dev_id,
>  		uint16_t qp_id,
>  		const struct cperf_options *options,
> diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> index 390380898e..c3327b7e55 100644
> --- a/app/test-crypto-perf/main.c
> +++ b/app/test-crypto-perf/main.c
> @@ -118,35 +118,14 @@ fill_session_pool_socket(int32_t socket_id,
> uint32_t session_priv_size,
>  	char mp_name[RTE_MEMPOOL_NAMESIZE];
>  	struct rte_mempool *sess_mp;
> 
> -	if (session_pool_socket[socket_id].priv_mp == NULL) {
> -		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> -			"priv_sess_mp_%u", socket_id);
> -
> -		sess_mp = rte_mempool_create(mp_name,
> -					nb_sessions,
> -					session_priv_size,
> -					0, 0, NULL, NULL, NULL,
> -					NULL, socket_id,
> -					0);
> -
> -		if (sess_mp == NULL) {
> -			printf("Cannot create pool \"%s\" on socket %d\n",
> -				mp_name, socket_id);
> -			return -ENOMEM;
> -		}
> -
> -		printf("Allocated pool \"%s\" on socket %d\n",
> -			mp_name, socket_id);
> -		session_pool_socket[socket_id].priv_mp = sess_mp;
> -	}
> -
>  	if (session_pool_socket[socket_id].sess_mp == NULL) {
> 
>  		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
>  			"sess_mp_%u", socket_id);
> 
>  		sess_mp =
> rte_cryptodev_sym_session_pool_create(mp_name,
> -					nb_sessions, 0, 0, 0, socket_id);
> +					nb_sessions, session_priv_size,
> +					0, 0, socket_id);
> 
>  		if (sess_mp == NULL) {
>  			printf("Cannot create pool \"%s\" on socket %d\n",
> @@ -344,12 +323,9 @@ cperf_initialize_cryptodev(struct cperf_options
> *opts, uint8_t *enabled_cdevs)
>  			return ret;
> 
>  		qp_conf.mp_session =
> session_pool_socket[socket_id].sess_mp;
> -		qp_conf.mp_session_private =
> -				session_pool_socket[socket_id].priv_mp;
> 
>  		if (opts->op_type == CPERF_ASYM_MODEX) {
>  			qp_conf.mp_session = NULL;
> -			qp_conf.mp_session_private = NULL;
>  		}
> 
>  		ret = rte_cryptodev_configure(cdev_id, &conf);
> @@ -704,7 +680,6 @@ main(int argc, char **argv)
> 
>  		ctx[i] = cperf_testmap[opts.test].constructor(
>  				session_pool_socket[socket_id].sess_mp,
> -				session_pool_socket[socket_id].priv_mp,
>  				cdev_id, qp_id,
>  				&opts, t_vec, &op_fns);
>  		if (ctx[i] == NULL) {
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 82f819211a..e5c7930c63 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -79,7 +79,7 @@ struct crypto_unittest_params {
>  #endif
> 
>  	union {
> -		struct rte_cryptodev_sym_session *sess;
> +		void *sess;
>  #ifdef RTE_LIB_SECURITY
>  		void *sec_session;
>  #endif
> @@ -119,7 +119,7 @@
> test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
>  		uint8_t *hmac_key);
> 
>  static int
> -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> rte_cryptodev_sym_session *sess,
> +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
>  		struct crypto_unittest_params *ut_params,
>  		struct crypto_testsuite_params *ts_param,
>  		const uint8_t *cipher,
> @@ -596,23 +596,11 @@ testsuite_setup(void)
>  	}
> 
>  	ts_params->session_mpool =
> rte_cryptodev_sym_session_pool_create(
> -			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
> +			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0,
> 0,
>  			SOCKET_ID_ANY);
>  	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
>  			"session mempool allocation failed");
> 
> -	ts_params->session_priv_mpool = rte_mempool_create(
> -			"test_sess_mp_priv",
> -			MAX_NB_SESSIONS,
> -			session_size,
> -			0, 0, NULL, NULL, NULL,
> -			NULL, SOCKET_ID_ANY,
> -			0);
> -	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
> -			"session mempool allocation failed");
> -
> -
> -
>  	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
>  			&ts_params->conf),
>  			"Failed to configure cryptodev %u with %u qps",
> @@ -620,7 +608,6 @@ testsuite_setup(void)
> 
>  	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
>  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> -	ts_params->qp_conf.mp_session_private = ts_params-
> >session_priv_mpool;
> 
>  	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
>  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> @@ -650,11 +637,6 @@ testsuite_teardown(void)
>  	}
> 
>  	/* Free session mempools */
> -	if (ts_params->session_priv_mpool != NULL) {
> -		rte_mempool_free(ts_params->session_priv_mpool);
> -		ts_params->session_priv_mpool = NULL;
> -	}
> -
>  	if (ts_params->session_mpool != NULL) {
>  		rte_mempool_free(ts_params->session_mpool);
>  		ts_params->session_mpool = NULL;
> @@ -1330,7 +1312,6 @@ dev_configure_and_start(uint64_t ff_disable)
>  	ts_params->conf.ff_disable = ff_disable;
>  	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
>  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> -	ts_params->qp_conf.mp_session_private = ts_params-
> >session_priv_mpool;
> 
>  	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params-
> >valid_devs[0],
>  			&ts_params->conf),
> @@ -1552,7 +1533,6 @@ test_queue_pair_descriptor_setup(void)
>  	 */
>  	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
>  	qp_conf.mp_session = ts_params->session_mpool;
> -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> 
>  	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
>  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> @@ -2146,8 +2126,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
> 
>  	/* Create crypto session*/
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			ut_params->sess, &ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			ut_params->sess, &ut_params->cipher_xform);
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
>  	/* Generate crypto op data structure */
> @@ -2247,7 +2226,7 @@
> test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
>  		uint8_t *hmac_key);
> 
>  static int
> -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> rte_cryptodev_sym_session *sess,
> +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
>  		struct crypto_unittest_params *ut_params,
>  		struct crypto_testsuite_params *ts_params,
>  		const uint8_t *cipher,
> @@ -2288,7 +2267,7 @@
> test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
> 
> 
>  static int
> -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> rte_cryptodev_sym_session *sess,
> +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
>  		struct crypto_unittest_params *ut_params,
>  		struct crypto_testsuite_params *ts_params,
>  		const uint8_t *cipher,
> @@ -2401,8 +2380,7 @@ create_wireless_algo_hash_session(uint8_t dev_id,
>  			ts_params->session_mpool);
> 
>  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->auth_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->auth_xform);
>  	if (status == -ENOTSUP)
>  		return TEST_SKIPPED;
> 
> @@ -2443,8 +2421,7 @@ create_wireless_algo_cipher_session(uint8_t
> dev_id,
>  			ts_params->session_mpool);
> 
>  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->cipher_xform);
>  	if (status == -ENOTSUP)
>  		return TEST_SKIPPED;
> 
> @@ -2566,8 +2543,7 @@ create_wireless_algo_cipher_auth_session(uint8_t
> dev_id,
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
>  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->cipher_xform);
>  	if (status == -ENOTSUP)
>  		return TEST_SKIPPED;
> 
> @@ -2629,8 +2605,7 @@ create_wireless_cipher_auth_session(uint8_t
> dev_id,
>  			ts_params->session_mpool);
> 
>  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->cipher_xform);
>  	if (status == -ENOTSUP)
>  		return TEST_SKIPPED;
> 
> @@ -2699,13 +2674,11 @@
> create_wireless_algo_auth_cipher_session(uint8_t dev_id,
>  		ut_params->auth_xform.next = NULL;
>  		ut_params->cipher_xform.next = &ut_params->auth_xform;
>  		status = rte_cryptodev_sym_session_init(dev_id,
> ut_params->sess,
> -				&ut_params->cipher_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->cipher_xform);
> 
>  	} else
>  		status = rte_cryptodev_sym_session_init(dev_id,
> ut_params->sess,
> -				&ut_params->auth_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->auth_xform);
> 
>  	if (status == -ENOTSUP)
>  		return TEST_SKIPPED;
> @@ -7838,8 +7811,7 @@ create_aead_session(uint8_t dev_id, enum
> rte_crypto_aead_algorithm algo,
>  			ts_params->session_mpool);
> 
>  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->aead_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->aead_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -10992,8 +10964,7 @@ static int MD5_HMAC_create_session(struct
> crypto_testsuite_params *ts_params,
>  			ts_params->session_mpool);
> 
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			ut_params->sess, &ut_params->auth_xform,
> -			ts_params->session_priv_mpool);
> +			ut_params->sess, &ut_params->auth_xform);
> 
>  	if (ut_params->sess == NULL)
>  		return TEST_FAILED;
> @@ -11206,7 +11177,7 @@ test_multi_session(void)
>  	struct crypto_unittest_params *ut_params = &unittest_params;
> 
>  	struct rte_cryptodev_info dev_info;
> -	struct rte_cryptodev_sym_session **sessions;
> +	void **sessions;
> 
>  	uint16_t i;
> 
> @@ -11229,9 +11200,7 @@ test_multi_session(void)
> 
>  	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> 
> -	sessions = rte_malloc(NULL,
> -			sizeof(struct rte_cryptodev_sym_session *) *
> -			(MAX_NB_SESSIONS + 1), 0);
> +	sessions = rte_malloc(NULL, sizeof(void *) * (MAX_NB_SESSIONS +
> 1), 0);
> 
>  	/* Create multiple crypto sessions*/
>  	for (i = 0; i < MAX_NB_SESSIONS; i++) {
> @@ -11240,8 +11209,7 @@ test_multi_session(void)
>  				ts_params->session_mpool);
> 
>  		rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -				sessions[i], &ut_params->auth_xform,
> -				ts_params->session_priv_mpool);
> +				sessions[i], &ut_params->auth_xform);
>  		TEST_ASSERT_NOT_NULL(sessions[i],
>  				"Session creation failed at session
> number %u",
>  				i);
> @@ -11279,8 +11247,7 @@ test_multi_session(void)
>  	sessions[i] = NULL;
>  	/* Next session create should fail */
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			sessions[i], &ut_params->auth_xform,
> -			ts_params->session_priv_mpool);
> +			sessions[i], &ut_params->auth_xform);
>  	TEST_ASSERT_NULL(sessions[i],
>  			"Session creation succeeded unexpectedly!");
> 
> @@ -11311,7 +11278,7 @@ test_multi_session_random_usage(void)
>  {
>  	struct crypto_testsuite_params *ts_params = &testsuite_params;
>  	struct rte_cryptodev_info dev_info;
> -	struct rte_cryptodev_sym_session **sessions;
> +	void **sessions;
>  	uint32_t i, j;
>  	struct multi_session_params ut_paramz[] = {
> 
> @@ -11355,8 +11322,7 @@ test_multi_session_random_usage(void)
>  	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> 
>  	sessions = rte_malloc(NULL,
> -			(sizeof(struct rte_cryptodev_sym_session *)
> -					* MAX_NB_SESSIONS) + 1, 0);
> +			(sizeof(void *) * MAX_NB_SESSIONS) + 1, 0);
> 
>  	for (i = 0; i < MB_SESSION_NUMBER; i++) {
>  		sessions[i] = rte_cryptodev_sym_session_create(
> @@ -11373,8 +11339,7 @@ test_multi_session_random_usage(void)
>  		rte_cryptodev_sym_session_init(
>  				ts_params->valid_devs[0],
>  				sessions[i],
> -				&ut_paramz[i].ut_params.auth_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_paramz[i].ut_params.auth_xform);
> 
>  		TEST_ASSERT_NOT_NULL(sessions[i],
>  				"Session creation failed at session
> number %u",
> @@ -11457,8 +11422,7 @@ test_null_invalid_operation(void)
> 
>  	/* Create Crypto session*/
>  	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			ut_params->sess, &ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			ut_params->sess, &ut_params->cipher_xform);
>  	TEST_ASSERT(ret < 0,
>  			"Session creation succeeded unexpectedly");
> 
> @@ -11475,8 +11439,7 @@ test_null_invalid_operation(void)
> 
>  	/* Create Crypto session*/
>  	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			ut_params->sess, &ut_params->auth_xform,
> -			ts_params->session_priv_mpool);
> +			ut_params->sess, &ut_params->auth_xform);
>  	TEST_ASSERT(ret < 0,
>  			"Session creation succeeded unexpectedly");
> 
> @@ -11521,8 +11484,7 @@ test_null_burst_operation(void)
> 
>  	/* Create Crypto session*/
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> -			ut_params->sess, &ut_params->cipher_xform,
> -			ts_params->session_priv_mpool);
> +			ut_params->sess, &ut_params->cipher_xform);
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
>  	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params-
> >op_mpool,
> @@ -11634,7 +11596,6 @@ test_enq_callback_setup(void)
> 
>  	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
>  	qp_conf.mp_session = ts_params->session_mpool;
> -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> 
>  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
>  			ts_params->valid_devs[0], qp_id, &qp_conf,
> @@ -11734,7 +11695,6 @@ test_deq_callback_setup(void)
> 
>  	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
>  	qp_conf.mp_session = ts_params->session_mpool;
> -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> 
>  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
>  			ts_params->valid_devs[0], qp_id, &qp_conf,
> @@ -11943,8 +11903,7 @@ static int create_gmac_session(uint8_t dev_id,
>  			ts_params->session_mpool);
> 
>  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -			&ut_params->auth_xform,
> -			ts_params->session_priv_mpool);
> +			&ut_params->auth_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -12588,8 +12547,7 @@ create_auth_session(struct
> crypto_unittest_params *ut_params,
>  			ts_params->session_mpool);
> 
>  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -				&ut_params->auth_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->auth_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -12641,8 +12599,7 @@ create_auth_cipher_session(struct
> crypto_unittest_params *ut_params,
>  			ts_params->session_mpool);
> 
>  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> -				&ut_params->auth_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->auth_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -13149,8 +13106,7 @@ test_authenticated_encrypt_with_esn(
> 
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
>  				ut_params->sess,
> -				&ut_params->cipher_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->cipher_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -13281,8 +13237,7 @@ test_authenticated_decrypt_with_esn(
> 
>  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
>  				ut_params->sess,
> -				&ut_params->auth_xform,
> -				ts_params->session_priv_mpool);
> +				&ut_params->auth_xform);
> 
>  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> failed");
> 
> @@ -14003,11 +13958,6 @@ test_scheduler_attach_worker_op(void)
>  			rte_mempool_free(ts_params->session_mpool);
>  			ts_params->session_mpool = NULL;
>  		}
> -		if (ts_params->session_priv_mpool) {
> -			rte_mempool_free(ts_params-
> >session_priv_mpool);
> -			ts_params->session_priv_mpool = NULL;
> -		}
> -
>  		if (info.sym.max_nb_sessions != 0 &&
>  				info.sym.max_nb_sessions <
> MAX_NB_SESSIONS) {
>  			RTE_LOG(ERR, USER1,
> @@ -14024,32 +13974,14 @@ test_scheduler_attach_worker_op(void)
>  			ts_params->session_mpool =
>  				rte_cryptodev_sym_session_pool_create(
>  						"test_sess_mp",
> -						MAX_NB_SESSIONS, 0, 0, 0,
> +						MAX_NB_SESSIONS,
> +						session_size, 0, 0,
>  						SOCKET_ID_ANY);
>  			TEST_ASSERT_NOT_NULL(ts_params-
> >session_mpool,
>  					"session mempool allocation failed");
>  		}
> 
> -		/*
> -		 * Create mempool with maximum number of sessions,
> -		 * to include device specific session private data
> -		 */
> -		if (ts_params->session_priv_mpool == NULL) {
> -			ts_params->session_priv_mpool =
> rte_mempool_create(
> -					"test_sess_mp_priv",
> -					MAX_NB_SESSIONS,
> -					session_size,
> -					0, 0, NULL, NULL, NULL,
> -					NULL, SOCKET_ID_ANY,
> -					0);
> -
> -			TEST_ASSERT_NOT_NULL(ts_params-
> >session_priv_mpool,
> -					"session mempool allocation failed");
> -		}
> -
>  		ts_params->qp_conf.mp_session = ts_params-
> >session_mpool;
> -		ts_params->qp_conf.mp_session_private =
> -				ts_params->session_priv_mpool;
> 
>  		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
>  				(uint8_t)i);
> diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
> index 1cdd84d01f..a3a10d484b 100644
> --- a/app/test/test_cryptodev.h
> +++ b/app/test/test_cryptodev.h
> @@ -89,7 +89,6 @@ struct crypto_testsuite_params {
>  	struct rte_mempool *large_mbuf_pool;
>  	struct rte_mempool *op_mpool;
>  	struct rte_mempool *session_mpool;
> -	struct rte_mempool *session_priv_mpool;
>  	struct rte_cryptodev_config conf;
>  	struct rte_cryptodev_qp_conf qp_conf;
> 
> diff --git a/app/test/test_cryptodev_asym.c
> b/app/test/test_cryptodev_asym.c
> index 9d19a6d6d9..35da574da8 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -924,7 +924,6 @@ testsuite_setup(void)
>  	/* configure qp */
>  	ts_params->qp_conf.nb_descriptors =
> DEFAULT_NUM_OPS_INFLIGHT;
>  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> -	ts_params->qp_conf.mp_session_private = ts_params-
> >session_mpool;
>  	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
>  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
>  			dev_id, qp_id, &ts_params->qp_conf,
> diff --git a/app/test/test_cryptodev_blockcipher.c
> b/app/test/test_cryptodev_blockcipher.c
> index 3cdb2c96e8..9417803f18 100644
> --- a/app/test/test_cryptodev_blockcipher.c
> +++ b/app/test/test_cryptodev_blockcipher.c
> @@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  	struct rte_mempool *mbuf_pool,
>  	struct rte_mempool *op_mpool,
>  	struct rte_mempool *sess_mpool,
> -	struct rte_mempool *sess_priv_mpool,
>  	uint8_t dev_id,
>  	char *test_msg)
>  {
> @@ -81,7 +80,7 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  	struct rte_crypto_sym_op *sym_op = NULL;
>  	struct rte_crypto_op *op = NULL;
>  	struct rte_cryptodev_info dev_info;
> -	struct rte_cryptodev_sym_session *sess = NULL;
> +	void *sess = NULL;
> 
>  	int status = TEST_SUCCESS;
>  	const struct blockcipher_test_data *tdata = t->test_data;
> @@ -514,7 +513,7 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		sess = rte_cryptodev_sym_session_create(sess_mpool);
> 
>  		status = rte_cryptodev_sym_session_init(dev_id, sess,
> -				init_xform, sess_priv_mpool);
> +				init_xform);
>  		if (status == -ENOTSUP) {
>  			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "UNSUPPORTED");
>  			status = TEST_SKIPPED;
> @@ -831,7 +830,6 @@ blockcipher_test_case_run(const void *data)
>  			p_testsuite_params->mbuf_pool,
>  			p_testsuite_params->op_mpool,
>  			p_testsuite_params->session_mpool,
> -			p_testsuite_params->session_priv_mpool,
>  			p_testsuite_params->valid_devs[0],
>  			test_msg);
>  	return status;
> diff --git a/app/test/test_event_crypto_adapter.c
> b/app/test/test_event_crypto_adapter.c
> index 3ad20921e2..59229a1cde 100644
> --- a/app/test/test_event_crypto_adapter.c
> +++ b/app/test/test_event_crypto_adapter.c
> @@ -61,7 +61,6 @@ struct event_crypto_adapter_test_params {
>  	struct rte_mempool *mbuf_pool;
>  	struct rte_mempool *op_mpool;
>  	struct rte_mempool *session_mpool;
> -	struct rte_mempool *session_priv_mpool;
>  	struct rte_cryptodev_config *config;
>  	uint8_t crypto_event_port_id;
>  	uint8_t internal_port_op_fwd;
> @@ -167,7 +166,7 @@ static int
>  test_op_forward_mode(uint8_t session_less)
>  {
>  	struct rte_crypto_sym_xform cipher_xform;
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
>  	union rte_event_crypto_metadata m_data;
>  	struct rte_crypto_sym_op *sym_op;
>  	struct rte_crypto_op *op;
> @@ -203,7 +202,7 @@ test_op_forward_mode(uint8_t session_less)
> 
>  		/* Create Crypto session*/
>  		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
> -				&cipher_xform, params.session_priv_mpool);
> +				&cipher_xform);
>  		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
> 
>  		ret = rte_event_crypto_adapter_caps_get(evdev,
> TEST_CDEV_ID,
> @@ -367,7 +366,7 @@ static int
>  test_op_new_mode(uint8_t session_less)
>  {
>  	struct rte_crypto_sym_xform cipher_xform;
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
>  	union rte_event_crypto_metadata m_data;
>  	struct rte_crypto_sym_op *sym_op;
>  	struct rte_crypto_op *op;
> @@ -411,7 +410,7 @@ test_op_new_mode(uint8_t session_less)
>  						&m_data, sizeof(m_data));
>  		}
>  		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
> -				&cipher_xform, params.session_priv_mpool);
> +				&cipher_xform);
>  		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
> 
>  		rte_crypto_op_attach_sym_session(op, sess);
> @@ -553,22 +552,12 @@ configure_cryptodev(void)
> 
>  	params.session_mpool = rte_cryptodev_sym_session_pool_create(
>  			"CRYPTO_ADAPTER_SESSION_MP",
> -			MAX_NB_SESSIONS, 0, 0,
> +			MAX_NB_SESSIONS, session_size, 0,
>  			sizeof(union rte_event_crypto_metadata),
>  			SOCKET_ID_ANY);
>  	TEST_ASSERT_NOT_NULL(params.session_mpool,
>  			"session mempool allocation failed\n");
> 
> -	params.session_priv_mpool = rte_mempool_create(
> -				"CRYPTO_AD_SESS_MP_PRIV",
> -				MAX_NB_SESSIONS,
> -				session_size,
> -				0, 0, NULL, NULL, NULL,
> -				NULL, SOCKET_ID_ANY,
> -				0);
> -	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
> -			"session mempool allocation failed\n");
> -
>  	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
>  	conf.nb_queue_pairs = info.max_nb_queue_pairs;
>  	conf.socket_id = SOCKET_ID_ANY;
> @@ -580,7 +569,6 @@ configure_cryptodev(void)
> 
>  	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
>  	qp_conf.mp_session = params.session_mpool;
> -	qp_conf.mp_session_private = params.session_priv_mpool;
> 
>  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
>  			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
> @@ -934,12 +922,6 @@ crypto_teardown(void)
>  		rte_mempool_free(params.session_mpool);
>  		params.session_mpool = NULL;
>  	}
> -	if (params.session_priv_mpool != NULL) {
> -		rte_mempool_avail_count(params.session_priv_mpool);
> -		rte_mempool_free(params.session_priv_mpool);
> -		params.session_priv_mpool = NULL;
> -	}
> -
>  	/* Free ops mempool */
>  	if (params.op_mpool != NULL) {
>  		RTE_LOG(DEBUG, USER1, "EVENT_CRYPTO_SYM_OP_POOL
> count %u\n",
> diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
> index 2ffa2a8e79..134545efe1 100644
> --- a/app/test/test_ipsec.c
> +++ b/app/test/test_ipsec.c
> @@ -355,20 +355,9 @@ testsuite_setup(void)
>  		return TEST_FAILED;
>  	}
> 
> -	ts_params->qp_conf.mp_session_private = rte_mempool_create(
> -				"test_priv_sess_mp",
> -				MAX_NB_SESSIONS,
> -				sess_sz,
> -				0, 0, NULL, NULL, NULL,
> -				NULL, SOCKET_ID_ANY,
> -				0);
> -
> -	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
> -			"private session mempool allocation failed");
> -
>  	ts_params->qp_conf.mp_session =
>  		rte_cryptodev_sym_session_pool_create("test_sess_mp",
> -			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
> +			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
> 
>  	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
>  			"session mempool allocation failed");
> @@ -413,11 +402,6 @@ testsuite_teardown(void)
>  		rte_mempool_free(ts_params->qp_conf.mp_session);
>  		ts_params->qp_conf.mp_session = NULL;
>  	}
> -
> -	if (ts_params->qp_conf.mp_session_private != NULL) {
> -		rte_mempool_free(ts_params-
> >qp_conf.mp_session_private);
> -		ts_params->qp_conf.mp_session_private = NULL;
> -	}
>  }
> 
>  static int
> @@ -644,7 +628,7 @@ create_crypto_session(struct ipsec_unitest_params
> *ut,
>  	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
>  {
>  	int32_t rc;
> -	struct rte_cryptodev_sym_session *s;
> +	void *s;
> 
>  	s = rte_cryptodev_sym_session_create(qp->mp_session);
>  	if (s == NULL)
> @@ -652,7 +636,7 @@ create_crypto_session(struct ipsec_unitest_params
> *ut,
> 
>  	/* initiliaze SA crypto session for device */
>  	rc = rte_cryptodev_sym_session_init(dev_id, s,
> -			ut->crypto_xforms, qp->mp_session_private);
> +			ut->crypto_xforms);
>  	if (rc == 0) {
>  		ut->ss[j].crypto.ses = s;
>  		return 0;
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> index edb7275e76..75330292af 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> @@ -235,7 +235,6 @@ aesni_gcm_pmd_qp_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  		goto qp_setup_cleanup;
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> 
> @@ -259,10 +258,8 @@ aesni_gcm_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev
> __rte_unused,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
>  	struct aesni_gcm_private *internals = dev->data->dev_private;
> 
> @@ -271,42 +268,24 @@ aesni_gcm_pmd_sym_session_configure(struct
> rte_cryptodev *dev __rte_unused,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		AESNI_GCM_LOG(ERR,
> -				"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
>  	ret = aesni_gcm_set_session_parameters(internals->ops,
> -				sess_private_data, xform);
> +				sess, xform);
>  	if (ret != 0) {
>  		AESNI_GCM_LOG(ERR, "failed configure session
> parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -			sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct aesni_gcm_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct aesni_gcm_session));
>  }
> 
>  struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> index 39c67e3952..efdc05c45f 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> @@ -944,7 +944,6 @@ aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	}
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->stats, 0, sizeof(qp->stats));
> 
> @@ -974,11 +973,8 @@ aesni_mb_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  /** Configure a aesni multi-buffer session from a crypto xform chain */
>  static int
>  aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
> -		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		struct rte_crypto_sym_xform *xform, void *sess)
>  {
> -	void *sess_private_data;
>  	struct aesni_mb_private *internals = dev->data->dev_private;
>  	int ret;
> 
> @@ -987,43 +983,25 @@ aesni_mb_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		AESNI_MB_LOG(ERR,
> -				"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
>  	ret = aesni_mb_set_session_parameters(internals->mb_mgr,
> -			sess_private_data, xform);
> +			sess, xform);
>  	if (ret != 0) {
>  		AESNI_MB_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -			sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> +	RTE_SET_USED(dev);
> 
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct aesni_mb_session));
>  }
> 
>  struct rte_cryptodev_ops aesni_mb_pmd_ops = {
> diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> index 1b2749fe62..2d3b54b063 100644
> --- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> +++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> @@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  		goto qp_setup_cleanup;
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->stats, 0, sizeof(qp->stats));
> 
> @@ -268,10 +267,8 @@ armv8_crypto_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	if (unlikely(sess == NULL)) {
> @@ -279,42 +276,23 @@ armv8_crypto_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		CDEV_LOG_ERR(
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = armv8_crypto_set_session_parameters(sess_private_data,
> xform);
> +	ret = armv8_crypto_set_session_parameters(sess, xform);
>  	if (ret != 0) {
>  		ARMV8_CRYPTO_LOG_ERR("failed configure session
> parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -			sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct armv8_crypto_session));
>  }
> 
>  struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
> diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c
> b/drivers/crypto/bcmfs/bcmfs_sym_session.c
> index 675ed0ad55..b4b167d0c2 100644
> --- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
> +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
> @@ -224,10 +224,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
>  int
>  bcmfs_sym_session_configure(struct rte_cryptodev *dev,
>  			    struct rte_crypto_sym_xform *xform,
> -			    struct rte_cryptodev_sym_session *sess,
> -			    struct rte_mempool *mempool)
> +			    void *sess)
>  {
> -	void *sess_private_data;
> +	RTE_SET_USED(dev);
>  	int ret;
> 
>  	if (unlikely(sess == NULL)) {
> @@ -235,44 +234,23 @@ bcmfs_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		BCMFS_DP_LOG(ERR,
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = crypto_set_session_parameters(sess_private_data, xform);
> +	ret = crypto_set_session_parameters(sess, xform);
> 
>  	if (ret != 0) {
>  		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -				     sess_private_data);
> -
>  	return 0;
>  }
> 
>  /* Clear the memory of session so it doesn't leave key material behind */
>  void
> -bcmfs_sym_session_clear(struct rte_cryptodev *dev,
> -			struct rte_cryptodev_sym_session  *sess)
> +bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> -	if (sess_priv) {
> -		struct rte_mempool *sess_mp;
> -
> -		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
> -		sess_mp = rte_mempool_from_obj(sess_priv);
> -
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	RTE_SET_USED(dev);
> +	if (sess)
> +		memset(sess, 0, sizeof(struct bcmfs_sym_session));
>  }
> 
>  unsigned int
> diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h
> b/drivers/crypto/bcmfs/bcmfs_sym_session.h
> index d40595b4bd..7faafe2fd5 100644
> --- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
> +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
> @@ -93,12 +93,10 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
>  int
>  bcmfs_sym_session_configure(struct rte_cryptodev *dev,
>  			    struct rte_crypto_sym_xform *xform,
> -			    struct rte_cryptodev_sym_session *sess,
> -			    struct rte_mempool *mempool);
> +			    void *sess);
> 
>  void
> -bcmfs_sym_session_clear(struct rte_cryptodev *dev,
> -			struct rte_cryptodev_sym_session  *sess);
> +bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
> 
>  unsigned int
>  bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev
> __rte_unused);
> diff --git a/drivers/crypto/caam_jr/caam_jr.c
> b/drivers/crypto/caam_jr/caam_jr.c
> index ce7a100778..8a04820fa6 100644
> --- a/drivers/crypto/caam_jr/caam_jr.c
> +++ b/drivers/crypto/caam_jr/caam_jr.c
> @@ -1692,52 +1692,36 @@ caam_jr_set_session_parameters(struct
> rte_cryptodev *dev,
>  static int
>  caam_jr_sym_session_configure(struct rte_cryptodev *dev,
>  			      struct rte_crypto_sym_xform *xform,
> -			      struct rte_cryptodev_sym_session *sess,
> -			      struct rte_mempool *mempool)
> +			      void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	PMD_INIT_FUNC_TRACE();
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		CAAM_JR_ERR("Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
> -	ret = caam_jr_set_session_parameters(dev, xform,
> sess_private_data);
> +	memset(sess, 0, sizeof(struct caam_jr_session));
> +	ret = caam_jr_set_session_parameters(dev, xform, sess);
>  	if (ret != 0) {
>  		CAAM_JR_ERR("failed to configure session parameters");
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> sess_private_data);
> -
>  	return 0;
>  }
> 
>  /* Clear the memory of session so it doesn't leave key material behind */
>  static void
> -caam_jr_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +caam_jr_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
> +	RTE_SET_USED(dev);
> +
> +	struct caam_jr_session *s = (struct caam_jr_session *)sess;
> 
>  	PMD_INIT_FUNC_TRACE();
> 
> -	if (sess_priv) {
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -
> +	if (sess) {
>  		rte_free(s->cipher_key.data);
>  		rte_free(s->auth_key.data);
>  		memset(s, 0, sizeof(struct caam_jr_session));
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
>  	}
>  }
> 
> diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c
> b/drivers/crypto/ccp/ccp_pmd_ops.c
> index 0d615d311c..cac1268130 100644
> --- a/drivers/crypto/ccp/ccp_pmd_ops.c
> +++ b/drivers/crypto/ccp/ccp_pmd_ops.c
> @@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	}
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	/* mempool for batch info */
>  	qp->batch_mp = rte_mempool_create(
> @@ -758,11 +757,9 @@ ccp_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
>  			  struct rte_crypto_sym_xform *xform,
> -			  struct rte_cryptodev_sym_session *sess,
> -			  struct rte_mempool *mempool)
> +			  void *sess)
>  {
>  	int ret;
> -	void *sess_private_data;
>  	struct ccp_private *internals;
> 
>  	if (unlikely(sess == NULL || xform == NULL)) {
> @@ -770,39 +767,22 @@ ccp_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -ENOMEM;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		CCP_LOG_ERR("Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
>  	internals = (struct ccp_private *)dev->data->dev_private;
> -	ret = ccp_set_session_parameters(sess_private_data, xform,
> internals);
> +	ret = ccp_set_session_parameters(sess, xform, internals);
>  	if (ret != 0) {
>  		CCP_LOG_ERR("failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> -	set_sym_session_private_data(sess, dev->driver_id,
> -				 sess_private_data);
> 
>  	return 0;
>  }
> 
>  static void
> -ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		      struct rte_cryptodev_sym_session *sess)
> +ccp_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> -	if (sess_priv) {
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -
> -		rte_mempool_put(sess_mp, sess_priv);
> -		memset(sess_priv, 0, sizeof(struct ccp_session));
> -		set_sym_session_private_data(sess, index, NULL);
> -	}
> +	RTE_SET_USED(dev);
> +	if (sess)
> +		memset(sess, 0, sizeof(struct ccp_session));
>  }
> 
>  struct rte_cryptodev_ops ccp_ops = {
> diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> index 99968cc353..50cae5e3d6 100644
> --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> @@ -32,17 +32,18 @@ cn10k_cpt_sym_temp_sess_create(struct
> cnxk_cpt_qp *qp, struct rte_crypto_op *op)
>  	if (sess == NULL)
>  		return NULL;
> 
> -	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op-
> >xform,
> -				    sess, qp->sess_mp_priv);
> +	sess->sess_data[driver_id].data =
> +			(void *)((uint8_t *)sess +
> +			rte_cryptodev_sym_get_header_session_size() +
> +			(driver_id * sess->priv_sz));
> +	priv = get_sym_session_private_data(sess, driver_id);
> +	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, (void
> *)priv);
>  	if (ret)
>  		goto sess_put;
> 
> -	priv = get_sym_session_private_data(sess, driver_id);
> -
>  	sym_op->session = sess;
> 
>  	return priv;
> -
>  sess_put:
>  	rte_mempool_put(qp->sess_mp, sess);
>  	return NULL;
> @@ -144,9 +145,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct
> rte_crypto_op *ops[],
>  			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
>  						&inst[0]);
>  			if (unlikely(ret)) {
> -
> 	sym_session_clear(cn10k_cryptodev_driver_id,
> -						  op->sym->session);
> -				rte_mempool_put(qp->sess_mp, op->sym-
> >session);
> +				sym_session_clear(op->sym->session);
>  				return 0;
>  			}
>  			w7 = sess->cpt_inst_w7;
> @@ -437,8 +436,7 @@ cn10k_cpt_dequeue_post_process(struct
> cnxk_cpt_qp *qp,
>  temp_sess_free:
>  	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
>  		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
> -			sym_session_clear(cn10k_cryptodev_driver_id,
> -					  cop->sym->session);
> +			sym_session_clear(cop->sym->session);
>  			sz =
> rte_cryptodev_sym_get_existing_header_session_size(
>  				cop->sym->session);
>  			memset(cop->sym->session, 0, sz);
> diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> index 4c2dc5b080..5f83581131 100644
> --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> @@ -81,17 +81,19 @@ cn9k_cpt_sym_temp_sess_create(struct
> cnxk_cpt_qp *qp, struct rte_crypto_op *op)
>  	if (sess == NULL)
>  		return NULL;
> 
> -	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op-
> >xform,
> -				    sess, qp->sess_mp_priv);
> +	sess->sess_data[driver_id].data =
> +			(void *)((uint8_t *)sess +
> +			rte_cryptodev_sym_get_header_session_size() +
> +			(driver_id * sess->priv_sz));
> +	priv = get_sym_session_private_data(sess, driver_id);
> +	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
> +			(void *)priv);
>  	if (ret)
>  		goto sess_put;
> 
> -	priv = get_sym_session_private_data(sess, driver_id);
> -
>  	sym_op->session = sess;
> 
>  	return priv;
> -
>  sess_put:
>  	rte_mempool_put(qp->sess_mp, sess);
>  	return NULL;
> @@ -126,8 +128,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct
> rte_crypto_op *op,
>  			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
>  						     inst);
>  			if (unlikely(ret)) {
> -
> 	sym_session_clear(cn9k_cryptodev_driver_id,
> -						  op->sym->session);
> +				sym_session_clear(op->sym->session);
>  				rte_mempool_put(qp->sess_mp, op->sym-
> >session);
>  			}
>  			inst->w7.u64 = sess->cpt_inst_w7;
> @@ -484,8 +485,7 @@ cn9k_cpt_dequeue_post_process(struct
> cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
>  temp_sess_free:
>  	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
>  		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
> -			sym_session_clear(cn9k_cryptodev_driver_id,
> -					  cop->sym->session);
> +			sym_session_clear(cop->sym->session);
>  			sz =
> rte_cryptodev_sym_get_existing_header_session_size(
>  				cop->sym->session);
>  			memset(cop->sym->session, 0, sz);
> diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> index 41d8fe49e1..52d9cf0cf3 100644
> --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> @@ -379,7 +379,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  	}
> 
>  	qp->sess_mp = conf->mp_session;
> -	qp->sess_mp_priv = conf->mp_session_private;
>  	dev->data->queue_pairs[qp_id] = qp;
> 
>  	return 0;
> @@ -493,27 +492,20 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess,
> struct roc_cpt *roc_cpt)
>  }
> 
>  int
> -sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
> +sym_session_configure(struct roc_cpt *roc_cpt,
>  		      struct rte_crypto_sym_xform *xform,
> -		      struct rte_cryptodev_sym_session *sess,
> -		      struct rte_mempool *pool)
> +		      void *sess)
>  {
>  	struct cnxk_se_sess *sess_priv;
> -	void *priv;
>  	int ret;
> 
>  	ret = sym_xform_verify(xform);
>  	if (unlikely(ret < 0))
>  		return ret;
> 
> -	if (unlikely(rte_mempool_get(pool, &priv))) {
> -		plt_dp_err("Could not allocate session private data");
> -		return -ENOMEM;
> -	}
> +	memset(sess, 0, sizeof(struct cnxk_se_sess));
> 
> -	memset(priv, 0, sizeof(struct cnxk_se_sess));
> -
> -	sess_priv = priv;
> +	sess_priv = sess;
> 
>  	switch (ret) {
>  	case CNXK_CPT_CIPHER:
> @@ -547,7 +539,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int
> driver_id,
>  	}
> 
>  	if (ret)
> -		goto priv_put;
> +		return -ENOTSUP;
> 
>  	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
>  	    cpt_mac_len_verify(&xform->auth)) {
> @@ -557,66 +549,45 @@ sym_session_configure(struct roc_cpt *roc_cpt, int
> driver_id,
>  			sess_priv->roc_se_ctx.auth_key = NULL;
>  		}
> 
> -		ret = -ENOTSUP;
> -		goto priv_put;
> +		return -ENOTSUP;
>  	}
> 
>  	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
> 
> -	set_sym_session_private_data(sess, driver_id, sess_priv);
> -
>  	return 0;
> -
> -priv_put:
> -	rte_mempool_put(pool, priv);
> -
> -	return -ENOTSUP;
>  }
> 
>  int
>  cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
>  			       struct rte_crypto_sym_xform *xform,
> -			       struct rte_cryptodev_sym_session *sess,
> -			       struct rte_mempool *pool)
> +			       void *sess)
>  {
>  	struct cnxk_cpt_vf *vf = dev->data->dev_private;
>  	struct roc_cpt *roc_cpt = &vf->cpt;
> -	uint8_t driver_id;
> 
> -	driver_id = dev->driver_id;
> -
> -	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
> +	return sym_session_configure(roc_cpt, xform, sess);
>  }
> 
>  void
> -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> +sym_session_clear(void *sess)
>  {
> -	void *priv = get_sym_session_private_data(sess, driver_id);
> -	struct cnxk_se_sess *sess_priv;
> -	struct rte_mempool *pool;
> +	struct cnxk_se_sess *sess_priv = sess;
> 
> -	if (priv == NULL)
> +	if (sess == NULL)
>  		return;
> 
> -	sess_priv = priv;
> -
>  	if (sess_priv->roc_se_ctx.auth_key != NULL)
>  		plt_free(sess_priv->roc_se_ctx.auth_key);
> 
> -	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
> -
> -	pool = rte_mempool_from_obj(priv);
> -
> -	set_sym_session_private_data(sess, driver_id, NULL);
> -
> -	rte_mempool_put(pool, priv);
> +	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
>  }
> 
>  void
> -cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
> -			   struct rte_cryptodev_sym_session *sess)
> +cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	return sym_session_clear(dev->driver_id, sess);
> +	RTE_SET_USED(dev);
> +
> +	return sym_session_clear(sess);
>  }
> 
>  unsigned int
> diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> index c5332dec53..3c09d10582 100644
> --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> @@ -111,18 +111,15 @@ unsigned int
> cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
> 
>  int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
>  				   struct rte_crypto_sym_xform *xform,
> -				   struct rte_cryptodev_sym_session *sess,
> -				   struct rte_mempool *pool);
> +				   void *sess);
> 
> -int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
> +int sym_session_configure(struct roc_cpt *roc_cpt,
>  			  struct rte_crypto_sym_xform *xform,
> -			  struct rte_cryptodev_sym_session *sess,
> -			  struct rte_mempool *pool);
> +			  void *sess);
> 
> -void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
> -				struct rte_cryptodev_sym_session *sess);
> +void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess);
> 
> -void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session
> *sess);
> +void sym_session_clear(void *sess);
> 
>  unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev
> __rte_unused);
> 
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index 176f1a27a0..42229763f8 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -3438,49 +3438,32 @@ dpaa2_sec_security_session_destroy(void *dev
> __rte_unused, void *sess)
>  static int
>  dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		DPAA2_SEC_ERR("Couldn't get object from session
> mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = dpaa2_sec_set_session_parameters(dev, xform,
> sess_private_data);
> +	ret = dpaa2_sec_set_session_parameters(dev, xform, sess);
>  	if (ret != 0) {
>  		DPAA2_SEC_ERR("Failed to configure session parameters");
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
>  	PMD_INIT_FUNC_TRACE();
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
> +	RTE_SET_USED(dev);
> +	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
> 
> -	if (sess_priv) {
> +	if (sess) {
>  		rte_free(s->ctxt);
>  		rte_free(s->cipher_key.data);
>  		rte_free(s->auth_key.data);
>  		memset(s, 0, sizeof(dpaa2_sec_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
>  	}
>  }
> 
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index 5a087df090..4727088b45 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -2537,33 +2537,18 @@ dpaa_sec_set_session_parameters(struct
> rte_cryptodev *dev,
> 
>  static int
>  dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
> -		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		struct rte_crypto_sym_xform *xform, void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	PMD_INIT_FUNC_TRACE();
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		DPAA_SEC_ERR("Couldn't get object from session
> mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = dpaa_sec_set_session_parameters(dev, xform,
> sess_private_data);
> +	ret = dpaa_sec_set_session_parameters(dev, xform, sess);
>  	if (ret != 0) {
>  		DPAA_SEC_ERR("failed to configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -			sess_private_data);
> -
> -
>  	return 0;
>  }
> 
> @@ -2584,18 +2569,14 @@ free_session_memory(struct rte_cryptodev
> *dev, dpaa_sec_session *s)
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
>  	PMD_INIT_FUNC_TRACE();
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
> +	RTE_SET_USED(dev);
> +	dpaa_sec_session *s = (dpaa_sec_session *)sess;
> 
> -	if (sess_priv) {
> +	if (sess)
>  		free_session_memory(dev, s);
> -		set_sym_session_private_data(sess, index, NULL);
> -	}
>  }
> 
>  #ifdef RTE_LIB_SECURITY
> diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> index f075054807..b2e5c92598 100644
> --- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> @@ -220,7 +220,6 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
> 
>  	qp->mgr = internals->mgr;
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> 
> @@ -243,10 +242,8 @@ kasumi_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
>  	struct kasumi_private *internals = dev->data->dev_private;
> 
> @@ -255,43 +252,24 @@ kasumi_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		KASUMI_LOG(ERR,
> -				"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
>  	ret = kasumi_set_session_parameters(internals->mgr,
> -					sess_private_data, xform);
> +					sess, xform);
>  	if (ret != 0) {
>  		KASUMI_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct kasumi_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct kasumi_session));
>  }
> 
>  struct rte_cryptodev_ops kasumi_pmd_ops = {
> diff --git a/drivers/crypto/mlx5/mlx5_crypto.c
> b/drivers/crypto/mlx5/mlx5_crypto.c
> index 682cf8b607..615ab9f45d 100644
> --- a/drivers/crypto/mlx5/mlx5_crypto.c
> +++ b/drivers/crypto/mlx5/mlx5_crypto.c
> @@ -165,14 +165,12 @@ mlx5_crypto_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
>  				  struct rte_crypto_sym_xform *xform,
> -				  struct rte_cryptodev_sym_session *session,
> -				  struct rte_mempool *mp)
> +				  void *session)
>  {
>  	struct mlx5_crypto_priv *priv = dev->data->dev_private;
> -	struct mlx5_crypto_session *sess_private_data;
> +	struct mlx5_crypto_session *sess_private_data = session;
>  	struct rte_crypto_cipher_xform *cipher;
>  	uint8_t encryption_order;
> -	int ret;
> 
>  	if (unlikely(xform->next != NULL)) {
>  		DRV_LOG(ERR, "Xform next is not supported.");
> @@ -183,17 +181,9 @@ mlx5_crypto_sym_session_configure(struct
> rte_cryptodev *dev,
>  		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
>  		return -ENOTSUP;
>  	}
> -	ret = rte_mempool_get(mp, (void *)&sess_private_data);
> -	if (ret != 0) {
> -		DRV_LOG(ERR,
> -			"Failed to get session %p private data from
> mempool.",
> -			sess_private_data);
> -		return -ENOMEM;
> -	}
>  	cipher = &xform->cipher;
>  	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
>  	if (sess_private_data->dek == NULL) {
> -		rte_mempool_put(mp, sess_private_data);
>  		DRV_LOG(ERR, "Failed to prepare dek.");
>  		return -ENOMEM;
>  	}
> @@ -228,27 +218,21 @@ mlx5_crypto_sym_session_configure(struct
> rte_cryptodev *dev,
>  	sess_private_data->dek_id =
>  			rte_cpu_to_be_32(sess_private_data->dek->obj->id
> &
>  					 0xffffff);
> -	set_sym_session_private_data(session, dev->driver_id,
> -				     sess_private_data);
>  	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
>  	return 0;
>  }
> 
>  static void
> -mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
> -			      struct rte_cryptodev_sym_session *sess)
> +mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
>  	struct mlx5_crypto_priv *priv = dev->data->dev_private;
> -	struct mlx5_crypto_session *spriv =
> get_sym_session_private_data(sess,
> -								dev-
> >driver_id);
> +	struct mlx5_crypto_session *spriv = sess;
> 
>  	if (unlikely(spriv == NULL)) {
>  		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
>  		return;
>  	}
>  	mlx5_crypto_dek_destroy(priv, spriv->dek);
> -	set_sym_session_private_data(sess, dev->driver_id, NULL);
> -	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
>  	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
>  }
> 
> diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> index e04a2c88c7..2e4b27ea21 100644
> --- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> +++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> @@ -704,7 +704,6 @@ mrvl_crypto_pmd_qp_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  			break;
> 
>  		qp->sess_mp = qp_conf->mp_session;
> -		qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  		memset(&qp->stats, 0, sizeof(qp->stats));
>  		dev->data->queue_pairs[qp_id] = qp;
> @@ -735,12 +734,9 @@
> mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct
> rte_cryptodev *dev)
>   */
>  static int
>  mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> rte_cryptodev *dev,
> -		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mp)
> +		struct rte_crypto_sym_xform *xform, void *sess)
>  {
>  	struct mrvl_crypto_session *mrvl_sess;
> -	void *sess_private_data;
>  	int ret;
> 
>  	if (sess == NULL) {
> @@ -748,25 +744,16 @@
> mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mp, &sess_private_data)) {
> -		CDEV_LOG_ERR("Couldn't get object from session
> mempool.");
> -		return -ENOMEM;
> -	}
> +	memset(sess, 0, sizeof(struct mrvl_crypto_session));
> 
> -	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
> -
> -	ret = mrvl_crypto_set_session_parameters(sess_private_data,
> xform);
> +	ret = mrvl_crypto_set_session_parameters(sess, xform);
>  	if (ret != 0) {
>  		MRVL_LOG(ERR, "Failed to configure session parameters!");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mp, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> sess_private_data);
> 
> -	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
> +	mrvl_sess = (struct mrvl_crypto_session *)sess;
>  	if (sam_session_create(&mrvl_sess->sam_sess_params,
>  				&mrvl_sess->sam_sess) < 0) {
>  		MRVL_LOG(DEBUG, "Failed to create session!");
> @@ -789,17 +776,13 @@
> mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> rte_cryptodev *dev,
>   * @returns 0. Always.
>   */
>  static void
> -mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> *sess)
>  {
> -
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> +	if (sess) {
>  		struct mrvl_crypto_session *mrvl_sess =
> -			(struct mrvl_crypto_session *)sess_priv;
> +			(struct mrvl_crypto_session *)sess;
> 
>  		if (mrvl_sess->sam_sess &&
>  		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
> @@ -807,9 +790,6 @@ mrvl_crypto_pmd_sym_session_clear(struct
> rte_cryptodev *dev,
>  		}
> 
>  		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
>  	}
>  }
> 
> diff --git a/drivers/crypto/nitrox/nitrox_sym.c
> b/drivers/crypto/nitrox/nitrox_sym.c
> index f8b7edcd69..0c9bbfef46 100644
> --- a/drivers/crypto/nitrox/nitrox_sym.c
> +++ b/drivers/crypto/nitrox/nitrox_sym.c
> @@ -532,22 +532,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform
> *xform,
>  static int
>  nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
>  			      struct rte_crypto_sym_xform *xform,
> -			      struct rte_cryptodev_sym_session *sess,
> -			      struct rte_mempool *mempool)
> +			      void *sess)
>  {
> -	void *mp_obj;
>  	struct nitrox_crypto_ctx *ctx;
>  	struct rte_crypto_cipher_xform *cipher_xform = NULL;
>  	struct rte_crypto_auth_xform *auth_xform = NULL;
>  	struct rte_crypto_aead_xform *aead_xform = NULL;
>  	int ret = -EINVAL;
> 
> -	if (rte_mempool_get(mempool, &mp_obj)) {
> -		NITROX_LOG(ERR, "Couldn't allocate context\n");
> -		return -ENOMEM;
> -	}
> -
> -	ctx = mp_obj;
> +	RTE_SET_USED(cdev);
> +	ctx = sess;
>  	ctx->nitrox_chain = get_crypto_chain_order(xform);
>  	switch (ctx->nitrox_chain) {
>  	case NITROX_CHAIN_CIPHER_ONLY:
> @@ -586,28 +580,17 @@ nitrox_sym_dev_sess_configure(struct
> rte_cryptodev *cdev,
>  	}
> 
>  	ctx->iova = rte_mempool_virt2iova(ctx);
> -	set_sym_session_private_data(sess, cdev->driver_id, ctx);
>  	return 0;
>  err:
> -	rte_mempool_put(mempool, mp_obj);
>  	return ret;
>  }
> 
>  static void
> -nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
> -			  struct rte_cryptodev_sym_session *sess)
> +nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev, void *sess)
>  {
> -	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
> -							cdev->driver_id);
> -	struct rte_mempool *sess_mp;
> -
> -	if (!ctx)
> -		return;
> -
> -	memset(ctx, 0, sizeof(*ctx));
> -	sess_mp = rte_mempool_from_obj(ctx);
> -	set_sym_session_private_data(sess, cdev->driver_id, NULL);
> -	rte_mempool_put(sess_mp, ctx);
> +	RTE_SET_USED(cdev);
> +	if (sess)
> +		memset(sess, 0, sizeof(struct nitrox_crypto_ctx));
>  }
> 
>  static struct nitrox_crypto_ctx *
> diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c
> b/drivers/crypto/null/null_crypto_pmd_ops.c
> index a8b5a06e7f..65bfa8dcf7 100644
> --- a/drivers/crypto/null/null_crypto_pmd_ops.c
> +++ b/drivers/crypto/null/null_crypto_pmd_ops.c
> @@ -234,7 +234,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  	}
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> 
> @@ -258,10 +257,8 @@ null_crypto_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev
> __rte_unused,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mp)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	if (unlikely(sess == NULL)) {
> @@ -269,42 +266,23 @@ null_crypto_pmd_sym_session_configure(struct
> rte_cryptodev *dev __rte_unused,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mp, &sess_private_data)) {
> -		NULL_LOG(ERR,
> -				"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = null_crypto_set_session_parameters(sess_private_data,
> xform);
> +	ret = null_crypto_set_session_parameters(sess, xform);
>  	if (ret != 0) {
>  		NULL_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mp, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct null_crypto_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct null_crypto_session));
>  }
> 
>  static struct rte_cryptodev_ops pmd_ops = {
> diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> index 7c6b1e45b4..95659e472b 100644
> --- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> +++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> @@ -49,7 +49,6 @@ struct cpt_instance {
>  	uint32_t queue_id;
>  	uintptr_t rsvd;
>  	struct rte_mempool *sess_mp;
> -	struct rte_mempool *sess_mp_priv;
>  	struct cpt_qp_meta_info meta_info;
>  	uint8_t ca_enabled;
>  };
> diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> index 9e8fd495cf..abd0963be0 100644
> --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> @@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
> 
>  	instance->queue_id = que_pair_id;
>  	instance->sess_mp = qp_conf->mp_session;
> -	instance->sess_mp_priv = qp_conf->mp_session_private;
>  	dev->data->queue_pairs[que_pair_id] = instance;
> 
>  	return 0;
> @@ -243,29 +242,22 @@ sym_xform_verify(struct rte_crypto_sym_xform
> *xform)
>  }
> 
>  static int
> -sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
> -		      struct rte_cryptodev_sym_session *sess,
> -		      struct rte_mempool *pool)
> +sym_session_configure(struct rte_crypto_sym_xform *xform,
> +		      void *sess)
>  {
>  	struct rte_crypto_sym_xform *temp_xform = xform;
>  	struct cpt_sess_misc *misc;
>  	vq_cmd_word3_t vq_cmd_w3;
> -	void *priv;
>  	int ret;
> 
>  	ret = sym_xform_verify(xform);
>  	if (unlikely(ret))
>  		return ret;
> 
> -	if (unlikely(rte_mempool_get(pool, &priv))) {
> -		CPT_LOG_ERR("Could not allocate session private data");
> -		return -ENOMEM;
> -	}
> -
> -	memset(priv, 0, sizeof(struct cpt_sess_misc) +
> +	memset(sess, 0, sizeof(struct cpt_sess_misc) +
>  			offsetof(struct cpt_ctx, mc_ctx));
> 
> -	misc = priv;
> +	misc = sess;
> 
>  	for ( ; xform != NULL; xform = xform->next) {
>  		switch (xform->type) {
> @@ -301,8 +293,6 @@ sym_session_configure(int driver_id, struct
> rte_crypto_sym_xform *xform,
>  		goto priv_put;
>  	}
> 
> -	set_sym_session_private_data(sess, driver_id, priv);
> -
>  	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
>  			     sizeof(struct cpt_sess_misc);
> 
> @@ -316,56 +306,46 @@ sym_session_configure(int driver_id, struct
> rte_crypto_sym_xform *xform,
>  	return 0;
> 
>  priv_put:
> -	if (priv)
> -		rte_mempool_put(pool, priv);
>  	return -ENOTSUP;
>  }
> 
>  static void
> -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> +sym_session_clear(void *sess)
>  {
> -	void *priv = get_sym_session_private_data(sess, driver_id);
>  	struct cpt_sess_misc *misc;
> -	struct rte_mempool *pool;
>  	struct cpt_ctx *ctx;
> 
> -	if (priv == NULL)
> +	if (sess == NULL)
>  		return;
> 
> -	misc = priv;
> +	misc = sess;
>  	ctx = SESS_PRIV(misc);
> 
>  	if (ctx->auth_key != NULL)
>  		rte_free(ctx->auth_key);
> 
> -	memset(priv, 0, cpt_get_session_size());
> -
> -	pool = rte_mempool_from_obj(priv);
> -
> -	set_sym_session_private_data(sess, driver_id, NULL);
> -
> -	rte_mempool_put(pool, priv);
> +	memset(sess, 0, cpt_get_session_size());
>  }
> 
>  static int
>  otx_cpt_session_cfg(struct rte_cryptodev *dev,
>  		    struct rte_crypto_sym_xform *xform,
> -		    struct rte_cryptodev_sym_session *sess,
> -		    struct rte_mempool *pool)
> +		    void *sess)
>  {
>  	CPT_PMD_INIT_FUNC_TRACE();
> +	RTE_SET_USED(dev);
> 
> -	return sym_session_configure(dev->driver_id, xform, sess, pool);
> +	return sym_session_configure(xform, sess);
>  }
> 
> 
>  static void
> -otx_cpt_session_clear(struct rte_cryptodev *dev,
> -		  struct rte_cryptodev_sym_session *sess)
> +otx_cpt_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
>  	CPT_PMD_INIT_FUNC_TRACE();
> +	RTE_SET_USED(dev);
> 
> -	return sym_session_clear(dev->driver_id, sess);
> +	return sym_session_clear(sess);
>  }
> 
>  static unsigned int
> @@ -576,7 +556,6 @@ static __rte_always_inline void * __rte_hot
>  otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
>  				struct rte_crypto_op *op)
>  {
> -	const int driver_id = otx_cryptodev_driver_id;
>  	struct rte_crypto_sym_op *sym_op = op->sym;
>  	struct rte_cryptodev_sym_session *sess;
>  	void *req;
> @@ -589,8 +568,12 @@ otx_cpt_enq_single_sym_sessless(struct
> cpt_instance *instance,
>  		return NULL;
>  	}
> 
> -	ret = sym_session_configure(driver_id, sym_op->xform, sess,
> -				    instance->sess_mp_priv);
> +	sess->sess_data[otx_cryptodev_driver_id].data =
> +			(void *)((uint8_t *)sess +
> +			rte_cryptodev_sym_get_header_session_size() +
> +			(otx_cryptodev_driver_id * sess->priv_sz));
> +	ret = sym_session_configure(sym_op->xform,
> +			sess->sess_data[otx_cryptodev_driver_id].data);
>  	if (ret)
>  		goto sess_put;
> 
> @@ -604,7 +587,7 @@ otx_cpt_enq_single_sym_sessless(struct
> cpt_instance *instance,
>  	return req;
> 
>  priv_put:
> -	sym_session_clear(driver_id, sess);
> +	sym_session_clear(sess);
>  sess_put:
>  	rte_mempool_put(instance->sess_mp, sess);
>  	return NULL;
> @@ -913,7 +896,6 @@ free_sym_session_data(const struct cpt_instance
> *instance,
>  	memset(cop->sym->session, 0,
>  	       rte_cryptodev_sym_get_existing_header_session_size(
>  		       cop->sym->session));
> -	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
>  	rte_mempool_put(instance->sess_mp, cop->sym->session);
>  	cop->sym->session = NULL;
>  }
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> index 7b744cd4b4..dcfbc49996 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> @@ -371,29 +371,21 @@ sym_xform_verify(struct rte_crypto_sym_xform
> *xform)
>  }
> 
>  static int
> -sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
> -		      struct rte_cryptodev_sym_session *sess,
> -		      struct rte_mempool *pool)
> +sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
>  {
>  	struct rte_crypto_sym_xform *temp_xform = xform;
>  	struct cpt_sess_misc *misc;
>  	vq_cmd_word3_t vq_cmd_w3;
> -	void *priv;
>  	int ret;
> 
>  	ret = sym_xform_verify(xform);
>  	if (unlikely(ret))
>  		return ret;
> 
> -	if (unlikely(rte_mempool_get(pool, &priv))) {
> -		CPT_LOG_ERR("Could not allocate session private data");
> -		return -ENOMEM;
> -	}
> -
> -	memset(priv, 0, sizeof(struct cpt_sess_misc) +
> +	memset(sess, 0, sizeof(struct cpt_sess_misc) +
>  			offsetof(struct cpt_ctx, mc_ctx));
> 
> -	misc = priv;
> +	misc = sess;
> 
>  	for ( ; xform != NULL; xform = xform->next) {
>  		switch (xform->type) {
> @@ -414,7 +406,7 @@ sym_session_configure(int driver_id, struct
> rte_crypto_sym_xform *xform,
>  		}
> 
>  		if (ret)
> -			goto priv_put;
> +			return -ENOTSUP;
>  	}
> 
>  	if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
> @@ -425,12 +417,9 @@ sym_session_configure(int driver_id, struct
> rte_crypto_sym_xform *xform,
>  			rte_free(ctx->auth_key);
>  			ctx->auth_key = NULL;
>  		}
> -		ret = -ENOTSUP;
> -		goto priv_put;
> +		return -ENOTSUP;
>  	}
> 
> -	set_sym_session_private_data(sess, driver_id, misc);
> -
>  	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
>  			     sizeof(struct cpt_sess_misc);
> 
> @@ -451,11 +440,6 @@ sym_session_configure(int driver_id, struct
> rte_crypto_sym_xform *xform,
>  	misc->cpt_inst_w7 = vq_cmd_w3.u64;
> 
>  	return 0;
> -
> -priv_put:
> -	rte_mempool_put(pool, priv);
> -
> -	return -ENOTSUP;
>  }
> 
>  static __rte_always_inline int32_t __rte_hot
> @@ -765,7 +749,6 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp
> *qp, struct rte_crypto_op *op,
>  			      struct pending_queue *pend_q,
>  			      unsigned int burst_index)
>  {
> -	const int driver_id = otx2_cryptodev_driver_id;
>  	struct rte_crypto_sym_op *sym_op = op->sym;
>  	struct rte_cryptodev_sym_session *sess;
>  	int ret;
> @@ -775,8 +758,12 @@ otx2_cpt_enqueue_sym_sessless(struct
> otx2_cpt_qp *qp, struct rte_crypto_op *op,
>  	if (sess == NULL)
>  		return -ENOMEM;
> 
> -	ret = sym_session_configure(driver_id, sym_op->xform, sess,
> -				    qp->sess_mp_priv);
> +	sess->sess_data[otx2_cryptodev_driver_id].data =
> +			(void *)((uint8_t *)sess +
> +			rte_cryptodev_sym_get_header_session_size() +
> +			(otx2_cryptodev_driver_id * sess->priv_sz));
> +	ret = sym_session_configure(sym_op->xform,
> +			sess->sess_data[otx2_cryptodev_driver_id].data);
>  	if (ret)
>  		goto sess_put;
> 
> @@ -790,7 +777,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp
> *qp, struct rte_crypto_op *op,
>  	return 0;
> 
>  priv_put:
> -	sym_session_clear(driver_id, sess);
> +	sym_session_clear(sess);
>  sess_put:
>  	rte_mempool_put(qp->sess_mp, sess);
>  	return ret;
> @@ -1035,8 +1022,7 @@ otx2_cpt_dequeue_post_process(struct
> otx2_cpt_qp *qp, struct rte_crypto_op *cop,
>  		}
> 
>  		if (unlikely(cop->sess_type ==
> RTE_CRYPTO_OP_SESSIONLESS)) {
> -			sym_session_clear(otx2_cryptodev_driver_id,
> -					  cop->sym->session);
> +			sym_session_clear(cop->sym->session);
>  			sz =
> rte_cryptodev_sym_get_existing_header_session_size(
>  					cop->sym->session);
>  			memset(cop->sym->session, 0, sz);
> @@ -1291,7 +1277,6 @@ otx2_cpt_queue_pair_setup(struct rte_cryptodev
> *dev, uint16_t qp_id,
>  	}
> 
>  	qp->sess_mp = conf->mp_session;
> -	qp->sess_mp_priv = conf->mp_session_private;
>  	dev->data->queue_pairs[qp_id] = qp;
> 
>  	return 0;
> @@ -1330,21 +1315,22 @@ otx2_cpt_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
>  			       struct rte_crypto_sym_xform *xform,
> -			       struct rte_cryptodev_sym_session *sess,
> -			       struct rte_mempool *pool)
> +			       void *sess)
>  {
>  	CPT_PMD_INIT_FUNC_TRACE();
> +	RTE_SET_USED(dev);
> 
> -	return sym_session_configure(dev->driver_id, xform, sess, pool);
> +	return sym_session_configure(xform, sess);
>  }
> 
>  static void
>  otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
> -			   struct rte_cryptodev_sym_session *sess)
> +			   void *sess)
>  {
>  	CPT_PMD_INIT_FUNC_TRACE();
> +	RTE_SET_USED(dev);
> 
> -	return sym_session_clear(dev->driver_id, sess);
> +	return sym_session_clear(sess);
>  }
> 
>  static unsigned int
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> index 01c081a216..5f63eaf7b7 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> @@ -8,29 +8,21 @@
>  #include "cpt_pmd_logs.h"
> 
>  static void
> -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> +sym_session_clear(void *sess)
>  {
> -	void *priv = get_sym_session_private_data(sess, driver_id);
>  	struct cpt_sess_misc *misc;
> -	struct rte_mempool *pool;
>  	struct cpt_ctx *ctx;
> 
> -	if (priv == NULL)
> +	if (sess == NULL)
>  		return;
> 
> -	misc = priv;
> +	misc = sess;
>  	ctx = SESS_PRIV(misc);
> 
>  	if (ctx->auth_key != NULL)
>  		rte_free(ctx->auth_key);
> 
> -	memset(priv, 0, cpt_get_session_size());
> -
> -	pool = rte_mempool_from_obj(priv);
> -
> -	set_sym_session_private_data(sess, driver_id, NULL);
> -
> -	rte_mempool_put(pool, priv);
> +	memset(sess, 0, cpt_get_session_size());
>  }
> 
>  static __rte_always_inline uint8_t
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 52715f86f8..1b48a6b400 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -741,7 +741,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  		goto qp_setup_cleanup;
> 
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->stats, 0, sizeof(qp->stats));
> 
> @@ -772,10 +771,8 @@ openssl_pmd_asym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  openssl_pmd_sym_session_configure(struct rte_cryptodev *dev
> __rte_unused,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	if (unlikely(sess == NULL)) {
> @@ -783,24 +780,12 @@ openssl_pmd_sym_session_configure(struct
> rte_cryptodev *dev __rte_unused,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		OPENSSL_LOG(ERR,
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	ret = openssl_set_session_parameters(sess_private_data, xform);
> +	ret = openssl_set_session_parameters(sess, xform);
>  	if (ret != 0) {
>  		OPENSSL_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -			sess_private_data);
> -
>  	return 0;
>  }
> 
> @@ -1154,19 +1139,13 @@ openssl_pmd_asym_session_configure(struct
> rte_cryptodev *dev __rte_unused,
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		openssl_reset_session(sess_priv);
> -		memset(sess_priv, 0, sizeof(struct openssl_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> +	if (sess) {
> +		openssl_reset_session(sess);
> +		memset(sess, 0, sizeof(struct openssl_session));
>  	}
>  }
> 
> diff --git a/drivers/crypto/qat/qat_sym_session.c
> b/drivers/crypto/qat/qat_sym_session.c
> index 2a22347c7f..114bf081c1 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -172,21 +172,14 @@ qat_is_auth_alg_supported(enum
> rte_crypto_auth_algorithm algo,
>  }
> 
>  void
> -qat_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +qat_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
> +	struct qat_sym_session *s = (struct qat_sym_session *)sess;
> 
> -	if (sess_priv) {
> +	if (sess) {
>  		if (s->bpi_ctx)
>  			bpi_cipher_ctx_free(s->bpi_ctx);
>  		memset(s, 0, qat_sym_session_get_private_size(dev));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
>  	}
>  }
> 
> @@ -458,31 +451,17 @@ qat_sym_session_configure_cipher(struct
> rte_cryptodev *dev,
>  int
>  qat_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess_private_data)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		CDEV_LOG_ERR(
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
>  	ret = qat_sym_session_set_parameters(dev, xform,
> sess_private_data);
>  	if (ret != 0) {
>  		QAT_LOG(ERR,
>  		    "Crypto QAT PMD: failed to configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
> diff --git a/drivers/crypto/qat/qat_sym_session.h
> b/drivers/crypto/qat/qat_sym_session.h
> index 7fcc1d6f7b..6da29e2305 100644
> --- a/drivers/crypto/qat/qat_sym_session.h
> +++ b/drivers/crypto/qat/qat_sym_session.h
> @@ -112,8 +112,7 @@ struct qat_sym_session {
>  int
>  qat_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool);
> +		void *sess);
> 
>  int
>  qat_sym_session_set_parameters(struct rte_cryptodev *dev,
> @@ -135,8 +134,7 @@ qat_sym_session_configure_auth(struct
> rte_cryptodev *dev,
>  				struct qat_sym_session *session);
> 
>  void
> -qat_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *session);
> +qat_sym_session_clear(struct rte_cryptodev *dev, void *session);
> 
>  unsigned int
>  qat_sym_session_get_private_size(struct rte_cryptodev *dev);
> diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> index 465b88ade8..87260b5a22 100644
> --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> @@ -476,9 +476,7 @@ scheduler_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
> 
>  static int
>  scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> -	struct rte_crypto_sym_xform *xform,
> -	struct rte_cryptodev_sym_session *sess,
> -	struct rte_mempool *mempool)
> +	struct rte_crypto_sym_xform *xform, void *sess)
>  {
>  	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
>  	uint32_t i;
> @@ -488,7 +486,7 @@ scheduler_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		struct scheduler_worker *worker = &sched_ctx->workers[i];
> 
>  		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> -					xform, mempool);
> +					xform);
>  		if (ret < 0) {
>  			CR_SCHED_LOG(ERR, "unable to config sym session");
>  			return ret;
> @@ -500,8 +498,7 @@ scheduler_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
>  	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
>  	uint32_t i;
> diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> index 3f46014b7d..b0f8f6d86a 100644
> --- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> +++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> @@ -226,7 +226,6 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
> 
>  	qp->mgr = internals->mgr;
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> 
> @@ -250,10 +249,8 @@ snow3g_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
>  	struct snow3g_private *internals = dev->data->dev_private;
> 
> @@ -262,43 +259,24 @@ snow3g_pmd_sym_session_configure(struct
> rte_cryptodev *dev,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		SNOW3G_LOG(ERR,
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
>  	ret = snow3g_set_session_parameters(internals->mgr,
> -					sess_private_data, xform);
> +					sess, xform);
>  	if (ret != 0) {
>  		SNOW3G_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct snow3g_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct snow3g_session));
>  }
> 
>  struct rte_cryptodev_ops snow3g_pmd_ops = {
> diff --git a/drivers/crypto/virtio/virtio_cryptodev.c
> b/drivers/crypto/virtio/virtio_cryptodev.c
> index 8faa39df4a..de52fec32e 100644
> --- a/drivers/crypto/virtio/virtio_cryptodev.c
> +++ b/drivers/crypto/virtio/virtio_cryptodev.c
> @@ -37,11 +37,10 @@ static void virtio_crypto_dev_free_mbufs(struct
> rte_cryptodev *dev);
>  static unsigned int virtio_crypto_sym_get_session_private_size(
>  		struct rte_cryptodev *dev);
>  static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess);
> +		void *sess);
>  static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *session,
> -		struct rte_mempool *mp);
> +		void *session);
> 
>  /*
>   * The set of PCI devices this driver supports
> @@ -927,7 +926,7 @@ virtio_crypto_check_sym_clear_session_paras(
>  static void
>  virtio_crypto_sym_clear_session(
>  		struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +		void *sess)
>  {
>  	struct virtio_crypto_hw *hw;
>  	struct virtqueue *vq;
> @@ -1290,11 +1289,9 @@ static int
>  virtio_crypto_check_sym_configure_session_paras(
>  		struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sym_sess,
> -		struct rte_mempool *mempool)
> +		void *sym_sess)
>  {
> -	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
> -		unlikely(mempool == NULL)) {
> +	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
>  		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
>  		return -1;
>  	}
> @@ -1309,12 +1306,9 @@ static int
>  virtio_crypto_sym_configure_session(
>  		struct rte_cryptodev *dev,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
>  	int ret;
> -	struct virtio_crypto_session crypto_sess;
> -	void *session_private = &crypto_sess;
>  	struct virtio_crypto_session *session;
>  	struct virtio_crypto_op_ctrl_req *ctrl_req;
>  	enum virtio_crypto_cmd_id cmd_id;
> @@ -1326,19 +1320,13 @@ virtio_crypto_sym_configure_session(
>  	PMD_INIT_FUNC_TRACE();
> 
>  	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
> -			sess, mempool);
> +			sess);
>  	if (ret < 0) {
>  		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
>  		return ret;
>  	}
> 
> -	if (rte_mempool_get(mempool, &session_private)) {
> -		VIRTIO_CRYPTO_SESSION_LOG_ERR(
> -			"Couldn't get object from session mempool");
> -		return -ENOMEM;
> -	}
> -
> -	session = (struct virtio_crypto_session *)session_private;
> +	session = (struct virtio_crypto_session *)sess;
>  	memset(session, 0, sizeof(struct virtio_crypto_session));
>  	ctrl_req = &session->ctrl;
>  	ctrl_req->header.opcode =
> VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
> @@ -1401,9 +1389,6 @@ virtio_crypto_sym_configure_session(
>  		goto error_out;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		session_private);
> -
>  	return 0;
> 
>  error_out:
> diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> index 38642d45ab..04126c8a04 100644
> --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> @@ -226,7 +226,6 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
> 
>  	qp->mb_mgr = internals->mb_mgr;
>  	qp->sess_mp = qp_conf->mp_session;
> -	qp->sess_mp_priv = qp_conf->mp_session_private;
> 
>  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> 
> @@ -250,10 +249,8 @@ zuc_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  static int
>  zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
>  		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_mempool *mempool)
> +		void *sess)
>  {
> -	void *sess_private_data;
>  	int ret;
> 
>  	if (unlikely(sess == NULL)) {
> @@ -261,43 +258,23 @@ zuc_pmd_sym_session_configure(struct
> rte_cryptodev *dev __rte_unused,
>  		return -EINVAL;
>  	}
> 
> -	if (rte_mempool_get(mempool, &sess_private_data)) {
> -		ZUC_LOG(ERR,
> -			"Couldn't get object from session mempool");
> -
> -		return -ENOMEM;
> -	}
> -
> -	ret = zuc_set_session_parameters(sess_private_data, xform);
> +	ret = zuc_set_session_parameters(sess, xform);
>  	if (ret != 0) {
>  		ZUC_LOG(ERR, "failed configure session parameters");
> -
> -		/* Return session to mempool */
> -		rte_mempool_put(mempool, sess_private_data);
>  		return ret;
>  	}
> 
> -	set_sym_session_private_data(sess, dev->driver_id,
> -		sess_private_data);
> -
>  	return 0;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -zuc_pmd_sym_session_clear(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess)
> +zuc_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
>  {
> -	uint8_t index = dev->driver_id;
> -	void *sess_priv = get_sym_session_private_data(sess, index);
> -
> +	RTE_SET_USED(dev);
>  	/* Zero out the whole structure */
> -	if (sess_priv) {
> -		memset(sess_priv, 0, sizeof(struct zuc_session));
> -		struct rte_mempool *sess_mp =
> rte_mempool_from_obj(sess_priv);
> -		set_sym_session_private_data(sess, index, NULL);
> -		rte_mempool_put(sess_mp, sess_priv);
> -	}
> +	if (sess)
> +		memset(sess, 0, sizeof(struct zuc_session));
>  }
> 
>  struct rte_cryptodev_ops zuc_pmd_ops = {
> diff --git a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> index b33cb7e139..8522f2dfda 100644
> --- a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> +++ b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> @@ -38,8 +38,7 @@ otx2_ca_deq_post_process(const struct otx2_cpt_qp
> *qp,
>  		}
> 
>  		if (unlikely(cop->sess_type ==
> RTE_CRYPTO_OP_SESSIONLESS)) {
> -			sym_session_clear(otx2_cryptodev_driver_id,
> -					  cop->sym->session);
> +			sym_session_clear(cop->sym->session);
>  			memset(cop->sym->session, 0,
> 
> 	rte_cryptodev_sym_get_existing_header_session_size(
>  				cop->sym->session));
> diff --git a/examples/fips_validation/fips_dev_self_test.c
> b/examples/fips_validation/fips_dev_self_test.c
> index b4eab05a98..bbc27a1b6f 100644
> --- a/examples/fips_validation/fips_dev_self_test.c
> +++ b/examples/fips_validation/fips_dev_self_test.c
> @@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
>  	struct rte_mempool *mpool;
>  	struct rte_mempool *op_pool;
>  	struct rte_mempool *sess_pool;
> -	struct rte_mempool *sess_priv_pool;
>  	struct rte_mbuf *mbuf;
>  	struct rte_crypto_op *op;
>  };
> @@ -981,7 +980,7 @@ typedef int
> (*fips_dev_self_test_prepare_xform_t)(uint8_t,
>  		uint32_t);
> 
>  typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
> -		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
> +		struct rte_mbuf *, void *,
>  		uint32_t, struct fips_dev_self_test_vector *);
> 
>  typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
> @@ -1173,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
>  static int
>  prepare_cipher_op(struct rte_crypto_op *op,
>  		struct rte_mbuf *mbuf,
> -		struct rte_cryptodev_sym_session *session,
> +		void *session,
>  		uint32_t dir,
>  		struct fips_dev_self_test_vector *vec)
>  {
> @@ -1212,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
>  static int
>  prepare_auth_op(struct rte_crypto_op *op,
>  		struct rte_mbuf *mbuf,
> -		struct rte_cryptodev_sym_session *session,
> +		void *session,
>  		uint32_t dir,
>  		struct fips_dev_self_test_vector *vec)
>  {
> @@ -1251,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
>  static int
>  prepare_aead_op(struct rte_crypto_op *op,
>  		struct rte_mbuf *mbuf,
> -		struct rte_cryptodev_sym_session *session,
> +		void *session,
>  		uint32_t dir,
>  		struct fips_dev_self_test_vector *vec)
>  {
> @@ -1464,7 +1463,7 @@ run_single_test(uint8_t dev_id,
>  		uint32_t negative_test)
>  {
>  	struct rte_crypto_sym_xform xform;
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
>  	uint16_t n_deqd;
>  	uint8_t key[256];
>  	int ret;
> @@ -1484,8 +1483,7 @@ run_single_test(uint8_t dev_id,
>  	if (!sess)
>  		return -ENOMEM;
> 
> -	ret = rte_cryptodev_sym_session_init(dev_id,
> -			sess, &xform, env->sess_priv_pool);
> +	ret = rte_cryptodev_sym_session_init(dev_id, sess, &xform);
>  	if (ret < 0) {
>  		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
>  		return ret;
> @@ -1533,8 +1531,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
>  		rte_mempool_free(env->op_pool);
>  	if (env->sess_pool)
>  		rte_mempool_free(env->sess_pool);
> -	if (env->sess_priv_pool)
> -		rte_mempool_free(env->sess_priv_pool);
> 
>  	rte_cryptodev_stop(dev_id);
>  }
> @@ -1542,7 +1538,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
>  static int
>  fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env
> *env)
>  {
> -	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
> +	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
>  	uint32_t sess_sz =
> rte_cryptodev_sym_get_private_session_size(dev_id);
>  	struct rte_cryptodev_config conf;
>  	char name[128];
> @@ -1586,25 +1582,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct
> fips_dev_auto_test_env *env)
>  	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
> 
>  	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
> -			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
> +			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
>  	if (!env->sess_pool) {
>  		ret = -ENOMEM;
>  		goto error_exit;
>  	}
> 
> -	memset(name, 0, 128);
> -	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
> -
> -	env->sess_priv_pool = rte_mempool_create(name,
> -			128, sess_sz, 0, 0, NULL, NULL, NULL,
> -			NULL, rte_cryptodev_socket_id(dev_id), 0);
> -	if (!env->sess_priv_pool) {
> -		ret = -ENOMEM;
> -		goto error_exit;
> -	}
> -
>  	qp_conf.mp_session = env->sess_pool;
> -	qp_conf.mp_session_private = env->sess_priv_pool;
> 
>  	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
>  			rte_cryptodev_socket_id(dev_id));
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c
> index a8daad1f48..03c6ccb5b8 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -48,13 +48,12 @@ struct cryptodev_fips_validate_env {
>  	uint16_t mbuf_data_room;
>  	struct rte_mempool *mpool;
>  	struct rte_mempool *sess_mpool;
> -	struct rte_mempool *sess_priv_mpool;
>  	struct rte_mempool *op_pool;
>  	struct rte_mbuf *mbuf;
>  	uint8_t *digest;
>  	uint16_t digest_len;
>  	struct rte_crypto_op *op;
> -	struct rte_cryptodev_sym_session *sess;
> +	void *sess;
>  	uint16_t self_test;
>  	struct fips_dev_broken_test_config *broken_test_config;
>  } env;
> @@ -63,7 +62,7 @@ static int
>  cryptodev_fips_validate_app_int(void)
>  {
>  	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
> -	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
> +	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
>  	struct rte_cryptodev_info dev_info;
>  	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
>  			env.dev_id);
> @@ -103,16 +102,11 @@ cryptodev_fips_validate_app_int(void)
>  	ret = -ENOMEM;
> 
>  	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
> -			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
> +			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
> +			rte_socket_id());
>  	if (!env.sess_mpool)
>  		goto error_exit;
> 
> -	env.sess_priv_mpool =
> rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
> -			16, sess_sz, 0, 0, NULL, NULL, NULL,
> -			NULL, rte_socket_id(), 0);
> -	if (!env.sess_priv_mpool)
> -		goto error_exit;
> -
>  	env.op_pool = rte_crypto_op_pool_create(
>  			"FIPS_OP_POOL",
>  			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> @@ -127,7 +121,6 @@ cryptodev_fips_validate_app_int(void)
>  		goto error_exit;
> 
>  	qp_conf.mp_session = env.sess_mpool;
> -	qp_conf.mp_session_private = env.sess_priv_mpool;
> 
>  	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
>  			rte_socket_id());
> @@ -141,8 +134,6 @@ cryptodev_fips_validate_app_int(void)
>  	rte_mempool_free(env.mpool);
>  	if (env.sess_mpool)
>  		rte_mempool_free(env.sess_mpool);
> -	if (env.sess_priv_mpool)
> -		rte_mempool_free(env.sess_priv_mpool);
>  	if (env.op_pool)
>  		rte_mempool_free(env.op_pool);
> 
> @@ -158,7 +149,6 @@ cryptodev_fips_validate_app_uninit(void)
>  	rte_cryptodev_sym_session_free(env.sess);
>  	rte_mempool_free(env.mpool);
>  	rte_mempool_free(env.sess_mpool);
> -	rte_mempool_free(env.sess_priv_mpool);
>  	rte_mempool_free(env.op_pool);
>  }
> 
> @@ -1179,7 +1169,7 @@ fips_run_test(void)
>  		return -ENOMEM;
> 
>  	ret = rte_cryptodev_sym_session_init(env.dev_id,
> -			env.sess, &xform, env.sess_priv_mpool);
> +			env.sess, &xform);
>  	if (ret < 0) {
>  		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
>  				ret);
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index 7ad94cb822..65528ee2e7 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1216,15 +1216,11 @@ ipsec_poll_mode_worker(void)
>  	qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
>  	qconf->inbound.cdev_map = cdev_map_in;
>  	qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
> -	qconf->inbound.session_priv_pool =
> -			socket_ctx[socket_id].session_priv_pool;
>  	qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
>  	qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
>  	qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
>  	qconf->outbound.cdev_map = cdev_map_out;
>  	qconf->outbound.session_pool =
> socket_ctx[socket_id].session_pool;
> -	qconf->outbound.session_priv_pool =
> -			socket_ctx[socket_id].session_priv_pool;
>  	qconf->frag.pool_dir = socket_ctx[socket_id].mbuf_pool;
>  	qconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;
> 
> @@ -2142,8 +2138,6 @@ cryptodevs_init(uint16_t req_queue_num)
>  		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
>  		qp_conf.mp_session =
>  			socket_ctx[dev_conf.socket_id].session_pool;
> -		qp_conf.mp_session_private =
> -			socket_ctx[dev_conf.socket_id].session_priv_pool;
>  		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
>  			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
>  					&qp_conf, dev_conf.socket_id))
> @@ -2405,37 +2399,37 @@ session_pool_init(struct socket_ctx *ctx, int32_t
> socket_id, size_t sess_sz)
>  		printf("Allocated session pool on socket %d\n",
> 	socket_id);
>  }
> 
> -static void
> -session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
> -	size_t sess_sz)
> -{
> -	char mp_name[RTE_MEMPOOL_NAMESIZE];
> -	struct rte_mempool *sess_mp;
> -	uint32_t nb_sess;
> -
> -	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> -			"sess_mp_priv_%u", socket_id);
> -	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> -		rte_lcore_count());
> -	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
> -			CDEV_MP_CACHE_MULTIPLIER);
> -	sess_mp = rte_mempool_create(mp_name,
> -			nb_sess,
> -			sess_sz,
> -			CDEV_MP_CACHE_SZ,
> -			0, NULL, NULL, NULL,
> -			NULL, socket_id,
> -			0);
> -	ctx->session_priv_pool = sess_mp;
> -
> -	if (ctx->session_priv_pool == NULL)
> -		rte_exit(EXIT_FAILURE,
> -			"Cannot init session priv pool on socket %d\n",
> -			socket_id);
> -	else
> -		printf("Allocated session priv pool on socket %d\n",
> -			socket_id);
> -}
> +//static void
> +//session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
> +//	size_t sess_sz)
> +//{
> +//	char mp_name[RTE_MEMPOOL_NAMESIZE];
> +//	struct rte_mempool *sess_mp;
> +//	uint32_t nb_sess;
> +//
> +//	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> +//			"sess_mp_priv_%u", socket_id);
> +//	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> +//		rte_lcore_count());
> +//	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
> +//			CDEV_MP_CACHE_MULTIPLIER);
> +//	sess_mp = rte_mempool_create(mp_name,
> +//			nb_sess,
> +//			sess_sz,
> +//			CDEV_MP_CACHE_SZ,
> +//			0, NULL, NULL, NULL,
> +//			NULL, socket_id,
> +//			0);
> +//	ctx->session_priv_pool = sess_mp;
> +//
> +//	if (ctx->session_priv_pool == NULL)
> +//		rte_exit(EXIT_FAILURE,
> +//			"Cannot init session priv pool on socket %d\n",
> +//			socket_id);
> +//	else
> +//		printf("Allocated session priv pool on socket %d\n",
> +//			socket_id);
> +//}
> 
>  static void
>  pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
> @@ -2938,8 +2932,8 @@ main(int32_t argc, char **argv)
> 
>  		pool_init(&socket_ctx[socket_id], socket_id,
> nb_bufs_in_pool);
>  		session_pool_init(&socket_ctx[socket_id], socket_id,
> sess_sz);
> -		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
> -			sess_sz);
> +//		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
> +//			sess_sz);
>  	}
>  	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
> 
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 03d907cba8..a5921de11c 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -143,8 +143,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx,
> struct ipsec_sa *sa,
>  		ips->crypto.ses = rte_cryptodev_sym_session_create(
>  				ipsec_ctx->session_pool);
>  		rte_cryptodev_sym_session_init(ipsec_ctx-
> >tbl[cdev_id_qp].id,
> -				ips->crypto.ses, sa->xforms,
> -				ipsec_ctx->session_priv_pool);
> +				ips->crypto.ses, sa->xforms);
> 
>  		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
>  				&cdev_info);
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 8405c48171..673c64e8dc 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -243,7 +243,6 @@ struct socket_ctx {
>  	struct rte_mempool *mbuf_pool;
>  	struct rte_mempool *mbuf_pool_indir;
>  	struct rte_mempool *session_pool;
> -	struct rte_mempool *session_priv_pool;
>  };
> 
>  struct cnt_blk {
> diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-
> secgw/ipsec_worker.c
> index c545497cee..04bcce49db 100644
> --- a/examples/ipsec-secgw/ipsec_worker.c
> +++ b/examples/ipsec-secgw/ipsec_worker.c
> @@ -537,14 +537,10 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct
> eh_event_link_info *links,
>  	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
>  	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
>  	lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
> -	lconf.inbound.session_priv_pool =
> -			socket_ctx[socket_id].session_priv_pool;
>  	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
>  	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
>  	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
>  	lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
> -	lconf.outbound.session_priv_pool =
> -			socket_ctx[socket_id].session_priv_pool;
> 
>  	RTE_LOG(INFO, IPSEC,
>  		"Launching event mode worker (non-burst - Tx internal port -
> "
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> index 66d1491bf7..bdc3da731c 100644
> --- a/examples/l2fwd-crypto/main.c
> +++ b/examples/l2fwd-crypto/main.c
> @@ -188,7 +188,7 @@ struct l2fwd_crypto_params {
>  	struct l2fwd_iv auth_iv;
>  	struct l2fwd_iv aead_iv;
>  	struct l2fwd_key aad;
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
> 
>  	uint8_t do_cipher;
>  	uint8_t do_hash;
> @@ -229,7 +229,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
>  struct rte_mempool *l2fwd_crypto_op_pool;
>  static struct {
>  	struct rte_mempool *sess_mp;
> -	struct rte_mempool *priv_mp;
>  } session_pool_socket[RTE_MAX_NUMA_NODES];
> 
>  /* Per-port statistics struct */
> @@ -671,11 +670,11 @@ generate_random_key(uint8_t *key, unsigned
> length)
>  }
> 
>  /* Session is created and is later attached to the crypto operation. 8< */
> -static struct rte_cryptodev_sym_session *
> +static void *
>  initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t
> cdev_id)
>  {
>  	struct rte_crypto_sym_xform *first_xform;
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
>  	int retval = rte_cryptodev_socket_id(cdev_id);
> 
>  	if (retval < 0)
> @@ -703,8 +702,7 @@ initialize_crypto_session(struct l2fwd_crypto_options
> *options, uint8_t cdev_id)
>  		return NULL;
> 
>  	if (rte_cryptodev_sym_session_init(cdev_id, session,
> -				first_xform,
> -				session_pool_socket[socket_id].priv_mp) < 0)
> +				first_xform) < 0)
>  		return NULL;
> 
>  	return session;
> @@ -730,7 +728,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options
> *options)
>  			US_PER_S * BURST_TX_DRAIN_US;
>  	struct l2fwd_crypto_params *cparams;
>  	struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
> 
>  	if (qconf->nb_rx_ports == 0) {
>  		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n",
> lcore_id);
> @@ -2388,30 +2386,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options
> *options, unsigned nb_ports,
>  		} else
>  			sessions_needed = enabled_cdev_count;
> 
> -		if (session_pool_socket[socket_id].priv_mp == NULL) {
> -			char mp_name[RTE_MEMPOOL_NAMESIZE];
> -
> -			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> -				"priv_sess_mp_%u", socket_id);
> -
> -			session_pool_socket[socket_id].priv_mp =
> -					rte_mempool_create(mp_name,
> -						sessions_needed,
> -						max_sess_sz,
> -						0, 0, NULL, NULL, NULL,
> -						NULL, socket_id,
> -						0);
> -
> -			if (session_pool_socket[socket_id].priv_mp == NULL)
> {
> -				printf("Cannot create pool on socket %d\n",
> -					socket_id);
> -				return -ENOMEM;
> -			}
> -
> -			printf("Allocated pool \"%s\" on socket %d\n",
> -				mp_name, socket_id);
> -		}
> -
>  		if (session_pool_socket[socket_id].sess_mp == NULL) {
>  			char mp_name[RTE_MEMPOOL_NAMESIZE];
>  			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> @@ -2421,7 +2395,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options
> *options, unsigned nb_ports,
> 
> 	rte_cryptodev_sym_session_pool_create(
>  							mp_name,
>  							sessions_needed,
> -							0, 0, 0, socket_id);
> +							max_sess_sz,
> +							0, 0, socket_id);
> 
>  			if (session_pool_socket[socket_id].sess_mp == NULL)
> {
>  				printf("Cannot create pool on socket %d\n",
> @@ -2573,8 +2548,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options
> *options, unsigned nb_ports,
> 
>  		qp_conf.nb_descriptors = 2048;
>  		qp_conf.mp_session =
> session_pool_socket[socket_id].sess_mp;
> -		qp_conf.mp_session_private =
> -				session_pool_socket[socket_id].priv_mp;
> 
>  		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0,
> &qp_conf,
>  				socket_id);
> diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
> index dea7dcbd07..cbb97aaf76 100644
> --- a/examples/vhost_crypto/main.c
> +++ b/examples/vhost_crypto/main.c
> @@ -46,7 +46,6 @@ struct vhost_crypto_info {
>  	int vids[MAX_NB_SOCKETS];
>  	uint32_t nb_vids;
>  	struct rte_mempool *sess_pool;
> -	struct rte_mempool *sess_priv_pool;
>  	struct rte_mempool *cop_pool;
>  	uint8_t cid;
>  	uint32_t qid;
> @@ -304,7 +303,6 @@ new_device(int vid)
>  	}
> 
>  	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
> -			info->sess_priv_pool,
>  			rte_lcore_to_socket_id(options.los[i].lcore_id));
>  	if (ret) {
>  		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
> @@ -458,7 +456,6 @@ free_resource(void)
> 
>  		rte_mempool_free(info->cop_pool);
>  		rte_mempool_free(info->sess_pool);
> -		rte_mempool_free(info->sess_priv_pool);
> 
>  		for (j = 0; j < lo->nb_sockets; j++) {
>  			rte_vhost_driver_unregister(lo->socket_files[i]);
> @@ -544,16 +541,12 @@ main(int argc, char *argv[])
> 
>  		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
>  		info->sess_pool =
> rte_cryptodev_sym_session_pool_create(name,
> -				SESSION_MAP_ENTRIES, 0, 0, 0,
> -				rte_lcore_to_socket_id(lo->lcore_id));
> -
> -		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
> -		info->sess_priv_pool = rte_mempool_create(name,
>  				SESSION_MAP_ENTRIES,
> 
> 	rte_cryptodev_sym_get_private_session_size(
> -				info->cid), 64, 0, NULL, NULL, NULL, NULL,
> -				rte_lcore_to_socket_id(lo->lcore_id), 0);
> -		if (!info->sess_priv_pool || !info->sess_pool) {
> +					info->cid), 0, 0,
> +				rte_lcore_to_socket_id(lo->lcore_id));
> +
> +		if (!info->sess_pool) {
>  			RTE_LOG(ERR, USER1, "Failed to create mempool");
>  			goto error_exit;
>  		}
> @@ -574,7 +567,6 @@ main(int argc, char *argv[])
> 
>  		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
>  		qp_conf.mp_session = info->sess_pool;
> -		qp_conf.mp_session_private = info->sess_priv_pool;
> 
>  		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
>  			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
> diff --git a/lib/cryptodev/cryptodev_pmd.h
> b/lib/cryptodev/cryptodev_pmd.h
> index ae3aac59ae..d758b3b85d 100644
> --- a/lib/cryptodev/cryptodev_pmd.h
> +++ b/lib/cryptodev/cryptodev_pmd.h
> @@ -242,7 +242,6 @@ typedef unsigned int
> (*cryptodev_asym_get_session_private_size_t)(
>   * @param	dev		Crypto device pointer
>   * @param	xform		Single or chain of crypto xforms
>   * @param	session		Pointer to cryptodev's private session
> structure
> - * @param	mp		Mempool where the private session is
> allocated
>   *
>   * @return
>   *  - Returns 0 if private session structure have been created successfully.
> @@ -251,9 +250,7 @@ typedef unsigned int
> (*cryptodev_asym_get_session_private_size_t)(
>   *  - Returns -ENOMEM if the private session could not be allocated.
>   */
>  typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev
> *dev,
> -		struct rte_crypto_sym_xform *xform,
> -		struct rte_cryptodev_sym_session *session,
> -		struct rte_mempool *mp);
> +		struct rte_crypto_sym_xform *xform, void *session);
>  /**
>   * Configure a Crypto asymmetric session on a device.
>   *
> @@ -279,7 +276,7 @@ typedef int
> (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
>   * @param	sess		Cryptodev session structure
>   */
>  typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
> -		struct rte_cryptodev_sym_session *sess);
> +		void *sess);
>  /**
>   * Free asymmetric session private data.
>   *
> diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
> index a864f5036f..200617f623 100644
> --- a/lib/cryptodev/rte_crypto.h
> +++ b/lib/cryptodev/rte_crypto.h
> @@ -420,7 +420,7 @@ rte_crypto_op_sym_xforms_alloc(struct
> rte_crypto_op *op, uint8_t nb_xforms)
>   */
>  static inline int
>  rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
> -		struct rte_cryptodev_sym_session *sess)
> +		void *sess)
>  {
>  	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
>  		return -1;
> diff --git a/lib/cryptodev/rte_crypto_sym.h
> b/lib/cryptodev/rte_crypto_sym.h
> index 58c0724743..848da1942c 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -932,7 +932,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct
> rte_crypto_sym_op *sym_op,
>   */
>  static inline int
>  __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op
> *sym_op,
> -		struct rte_cryptodev_sym_session *sess)
> +		void *sess)
>  {
>  	sym_op->session = sess;
> 
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 9fa3aff1d3..a31cae202a 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -199,6 +199,8 @@ struct
> rte_cryptodev_sym_session_pool_private_data {
>  	/**< number of elements in sess_data array */
>  	uint16_t user_data_sz;
>  	/**< session user data will be placed after sess_data */
> +	uint16_t sess_priv_sz;
> +	/**< session user data will be placed after sess_data */
>  };
> 
>  int
> @@ -1223,8 +1225,7 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id,
> uint16_t queue_pair_id,
>  		return -EINVAL;
>  	}
> 
> -	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
> -			(!qp_conf->mp_session && qp_conf-
> >mp_session_private)) {
> +	if (!qp_conf->mp_session) {
>  		CDEV_LOG_ERR("Invalid mempools\n");
>  		return -EINVAL;
>  	}
> @@ -1232,7 +1233,6 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id,
> uint16_t queue_pair_id,
>  	if (qp_conf->mp_session) {
>  		struct rte_cryptodev_sym_session_pool_private_data
> *pool_priv;
>  		uint32_t obj_size = qp_conf->mp_session->elt_size;
> -		uint32_t obj_priv_size = qp_conf->mp_session_private-
> >elt_size;
>  		struct rte_cryptodev_sym_session s = {0};
> 
>  		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
> @@ -1244,11 +1244,11 @@ rte_cryptodev_queue_pair_setup(uint8_t
> dev_id, uint16_t queue_pair_id,
> 
>  		s.nb_drivers = pool_priv->nb_drivers;
>  		s.user_data_sz = pool_priv->user_data_sz;
> +		s.priv_sz = pool_priv->sess_priv_sz;
> 
> -		if
> ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
> -			obj_size) || (s.nb_drivers <= dev->driver_id) ||
> -
> 	rte_cryptodev_sym_get_private_session_size(dev_id) >
> -				obj_priv_size) {
> +		if
> (((rte_cryptodev_sym_get_existing_header_session_size(&s) +
> +				(s.nb_drivers * s.priv_sz)) > obj_size) ||
> +				(s.nb_drivers <= dev->driver_id)) {
>  			CDEV_LOG_ERR("Invalid mempool\n");
>  			return -EINVAL;
>  		}
> @@ -1710,11 +1710,11 @@ rte_cryptodev_pmd_callback_process(struct
> rte_cryptodev *dev,
> 
>  int
>  rte_cryptodev_sym_session_init(uint8_t dev_id,
> -		struct rte_cryptodev_sym_session *sess,
> -		struct rte_crypto_sym_xform *xforms,
> -		struct rte_mempool *mp)
> +		void *sess_opaque,
> +		struct rte_crypto_sym_xform *xforms)
>  {
>  	struct rte_cryptodev *dev;
> +	struct rte_cryptodev_sym_session *sess = sess_opaque;
>  	uint32_t sess_priv_sz =
> rte_cryptodev_sym_get_private_session_size(
>  			dev_id);
>  	uint8_t index;
> @@ -1727,10 +1727,10 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
> 
>  	dev = rte_cryptodev_pmd_get_dev(dev_id);
> 
> -	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
> +	if (sess == NULL || xforms == NULL || dev == NULL)
>  		return -EINVAL;
> 
> -	if (mp->elt_size < sess_priv_sz)
> +	if (sess->priv_sz < sess_priv_sz)
>  		return -EINVAL;
> 
>  	index = dev->driver_id;
> @@ -1740,8 +1740,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
>  	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops-
> >sym_session_configure, -ENOTSUP);
> 
>  	if (sess->sess_data[index].refcnt == 0) {
> +		sess->sess_data[index].data = (void *)((uint8_t *)sess +
> +
> 	rte_cryptodev_sym_get_header_session_size() +
> +				(index * sess->priv_sz));
>  		ret = dev->dev_ops->sym_session_configure(dev, xforms,
> -							sess, mp);
> +				sess->sess_data[index].data);
>  		if (ret < 0) {
>  			CDEV_LOG_ERR(
>  				"dev_id %d failed to configure session
> details",
> @@ -1750,7 +1753,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
>  		}
>  	}
> 
> -	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
> +	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms);
>  	sess->sess_data[index].refcnt++;
>  	return 0;
>  }
> @@ -1795,6 +1798,21 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
>  	rte_cryptodev_trace_asym_session_init(dev_id, sess, xforms, mp);
>  	return 0;
>  }
> +static size_t
> +get_max_sym_sess_priv_sz(void)
> +{
> +	size_t max_sz, sz;
> +	int16_t cdev_id, n;
> +
> +	max_sz = 0;
> +	n =  rte_cryptodev_count();
> +	for (cdev_id = 0; cdev_id != n; cdev_id++) {
> +		sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
> +		if (sz > max_sz)
> +			max_sz = sz;
> +	}
> +	return max_sz;
> +}
> 
>  struct rte_mempool *
>  rte_cryptodev_sym_session_pool_create(const char *name, uint32_t
> nb_elts,
> @@ -1804,15 +1822,15 @@ rte_cryptodev_sym_session_pool_create(const
> char *name, uint32_t nb_elts,
>  	struct rte_mempool *mp;
>  	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
>  	uint32_t obj_sz;
> +	uint32_t sess_priv_sz = get_max_sym_sess_priv_sz();
> 
>  	obj_sz = rte_cryptodev_sym_get_header_session_size() +
> user_data_size;
> -	if (obj_sz > elt_size)
> +	if (elt_size < obj_sz + (sess_priv_sz * nb_drivers)) {
>  		CDEV_LOG_INFO("elt_size %u is expanded to %u\n",
> elt_size,
> -				obj_sz);
> -	else
> -		obj_sz = elt_size;
> -
> -	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
> +				obj_sz + (sess_priv_sz * nb_drivers));
> +		elt_size = obj_sz + (sess_priv_sz * nb_drivers);
> +	}
> +	mp = rte_mempool_create(name, nb_elts, elt_size, cache_size,
>  			(uint32_t)(sizeof(*pool_priv)),
>  			NULL, NULL, NULL, NULL,
>  			socket_id, 0);
> @@ -1832,6 +1850,7 @@ rte_cryptodev_sym_session_pool_create(const
> char *name, uint32_t nb_elts,
> 
>  	pool_priv->nb_drivers = nb_drivers;
>  	pool_priv->user_data_sz = user_data_size;
> +	pool_priv->sess_priv_sz = sess_priv_sz;
> 
>  	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
>  		elt_size, cache_size, user_data_size, mp);
> @@ -1865,7 +1884,7 @@ rte_cryptodev_sym_is_valid_session_pool(struct
> rte_mempool *mp)
>  	return 1;
>  }
> 
> -struct rte_cryptodev_sym_session *
> +void *
>  rte_cryptodev_sym_session_create(struct rte_mempool *mp)
>  {
>  	struct rte_cryptodev_sym_session *sess;
> @@ -1886,6 +1905,7 @@ rte_cryptodev_sym_session_create(struct
> rte_mempool *mp)
> 
>  	sess->nb_drivers = pool_priv->nb_drivers;
>  	sess->user_data_sz = pool_priv->user_data_sz;
> +	sess->priv_sz = pool_priv->sess_priv_sz;
>  	sess->opaque_data = 0;
> 
>  	/* Clear device session pointer.
> @@ -1895,7 +1915,7 @@ rte_cryptodev_sym_session_create(struct
> rte_mempool *mp)
>  			rte_cryptodev_sym_session_data_size(sess));
> 
>  	rte_cryptodev_trace_sym_session_create(mp, sess);
> -	return sess;
> +	return (void *)sess;
>  }
> 
>  struct rte_cryptodev_asym_session *
> @@ -1933,9 +1953,9 @@ rte_cryptodev_asym_session_create(struct
> rte_mempool *mp)
>  }
> 
>  int
> -rte_cryptodev_sym_session_clear(uint8_t dev_id,
> -		struct rte_cryptodev_sym_session *sess)
> +rte_cryptodev_sym_session_clear(uint8_t dev_id, void *s)
>  {
> +	struct rte_cryptodev_sym_session *sess = s;
>  	struct rte_cryptodev *dev;
>  	uint8_t driver_id;
> 
> @@ -1957,7 +1977,7 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
> 
>  	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear,
> -ENOTSUP);
> 
> -	dev->dev_ops->sym_session_clear(dev, sess);
> +	dev->dev_ops->sym_session_clear(dev, sess-
> >sess_data[driver_id].data);
> 
>  	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
>  	return 0;
> @@ -1988,10 +2008,11 @@ rte_cryptodev_asym_session_clear(uint8_t
> dev_id,
>  }
> 
>  int
> -rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
> +rte_cryptodev_sym_session_free(void *s)
>  {
>  	uint8_t i;
>  	struct rte_mempool *sess_mp;
> +	struct rte_cryptodev_sym_session *sess = s;
> 
>  	if (sess == NULL)
>  		return -EINVAL;
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
> index bb01f0f195..25af6fa7b9 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -537,8 +537,6 @@ struct rte_cryptodev_qp_conf {
>  	uint32_t nb_descriptors; /**< Number of descriptors per queue pair
> */
>  	struct rte_mempool *mp_session;
>  	/**< The mempool for creating session in sessionless mode */
> -	struct rte_mempool *mp_session_private;
> -	/**< The mempool for creating sess private data in sessionless mode
> */
>  };
> 
>  /**
> @@ -1126,6 +1124,8 @@ struct rte_cryptodev_sym_session {
>  	/**< number of elements in sess_data array */
>  	uint16_t user_data_sz;
>  	/**< session user data will be placed after sess_data */
> +	uint16_t priv_sz;
> +	/**< Maximum private session data size which each driver can use */
>  	__extension__ struct {
>  		void *data;
>  		uint16_t refcnt;
> @@ -1177,10 +1177,10 @@ rte_cryptodev_sym_session_pool_create(const
> char *name, uint32_t nb_elts,
>   * @param   mempool    Symmetric session mempool to allocate session
>   *                     objects from
>   * @return
> - *  - On success return pointer to sym-session
> + *  - On success return opaque pointer to sym-session
>   *  - On failure returns NULL
>   */
> -struct rte_cryptodev_sym_session *
> +void *
>  rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
> 
>  /**
> @@ -1209,7 +1209,7 @@ rte_cryptodev_asym_session_create(struct
> rte_mempool *mempool);
>   *  - -EBUSY if not all device private data has been freed.
>   */
>  int
> -rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session
> *sess);
> +rte_cryptodev_sym_session_free(void *sess);
> 
>  /**
>   * Frees asymmetric crypto session header, after checking that all
> @@ -1229,25 +1229,23 @@ rte_cryptodev_asym_session_free(struct
> rte_cryptodev_asym_session *sess);
> 
>  /**
>   * Fill out private data for the device id, based on its device type.
> + * Memory for private data is already allocated in sess, driver need
> + * to fill the content.
>   *
>   * @param   dev_id   ID of device that we want the session to be used on
>   * @param   sess     Session where the private data will be attached to
>   * @param   xforms   Symmetric crypto transform operations to apply on
> flow
>   *                   processed with this session
> - * @param   mempool  Mempool where the private data is allocated.
>   *
>   * @return
>   *  - On success, zero.
>   *  - -EINVAL if input parameters are invalid.
>   *  - -ENOTSUP if crypto device does not support the crypto transform or
>   *    does not support symmetric operations.
> - *  - -ENOMEM if the private session could not be allocated.
>   */
>  int
> -rte_cryptodev_sym_session_init(uint8_t dev_id,
> -			struct rte_cryptodev_sym_session *sess,
> -			struct rte_crypto_sym_xform *xforms,
> -			struct rte_mempool *mempool);
> +rte_cryptodev_sym_session_init(uint8_t dev_id, void *sess,
> +			struct rte_crypto_sym_xform *xforms);
> 
>  /**
>   * Initialize asymmetric session on a device with specific asymmetric xform
> @@ -1286,8 +1284,7 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
>   *  - -ENOTSUP if crypto device does not support symmetric operations.
>   */
>  int
> -rte_cryptodev_sym_session_clear(uint8_t dev_id,
> -			struct rte_cryptodev_sym_session *sess);
> +rte_cryptodev_sym_session_clear(uint8_t dev_id, void *sess);
> 
>  /**
>   * Frees resources held by asymmetric session during
> rte_cryptodev_session_init
> diff --git a/lib/cryptodev/rte_cryptodev_trace.h
> b/lib/cryptodev/rte_cryptodev_trace.h
> index d1f4f069a3..44da04c425 100644
> --- a/lib/cryptodev/rte_cryptodev_trace.h
> +++ b/lib/cryptodev/rte_cryptodev_trace.h
> @@ -56,7 +56,6 @@ RTE_TRACE_POINT(
>  	rte_trace_point_emit_u16(queue_pair_id);
>  	rte_trace_point_emit_u32(conf->nb_descriptors);
>  	rte_trace_point_emit_ptr(conf->mp_session);
> -	rte_trace_point_emit_ptr(conf->mp_session_private);
>  )
> 
>  RTE_TRACE_POINT(
> @@ -106,15 +105,13 @@ RTE_TRACE_POINT(
>  RTE_TRACE_POINT(
>  	rte_cryptodev_trace_sym_session_init,
>  	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
> -		struct rte_cryptodev_sym_session *sess, void *xforms,
> -		void *mempool),
> +		struct rte_cryptodev_sym_session *sess, void *xforms),
>  	rte_trace_point_emit_u8(dev_id);
>  	rte_trace_point_emit_ptr(sess);
>  	rte_trace_point_emit_u64(sess->opaque_data);
>  	rte_trace_point_emit_u16(sess->nb_drivers);
>  	rte_trace_point_emit_u16(sess->user_data_sz);
>  	rte_trace_point_emit_ptr(xforms);
> -	rte_trace_point_emit_ptr(mempool);
>  )
> 
>  RTE_TRACE_POINT(
> diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
> index ad7904c0ee..efdba9c899 100644
> --- a/lib/pipeline/rte_table_action.c
> +++ b/lib/pipeline/rte_table_action.c
> @@ -1719,7 +1719,7 @@ struct sym_crypto_data {
>  	uint16_t op_mask;
> 
>  	/** Session pointer. */
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
> 
>  	/** Direction of crypto, encrypt or decrypt */
>  	uint16_t direction;
> @@ -1780,7 +1780,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
>  	const struct rte_crypto_auth_xform *auth_xform = NULL;
>  	const struct rte_crypto_aead_xform *aead_xform = NULL;
>  	struct rte_crypto_sym_xform *xform = p->xform;
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
>  	int ret;
> 
>  	memset(data, 0, sizeof(*data));
> @@ -1905,7 +1905,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
>  		return -ENOMEM;
> 
>  	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
> -			p->xform, cfg->mp_init);
> +			p->xform);
>  	if (ret < 0) {
>  		rte_cryptodev_sym_session_free(session);
>  		return ret;
> @@ -2858,7 +2858,7 @@ rte_table_action_time_read(struct
> rte_table_action *action,
>  	return 0;
>  }
> 
> -struct rte_cryptodev_sym_session *
> +void *
>  rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
>  	void *data)
>  {
> diff --git a/lib/pipeline/rte_table_action.h b/lib/pipeline/rte_table_action.h
> index 82bc9d9ac9..68db453a8b 100644
> --- a/lib/pipeline/rte_table_action.h
> +++ b/lib/pipeline/rte_table_action.h
> @@ -1129,7 +1129,7 @@ rte_table_action_time_read(struct
> rte_table_action *action,
>   *   The pointer to the session on success, NULL otherwise.
>   */
>  __rte_experimental
> -struct rte_cryptodev_sym_session *
> +void *
>  rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
>  	void *data);
> 
> diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
> index f54d731139..d9b7beed9c 100644
> --- a/lib/vhost/rte_vhost_crypto.h
> +++ b/lib/vhost/rte_vhost_crypto.h
> @@ -50,8 +50,6 @@ rte_vhost_crypto_driver_start(const char *path);
>   *  multiple Vhost-crypto devices.
>   * @param sess_pool
>   *  The pointer to the created cryptodev session pool.
> - * @param sess_priv_pool
> - *  The pointer to the created cryptodev session private data mempool.
>   * @param socket_id
>   *  NUMA Socket ID to allocate resources on. *
>   * @return
> @@ -61,7 +59,6 @@ rte_vhost_crypto_driver_start(const char *path);
>  int
>  rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
>  		struct rte_mempool *sess_pool,
> -		struct rte_mempool *sess_priv_pool,
>  		int socket_id);
> 
>  /**
> diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
> index 926b5c0bd9..b4464c4253 100644
> --- a/lib/vhost/vhost_crypto.c
> +++ b/lib/vhost/vhost_crypto.c
> @@ -338,7 +338,7 @@ vhost_crypto_create_sess(struct vhost_crypto
> *vcrypto,
>  		VhostUserCryptoSessionParam *sess_param)
>  {
>  	struct rte_crypto_sym_xform xform1 = {0}, xform2 = {0};
> -	struct rte_cryptodev_sym_session *session;
> +	void *session;
>  	int ret;
> 
>  	switch (sess_param->op_type) {
> @@ -383,8 +383,7 @@ vhost_crypto_create_sess(struct vhost_crypto
> *vcrypto,
>  		return;
>  	}
> 
> -	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
> -			vcrypto->sess_priv_pool) < 0) {
> +	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1)
> < 0) {
>  		VC_LOG_ERR("Failed to initialize session");
>  		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
>  		return;
> @@ -1425,7 +1424,6 @@ rte_vhost_crypto_driver_start(const char *path)
>  int
>  rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
>  		struct rte_mempool *sess_pool,
> -		struct rte_mempool *sess_priv_pool,
>  		int socket_id)
>  {
>  	struct virtio_net *dev = get_device(vid);
> @@ -1447,7 +1445,6 @@ rte_vhost_crypto_create(int vid, uint8_t
> cryptodev_id,
>  	}
> 
>  	vcrypto->sess_pool = sess_pool;
> -	vcrypto->sess_priv_pool = sess_priv_pool;
>  	vcrypto->cid = cryptodev_id;
>  	vcrypto->cache_session_id = UINT64_MAX;
>  	vcrypto->last_session_id = 1;
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework
  2021-10-01 15:53   ` Zhang, Roy Fan
@ 2021-10-04 19:07     ` Akhil Goyal
  0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-04 19:07 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara

Hi Fan,

> Hi Akhil,
> 
> Your patch failed all QAT tests - maybe it will fail on all PMDs requiring to
> know the session's physical address (such as nitrox, caam).
> 
> The reason is QAT PMD driver cannot know the physical address of the
> session private data passed into it - as the private data is computed by
> rte_cryptodev_sym_session_init() from the start of the session (which has a
> mempool obj header with valid physical address) to the offset for that driver
> type. The session private data pointer - although is a valid buffer - does not
> have the obj header that contains the physical address.
> 
> I think the solution can be - instead of passing the session private data, the
> rte_cryptodev_sym_session pointer should be passed and a macro shall be
> provided to the drivers to manually compute the offset and then find the
> correct session private data from the session for itself.

Thanks for trying this patchset.
Instead of passing the rte_cryptodev_sym_session, Can we add another
Argument in the sym_session_configure() to pass physical address of session.
This will reduce the overhead of PMD to get the offset from lib and then call rte_mempool_virt2iova.
sym_session_configure(dev, xforms, sess_priv, sess_priv_iova)

The motive for above change: Since the mempool is not exposed to PMD,
It does not make sense to call rte_mempool_virt2iova Inside PMD.
What do you suggest?

Regards,
Akhil

> 
> Regards,
> Fan
> 
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Thursday, September 30, 2021 3:50 PM
> > To: dev@dpdk.org
> > Cc: thomas@monjalon.net; david.marchand@redhat.com;
> > hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
> > Doherty, Declan <declan.doherty@intel.com>; matan@nvidia.com;
> > g.singh@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com;
> > Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>; ajit.khaparde@broadcom.com;
> > rnagadheeraj@marvell.com; adwivedi@marvell.com; Power, Ciara
> > <ciara.power@intel.com>; Akhil Goyal <gakhil@marvell.com>
> > Subject: [PATCH 3/3] cryptodev: rework session framework
> >
> > As per current design, rte_cryptodev_sym_session_create() and
> > rte_cryptodev_sym_session_init() use separate mempool objects
> > for a single session.
> > And structure rte_cryptodev_sym_session is not directly used
> > by the application, it may cause ABI breakage if the structure
> > is modified in future.
> >
> > To address these two issues, the rte_cryptodev_sym_session_create
> > will take one mempool object for both the session and session
> > private data. The API rte_cryptodev_sym_session_init will now not
> > take mempool object.
> > rte_cryptodev_sym_session_create will now return an opaque session
> > pointer which will be used by the app in rte_cryptodev_sym_session_init
> > and other APIs.
> >
> > With this change, rte_cryptodev_sym_session_init will send
> > pointer to session private data of corresponding driver to the PMD
> > based on the driver_id for filling the PMD data.
> >
> > In data path, opaque session pointer is attached to rte_crypto_op
> > and the PMD can call an internal library API to get the session
> > private data pointer based on the driver id.
> >
> > TODO:
> > - inline APIs for opaque data
> > - move rte_cryptodev_sym_session struct to cryptodev_pmd.h
> > - currently nb_drivers are getting updated in RTE_INIT which
> > result in increasing the memory requirements for session.
> > This will be moved to PMD probe so that memory is created
> > only for those PMDs which are probed and not just compiled in.
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > ---
> >  app/test-crypto-perf/cperf.h                  |   1 -
> >  app/test-crypto-perf/cperf_ops.c              |  33 ++---
> >  app/test-crypto-perf/cperf_ops.h              |   6 +-
> >  app/test-crypto-perf/cperf_test_latency.c     |   5 +-
> >  app/test-crypto-perf/cperf_test_latency.h     |   1 -
> >  .../cperf_test_pmd_cyclecount.c               |   5 +-
> >  .../cperf_test_pmd_cyclecount.h               |   1 -
> >  app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
> >  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
> >  app/test-crypto-perf/cperf_test_verify.c      |   5 +-
> >  app/test-crypto-perf/cperf_test_verify.h      |   1 -
> >  app/test-crypto-perf/main.c                   |  29 +---
> >  app/test/test_cryptodev.c                     | 130 +++++-------------
> >  app/test/test_cryptodev.h                     |   1 -
> >  app/test/test_cryptodev_asym.c                |   1 -
> >  app/test/test_cryptodev_blockcipher.c         |   6 +-
> >  app/test/test_event_crypto_adapter.c          |  28 +---
> >  app/test/test_ipsec.c                         |  22 +--
> >  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +----
> >  .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  34 +----
> >  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +----
> >  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +----
> >  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
> >  drivers/crypto/caam_jr/caam_jr.c              |  32 ++---
> >  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +----
> >  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  18 ++-
> >  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  18 +--
> >  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 +++-----
> >  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  13 +-
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
> >  drivers/crypto/dpaa_sec/dpaa_sec.c            |  31 +----
> >  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +----
> >  drivers/crypto/mlx5/mlx5_crypto.c             |  24 +---
> >  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  36 ++---
> >  drivers/crypto/nitrox/nitrox_sym.c            |  31 +----
> >  drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +----
> >  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
> >  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 +++-----
> >  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  52 +++----
> >  .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +--
> >  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +----
> >  drivers/crypto/qat/qat_sym_session.c          |  29 +---
> >  drivers/crypto/qat/qat_sym_session.h          |   6 +-
> >  drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
> >  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +----
> >  drivers/crypto/virtio/virtio_cryptodev.c      |  31 ++---
> >  drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +----
> >  .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
> >  examples/fips_validation/fips_dev_self_test.c |  32 ++---
> >  examples/fips_validation/main.c               |  20 +--
> >  examples/ipsec-secgw/ipsec-secgw.c            |  72 +++++-----
> >  examples/ipsec-secgw/ipsec.c                  |   3 +-
> >  examples/ipsec-secgw/ipsec.h                  |   1 -
> >  examples/ipsec-secgw/ipsec_worker.c           |   4 -
> >  examples/l2fwd-crypto/main.c                  |  41 +-----
> >  examples/vhost_crypto/main.c                  |  16 +--
> >  lib/cryptodev/cryptodev_pmd.h                 |   7 +-
> >  lib/cryptodev/rte_crypto.h                    |   2 +-
> >  lib/cryptodev/rte_crypto_sym.h                |   2 +-
> >  lib/cryptodev/rte_cryptodev.c                 |  73 ++++++----
> >  lib/cryptodev/rte_cryptodev.h                 |  23 ++--
> >  lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
> >  lib/pipeline/rte_table_action.c               |   8 +-
> >  lib/pipeline/rte_table_action.h               |   2 +-
> >  lib/vhost/rte_vhost_crypto.h                  |   3 -
> >  lib/vhost/vhost_crypto.c                      |   7 +-
> >  66 files changed, 399 insertions(+), 1050 deletions(-)
> >
> > diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
> > index 2b0aad095c..db58228dce 100644
> > --- a/app/test-crypto-perf/cperf.h
> > +++ b/app/test-crypto-perf/cperf.h
> > @@ -15,7 +15,6 @@ struct cperf_op_fns;
> >
> >  typedef void  *(*cperf_constructor_t)(
> >  		struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id,
> >  		uint16_t qp_id,
> >  		const struct cperf_options *options,
> > diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-
> > perf/cperf_ops.c
> > index 1b3cbe77b9..f094bc656d 100644
> > --- a/app/test-crypto-perf/cperf_ops.c
> > +++ b/app/test-crypto-perf/cperf_ops.c
> > @@ -12,7 +12,7 @@ static int
> >  cperf_set_ops_asym(struct rte_crypto_op **ops,
> >  		   uint32_t src_buf_offset __rte_unused,
> >  		   uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops,
> > -		   struct rte_cryptodev_sym_session *sess,
> > +		   void *sess,
> >  		   const struct cperf_options *options __rte_unused,
> >  		   const struct cperf_test_vector *test_vector __rte_unused,
> >  		   uint16_t iv_offset __rte_unused,
> > @@ -40,7 +40,7 @@ static int
> >  cperf_set_ops_security(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset __rte_unused,
> >  		uint32_t dst_buf_offset __rte_unused,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options __rte_unused,
> >  		const struct cperf_test_vector *test_vector __rte_unused,
> >  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> > @@ -106,7 +106,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
> >  static int
> >  cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector __rte_unused,
> >  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> > @@ -145,7 +145,7 @@ cperf_set_ops_null_cipher(struct rte_crypto_op
> > **ops,
> >  static int
> >  cperf_set_ops_null_auth(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector __rte_unused,
> >  		uint16_t iv_offset __rte_unused, uint32_t *imix_idx)
> > @@ -184,7 +184,7 @@ cperf_set_ops_null_auth(struct rte_crypto_op
> **ops,
> >  static int
> >  cperf_set_ops_cipher(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset, uint32_t *imix_idx)
> > @@ -240,7 +240,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
> >  static int
> >  cperf_set_ops_auth(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset, uint32_t *imix_idx)
> > @@ -340,7 +340,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
> >  static int
> >  cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset, uint32_t *imix_idx)
> > @@ -455,7 +455,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op
> > **ops,
> >  static int
> >  cperf_set_ops_aead(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset, uint32_t *imix_idx)
> > @@ -563,9 +563,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
> >  	return 0;
> >  }
> >
> > -static struct rte_cryptodev_sym_session *
> > +static void *
> >  cperf_create_session(struct rte_mempool *sess_mp,
> > -	struct rte_mempool *priv_mp,
> >  	uint8_t dev_id,
> >  	const struct cperf_options *options,
> >  	const struct cperf_test_vector *test_vector,
> > @@ -590,7 +589,7 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
> >  		if (sess == NULL)
> >  			return NULL;
> >  		rc = rte_cryptodev_asym_session_init(dev_id, (void *)sess,
> > -						     &xform, priv_mp);
> > +						     &xform, sess_mp);
> >  		if (rc < 0) {
> >  			if (sess != NULL) {
> >  				rte_cryptodev_asym_session_clear(dev_id,
> > @@ -742,8 +741,7 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
> >  			cipher_xform.cipher.iv.length = 0;
> >  		}
> >  		/* create crypto session */
> > -		rte_cryptodev_sym_session_init(dev_id, sess,
> > &cipher_xform,
> > -				priv_mp);
> > +		rte_cryptodev_sym_session_init(dev_id, sess,
> > &cipher_xform);
> >  	/*
> >  	 *  auth only
> >  	 */
> > @@ -770,8 +768,7 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
> >  			auth_xform.auth.iv.length = 0;
> >  		}
> >  		/* create crypto session */
> > -		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
> > -				priv_mp);
> > +		rte_cryptodev_sym_session_init(dev_id, sess,
> > &auth_xform);
> >  	/*
> >  	 * cipher and auth
> >  	 */
> > @@ -830,12 +827,12 @@ cperf_create_session(struct rte_mempool
> > *sess_mp,
> >  			cipher_xform.next = &auth_xform;
> >  			/* create crypto session */
> >  			rte_cryptodev_sym_session_init(dev_id,
> > -					sess, &cipher_xform, priv_mp);
> > +					sess, &cipher_xform);
> >  		} else { /* auth then cipher */
> >  			auth_xform.next = &cipher_xform;
> >  			/* create crypto session */
> >  			rte_cryptodev_sym_session_init(dev_id,
> > -					sess, &auth_xform, priv_mp);
> > +					sess, &auth_xform);
> >  		}
> >  	} else { /* options->op_type == CPERF_AEAD */
> >  		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
> > @@ -856,7 +853,7 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
> >
> >  		/* Create crypto session */
> >  		rte_cryptodev_sym_session_init(dev_id,
> > -					sess, &aead_xform, priv_mp);
> > +					sess, &aead_xform);
> >  	}
> >
> >  	return sess;
> > diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-
> > perf/cperf_ops.h
> > index ff125d12cd..3ff10491a0 100644
> > --- a/app/test-crypto-perf/cperf_ops.h
> > +++ b/app/test-crypto-perf/cperf_ops.h
> > @@ -12,15 +12,15 @@
> >  #include "cperf_test_vectors.h"
> >
> >
> > -typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
> > -		struct rte_mempool *sess_mp, struct rte_mempool
> > *sess_priv_mp,
> > +typedef void *(*cperf_sessions_create_t)(
> > +		struct rte_mempool *sess_mp,
> >  		uint8_t dev_id, const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset);
> >
> >  typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
> >  		uint32_t src_buf_offset, uint32_t dst_buf_offset,
> > -		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
> > +		uint16_t nb_ops, void *sess,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> >  		uint16_t iv_offset, uint32_t *imix_idx);
> > diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-
> > perf/cperf_test_latency.c
> > index 159fe8492b..4193f7e777 100644
> > --- a/app/test-crypto-perf/cperf_test_latency.c
> > +++ b/app/test-crypto-perf/cperf_test_latency.c
> > @@ -24,7 +24,7 @@ struct cperf_latency_ctx {
> >
> >  	struct rte_mempool *pool;
> >
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >
> >  	cperf_populate_ops_t populate_ops;
> >
> > @@ -59,7 +59,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
> >
> >  void *
> >  cperf_latency_test_constructor(struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id, uint16_t qp_id,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> > @@ -84,7 +83,7 @@ cperf_latency_test_constructor(struct rte_mempool
> > *sess_mp,
> >  		sizeof(struct rte_crypto_sym_op) +
> >  		sizeof(struct cperf_op_result *);
> >
> > -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> > options,
> > +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
> >  			test_vector, iv_offset);
> >  	if (ctx->sess == NULL)
> >  		goto err;
> > diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-
> > perf/cperf_test_latency.h
> > index ed5b0a07bb..d3fc3218d7 100644
> > --- a/app/test-crypto-perf/cperf_test_latency.h
> > +++ b/app/test-crypto-perf/cperf_test_latency.h
> > @@ -17,7 +17,6 @@
> >  void *
> >  cperf_latency_test_constructor(
> >  		struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id,
> >  		uint16_t qp_id,
> >  		const struct cperf_options *options,
> > diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-
> > crypto-perf/cperf_test_pmd_cyclecount.c
> > index cbbbedd9ba..3dd489376f 100644
> > --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
> > +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
> > @@ -27,7 +27,7 @@ struct cperf_pmd_cyclecount_ctx {
> >  	struct rte_crypto_op **ops;
> >  	struct rte_crypto_op **ops_processed;
> >
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >
> >  	cperf_populate_ops_t populate_ops;
> >
> > @@ -93,7 +93,6 @@ cperf_pmd_cyclecount_test_free(struct
> > cperf_pmd_cyclecount_ctx *ctx)
> >
> >  void *
> >  cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id, uint16_t qp_id,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> > @@ -120,7 +119,7 @@ cperf_pmd_cyclecount_test_constructor(struct
> > rte_mempool *sess_mp,
> >  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
> >  			sizeof(struct rte_crypto_sym_op);
> >
> > -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> > options,
> > +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
> >  			test_vector, iv_offset);
> >  	if (ctx->sess == NULL)
> >  		goto err;
> > diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-
> > crypto-perf/cperf_test_pmd_cyclecount.h
> > index 3084038a18..beb4419910 100644
> > --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
> > +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
> > @@ -18,7 +18,6 @@
> >  void *
> >  cperf_pmd_cyclecount_test_constructor(
> >  		struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id,
> >  		uint16_t qp_id,
> >  		const struct cperf_options *options,
> > diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-
> crypto-
> > perf/cperf_test_throughput.c
> > index 76fcda47ff..dc5c48b4da 100644
> > --- a/app/test-crypto-perf/cperf_test_throughput.c
> > +++ b/app/test-crypto-perf/cperf_test_throughput.c
> > @@ -18,7 +18,7 @@ struct cperf_throughput_ctx {
> >
> >  	struct rte_mempool *pool;
> >
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >
> >  	cperf_populate_ops_t populate_ops;
> >
> > @@ -64,7 +64,6 @@ cperf_throughput_test_free(struct
> > cperf_throughput_ctx *ctx)
> >
> >  void *
> >  cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id, uint16_t qp_id,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> > @@ -87,7 +86,7 @@ cperf_throughput_test_constructor(struct
> > rte_mempool *sess_mp,
> >  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
> >  		sizeof(struct rte_crypto_sym_op);
> >
> > -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> > options,
> > +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
> >  			test_vector, iv_offset);
> >  	if (ctx->sess == NULL)
> >  		goto err;
> > diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-
> > crypto-perf/cperf_test_throughput.h
> > index 91e1a4b708..439ec8e559 100644
> > --- a/app/test-crypto-perf/cperf_test_throughput.h
> > +++ b/app/test-crypto-perf/cperf_test_throughput.h
> > @@ -18,7 +18,6 @@
> >  void *
> >  cperf_throughput_test_constructor(
> >  		struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id,
> >  		uint16_t qp_id,
> >  		const struct cperf_options *options,
> > diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-
> > perf/cperf_test_verify.c
> > index 2939aeaa93..cf561dd700 100644
> > --- a/app/test-crypto-perf/cperf_test_verify.c
> > +++ b/app/test-crypto-perf/cperf_test_verify.c
> > @@ -18,7 +18,7 @@ struct cperf_verify_ctx {
> >
> >  	struct rte_mempool *pool;
> >
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >
> >  	cperf_populate_ops_t populate_ops;
> >
> > @@ -51,7 +51,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
> >
> >  void *
> >  cperf_verify_test_constructor(struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id, uint16_t qp_id,
> >  		const struct cperf_options *options,
> >  		const struct cperf_test_vector *test_vector,
> > @@ -74,7 +73,7 @@ cperf_verify_test_constructor(struct rte_mempool
> > *sess_mp,
> >  	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
> >  		sizeof(struct rte_crypto_sym_op);
> >
> > -	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id,
> > options,
> > +	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
> >  			test_vector, iv_offset);
> >  	if (ctx->sess == NULL)
> >  		goto err;
> > diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-
> > perf/cperf_test_verify.h
> > index ac2192ba99..9f70ad87ba 100644
> > --- a/app/test-crypto-perf/cperf_test_verify.h
> > +++ b/app/test-crypto-perf/cperf_test_verify.h
> > @@ -18,7 +18,6 @@
> >  void *
> >  cperf_verify_test_constructor(
> >  		struct rte_mempool *sess_mp,
> > -		struct rte_mempool *sess_priv_mp,
> >  		uint8_t dev_id,
> >  		uint16_t qp_id,
> >  		const struct cperf_options *options,
> > diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> > index 390380898e..c3327b7e55 100644
> > --- a/app/test-crypto-perf/main.c
> > +++ b/app/test-crypto-perf/main.c
> > @@ -118,35 +118,14 @@ fill_session_pool_socket(int32_t socket_id,
> > uint32_t session_priv_size,
> >  	char mp_name[RTE_MEMPOOL_NAMESIZE];
> >  	struct rte_mempool *sess_mp;
> >
> > -	if (session_pool_socket[socket_id].priv_mp == NULL) {
> > -		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> > -			"priv_sess_mp_%u", socket_id);
> > -
> > -		sess_mp = rte_mempool_create(mp_name,
> > -					nb_sessions,
> > -					session_priv_size,
> > -					0, 0, NULL, NULL, NULL,
> > -					NULL, socket_id,
> > -					0);
> > -
> > -		if (sess_mp == NULL) {
> > -			printf("Cannot create pool \"%s\" on socket %d\n",
> > -				mp_name, socket_id);
> > -			return -ENOMEM;
> > -		}
> > -
> > -		printf("Allocated pool \"%s\" on socket %d\n",
> > -			mp_name, socket_id);
> > -		session_pool_socket[socket_id].priv_mp = sess_mp;
> > -	}
> > -
> >  	if (session_pool_socket[socket_id].sess_mp == NULL) {
> >
> >  		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> >  			"sess_mp_%u", socket_id);
> >
> >  		sess_mp =
> > rte_cryptodev_sym_session_pool_create(mp_name,
> > -					nb_sessions, 0, 0, 0, socket_id);
> > +					nb_sessions, session_priv_size,
> > +					0, 0, socket_id);
> >
> >  		if (sess_mp == NULL) {
> >  			printf("Cannot create pool \"%s\" on socket %d\n",
> > @@ -344,12 +323,9 @@ cperf_initialize_cryptodev(struct cperf_options
> > *opts, uint8_t *enabled_cdevs)
> >  			return ret;
> >
> >  		qp_conf.mp_session =
> > session_pool_socket[socket_id].sess_mp;
> > -		qp_conf.mp_session_private =
> > -				session_pool_socket[socket_id].priv_mp;
> >
> >  		if (opts->op_type == CPERF_ASYM_MODEX) {
> >  			qp_conf.mp_session = NULL;
> > -			qp_conf.mp_session_private = NULL;
> >  		}
> >
> >  		ret = rte_cryptodev_configure(cdev_id, &conf);
> > @@ -704,7 +680,6 @@ main(int argc, char **argv)
> >
> >  		ctx[i] = cperf_testmap[opts.test].constructor(
> >  				session_pool_socket[socket_id].sess_mp,
> > -				session_pool_socket[socket_id].priv_mp,
> >  				cdev_id, qp_id,
> >  				&opts, t_vec, &op_fns);
> >  		if (ctx[i] == NULL) {
> > diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> > index 82f819211a..e5c7930c63 100644
> > --- a/app/test/test_cryptodev.c
> > +++ b/app/test/test_cryptodev.c
> > @@ -79,7 +79,7 @@ struct crypto_unittest_params {
> >  #endif
> >
> >  	union {
> > -		struct rte_cryptodev_sym_session *sess;
> > +		void *sess;
> >  #ifdef RTE_LIB_SECURITY
> >  		void *sec_session;
> >  #endif
> > @@ -119,7 +119,7 @@
> > test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
> >  		uint8_t *hmac_key);
> >
> >  static int
> > -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> > rte_cryptodev_sym_session *sess,
> > +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
> >  		struct crypto_unittest_params *ut_params,
> >  		struct crypto_testsuite_params *ts_param,
> >  		const uint8_t *cipher,
> > @@ -596,23 +596,11 @@ testsuite_setup(void)
> >  	}
> >
> >  	ts_params->session_mpool =
> > rte_cryptodev_sym_session_pool_create(
> > -			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
> > +			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0,
> > 0,
> >  			SOCKET_ID_ANY);
> >  	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
> >  			"session mempool allocation failed");
> >
> > -	ts_params->session_priv_mpool = rte_mempool_create(
> > -			"test_sess_mp_priv",
> > -			MAX_NB_SESSIONS,
> > -			session_size,
> > -			0, 0, NULL, NULL, NULL,
> > -			NULL, SOCKET_ID_ANY,
> > -			0);
> > -	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
> > -			"session mempool allocation failed");
> > -
> > -
> > -
> >  	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
> >  			&ts_params->conf),
> >  			"Failed to configure cryptodev %u with %u qps",
> > @@ -620,7 +608,6 @@ testsuite_setup(void)
> >
> >  	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
> >  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> > -	ts_params->qp_conf.mp_session_private = ts_params-
> > >session_priv_mpool;
> >
> >  	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
> >  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> > @@ -650,11 +637,6 @@ testsuite_teardown(void)
> >  	}
> >
> >  	/* Free session mempools */
> > -	if (ts_params->session_priv_mpool != NULL) {
> > -		rte_mempool_free(ts_params->session_priv_mpool);
> > -		ts_params->session_priv_mpool = NULL;
> > -	}
> > -
> >  	if (ts_params->session_mpool != NULL) {
> >  		rte_mempool_free(ts_params->session_mpool);
> >  		ts_params->session_mpool = NULL;
> > @@ -1330,7 +1312,6 @@ dev_configure_and_start(uint64_t ff_disable)
> >  	ts_params->conf.ff_disable = ff_disable;
> >  	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
> >  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> > -	ts_params->qp_conf.mp_session_private = ts_params-
> > >session_priv_mpool;
> >
> >  	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params-
> > >valid_devs[0],
> >  			&ts_params->conf),
> > @@ -1552,7 +1533,6 @@ test_queue_pair_descriptor_setup(void)
> >  	 */
> >  	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
> >  	qp_conf.mp_session = ts_params->session_mpool;
> > -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> >
> >  	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
> >  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> > @@ -2146,8 +2126,7 @@
> test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
> >
> >  	/* Create crypto session*/
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			ut_params->sess, &ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			ut_params->sess, &ut_params->cipher_xform);
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> >  	/* Generate crypto op data structure */
> > @@ -2247,7 +2226,7 @@
> > test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
> >  		uint8_t *hmac_key);
> >
> >  static int
> > -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> > rte_cryptodev_sym_session *sess,
> > +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
> >  		struct crypto_unittest_params *ut_params,
> >  		struct crypto_testsuite_params *ts_params,
> >  		const uint8_t *cipher,
> > @@ -2288,7 +2267,7 @@
> > test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
> >
> >
> >  static int
> > -test_AES_CBC_HMAC_SHA512_decrypt_perform(struct
> > rte_cryptodev_sym_session *sess,
> > +test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
> >  		struct crypto_unittest_params *ut_params,
> >  		struct crypto_testsuite_params *ts_params,
> >  		const uint8_t *cipher,
> > @@ -2401,8 +2380,7 @@ create_wireless_algo_hash_session(uint8_t
> dev_id,
> >  			ts_params->session_mpool);
> >
> >  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->auth_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->auth_xform);
> >  	if (status == -ENOTSUP)
> >  		return TEST_SKIPPED;
> >
> > @@ -2443,8 +2421,7 @@ create_wireless_algo_cipher_session(uint8_t
> > dev_id,
> >  			ts_params->session_mpool);
> >
> >  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->cipher_xform);
> >  	if (status == -ENOTSUP)
> >  		return TEST_SKIPPED;
> >
> > @@ -2566,8 +2543,7 @@
> create_wireless_algo_cipher_auth_session(uint8_t
> > dev_id,
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> >  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->cipher_xform);
> >  	if (status == -ENOTSUP)
> >  		return TEST_SKIPPED;
> >
> > @@ -2629,8 +2605,7 @@ create_wireless_cipher_auth_session(uint8_t
> > dev_id,
> >  			ts_params->session_mpool);
> >
> >  	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->cipher_xform);
> >  	if (status == -ENOTSUP)
> >  		return TEST_SKIPPED;
> >
> > @@ -2699,13 +2674,11 @@
> > create_wireless_algo_auth_cipher_session(uint8_t dev_id,
> >  		ut_params->auth_xform.next = NULL;
> >  		ut_params->cipher_xform.next = &ut_params->auth_xform;
> >  		status = rte_cryptodev_sym_session_init(dev_id,
> > ut_params->sess,
> > -				&ut_params->cipher_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->cipher_xform);
> >
> >  	} else
> >  		status = rte_cryptodev_sym_session_init(dev_id,
> > ut_params->sess,
> > -				&ut_params->auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->auth_xform);
> >
> >  	if (status == -ENOTSUP)
> >  		return TEST_SKIPPED;
> > @@ -7838,8 +7811,7 @@ create_aead_session(uint8_t dev_id, enum
> > rte_crypto_aead_algorithm algo,
> >  			ts_params->session_mpool);
> >
> >  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->aead_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->aead_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -10992,8 +10964,7 @@ static int MD5_HMAC_create_session(struct
> > crypto_testsuite_params *ts_params,
> >  			ts_params->session_mpool);
> >
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			ut_params->sess, &ut_params->auth_xform,
> > -			ts_params->session_priv_mpool);
> > +			ut_params->sess, &ut_params->auth_xform);
> >
> >  	if (ut_params->sess == NULL)
> >  		return TEST_FAILED;
> > @@ -11206,7 +11177,7 @@ test_multi_session(void)
> >  	struct crypto_unittest_params *ut_params = &unittest_params;
> >
> >  	struct rte_cryptodev_info dev_info;
> > -	struct rte_cryptodev_sym_session **sessions;
> > +	void **sessions;
> >
> >  	uint16_t i;
> >
> > @@ -11229,9 +11200,7 @@ test_multi_session(void)
> >
> >  	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> >
> > -	sessions = rte_malloc(NULL,
> > -			sizeof(struct rte_cryptodev_sym_session *) *
> > -			(MAX_NB_SESSIONS + 1), 0);
> > +	sessions = rte_malloc(NULL, sizeof(void *) * (MAX_NB_SESSIONS +
> > 1), 0);
> >
> >  	/* Create multiple crypto sessions*/
> >  	for (i = 0; i < MAX_NB_SESSIONS; i++) {
> > @@ -11240,8 +11209,7 @@ test_multi_session(void)
> >  				ts_params->session_mpool);
> >
> >  		rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -				sessions[i], &ut_params->auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				sessions[i], &ut_params->auth_xform);
> >  		TEST_ASSERT_NOT_NULL(sessions[i],
> >  				"Session creation failed at session
> > number %u",
> >  				i);
> > @@ -11279,8 +11247,7 @@ test_multi_session(void)
> >  	sessions[i] = NULL;
> >  	/* Next session create should fail */
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			sessions[i], &ut_params->auth_xform,
> > -			ts_params->session_priv_mpool);
> > +			sessions[i], &ut_params->auth_xform);
> >  	TEST_ASSERT_NULL(sessions[i],
> >  			"Session creation succeeded unexpectedly!");
> >
> > @@ -11311,7 +11278,7 @@ test_multi_session_random_usage(void)
> >  {
> >  	struct crypto_testsuite_params *ts_params = &testsuite_params;
> >  	struct rte_cryptodev_info dev_info;
> > -	struct rte_cryptodev_sym_session **sessions;
> > +	void **sessions;
> >  	uint32_t i, j;
> >  	struct multi_session_params ut_paramz[] = {
> >
> > @@ -11355,8 +11322,7 @@ test_multi_session_random_usage(void)
> >  	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> >
> >  	sessions = rte_malloc(NULL,
> > -			(sizeof(struct rte_cryptodev_sym_session *)
> > -					* MAX_NB_SESSIONS) + 1, 0);
> > +			(sizeof(void *) * MAX_NB_SESSIONS) + 1, 0);
> >
> >  	for (i = 0; i < MB_SESSION_NUMBER; i++) {
> >  		sessions[i] = rte_cryptodev_sym_session_create(
> > @@ -11373,8 +11339,7 @@ test_multi_session_random_usage(void)
> >  		rte_cryptodev_sym_session_init(
> >  				ts_params->valid_devs[0],
> >  				sessions[i],
> > -				&ut_paramz[i].ut_params.auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_paramz[i].ut_params.auth_xform);
> >
> >  		TEST_ASSERT_NOT_NULL(sessions[i],
> >  				"Session creation failed at session
> > number %u",
> > @@ -11457,8 +11422,7 @@ test_null_invalid_operation(void)
> >
> >  	/* Create Crypto session*/
> >  	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			ut_params->sess, &ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			ut_params->sess, &ut_params->cipher_xform);
> >  	TEST_ASSERT(ret < 0,
> >  			"Session creation succeeded unexpectedly");
> >
> > @@ -11475,8 +11439,7 @@ test_null_invalid_operation(void)
> >
> >  	/* Create Crypto session*/
> >  	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			ut_params->sess, &ut_params->auth_xform,
> > -			ts_params->session_priv_mpool);
> > +			ut_params->sess, &ut_params->auth_xform);
> >  	TEST_ASSERT(ret < 0,
> >  			"Session creation succeeded unexpectedly");
> >
> > @@ -11521,8 +11484,7 @@ test_null_burst_operation(void)
> >
> >  	/* Create Crypto session*/
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > -			ut_params->sess, &ut_params->cipher_xform,
> > -			ts_params->session_priv_mpool);
> > +			ut_params->sess, &ut_params->cipher_xform);
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> >  	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params-
> > >op_mpool,
> > @@ -11634,7 +11596,6 @@ test_enq_callback_setup(void)
> >
> >  	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
> >  	qp_conf.mp_session = ts_params->session_mpool;
> > -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> >
> >  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> >  			ts_params->valid_devs[0], qp_id, &qp_conf,
> > @@ -11734,7 +11695,6 @@ test_deq_callback_setup(void)
> >
> >  	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
> >  	qp_conf.mp_session = ts_params->session_mpool;
> > -	qp_conf.mp_session_private = ts_params->session_priv_mpool;
> >
> >  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> >  			ts_params->valid_devs[0], qp_id, &qp_conf,
> > @@ -11943,8 +11903,7 @@ static int create_gmac_session(uint8_t dev_id,
> >  			ts_params->session_mpool);
> >
> >  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -			&ut_params->auth_xform,
> > -			ts_params->session_priv_mpool);
> > +			&ut_params->auth_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -12588,8 +12547,7 @@ create_auth_session(struct
> > crypto_unittest_params *ut_params,
> >  			ts_params->session_mpool);
> >
> >  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -				&ut_params->auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->auth_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -12641,8 +12599,7 @@ create_auth_cipher_session(struct
> > crypto_unittest_params *ut_params,
> >  			ts_params->session_mpool);
> >
> >  	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
> > -				&ut_params->auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->auth_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -13149,8 +13106,7 @@ test_authenticated_encrypt_with_esn(
> >
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> >  				ut_params->sess,
> > -				&ut_params->cipher_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->cipher_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -13281,8 +13237,7 @@ test_authenticated_decrypt_with_esn(
> >
> >  	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> >  				ut_params->sess,
> > -				&ut_params->auth_xform,
> > -				ts_params->session_priv_mpool);
> > +				&ut_params->auth_xform);
> >
> >  	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation
> > failed");
> >
> > @@ -14003,11 +13958,6 @@ test_scheduler_attach_worker_op(void)
> >  			rte_mempool_free(ts_params->session_mpool);
> >  			ts_params->session_mpool = NULL;
> >  		}
> > -		if (ts_params->session_priv_mpool) {
> > -			rte_mempool_free(ts_params-
> > >session_priv_mpool);
> > -			ts_params->session_priv_mpool = NULL;
> > -		}
> > -
> >  		if (info.sym.max_nb_sessions != 0 &&
> >  				info.sym.max_nb_sessions <
> > MAX_NB_SESSIONS) {
> >  			RTE_LOG(ERR, USER1,
> > @@ -14024,32 +13974,14 @@ test_scheduler_attach_worker_op(void)
> >  			ts_params->session_mpool =
> >  				rte_cryptodev_sym_session_pool_create(
> >  						"test_sess_mp",
> > -						MAX_NB_SESSIONS, 0, 0, 0,
> > +						MAX_NB_SESSIONS,
> > +						session_size, 0, 0,
> >  						SOCKET_ID_ANY);
> >  			TEST_ASSERT_NOT_NULL(ts_params-
> > >session_mpool,
> >  					"session mempool allocation failed");
> >  		}
> >
> > -		/*
> > -		 * Create mempool with maximum number of sessions,
> > -		 * to include device specific session private data
> > -		 */
> > -		if (ts_params->session_priv_mpool == NULL) {
> > -			ts_params->session_priv_mpool =
> > rte_mempool_create(
> > -					"test_sess_mp_priv",
> > -					MAX_NB_SESSIONS,
> > -					session_size,
> > -					0, 0, NULL, NULL, NULL,
> > -					NULL, SOCKET_ID_ANY,
> > -					0);
> > -
> > -			TEST_ASSERT_NOT_NULL(ts_params-
> > >session_priv_mpool,
> > -					"session mempool allocation failed");
> > -		}
> > -
> >  		ts_params->qp_conf.mp_session = ts_params-
> > >session_mpool;
> > -		ts_params->qp_conf.mp_session_private =
> > -				ts_params->session_priv_mpool;
> >
> >  		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
> >  				(uint8_t)i);
> > diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
> > index 1cdd84d01f..a3a10d484b 100644
> > --- a/app/test/test_cryptodev.h
> > +++ b/app/test/test_cryptodev.h
> > @@ -89,7 +89,6 @@ struct crypto_testsuite_params {
> >  	struct rte_mempool *large_mbuf_pool;
> >  	struct rte_mempool *op_mpool;
> >  	struct rte_mempool *session_mpool;
> > -	struct rte_mempool *session_priv_mpool;
> >  	struct rte_cryptodev_config conf;
> >  	struct rte_cryptodev_qp_conf qp_conf;
> >
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c
> > index 9d19a6d6d9..35da574da8 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -924,7 +924,6 @@ testsuite_setup(void)
> >  	/* configure qp */
> >  	ts_params->qp_conf.nb_descriptors =
> > DEFAULT_NUM_OPS_INFLIGHT;
> >  	ts_params->qp_conf.mp_session = ts_params->session_mpool;
> > -	ts_params->qp_conf.mp_session_private = ts_params-
> > >session_mpool;
> >  	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
> >  		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> >  			dev_id, qp_id, &ts_params->qp_conf,
> > diff --git a/app/test/test_cryptodev_blockcipher.c
> > b/app/test/test_cryptodev_blockcipher.c
> > index 3cdb2c96e8..9417803f18 100644
> > --- a/app/test/test_cryptodev_blockcipher.c
> > +++ b/app/test/test_cryptodev_blockcipher.c
> > @@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  	struct rte_mempool *mbuf_pool,
> >  	struct rte_mempool *op_mpool,
> >  	struct rte_mempool *sess_mpool,
> > -	struct rte_mempool *sess_priv_mpool,
> >  	uint8_t dev_id,
> >  	char *test_msg)
> >  {
> > @@ -81,7 +80,7 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  	struct rte_crypto_sym_op *sym_op = NULL;
> >  	struct rte_crypto_op *op = NULL;
> >  	struct rte_cryptodev_info dev_info;
> > -	struct rte_cryptodev_sym_session *sess = NULL;
> > +	void *sess = NULL;
> >
> >  	int status = TEST_SUCCESS;
> >  	const struct blockcipher_test_data *tdata = t->test_data;
> > @@ -514,7 +513,7 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  		sess = rte_cryptodev_sym_session_create(sess_mpool);
> >
> >  		status = rte_cryptodev_sym_session_init(dev_id, sess,
> > -				init_xform, sess_priv_mpool);
> > +				init_xform);
> >  		if (status == -ENOTSUP) {
> >  			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> > "UNSUPPORTED");
> >  			status = TEST_SKIPPED;
> > @@ -831,7 +830,6 @@ blockcipher_test_case_run(const void *data)
> >  			p_testsuite_params->mbuf_pool,
> >  			p_testsuite_params->op_mpool,
> >  			p_testsuite_params->session_mpool,
> > -			p_testsuite_params->session_priv_mpool,
> >  			p_testsuite_params->valid_devs[0],
> >  			test_msg);
> >  	return status;
> > diff --git a/app/test/test_event_crypto_adapter.c
> > b/app/test/test_event_crypto_adapter.c
> > index 3ad20921e2..59229a1cde 100644
> > --- a/app/test/test_event_crypto_adapter.c
> > +++ b/app/test/test_event_crypto_adapter.c
> > @@ -61,7 +61,6 @@ struct event_crypto_adapter_test_params {
> >  	struct rte_mempool *mbuf_pool;
> >  	struct rte_mempool *op_mpool;
> >  	struct rte_mempool *session_mpool;
> > -	struct rte_mempool *session_priv_mpool;
> >  	struct rte_cryptodev_config *config;
> >  	uint8_t crypto_event_port_id;
> >  	uint8_t internal_port_op_fwd;
> > @@ -167,7 +166,7 @@ static int
> >  test_op_forward_mode(uint8_t session_less)
> >  {
> >  	struct rte_crypto_sym_xform cipher_xform;
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >  	union rte_event_crypto_metadata m_data;
> >  	struct rte_crypto_sym_op *sym_op;
> >  	struct rte_crypto_op *op;
> > @@ -203,7 +202,7 @@ test_op_forward_mode(uint8_t session_less)
> >
> >  		/* Create Crypto session*/
> >  		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
> > -				&cipher_xform,
> params.session_priv_mpool);
> > +				&cipher_xform);
> >  		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
> >
> >  		ret = rte_event_crypto_adapter_caps_get(evdev,
> > TEST_CDEV_ID,
> > @@ -367,7 +366,7 @@ static int
> >  test_op_new_mode(uint8_t session_less)
> >  {
> >  	struct rte_crypto_sym_xform cipher_xform;
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >  	union rte_event_crypto_metadata m_data;
> >  	struct rte_crypto_sym_op *sym_op;
> >  	struct rte_crypto_op *op;
> > @@ -411,7 +410,7 @@ test_op_new_mode(uint8_t session_less)
> >  						&m_data, sizeof(m_data));
> >  		}
> >  		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
> > -				&cipher_xform,
> params.session_priv_mpool);
> > +				&cipher_xform);
> >  		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
> >
> >  		rte_crypto_op_attach_sym_session(op, sess);
> > @@ -553,22 +552,12 @@ configure_cryptodev(void)
> >
> >  	params.session_mpool = rte_cryptodev_sym_session_pool_create(
> >  			"CRYPTO_ADAPTER_SESSION_MP",
> > -			MAX_NB_SESSIONS, 0, 0,
> > +			MAX_NB_SESSIONS, session_size, 0,
> >  			sizeof(union rte_event_crypto_metadata),
> >  			SOCKET_ID_ANY);
> >  	TEST_ASSERT_NOT_NULL(params.session_mpool,
> >  			"session mempool allocation failed\n");
> >
> > -	params.session_priv_mpool = rte_mempool_create(
> > -				"CRYPTO_AD_SESS_MP_PRIV",
> > -				MAX_NB_SESSIONS,
> > -				session_size,
> > -				0, 0, NULL, NULL, NULL,
> > -				NULL, SOCKET_ID_ANY,
> > -				0);
> > -	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
> > -			"session mempool allocation failed\n");
> > -
> >  	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
> >  	conf.nb_queue_pairs = info.max_nb_queue_pairs;
> >  	conf.socket_id = SOCKET_ID_ANY;
> > @@ -580,7 +569,6 @@ configure_cryptodev(void)
> >
> >  	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
> >  	qp_conf.mp_session = params.session_mpool;
> > -	qp_conf.mp_session_private = params.session_priv_mpool;
> >
> >  	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
> >  			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
> > @@ -934,12 +922,6 @@ crypto_teardown(void)
> >  		rte_mempool_free(params.session_mpool);
> >  		params.session_mpool = NULL;
> >  	}
> > -	if (params.session_priv_mpool != NULL) {
> > -		rte_mempool_avail_count(params.session_priv_mpool);
> > -		rte_mempool_free(params.session_priv_mpool);
> > -		params.session_priv_mpool = NULL;
> > -	}
> > -
> >  	/* Free ops mempool */
> >  	if (params.op_mpool != NULL) {
> >  		RTE_LOG(DEBUG, USER1, "EVENT_CRYPTO_SYM_OP_POOL
> > count %u\n",
> > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
> > index 2ffa2a8e79..134545efe1 100644
> > --- a/app/test/test_ipsec.c
> > +++ b/app/test/test_ipsec.c
> > @@ -355,20 +355,9 @@ testsuite_setup(void)
> >  		return TEST_FAILED;
> >  	}
> >
> > -	ts_params->qp_conf.mp_session_private = rte_mempool_create(
> > -				"test_priv_sess_mp",
> > -				MAX_NB_SESSIONS,
> > -				sess_sz,
> > -				0, 0, NULL, NULL, NULL,
> > -				NULL, SOCKET_ID_ANY,
> > -				0);
> > -
> > -	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
> > -			"private session mempool allocation failed");
> > -
> >  	ts_params->qp_conf.mp_session =
> >  		rte_cryptodev_sym_session_pool_create("test_sess_mp",
> > -			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
> > +			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
> >
> >  	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
> >  			"session mempool allocation failed");
> > @@ -413,11 +402,6 @@ testsuite_teardown(void)
> >  		rte_mempool_free(ts_params->qp_conf.mp_session);
> >  		ts_params->qp_conf.mp_session = NULL;
> >  	}
> > -
> > -	if (ts_params->qp_conf.mp_session_private != NULL) {
> > -		rte_mempool_free(ts_params-
> > >qp_conf.mp_session_private);
> > -		ts_params->qp_conf.mp_session_private = NULL;
> > -	}
> >  }
> >
> >  static int
> > @@ -644,7 +628,7 @@ create_crypto_session(struct ipsec_unitest_params
> > *ut,
> >  	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
> >  {
> >  	int32_t rc;
> > -	struct rte_cryptodev_sym_session *s;
> > +	void *s;
> >
> >  	s = rte_cryptodev_sym_session_create(qp->mp_session);
> >  	if (s == NULL)
> > @@ -652,7 +636,7 @@ create_crypto_session(struct ipsec_unitest_params
> > *ut,
> >
> >  	/* initiliaze SA crypto session for device */
> >  	rc = rte_cryptodev_sym_session_init(dev_id, s,
> > -			ut->crypto_xforms, qp->mp_session_private);
> > +			ut->crypto_xforms);
> >  	if (rc == 0) {
> >  		ut->ss[j].crypto.ses = s;
> >  		return 0;
> > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > index edb7275e76..75330292af 100644
> > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > @@ -235,7 +235,6 @@ aesni_gcm_pmd_qp_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  		goto qp_setup_cleanup;
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> >
> > @@ -259,10 +258,8 @@ aesni_gcm_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev
> > __rte_unused,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >  	struct aesni_gcm_private *internals = dev->data->dev_private;
> >
> > @@ -271,42 +268,24 @@ aesni_gcm_pmd_sym_session_configure(struct
> > rte_cryptodev *dev __rte_unused,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		AESNI_GCM_LOG(ERR,
> > -				"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> >  	ret = aesni_gcm_set_session_parameters(internals->ops,
> > -				sess_private_data, xform);
> > +				sess, xform);
> >  	if (ret != 0) {
> >  		AESNI_GCM_LOG(ERR, "failed configure session
> > parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -			sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct aesni_gcm_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct aesni_gcm_session));
> >  }
> >
> >  struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
> > diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> > b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> > index 39c67e3952..efdc05c45f 100644
> > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> > @@ -944,7 +944,6 @@ aesni_mb_pmd_qp_setup(struct rte_cryptodev
> *dev,
> > uint16_t qp_id,
> >  	}
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->stats, 0, sizeof(qp->stats));
> >
> > @@ -974,11 +973,8 @@ aesni_mb_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  /** Configure a aesni multi-buffer session from a crypto xform chain */
> >  static int
> >  aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
> > -		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		struct rte_crypto_sym_xform *xform, void *sess)
> >  {
> > -	void *sess_private_data;
> >  	struct aesni_mb_private *internals = dev->data->dev_private;
> >  	int ret;
> >
> > @@ -987,43 +983,25 @@ aesni_mb_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		AESNI_MB_LOG(ERR,
> > -				"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> >  	ret = aesni_mb_set_session_parameters(internals->mb_mgr,
> > -			sess_private_data, xform);
> > +			sess, xform);
> >  	if (ret != 0) {
> >  		AESNI_MB_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -			sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > +	RTE_SET_USED(dev);
> >
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct aesni_mb_session));
> >  }
> >
> >  struct rte_cryptodev_ops aesni_mb_pmd_ops = {
> > diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> > b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> > index 1b2749fe62..2d3b54b063 100644
> > --- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> > +++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
> > @@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  		goto qp_setup_cleanup;
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->stats, 0, sizeof(qp->stats));
> >
> > @@ -268,10 +267,8 @@ armv8_crypto_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	if (unlikely(sess == NULL)) {
> > @@ -279,42 +276,23 @@
> armv8_crypto_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		CDEV_LOG_ERR(
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = armv8_crypto_set_session_parameters(sess_private_data,
> > xform);
> > +	ret = armv8_crypto_set_session_parameters(sess, xform);
> >  	if (ret != 0) {
> >  		ARMV8_CRYPTO_LOG_ERR("failed configure session
> > parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -			sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> > *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct armv8_crypto_session));
> >  }
> >
> >  struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
> > diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c
> > b/drivers/crypto/bcmfs/bcmfs_sym_session.c
> > index 675ed0ad55..b4b167d0c2 100644
> > --- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
> > +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
> > @@ -224,10 +224,9 @@ bcmfs_sym_get_session(struct rte_crypto_op
> *op)
> >  int
> >  bcmfs_sym_session_configure(struct rte_cryptodev *dev,
> >  			    struct rte_crypto_sym_xform *xform,
> > -			    struct rte_cryptodev_sym_session *sess,
> > -			    struct rte_mempool *mempool)
> > +			    void *sess)
> >  {
> > -	void *sess_private_data;
> > +	RTE_SET_USED(dev);
> >  	int ret;
> >
> >  	if (unlikely(sess == NULL)) {
> > @@ -235,44 +234,23 @@ bcmfs_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		BCMFS_DP_LOG(ERR,
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = crypto_set_session_parameters(sess_private_data, xform);
> > +	ret = crypto_set_session_parameters(sess, xform);
> >
> >  	if (ret != 0) {
> >  		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -				     sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /* Clear the memory of session so it doesn't leave key material behind */
> >  void
> > -bcmfs_sym_session_clear(struct rte_cryptodev *dev,
> > -			struct rte_cryptodev_sym_session  *sess)
> > +bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > -	if (sess_priv) {
> > -		struct rte_mempool *sess_mp;
> > -
> > -		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
> > -		sess_mp = rte_mempool_from_obj(sess_priv);
> > -
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	RTE_SET_USED(dev);
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct bcmfs_sym_session));
> >  }
> >
> >  unsigned int
> > diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h
> > b/drivers/crypto/bcmfs/bcmfs_sym_session.h
> > index d40595b4bd..7faafe2fd5 100644
> > --- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
> > +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
> > @@ -93,12 +93,10 @@ bcmfs_process_crypto_op(struct rte_crypto_op
> *op,
> >  int
> >  bcmfs_sym_session_configure(struct rte_cryptodev *dev,
> >  			    struct rte_crypto_sym_xform *xform,
> > -			    struct rte_cryptodev_sym_session *sess,
> > -			    struct rte_mempool *mempool);
> > +			    void *sess);
> >
> >  void
> > -bcmfs_sym_session_clear(struct rte_cryptodev *dev,
> > -			struct rte_cryptodev_sym_session  *sess);
> > +bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
> >
> >  unsigned int
> >  bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev
> > __rte_unused);
> > diff --git a/drivers/crypto/caam_jr/caam_jr.c
> > b/drivers/crypto/caam_jr/caam_jr.c
> > index ce7a100778..8a04820fa6 100644
> > --- a/drivers/crypto/caam_jr/caam_jr.c
> > +++ b/drivers/crypto/caam_jr/caam_jr.c
> > @@ -1692,52 +1692,36 @@ caam_jr_set_session_parameters(struct
> > rte_cryptodev *dev,
> >  static int
> >  caam_jr_sym_session_configure(struct rte_cryptodev *dev,
> >  			      struct rte_crypto_sym_xform *xform,
> > -			      struct rte_cryptodev_sym_session *sess,
> > -			      struct rte_mempool *mempool)
> > +			      void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	PMD_INIT_FUNC_TRACE();
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		CAAM_JR_ERR("Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
> > -	ret = caam_jr_set_session_parameters(dev, xform,
> > sess_private_data);
> > +	memset(sess, 0, sizeof(struct caam_jr_session));
> > +	ret = caam_jr_set_session_parameters(dev, xform, sess);
> >  	if (ret != 0) {
> >  		CAAM_JR_ERR("failed to configure session parameters");
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /* Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -caam_jr_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +caam_jr_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
> > +	RTE_SET_USED(dev);
> > +
> > +	struct caam_jr_session *s = (struct caam_jr_session *)sess;
> >
> >  	PMD_INIT_FUNC_TRACE();
> >
> > -	if (sess_priv) {
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -
> > +	if (sess) {
> >  		rte_free(s->cipher_key.data);
> >  		rte_free(s->auth_key.data);
> >  		memset(s, 0, sizeof(struct caam_jr_session));
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> >  	}
> >  }
> >
> > diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c
> > b/drivers/crypto/ccp/ccp_pmd_ops.c
> > index 0d615d311c..cac1268130 100644
> > --- a/drivers/crypto/ccp/ccp_pmd_ops.c
> > +++ b/drivers/crypto/ccp/ccp_pmd_ops.c
> > @@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev,
> > uint16_t qp_id,
> >  	}
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	/* mempool for batch info */
> >  	qp->batch_mp = rte_mempool_create(
> > @@ -758,11 +757,9 @@ ccp_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
> >  			  struct rte_crypto_sym_xform *xform,
> > -			  struct rte_cryptodev_sym_session *sess,
> > -			  struct rte_mempool *mempool)
> > +			  void *sess)
> >  {
> >  	int ret;
> > -	void *sess_private_data;
> >  	struct ccp_private *internals;
> >
> >  	if (unlikely(sess == NULL || xform == NULL)) {
> > @@ -770,39 +767,22 @@ ccp_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -ENOMEM;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		CCP_LOG_ERR("Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> >  	internals = (struct ccp_private *)dev->data->dev_private;
> > -	ret = ccp_set_session_parameters(sess_private_data, xform,
> > internals);
> > +	ret = ccp_set_session_parameters(sess, xform, internals);
> >  	if (ret != 0) {
> >  		CCP_LOG_ERR("failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -				 sess_private_data);
> >
> >  	return 0;
> >  }
> >
> >  static void
> > -ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		      struct rte_cryptodev_sym_session *sess)
> > +ccp_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > -	if (sess_priv) {
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -		memset(sess_priv, 0, sizeof(struct ccp_session));
> > -		set_sym_session_private_data(sess, index, NULL);
> > -	}
> > +	RTE_SET_USED(dev);
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct ccp_session));
> >  }
> >
> >  struct rte_cryptodev_ops ccp_ops = {
> > diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> > b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> > index 99968cc353..50cae5e3d6 100644
> > --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> > +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
> > @@ -32,17 +32,18 @@ cn10k_cpt_sym_temp_sess_create(struct
> > cnxk_cpt_qp *qp, struct rte_crypto_op *op)
> >  	if (sess == NULL)
> >  		return NULL;
> >
> > -	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op-
> > >xform,
> > -				    sess, qp->sess_mp_priv);
> > +	sess->sess_data[driver_id].data =
> > +			(void *)((uint8_t *)sess +
> > +			rte_cryptodev_sym_get_header_session_size() +
> > +			(driver_id * sess->priv_sz));
> > +	priv = get_sym_session_private_data(sess, driver_id);
> > +	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, (void
> > *)priv);
> >  	if (ret)
> >  		goto sess_put;
> >
> > -	priv = get_sym_session_private_data(sess, driver_id);
> > -
> >  	sym_op->session = sess;
> >
> >  	return priv;
> > -
> >  sess_put:
> >  	rte_mempool_put(qp->sess_mp, sess);
> >  	return NULL;
> > @@ -144,9 +145,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct
> > rte_crypto_op *ops[],
> >  			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
> >  						&inst[0]);
> >  			if (unlikely(ret)) {
> > -
> > 	sym_session_clear(cn10k_cryptodev_driver_id,
> > -						  op->sym->session);
> > -				rte_mempool_put(qp->sess_mp, op->sym-
> > >session);
> > +				sym_session_clear(op->sym->session);
> >  				return 0;
> >  			}
> >  			w7 = sess->cpt_inst_w7;
> > @@ -437,8 +436,7 @@ cn10k_cpt_dequeue_post_process(struct
> > cnxk_cpt_qp *qp,
> >  temp_sess_free:
> >  	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
> >  		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
> > -			sym_session_clear(cn10k_cryptodev_driver_id,
> > -					  cop->sym->session);
> > +			sym_session_clear(cop->sym->session);
> >  			sz =
> > rte_cryptodev_sym_get_existing_header_session_size(
> >  				cop->sym->session);
> >  			memset(cop->sym->session, 0, sz);
> > diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> > b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> > index 4c2dc5b080..5f83581131 100644
> > --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> > +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
> > @@ -81,17 +81,19 @@ cn9k_cpt_sym_temp_sess_create(struct
> > cnxk_cpt_qp *qp, struct rte_crypto_op *op)
> >  	if (sess == NULL)
> >  		return NULL;
> >
> > -	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op-
> > >xform,
> > -				    sess, qp->sess_mp_priv);
> > +	sess->sess_data[driver_id].data =
> > +			(void *)((uint8_t *)sess +
> > +			rte_cryptodev_sym_get_header_session_size() +
> > +			(driver_id * sess->priv_sz));
> > +	priv = get_sym_session_private_data(sess, driver_id);
> > +	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
> > +			(void *)priv);
> >  	if (ret)
> >  		goto sess_put;
> >
> > -	priv = get_sym_session_private_data(sess, driver_id);
> > -
> >  	sym_op->session = sess;
> >
> >  	return priv;
> > -
> >  sess_put:
> >  	rte_mempool_put(qp->sess_mp, sess);
> >  	return NULL;
> > @@ -126,8 +128,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct
> > rte_crypto_op *op,
> >  			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
> >  						     inst);
> >  			if (unlikely(ret)) {
> > -
> > 	sym_session_clear(cn9k_cryptodev_driver_id,
> > -						  op->sym->session);
> > +				sym_session_clear(op->sym->session);
> >  				rte_mempool_put(qp->sess_mp, op->sym-
> > >session);
> >  			}
> >  			inst->w7.u64 = sess->cpt_inst_w7;
> > @@ -484,8 +485,7 @@ cn9k_cpt_dequeue_post_process(struct
> > cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
> >  temp_sess_free:
> >  	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
> >  		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
> > -			sym_session_clear(cn9k_cryptodev_driver_id,
> > -					  cop->sym->session);
> > +			sym_session_clear(cop->sym->session);
> >  			sz =
> > rte_cryptodev_sym_get_existing_header_session_size(
> >  				cop->sym->session);
> >  			memset(cop->sym->session, 0, sz);
> > diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> > b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> > index 41d8fe49e1..52d9cf0cf3 100644
> > --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> > +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> > @@ -379,7 +379,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  	}
> >
> >  	qp->sess_mp = conf->mp_session;
> > -	qp->sess_mp_priv = conf->mp_session_private;
> >  	dev->data->queue_pairs[qp_id] = qp;
> >
> >  	return 0;
> > @@ -493,27 +492,20 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess,
> > struct roc_cpt *roc_cpt)
> >  }
> >
> >  int
> > -sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
> > +sym_session_configure(struct roc_cpt *roc_cpt,
> >  		      struct rte_crypto_sym_xform *xform,
> > -		      struct rte_cryptodev_sym_session *sess,
> > -		      struct rte_mempool *pool)
> > +		      void *sess)
> >  {
> >  	struct cnxk_se_sess *sess_priv;
> > -	void *priv;
> >  	int ret;
> >
> >  	ret = sym_xform_verify(xform);
> >  	if (unlikely(ret < 0))
> >  		return ret;
> >
> > -	if (unlikely(rte_mempool_get(pool, &priv))) {
> > -		plt_dp_err("Could not allocate session private data");
> > -		return -ENOMEM;
> > -	}
> > +	memset(sess, 0, sizeof(struct cnxk_se_sess));
> >
> > -	memset(priv, 0, sizeof(struct cnxk_se_sess));
> > -
> > -	sess_priv = priv;
> > +	sess_priv = sess;
> >
> >  	switch (ret) {
> >  	case CNXK_CPT_CIPHER:
> > @@ -547,7 +539,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int
> > driver_id,
> >  	}
> >
> >  	if (ret)
> > -		goto priv_put;
> > +		return -ENOTSUP;
> >
> >  	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
> >  	    cpt_mac_len_verify(&xform->auth)) {
> > @@ -557,66 +549,45 @@ sym_session_configure(struct roc_cpt *roc_cpt,
> int
> > driver_id,
> >  			sess_priv->roc_se_ctx.auth_key = NULL;
> >  		}
> >
> > -		ret = -ENOTSUP;
> > -		goto priv_put;
> > +		return -ENOTSUP;
> >  	}
> >
> >  	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
> >
> > -	set_sym_session_private_data(sess, driver_id, sess_priv);
> > -
> >  	return 0;
> > -
> > -priv_put:
> > -	rte_mempool_put(pool, priv);
> > -
> > -	return -ENOTSUP;
> >  }
> >
> >  int
> >  cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
> >  			       struct rte_crypto_sym_xform *xform,
> > -			       struct rte_cryptodev_sym_session *sess,
> > -			       struct rte_mempool *pool)
> > +			       void *sess)
> >  {
> >  	struct cnxk_cpt_vf *vf = dev->data->dev_private;
> >  	struct roc_cpt *roc_cpt = &vf->cpt;
> > -	uint8_t driver_id;
> >
> > -	driver_id = dev->driver_id;
> > -
> > -	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
> > +	return sym_session_configure(roc_cpt, xform, sess);
> >  }
> >
> >  void
> > -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> > +sym_session_clear(void *sess)
> >  {
> > -	void *priv = get_sym_session_private_data(sess, driver_id);
> > -	struct cnxk_se_sess *sess_priv;
> > -	struct rte_mempool *pool;
> > +	struct cnxk_se_sess *sess_priv = sess;
> >
> > -	if (priv == NULL)
> > +	if (sess == NULL)
> >  		return;
> >
> > -	sess_priv = priv;
> > -
> >  	if (sess_priv->roc_se_ctx.auth_key != NULL)
> >  		plt_free(sess_priv->roc_se_ctx.auth_key);
> >
> > -	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
> > -
> > -	pool = rte_mempool_from_obj(priv);
> > -
> > -	set_sym_session_private_data(sess, driver_id, NULL);
> > -
> > -	rte_mempool_put(pool, priv);
> > +	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
> >  }
> >
> >  void
> > -cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
> > -			   struct rte_cryptodev_sym_session *sess)
> > +cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	return sym_session_clear(dev->driver_id, sess);
> > +	RTE_SET_USED(dev);
> > +
> > +	return sym_session_clear(sess);
> >  }
> >
> >  unsigned int
> > diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> > b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> > index c5332dec53..3c09d10582 100644
> > --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> > +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
> > @@ -111,18 +111,15 @@ unsigned int
> > cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
> >
> >  int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
> >  				   struct rte_crypto_sym_xform *xform,
> > -				   struct rte_cryptodev_sym_session *sess,
> > -				   struct rte_mempool *pool);
> > +				   void *sess);
> >
> > -int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
> > +int sym_session_configure(struct roc_cpt *roc_cpt,
> >  			  struct rte_crypto_sym_xform *xform,
> > -			  struct rte_cryptodev_sym_session *sess,
> > -			  struct rte_mempool *pool);
> > +			  void *sess);
> >
> > -void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
> > -				struct rte_cryptodev_sym_session *sess);
> > +void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess);
> >
> > -void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session
> > *sess);
> > +void sym_session_clear(void *sess);
> >
> >  unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev
> > __rte_unused);
> >
> > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > index 176f1a27a0..42229763f8 100644
> > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > @@ -3438,49 +3438,32 @@ dpaa2_sec_security_session_destroy(void
> *dev
> > __rte_unused, void *sess)
> >  static int
> >  dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		DPAA2_SEC_ERR("Couldn't get object from session
> > mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = dpaa2_sec_set_session_parameters(dev, xform,
> > sess_private_data);
> > +	ret = dpaa2_sec_set_session_parameters(dev, xform, sess);
> >  	if (ret != 0) {
> >  		DPAA2_SEC_ERR("Failed to configure session parameters");
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> >  	PMD_INIT_FUNC_TRACE();
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
> > +	RTE_SET_USED(dev);
> > +	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
> >
> > -	if (sess_priv) {
> > +	if (sess) {
> >  		rte_free(s->ctxt);
> >  		rte_free(s->cipher_key.data);
> >  		rte_free(s->auth_key.data);
> >  		memset(s, 0, sizeof(dpaa2_sec_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> >  	}
> >  }
> >
> > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> > b/drivers/crypto/dpaa_sec/dpaa_sec.c
> > index 5a087df090..4727088b45 100644
> > --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> > @@ -2537,33 +2537,18 @@ dpaa_sec_set_session_parameters(struct
> > rte_cryptodev *dev,
> >
> >  static int
> >  dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
> > -		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		struct rte_crypto_sym_xform *xform, void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	PMD_INIT_FUNC_TRACE();
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		DPAA_SEC_ERR("Couldn't get object from session
> > mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = dpaa_sec_set_session_parameters(dev, xform,
> > sess_private_data);
> > +	ret = dpaa_sec_set_session_parameters(dev, xform, sess);
> >  	if (ret != 0) {
> >  		DPAA_SEC_ERR("failed to configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -			sess_private_data);
> > -
> > -
> >  	return 0;
> >  }
> >
> > @@ -2584,18 +2569,14 @@ free_session_memory(struct rte_cryptodev
> > *dev, dpaa_sec_session *s)
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> >  	PMD_INIT_FUNC_TRACE();
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
> > +	RTE_SET_USED(dev);
> > +	dpaa_sec_session *s = (dpaa_sec_session *)sess;
> >
> > -	if (sess_priv) {
> > +	if (sess)
> >  		free_session_memory(dev, s);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -	}
> >  }
> >
> >  #ifdef RTE_LIB_SECURITY
> > diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> > b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> > index f075054807..b2e5c92598 100644
> > --- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> > +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
> > @@ -220,7 +220,6 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev,
> > uint16_t qp_id,
> >
> >  	qp->mgr = internals->mgr;
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> >
> > @@ -243,10 +242,8 @@ kasumi_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >  	struct kasumi_private *internals = dev->data->dev_private;
> >
> > @@ -255,43 +252,24 @@ kasumi_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		KASUMI_LOG(ERR,
> > -				"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> >  	ret = kasumi_set_session_parameters(internals->mgr,
> > -					sess_private_data, xform);
> > +					sess, xform);
> >  	if (ret != 0) {
> >  		KASUMI_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct kasumi_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct kasumi_session));
> >  }
> >
> >  struct rte_cryptodev_ops kasumi_pmd_ops = {
> > diff --git a/drivers/crypto/mlx5/mlx5_crypto.c
> > b/drivers/crypto/mlx5/mlx5_crypto.c
> > index 682cf8b607..615ab9f45d 100644
> > --- a/drivers/crypto/mlx5/mlx5_crypto.c
> > +++ b/drivers/crypto/mlx5/mlx5_crypto.c
> > @@ -165,14 +165,12 @@ mlx5_crypto_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
> >  				  struct rte_crypto_sym_xform *xform,
> > -				  struct rte_cryptodev_sym_session *session,
> > -				  struct rte_mempool *mp)
> > +				  void *session)
> >  {
> >  	struct mlx5_crypto_priv *priv = dev->data->dev_private;
> > -	struct mlx5_crypto_session *sess_private_data;
> > +	struct mlx5_crypto_session *sess_private_data = session;
> >  	struct rte_crypto_cipher_xform *cipher;
> >  	uint8_t encryption_order;
> > -	int ret;
> >
> >  	if (unlikely(xform->next != NULL)) {
> >  		DRV_LOG(ERR, "Xform next is not supported.");
> > @@ -183,17 +181,9 @@ mlx5_crypto_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
> >  		return -ENOTSUP;
> >  	}
> > -	ret = rte_mempool_get(mp, (void *)&sess_private_data);
> > -	if (ret != 0) {
> > -		DRV_LOG(ERR,
> > -			"Failed to get session %p private data from
> > mempool.",
> > -			sess_private_data);
> > -		return -ENOMEM;
> > -	}
> >  	cipher = &xform->cipher;
> >  	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
> >  	if (sess_private_data->dek == NULL) {
> > -		rte_mempool_put(mp, sess_private_data);
> >  		DRV_LOG(ERR, "Failed to prepare dek.");
> >  		return -ENOMEM;
> >  	}
> > @@ -228,27 +218,21 @@ mlx5_crypto_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  	sess_private_data->dek_id =
> >  			rte_cpu_to_be_32(sess_private_data->dek->obj->id
> > &
> >  					 0xffffff);
> > -	set_sym_session_private_data(session, dev->driver_id,
> > -				     sess_private_data);
> >  	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
> >  	return 0;
> >  }
> >
> >  static void
> > -mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
> > -			      struct rte_cryptodev_sym_session *sess)
> > +mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> >  	struct mlx5_crypto_priv *priv = dev->data->dev_private;
> > -	struct mlx5_crypto_session *spriv =
> > get_sym_session_private_data(sess,
> > -								dev-
> > >driver_id);
> > +	struct mlx5_crypto_session *spriv = sess;
> >
> >  	if (unlikely(spriv == NULL)) {
> >  		DRV_LOG(ERR, "Failed to get session %p private data.",
> spriv);
> >  		return;
> >  	}
> >  	mlx5_crypto_dek_destroy(priv, spriv->dek);
> > -	set_sym_session_private_data(sess, dev->driver_id, NULL);
> > -	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
> >  	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
> >  }
> >
> > diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> > b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> > index e04a2c88c7..2e4b27ea21 100644
> > --- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> > +++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
> > @@ -704,7 +704,6 @@ mrvl_crypto_pmd_qp_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  			break;
> >
> >  		qp->sess_mp = qp_conf->mp_session;
> > -		qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  		memset(&qp->stats, 0, sizeof(qp->stats));
> >  		dev->data->queue_pairs[qp_id] = qp;
> > @@ -735,12 +734,9 @@
> > mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct
> > rte_cryptodev *dev)
> >   */
> >  static int
> >  mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> > rte_cryptodev *dev,
> > -		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mp)
> > +		struct rte_crypto_sym_xform *xform, void *sess)
> >  {
> >  	struct mrvl_crypto_session *mrvl_sess;
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	if (sess == NULL) {
> > @@ -748,25 +744,16 @@
> > mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mp, &sess_private_data)) {
> > -		CDEV_LOG_ERR("Couldn't get object from session
> > mempool.");
> > -		return -ENOMEM;
> > -	}
> > +	memset(sess, 0, sizeof(struct mrvl_crypto_session));
> >
> > -	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
> > -
> > -	ret = mrvl_crypto_set_session_parameters(sess_private_data,
> > xform);
> > +	ret = mrvl_crypto_set_session_parameters(sess, xform);
> >  	if (ret != 0) {
> >  		MRVL_LOG(ERR, "Failed to configure session parameters!");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mp, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > sess_private_data);
> >
> > -	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
> > +	mrvl_sess = (struct mrvl_crypto_session *)sess;
> >  	if (sam_session_create(&mrvl_sess->sam_sess_params,
> >  				&mrvl_sess->sam_sess) < 0) {
> >  		MRVL_LOG(DEBUG, "Failed to create session!");
> > @@ -789,17 +776,13 @@
> > mrvl_crypto_pmd_sym_session_configure(__rte_unused struct
> > rte_cryptodev *dev,
> >   * @returns 0. Always.
> >   */
> >  static void
> > -mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> > *sess)
> >  {
> > -
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > +	if (sess) {
> >  		struct mrvl_crypto_session *mrvl_sess =
> > -			(struct mrvl_crypto_session *)sess_priv;
> > +			(struct mrvl_crypto_session *)sess;
> >
> >  		if (mrvl_sess->sam_sess &&
> >  		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
> > @@ -807,9 +790,6 @@ mrvl_crypto_pmd_sym_session_clear(struct
> > rte_cryptodev *dev,
> >  		}
> >
> >  		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> >  	}
> >  }
> >
> > diff --git a/drivers/crypto/nitrox/nitrox_sym.c
> > b/drivers/crypto/nitrox/nitrox_sym.c
> > index f8b7edcd69..0c9bbfef46 100644
> > --- a/drivers/crypto/nitrox/nitrox_sym.c
> > +++ b/drivers/crypto/nitrox/nitrox_sym.c
> > @@ -532,22 +532,16 @@ configure_aead_ctx(struct
> rte_crypto_aead_xform
> > *xform,
> >  static int
> >  nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
> >  			      struct rte_crypto_sym_xform *xform,
> > -			      struct rte_cryptodev_sym_session *sess,
> > -			      struct rte_mempool *mempool)
> > +			      void *sess)
> >  {
> > -	void *mp_obj;
> >  	struct nitrox_crypto_ctx *ctx;
> >  	struct rte_crypto_cipher_xform *cipher_xform = NULL;
> >  	struct rte_crypto_auth_xform *auth_xform = NULL;
> >  	struct rte_crypto_aead_xform *aead_xform = NULL;
> >  	int ret = -EINVAL;
> >
> > -	if (rte_mempool_get(mempool, &mp_obj)) {
> > -		NITROX_LOG(ERR, "Couldn't allocate context\n");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ctx = mp_obj;
> > +	RTE_SET_USED(cdev);
> > +	ctx = sess;
> >  	ctx->nitrox_chain = get_crypto_chain_order(xform);
> >  	switch (ctx->nitrox_chain) {
> >  	case NITROX_CHAIN_CIPHER_ONLY:
> > @@ -586,28 +580,17 @@ nitrox_sym_dev_sess_configure(struct
> > rte_cryptodev *cdev,
> >  	}
> >
> >  	ctx->iova = rte_mempool_virt2iova(ctx);
> > -	set_sym_session_private_data(sess, cdev->driver_id, ctx);
> >  	return 0;
> >  err:
> > -	rte_mempool_put(mempool, mp_obj);
> >  	return ret;
> >  }
> >
> >  static void
> > -nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
> > -			  struct rte_cryptodev_sym_session *sess)
> > +nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev, void *sess)
> >  {
> > -	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
> > -							cdev->driver_id);
> > -	struct rte_mempool *sess_mp;
> > -
> > -	if (!ctx)
> > -		return;
> > -
> > -	memset(ctx, 0, sizeof(*ctx));
> > -	sess_mp = rte_mempool_from_obj(ctx);
> > -	set_sym_session_private_data(sess, cdev->driver_id, NULL);
> > -	rte_mempool_put(sess_mp, ctx);
> > +	RTE_SET_USED(cdev);
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct nitrox_crypto_ctx));
> >  }
> >
> >  static struct nitrox_crypto_ctx *
> > diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c
> > b/drivers/crypto/null/null_crypto_pmd_ops.c
> > index a8b5a06e7f..65bfa8dcf7 100644
> > --- a/drivers/crypto/null/null_crypto_pmd_ops.c
> > +++ b/drivers/crypto/null/null_crypto_pmd_ops.c
> > @@ -234,7 +234,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  	}
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> >
> > @@ -258,10 +257,8 @@ null_crypto_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev
> > __rte_unused,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mp)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	if (unlikely(sess == NULL)) {
> > @@ -269,42 +266,23 @@ null_crypto_pmd_sym_session_configure(struct
> > rte_cryptodev *dev __rte_unused,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mp, &sess_private_data)) {
> > -		NULL_LOG(ERR,
> > -				"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = null_crypto_set_session_parameters(sess_private_data,
> > xform);
> > +	ret = null_crypto_set_session_parameters(sess, xform);
> >  	if (ret != 0) {
> >  		NULL_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mp, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void
> > *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct null_crypto_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct null_crypto_session));
> >  }
> >
> >  static struct rte_cryptodev_ops pmd_ops = {
> > diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> > b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> > index 7c6b1e45b4..95659e472b 100644
> > --- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> > +++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
> > @@ -49,7 +49,6 @@ struct cpt_instance {
> >  	uint32_t queue_id;
> >  	uintptr_t rsvd;
> >  	struct rte_mempool *sess_mp;
> > -	struct rte_mempool *sess_mp_priv;
> >  	struct cpt_qp_meta_info meta_info;
> >  	uint8_t ca_enabled;
> >  };
> > diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> > b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> > index 9e8fd495cf..abd0963be0 100644
> > --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> > +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> > @@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
> >
> >  	instance->queue_id = que_pair_id;
> >  	instance->sess_mp = qp_conf->mp_session;
> > -	instance->sess_mp_priv = qp_conf->mp_session_private;
> >  	dev->data->queue_pairs[que_pair_id] = instance;
> >
> >  	return 0;
> > @@ -243,29 +242,22 @@ sym_xform_verify(struct rte_crypto_sym_xform
> > *xform)
> >  }
> >
> >  static int
> > -sym_session_configure(int driver_id, struct rte_crypto_sym_xform
> *xform,
> > -		      struct rte_cryptodev_sym_session *sess,
> > -		      struct rte_mempool *pool)
> > +sym_session_configure(struct rte_crypto_sym_xform *xform,
> > +		      void *sess)
> >  {
> >  	struct rte_crypto_sym_xform *temp_xform = xform;
> >  	struct cpt_sess_misc *misc;
> >  	vq_cmd_word3_t vq_cmd_w3;
> > -	void *priv;
> >  	int ret;
> >
> >  	ret = sym_xform_verify(xform);
> >  	if (unlikely(ret))
> >  		return ret;
> >
> > -	if (unlikely(rte_mempool_get(pool, &priv))) {
> > -		CPT_LOG_ERR("Could not allocate session private data");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	memset(priv, 0, sizeof(struct cpt_sess_misc) +
> > +	memset(sess, 0, sizeof(struct cpt_sess_misc) +
> >  			offsetof(struct cpt_ctx, mc_ctx));
> >
> > -	misc = priv;
> > +	misc = sess;
> >
> >  	for ( ; xform != NULL; xform = xform->next) {
> >  		switch (xform->type) {
> > @@ -301,8 +293,6 @@ sym_session_configure(int driver_id, struct
> > rte_crypto_sym_xform *xform,
> >  		goto priv_put;
> >  	}
> >
> > -	set_sym_session_private_data(sess, driver_id, priv);
> > -
> >  	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
> >  			     sizeof(struct cpt_sess_misc);
> >
> > @@ -316,56 +306,46 @@ sym_session_configure(int driver_id, struct
> > rte_crypto_sym_xform *xform,
> >  	return 0;
> >
> >  priv_put:
> > -	if (priv)
> > -		rte_mempool_put(pool, priv);
> >  	return -ENOTSUP;
> >  }
> >
> >  static void
> > -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> > +sym_session_clear(void *sess)
> >  {
> > -	void *priv = get_sym_session_private_data(sess, driver_id);
> >  	struct cpt_sess_misc *misc;
> > -	struct rte_mempool *pool;
> >  	struct cpt_ctx *ctx;
> >
> > -	if (priv == NULL)
> > +	if (sess == NULL)
> >  		return;
> >
> > -	misc = priv;
> > +	misc = sess;
> >  	ctx = SESS_PRIV(misc);
> >
> >  	if (ctx->auth_key != NULL)
> >  		rte_free(ctx->auth_key);
> >
> > -	memset(priv, 0, cpt_get_session_size());
> > -
> > -	pool = rte_mempool_from_obj(priv);
> > -
> > -	set_sym_session_private_data(sess, driver_id, NULL);
> > -
> > -	rte_mempool_put(pool, priv);
> > +	memset(sess, 0, cpt_get_session_size());
> >  }
> >
> >  static int
> >  otx_cpt_session_cfg(struct rte_cryptodev *dev,
> >  		    struct rte_crypto_sym_xform *xform,
> > -		    struct rte_cryptodev_sym_session *sess,
> > -		    struct rte_mempool *pool)
> > +		    void *sess)
> >  {
> >  	CPT_PMD_INIT_FUNC_TRACE();
> > +	RTE_SET_USED(dev);
> >
> > -	return sym_session_configure(dev->driver_id, xform, sess, pool);
> > +	return sym_session_configure(xform, sess);
> >  }
> >
> >
> >  static void
> > -otx_cpt_session_clear(struct rte_cryptodev *dev,
> > -		  struct rte_cryptodev_sym_session *sess)
> > +otx_cpt_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> >  	CPT_PMD_INIT_FUNC_TRACE();
> > +	RTE_SET_USED(dev);
> >
> > -	return sym_session_clear(dev->driver_id, sess);
> > +	return sym_session_clear(sess);
> >  }
> >
> >  static unsigned int
> > @@ -576,7 +556,6 @@ static __rte_always_inline void * __rte_hot
> >  otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
> >  				struct rte_crypto_op *op)
> >  {
> > -	const int driver_id = otx_cryptodev_driver_id;
> >  	struct rte_crypto_sym_op *sym_op = op->sym;
> >  	struct rte_cryptodev_sym_session *sess;
> >  	void *req;
> > @@ -589,8 +568,12 @@ otx_cpt_enq_single_sym_sessless(struct
> > cpt_instance *instance,
> >  		return NULL;
> >  	}
> >
> > -	ret = sym_session_configure(driver_id, sym_op->xform, sess,
> > -				    instance->sess_mp_priv);
> > +	sess->sess_data[otx_cryptodev_driver_id].data =
> > +			(void *)((uint8_t *)sess +
> > +			rte_cryptodev_sym_get_header_session_size() +
> > +			(otx_cryptodev_driver_id * sess->priv_sz));
> > +	ret = sym_session_configure(sym_op->xform,
> > +			sess->sess_data[otx_cryptodev_driver_id].data);
> >  	if (ret)
> >  		goto sess_put;
> >
> > @@ -604,7 +587,7 @@ otx_cpt_enq_single_sym_sessless(struct
> > cpt_instance *instance,
> >  	return req;
> >
> >  priv_put:
> > -	sym_session_clear(driver_id, sess);
> > +	sym_session_clear(sess);
> >  sess_put:
> >  	rte_mempool_put(instance->sess_mp, sess);
> >  	return NULL;
> > @@ -913,7 +896,6 @@ free_sym_session_data(const struct cpt_instance
> > *instance,
> >  	memset(cop->sym->session, 0,
> >  	       rte_cryptodev_sym_get_existing_header_session_size(
> >  		       cop->sym->session));
> > -	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
> >  	rte_mempool_put(instance->sess_mp, cop->sym->session);
> >  	cop->sym->session = NULL;
> >  }
> > diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > index 7b744cd4b4..dcfbc49996 100644
> > --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > @@ -371,29 +371,21 @@ sym_xform_verify(struct rte_crypto_sym_xform
> > *xform)
> >  }
> >
> >  static int
> > -sym_session_configure(int driver_id, struct rte_crypto_sym_xform
> *xform,
> > -		      struct rte_cryptodev_sym_session *sess,
> > -		      struct rte_mempool *pool)
> > +sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
> >  {
> >  	struct rte_crypto_sym_xform *temp_xform = xform;
> >  	struct cpt_sess_misc *misc;
> >  	vq_cmd_word3_t vq_cmd_w3;
> > -	void *priv;
> >  	int ret;
> >
> >  	ret = sym_xform_verify(xform);
> >  	if (unlikely(ret))
> >  		return ret;
> >
> > -	if (unlikely(rte_mempool_get(pool, &priv))) {
> > -		CPT_LOG_ERR("Could not allocate session private data");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	memset(priv, 0, sizeof(struct cpt_sess_misc) +
> > +	memset(sess, 0, sizeof(struct cpt_sess_misc) +
> >  			offsetof(struct cpt_ctx, mc_ctx));
> >
> > -	misc = priv;
> > +	misc = sess;
> >
> >  	for ( ; xform != NULL; xform = xform->next) {
> >  		switch (xform->type) {
> > @@ -414,7 +406,7 @@ sym_session_configure(int driver_id, struct
> > rte_crypto_sym_xform *xform,
> >  		}
> >
> >  		if (ret)
> > -			goto priv_put;
> > +			return -ENOTSUP;
> >  	}
> >
> >  	if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
> > @@ -425,12 +417,9 @@ sym_session_configure(int driver_id, struct
> > rte_crypto_sym_xform *xform,
> >  			rte_free(ctx->auth_key);
> >  			ctx->auth_key = NULL;
> >  		}
> > -		ret = -ENOTSUP;
> > -		goto priv_put;
> > +		return -ENOTSUP;
> >  	}
> >
> > -	set_sym_session_private_data(sess, driver_id, misc);
> > -
> >  	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
> >  			     sizeof(struct cpt_sess_misc);
> >
> > @@ -451,11 +440,6 @@ sym_session_configure(int driver_id, struct
> > rte_crypto_sym_xform *xform,
> >  	misc->cpt_inst_w7 = vq_cmd_w3.u64;
> >
> >  	return 0;
> > -
> > -priv_put:
> > -	rte_mempool_put(pool, priv);
> > -
> > -	return -ENOTSUP;
> >  }
> >
> >  static __rte_always_inline int32_t __rte_hot
> > @@ -765,7 +749,6 @@ otx2_cpt_enqueue_sym_sessless(struct
> otx2_cpt_qp
> > *qp, struct rte_crypto_op *op,
> >  			      struct pending_queue *pend_q,
> >  			      unsigned int burst_index)
> >  {
> > -	const int driver_id = otx2_cryptodev_driver_id;
> >  	struct rte_crypto_sym_op *sym_op = op->sym;
> >  	struct rte_cryptodev_sym_session *sess;
> >  	int ret;
> > @@ -775,8 +758,12 @@ otx2_cpt_enqueue_sym_sessless(struct
> > otx2_cpt_qp *qp, struct rte_crypto_op *op,
> >  	if (sess == NULL)
> >  		return -ENOMEM;
> >
> > -	ret = sym_session_configure(driver_id, sym_op->xform, sess,
> > -				    qp->sess_mp_priv);
> > +	sess->sess_data[otx2_cryptodev_driver_id].data =
> > +			(void *)((uint8_t *)sess +
> > +			rte_cryptodev_sym_get_header_session_size() +
> > +			(otx2_cryptodev_driver_id * sess->priv_sz));
> > +	ret = sym_session_configure(sym_op->xform,
> > +			sess->sess_data[otx2_cryptodev_driver_id].data);
> >  	if (ret)
> >  		goto sess_put;
> >
> > @@ -790,7 +777,7 @@ otx2_cpt_enqueue_sym_sessless(struct
> otx2_cpt_qp
> > *qp, struct rte_crypto_op *op,
> >  	return 0;
> >
> >  priv_put:
> > -	sym_session_clear(driver_id, sess);
> > +	sym_session_clear(sess);
> >  sess_put:
> >  	rte_mempool_put(qp->sess_mp, sess);
> >  	return ret;
> > @@ -1035,8 +1022,7 @@ otx2_cpt_dequeue_post_process(struct
> > otx2_cpt_qp *qp, struct rte_crypto_op *cop,
> >  		}
> >
> >  		if (unlikely(cop->sess_type ==
> > RTE_CRYPTO_OP_SESSIONLESS)) {
> > -			sym_session_clear(otx2_cryptodev_driver_id,
> > -					  cop->sym->session);
> > +			sym_session_clear(cop->sym->session);
> >  			sz =
> > rte_cryptodev_sym_get_existing_header_session_size(
> >  					cop->sym->session);
> >  			memset(cop->sym->session, 0, sz);
> > @@ -1291,7 +1277,6 @@ otx2_cpt_queue_pair_setup(struct rte_cryptodev
> > *dev, uint16_t qp_id,
> >  	}
> >
> >  	qp->sess_mp = conf->mp_session;
> > -	qp->sess_mp_priv = conf->mp_session_private;
> >  	dev->data->queue_pairs[qp_id] = qp;
> >
> >  	return 0;
> > @@ -1330,21 +1315,22 @@ otx2_cpt_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
> >  			       struct rte_crypto_sym_xform *xform,
> > -			       struct rte_cryptodev_sym_session *sess,
> > -			       struct rte_mempool *pool)
> > +			       void *sess)
> >  {
> >  	CPT_PMD_INIT_FUNC_TRACE();
> > +	RTE_SET_USED(dev);
> >
> > -	return sym_session_configure(dev->driver_id, xform, sess, pool);
> > +	return sym_session_configure(xform, sess);
> >  }
> >
> >  static void
> >  otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
> > -			   struct rte_cryptodev_sym_session *sess)
> > +			   void *sess)
> >  {
> >  	CPT_PMD_INIT_FUNC_TRACE();
> > +	RTE_SET_USED(dev);
> >
> > -	return sym_session_clear(dev->driver_id, sess);
> > +	return sym_session_clear(sess);
> >  }
> >
> >  static unsigned int
> > diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> > b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> > index 01c081a216..5f63eaf7b7 100644
> > --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> > +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
> > @@ -8,29 +8,21 @@
> >  #include "cpt_pmd_logs.h"
> >
> >  static void
> > -sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
> > +sym_session_clear(void *sess)
> >  {
> > -	void *priv = get_sym_session_private_data(sess, driver_id);
> >  	struct cpt_sess_misc *misc;
> > -	struct rte_mempool *pool;
> >  	struct cpt_ctx *ctx;
> >
> > -	if (priv == NULL)
> > +	if (sess == NULL)
> >  		return;
> >
> > -	misc = priv;
> > +	misc = sess;
> >  	ctx = SESS_PRIV(misc);
> >
> >  	if (ctx->auth_key != NULL)
> >  		rte_free(ctx->auth_key);
> >
> > -	memset(priv, 0, cpt_get_session_size());
> > -
> > -	pool = rte_mempool_from_obj(priv);
> > -
> > -	set_sym_session_private_data(sess, driver_id, NULL);
> > -
> > -	rte_mempool_put(pool, priv);
> > +	memset(sess, 0, cpt_get_session_size());
> >  }
> >
> >  static __rte_always_inline uint8_t
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > index 52715f86f8..1b48a6b400 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > @@ -741,7 +741,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev,
> > uint16_t qp_id,
> >  		goto qp_setup_cleanup;
> >
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->stats, 0, sizeof(qp->stats));
> >
> > @@ -772,10 +771,8 @@ openssl_pmd_asym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  openssl_pmd_sym_session_configure(struct rte_cryptodev *dev
> > __rte_unused,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	if (unlikely(sess == NULL)) {
> > @@ -783,24 +780,12 @@ openssl_pmd_sym_session_configure(struct
> > rte_cryptodev *dev __rte_unused,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		OPENSSL_LOG(ERR,
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = openssl_set_session_parameters(sess_private_data, xform);
> > +	ret = openssl_set_session_parameters(sess, xform);
> >  	if (ret != 0) {
> >  		OPENSSL_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -			sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> > @@ -1154,19 +1139,13 @@ openssl_pmd_asym_session_configure(struct
> > rte_cryptodev *dev __rte_unused,
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		openssl_reset_session(sess_priv);
> > -		memset(sess_priv, 0, sizeof(struct openssl_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > +	if (sess) {
> > +		openssl_reset_session(sess);
> > +		memset(sess, 0, sizeof(struct openssl_session));
> >  	}
> >  }
> >
> > diff --git a/drivers/crypto/qat/qat_sym_session.c
> > b/drivers/crypto/qat/qat_sym_session.c
> > index 2a22347c7f..114bf081c1 100644
> > --- a/drivers/crypto/qat/qat_sym_session.c
> > +++ b/drivers/crypto/qat/qat_sym_session.c
> > @@ -172,21 +172,14 @@ qat_is_auth_alg_supported(enum
> > rte_crypto_auth_algorithm algo,
> >  }
> >
> >  void
> > -qat_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +qat_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
> > +	struct qat_sym_session *s = (struct qat_sym_session *)sess;
> >
> > -	if (sess_priv) {
> > +	if (sess) {
> >  		if (s->bpi_ctx)
> >  			bpi_cipher_ctx_free(s->bpi_ctx);
> >  		memset(s, 0, qat_sym_session_get_private_size(dev));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> >  	}
> >  }
> >
> > @@ -458,31 +451,17 @@ qat_sym_session_configure_cipher(struct
> > rte_cryptodev *dev,
> >  int
> >  qat_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess_private_data)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		CDEV_LOG_ERR(
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> >  	ret = qat_sym_session_set_parameters(dev, xform,
> > sess_private_data);
> >  	if (ret != 0) {
> >  		QAT_LOG(ERR,
> >  		    "Crypto QAT PMD: failed to configure session
> parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> > diff --git a/drivers/crypto/qat/qat_sym_session.h
> > b/drivers/crypto/qat/qat_sym_session.h
> > index 7fcc1d6f7b..6da29e2305 100644
> > --- a/drivers/crypto/qat/qat_sym_session.h
> > +++ b/drivers/crypto/qat/qat_sym_session.h
> > @@ -112,8 +112,7 @@ struct qat_sym_session {
> >  int
> >  qat_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool);
> > +		void *sess);
> >
> >  int
> >  qat_sym_session_set_parameters(struct rte_cryptodev *dev,
> > @@ -135,8 +134,7 @@ qat_sym_session_configure_auth(struct
> > rte_cryptodev *dev,
> >  				struct qat_sym_session *session);
> >
> >  void
> > -qat_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *session);
> > +qat_sym_session_clear(struct rte_cryptodev *dev, void *session);
> >
> >  unsigned int
> >  qat_sym_session_get_private_size(struct rte_cryptodev *dev);
> > diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> > b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> > index 465b88ade8..87260b5a22 100644
> > --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> > +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> > @@ -476,9 +476,7 @@ scheduler_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >
> >  static int
> >  scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> > -	struct rte_crypto_sym_xform *xform,
> > -	struct rte_cryptodev_sym_session *sess,
> > -	struct rte_mempool *mempool)
> > +	struct rte_crypto_sym_xform *xform, void *sess)
> >  {
> >  	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> >  	uint32_t i;
> > @@ -488,7 +486,7 @@ scheduler_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		struct scheduler_worker *worker = &sched_ctx->workers[i];
> >
> >  		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> > -					xform, mempool);
> > +					xform);
> >  		if (ret < 0) {
> >  			CR_SCHED_LOG(ERR, "unable to config sym
> session");
> >  			return ret;
> > @@ -500,8 +498,7 @@ scheduler_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> >  	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> >  	uint32_t i;
> > diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> > b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> > index 3f46014b7d..b0f8f6d86a 100644
> > --- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> > +++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
> > @@ -226,7 +226,6 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev,
> > uint16_t qp_id,
> >
> >  	qp->mgr = internals->mgr;
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> >
> > @@ -250,10 +249,8 @@ snow3g_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >  	struct snow3g_private *internals = dev->data->dev_private;
> >
> > @@ -262,43 +259,24 @@ snow3g_pmd_sym_session_configure(struct
> > rte_cryptodev *dev,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		SNOW3G_LOG(ERR,
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> >  	ret = snow3g_set_session_parameters(internals->mgr,
> > -					sess_private_data, xform);
> > +					sess, xform);
> >  	if (ret != 0) {
> >  		SNOW3G_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct snow3g_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct snow3g_session));
> >  }
> >
> >  struct rte_cryptodev_ops snow3g_pmd_ops = {
> > diff --git a/drivers/crypto/virtio/virtio_cryptodev.c
> > b/drivers/crypto/virtio/virtio_cryptodev.c
> > index 8faa39df4a..de52fec32e 100644
> > --- a/drivers/crypto/virtio/virtio_cryptodev.c
> > +++ b/drivers/crypto/virtio/virtio_cryptodev.c
> > @@ -37,11 +37,10 @@ static void virtio_crypto_dev_free_mbufs(struct
> > rte_cryptodev *dev);
> >  static unsigned int virtio_crypto_sym_get_session_private_size(
> >  		struct rte_cryptodev *dev);
> >  static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess);
> > +		void *sess);
> >  static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *session,
> > -		struct rte_mempool *mp);
> > +		void *session);
> >
> >  /*
> >   * The set of PCI devices this driver supports
> > @@ -927,7 +926,7 @@ virtio_crypto_check_sym_clear_session_paras(
> >  static void
> >  virtio_crypto_sym_clear_session(
> >  		struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +		void *sess)
> >  {
> >  	struct virtio_crypto_hw *hw;
> >  	struct virtqueue *vq;
> > @@ -1290,11 +1289,9 @@ static int
> >  virtio_crypto_check_sym_configure_session_paras(
> >  		struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sym_sess,
> > -		struct rte_mempool *mempool)
> > +		void *sym_sess)
> >  {
> > -	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
> > -		unlikely(mempool == NULL)) {
> > +	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
> >  		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
> >  		return -1;
> >  	}
> > @@ -1309,12 +1306,9 @@ static int
> >  virtio_crypto_sym_configure_session(
> >  		struct rte_cryptodev *dev,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> >  	int ret;
> > -	struct virtio_crypto_session crypto_sess;
> > -	void *session_private = &crypto_sess;
> >  	struct virtio_crypto_session *session;
> >  	struct virtio_crypto_op_ctrl_req *ctrl_req;
> >  	enum virtio_crypto_cmd_id cmd_id;
> > @@ -1326,19 +1320,13 @@ virtio_crypto_sym_configure_session(
> >  	PMD_INIT_FUNC_TRACE();
> >
> >  	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
> > -			sess, mempool);
> > +			sess);
> >  	if (ret < 0) {
> >  		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
> >  		return ret;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &session_private)) {
> > -		VIRTIO_CRYPTO_SESSION_LOG_ERR(
> > -			"Couldn't get object from session mempool");
> > -		return -ENOMEM;
> > -	}
> > -
> > -	session = (struct virtio_crypto_session *)session_private;
> > +	session = (struct virtio_crypto_session *)sess;
> >  	memset(session, 0, sizeof(struct virtio_crypto_session));
> >  	ctrl_req = &session->ctrl;
> >  	ctrl_req->header.opcode =
> > VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
> > @@ -1401,9 +1389,6 @@ virtio_crypto_sym_configure_session(
> >  		goto error_out;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		session_private);
> > -
> >  	return 0;
> >
> >  error_out:
> > diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> > b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> > index 38642d45ab..04126c8a04 100644
> > --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> > +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
> > @@ -226,7 +226,6 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev,
> > uint16_t qp_id,
> >
> >  	qp->mb_mgr = internals->mb_mgr;
> >  	qp->sess_mp = qp_conf->mp_session;
> > -	qp->sess_mp_priv = qp_conf->mp_session_private;
> >
> >  	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
> >
> > @@ -250,10 +249,8 @@ zuc_pmd_sym_session_get_size(struct
> > rte_cryptodev *dev __rte_unused)
> >  static int
> >  zuc_pmd_sym_session_configure(struct rte_cryptodev *dev
> __rte_unused,
> >  		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_mempool *mempool)
> > +		void *sess)
> >  {
> > -	void *sess_private_data;
> >  	int ret;
> >
> >  	if (unlikely(sess == NULL)) {
> > @@ -261,43 +258,23 @@ zuc_pmd_sym_session_configure(struct
> > rte_cryptodev *dev __rte_unused,
> >  		return -EINVAL;
> >  	}
> >
> > -	if (rte_mempool_get(mempool, &sess_private_data)) {
> > -		ZUC_LOG(ERR,
> > -			"Couldn't get object from session mempool");
> > -
> > -		return -ENOMEM;
> > -	}
> > -
> > -	ret = zuc_set_session_parameters(sess_private_data, xform);
> > +	ret = zuc_set_session_parameters(sess, xform);
> >  	if (ret != 0) {
> >  		ZUC_LOG(ERR, "failed configure session parameters");
> > -
> > -		/* Return session to mempool */
> > -		rte_mempool_put(mempool, sess_private_data);
> >  		return ret;
> >  	}
> >
> > -	set_sym_session_private_data(sess, dev->driver_id,
> > -		sess_private_data);
> > -
> >  	return 0;
> >  }
> >
> >  /** Clear the memory of session so it doesn't leave key material behind */
> >  static void
> > -zuc_pmd_sym_session_clear(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess)
> > +zuc_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
> >  {
> > -	uint8_t index = dev->driver_id;
> > -	void *sess_priv = get_sym_session_private_data(sess, index);
> > -
> > +	RTE_SET_USED(dev);
> >  	/* Zero out the whole structure */
> > -	if (sess_priv) {
> > -		memset(sess_priv, 0, sizeof(struct zuc_session));
> > -		struct rte_mempool *sess_mp =
> > rte_mempool_from_obj(sess_priv);
> > -		set_sym_session_private_data(sess, index, NULL);
> > -		rte_mempool_put(sess_mp, sess_priv);
> > -	}
> > +	if (sess)
> > +		memset(sess, 0, sizeof(struct zuc_session));
> >  }
> >
> >  struct rte_cryptodev_ops zuc_pmd_ops = {
> > diff --git a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> > b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> > index b33cb7e139..8522f2dfda 100644
> > --- a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> > +++ b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
> > @@ -38,8 +38,7 @@ otx2_ca_deq_post_process(const struct otx2_cpt_qp
> > *qp,
> >  		}
> >
> >  		if (unlikely(cop->sess_type ==
> > RTE_CRYPTO_OP_SESSIONLESS)) {
> > -			sym_session_clear(otx2_cryptodev_driver_id,
> > -					  cop->sym->session);
> > +			sym_session_clear(cop->sym->session);
> >  			memset(cop->sym->session, 0,
> >
> > 	rte_cryptodev_sym_get_existing_header_session_size(
> >  				cop->sym->session));
> > diff --git a/examples/fips_validation/fips_dev_self_test.c
> > b/examples/fips_validation/fips_dev_self_test.c
> > index b4eab05a98..bbc27a1b6f 100644
> > --- a/examples/fips_validation/fips_dev_self_test.c
> > +++ b/examples/fips_validation/fips_dev_self_test.c
> > @@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
> >  	struct rte_mempool *mpool;
> >  	struct rte_mempool *op_pool;
> >  	struct rte_mempool *sess_pool;
> > -	struct rte_mempool *sess_priv_pool;
> >  	struct rte_mbuf *mbuf;
> >  	struct rte_crypto_op *op;
> >  };
> > @@ -981,7 +980,7 @@ typedef int
> > (*fips_dev_self_test_prepare_xform_t)(uint8_t,
> >  		uint32_t);
> >
> >  typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
> > -		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
> > +		struct rte_mbuf *, void *,
> >  		uint32_t, struct fips_dev_self_test_vector *);
> >
> >  typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
> > @@ -1173,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
> >  static int
> >  prepare_cipher_op(struct rte_crypto_op *op,
> >  		struct rte_mbuf *mbuf,
> > -		struct rte_cryptodev_sym_session *session,
> > +		void *session,
> >  		uint32_t dir,
> >  		struct fips_dev_self_test_vector *vec)
> >  {
> > @@ -1212,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
> >  static int
> >  prepare_auth_op(struct rte_crypto_op *op,
> >  		struct rte_mbuf *mbuf,
> > -		struct rte_cryptodev_sym_session *session,
> > +		void *session,
> >  		uint32_t dir,
> >  		struct fips_dev_self_test_vector *vec)
> >  {
> > @@ -1251,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
> >  static int
> >  prepare_aead_op(struct rte_crypto_op *op,
> >  		struct rte_mbuf *mbuf,
> > -		struct rte_cryptodev_sym_session *session,
> > +		void *session,
> >  		uint32_t dir,
> >  		struct fips_dev_self_test_vector *vec)
> >  {
> > @@ -1464,7 +1463,7 @@ run_single_test(uint8_t dev_id,
> >  		uint32_t negative_test)
> >  {
> >  	struct rte_crypto_sym_xform xform;
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >  	uint16_t n_deqd;
> >  	uint8_t key[256];
> >  	int ret;
> > @@ -1484,8 +1483,7 @@ run_single_test(uint8_t dev_id,
> >  	if (!sess)
> >  		return -ENOMEM;
> >
> > -	ret = rte_cryptodev_sym_session_init(dev_id,
> > -			sess, &xform, env->sess_priv_pool);
> > +	ret = rte_cryptodev_sym_session_init(dev_id, sess, &xform);
> >  	if (ret < 0) {
> >  		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
> >  		return ret;
> > @@ -1533,8 +1531,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
> >  		rte_mempool_free(env->op_pool);
> >  	if (env->sess_pool)
> >  		rte_mempool_free(env->sess_pool);
> > -	if (env->sess_priv_pool)
> > -		rte_mempool_free(env->sess_priv_pool);
> >
> >  	rte_cryptodev_stop(dev_id);
> >  }
> > @@ -1542,7 +1538,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
> >  static int
> >  fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env
> > *env)
> >  {
> > -	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
> > +	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
> >  	uint32_t sess_sz =
> > rte_cryptodev_sym_get_private_session_size(dev_id);
> >  	struct rte_cryptodev_config conf;
> >  	char name[128];
> > @@ -1586,25 +1582,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct
> > fips_dev_auto_test_env *env)
> >  	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
> >
> >  	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
> > -			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
> > +			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
> >  	if (!env->sess_pool) {
> >  		ret = -ENOMEM;
> >  		goto error_exit;
> >  	}
> >
> > -	memset(name, 0, 128);
> > -	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
> > -
> > -	env->sess_priv_pool = rte_mempool_create(name,
> > -			128, sess_sz, 0, 0, NULL, NULL, NULL,
> > -			NULL, rte_cryptodev_socket_id(dev_id), 0);
> > -	if (!env->sess_priv_pool) {
> > -		ret = -ENOMEM;
> > -		goto error_exit;
> > -	}
> > -
> >  	qp_conf.mp_session = env->sess_pool;
> > -	qp_conf.mp_session_private = env->sess_priv_pool;
> >
> >  	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
> >  			rte_cryptodev_socket_id(dev_id));
> > diff --git a/examples/fips_validation/main.c
> > b/examples/fips_validation/main.c
> > index a8daad1f48..03c6ccb5b8 100644
> > --- a/examples/fips_validation/main.c
> > +++ b/examples/fips_validation/main.c
> > @@ -48,13 +48,12 @@ struct cryptodev_fips_validate_env {
> >  	uint16_t mbuf_data_room;
> >  	struct rte_mempool *mpool;
> >  	struct rte_mempool *sess_mpool;
> > -	struct rte_mempool *sess_priv_mpool;
> >  	struct rte_mempool *op_pool;
> >  	struct rte_mbuf *mbuf;
> >  	uint8_t *digest;
> >  	uint16_t digest_len;
> >  	struct rte_crypto_op *op;
> > -	struct rte_cryptodev_sym_session *sess;
> > +	void *sess;
> >  	uint16_t self_test;
> >  	struct fips_dev_broken_test_config *broken_test_config;
> >  } env;
> > @@ -63,7 +62,7 @@ static int
> >  cryptodev_fips_validate_app_int(void)
> >  {
> >  	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
> > -	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
> > +	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
> >  	struct rte_cryptodev_info dev_info;
> >  	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
> >  			env.dev_id);
> > @@ -103,16 +102,11 @@ cryptodev_fips_validate_app_int(void)
> >  	ret = -ENOMEM;
> >
> >  	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
> > -			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
> > +			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
> > +			rte_socket_id());
> >  	if (!env.sess_mpool)
> >  		goto error_exit;
> >
> > -	env.sess_priv_mpool =
> > rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
> > -			16, sess_sz, 0, 0, NULL, NULL, NULL,
> > -			NULL, rte_socket_id(), 0);
> > -	if (!env.sess_priv_mpool)
> > -		goto error_exit;
> > -
> >  	env.op_pool = rte_crypto_op_pool_create(
> >  			"FIPS_OP_POOL",
> >  			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > @@ -127,7 +121,6 @@ cryptodev_fips_validate_app_int(void)
> >  		goto error_exit;
> >
> >  	qp_conf.mp_session = env.sess_mpool;
> > -	qp_conf.mp_session_private = env.sess_priv_mpool;
> >
> >  	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
> >  			rte_socket_id());
> > @@ -141,8 +134,6 @@ cryptodev_fips_validate_app_int(void)
> >  	rte_mempool_free(env.mpool);
> >  	if (env.sess_mpool)
> >  		rte_mempool_free(env.sess_mpool);
> > -	if (env.sess_priv_mpool)
> > -		rte_mempool_free(env.sess_priv_mpool);
> >  	if (env.op_pool)
> >  		rte_mempool_free(env.op_pool);
> >
> > @@ -158,7 +149,6 @@ cryptodev_fips_validate_app_uninit(void)
> >  	rte_cryptodev_sym_session_free(env.sess);
> >  	rte_mempool_free(env.mpool);
> >  	rte_mempool_free(env.sess_mpool);
> > -	rte_mempool_free(env.sess_priv_mpool);
> >  	rte_mempool_free(env.op_pool);
> >  }
> >
> > @@ -1179,7 +1169,7 @@ fips_run_test(void)
> >  		return -ENOMEM;
> >
> >  	ret = rte_cryptodev_sym_session_init(env.dev_id,
> > -			env.sess, &xform, env.sess_priv_mpool);
> > +			env.sess, &xform);
> >  	if (ret < 0) {
> >  		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
> >  				ret);
> > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> > secgw/ipsec-secgw.c
> > index 7ad94cb822..65528ee2e7 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -1216,15 +1216,11 @@ ipsec_poll_mode_worker(void)
> >  	qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
> >  	qconf->inbound.cdev_map = cdev_map_in;
> >  	qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
> > -	qconf->inbound.session_priv_pool =
> > -			socket_ctx[socket_id].session_priv_pool;
> >  	qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
> >  	qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
> >  	qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
> >  	qconf->outbound.cdev_map = cdev_map_out;
> >  	qconf->outbound.session_pool =
> > socket_ctx[socket_id].session_pool;
> > -	qconf->outbound.session_priv_pool =
> > -			socket_ctx[socket_id].session_priv_pool;
> >  	qconf->frag.pool_dir = socket_ctx[socket_id].mbuf_pool;
> >  	qconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;
> >
> > @@ -2142,8 +2138,6 @@ cryptodevs_init(uint16_t req_queue_num)
> >  		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
> >  		qp_conf.mp_session =
> >  			socket_ctx[dev_conf.socket_id].session_pool;
> > -		qp_conf.mp_session_private =
> > -			socket_ctx[dev_conf.socket_id].session_priv_pool;
> >  		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
> >  			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
> >  					&qp_conf, dev_conf.socket_id))
> > @@ -2405,37 +2399,37 @@ session_pool_init(struct socket_ctx *ctx,
> int32_t
> > socket_id, size_t sess_sz)
> >  		printf("Allocated session pool on socket %d\n",
> > 	socket_id);
> >  }
> >
> > -static void
> > -session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
> > -	size_t sess_sz)
> > -{
> > -	char mp_name[RTE_MEMPOOL_NAMESIZE];
> > -	struct rte_mempool *sess_mp;
> > -	uint32_t nb_sess;
> > -
> > -	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> > -			"sess_mp_priv_%u", socket_id);
> > -	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> > -		rte_lcore_count());
> > -	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
> > -			CDEV_MP_CACHE_MULTIPLIER);
> > -	sess_mp = rte_mempool_create(mp_name,
> > -			nb_sess,
> > -			sess_sz,
> > -			CDEV_MP_CACHE_SZ,
> > -			0, NULL, NULL, NULL,
> > -			NULL, socket_id,
> > -			0);
> > -	ctx->session_priv_pool = sess_mp;
> > -
> > -	if (ctx->session_priv_pool == NULL)
> > -		rte_exit(EXIT_FAILURE,
> > -			"Cannot init session priv pool on socket %d\n",
> > -			socket_id);
> > -	else
> > -		printf("Allocated session priv pool on socket %d\n",
> > -			socket_id);
> > -}
> > +//static void
> > +//session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
> > +//	size_t sess_sz)
> > +//{
> > +//	char mp_name[RTE_MEMPOOL_NAMESIZE];
> > +//	struct rte_mempool *sess_mp;
> > +//	uint32_t nb_sess;
> > +//
> > +//	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> > +//			"sess_mp_priv_%u", socket_id);
> > +//	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> > +//		rte_lcore_count());
> > +//	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
> > +//			CDEV_MP_CACHE_MULTIPLIER);
> > +//	sess_mp = rte_mempool_create(mp_name,
> > +//			nb_sess,
> > +//			sess_sz,
> > +//			CDEV_MP_CACHE_SZ,
> > +//			0, NULL, NULL, NULL,
> > +//			NULL, socket_id,
> > +//			0);
> > +//	ctx->session_priv_pool = sess_mp;
> > +//
> > +//	if (ctx->session_priv_pool == NULL)
> > +//		rte_exit(EXIT_FAILURE,
> > +//			"Cannot init session priv pool on socket %d\n",
> > +//			socket_id);
> > +//	else
> > +//		printf("Allocated session priv pool on socket %d\n",
> > +//			socket_id);
> > +//}
> >
> >  static void
> >  pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
> > @@ -2938,8 +2932,8 @@ main(int32_t argc, char **argv)
> >
> >  		pool_init(&socket_ctx[socket_id], socket_id,
> > nb_bufs_in_pool);
> >  		session_pool_init(&socket_ctx[socket_id], socket_id,
> > sess_sz);
> > -		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
> > -			sess_sz);
> > +//		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
> > +//			sess_sz);
> >  	}
> >  	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
> >
> > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> > index 03d907cba8..a5921de11c 100644
> > --- a/examples/ipsec-secgw/ipsec.c
> > +++ b/examples/ipsec-secgw/ipsec.c
> > @@ -143,8 +143,7 @@ create_lookaside_session(struct ipsec_ctx
> *ipsec_ctx,
> > struct ipsec_sa *sa,
> >  		ips->crypto.ses = rte_cryptodev_sym_session_create(
> >  				ipsec_ctx->session_pool);
> >  		rte_cryptodev_sym_session_init(ipsec_ctx-
> > >tbl[cdev_id_qp].id,
> > -				ips->crypto.ses, sa->xforms,
> > -				ipsec_ctx->session_priv_pool);
> > +				ips->crypto.ses, sa->xforms);
> >
> >  		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
> >  				&cdev_info);
> > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> > index 8405c48171..673c64e8dc 100644
> > --- a/examples/ipsec-secgw/ipsec.h
> > +++ b/examples/ipsec-secgw/ipsec.h
> > @@ -243,7 +243,6 @@ struct socket_ctx {
> >  	struct rte_mempool *mbuf_pool;
> >  	struct rte_mempool *mbuf_pool_indir;
> >  	struct rte_mempool *session_pool;
> > -	struct rte_mempool *session_priv_pool;
> >  };
> >
> >  struct cnt_blk {
> > diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-
> > secgw/ipsec_worker.c
> > index c545497cee..04bcce49db 100644
> > --- a/examples/ipsec-secgw/ipsec_worker.c
> > +++ b/examples/ipsec-secgw/ipsec_worker.c
> > @@ -537,14 +537,10 @@
> ipsec_wrkr_non_burst_int_port_app_mode(struct
> > eh_event_link_info *links,
> >  	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
> >  	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
> >  	lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
> > -	lconf.inbound.session_priv_pool =
> > -			socket_ctx[socket_id].session_priv_pool;
> >  	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
> >  	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
> >  	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
> >  	lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
> > -	lconf.outbound.session_priv_pool =
> > -			socket_ctx[socket_id].session_priv_pool;
> >
> >  	RTE_LOG(INFO, IPSEC,
> >  		"Launching event mode worker (non-burst - Tx internal port -
> > "
> > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> > index 66d1491bf7..bdc3da731c 100644
> > --- a/examples/l2fwd-crypto/main.c
> > +++ b/examples/l2fwd-crypto/main.c
> > @@ -188,7 +188,7 @@ struct l2fwd_crypto_params {
> >  	struct l2fwd_iv auth_iv;
> >  	struct l2fwd_iv aead_iv;
> >  	struct l2fwd_key aad;
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >
> >  	uint8_t do_cipher;
> >  	uint8_t do_hash;
> > @@ -229,7 +229,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
> >  struct rte_mempool *l2fwd_crypto_op_pool;
> >  static struct {
> >  	struct rte_mempool *sess_mp;
> > -	struct rte_mempool *priv_mp;
> >  } session_pool_socket[RTE_MAX_NUMA_NODES];
> >
> >  /* Per-port statistics struct */
> > @@ -671,11 +670,11 @@ generate_random_key(uint8_t *key, unsigned
> > length)
> >  }
> >
> >  /* Session is created and is later attached to the crypto operation. 8< */
> > -static struct rte_cryptodev_sym_session *
> > +static void *
> >  initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t
> > cdev_id)
> >  {
> >  	struct rte_crypto_sym_xform *first_xform;
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >  	int retval = rte_cryptodev_socket_id(cdev_id);
> >
> >  	if (retval < 0)
> > @@ -703,8 +702,7 @@ initialize_crypto_session(struct
> l2fwd_crypto_options
> > *options, uint8_t cdev_id)
> >  		return NULL;
> >
> >  	if (rte_cryptodev_sym_session_init(cdev_id, session,
> > -				first_xform,
> > -				session_pool_socket[socket_id].priv_mp) < 0)
> > +				first_xform) < 0)
> >  		return NULL;
> >
> >  	return session;
> > @@ -730,7 +728,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options
> > *options)
> >  			US_PER_S * BURST_TX_DRAIN_US;
> >  	struct l2fwd_crypto_params *cparams;
> >  	struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >
> >  	if (qconf->nb_rx_ports == 0) {
> >  		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n",
> > lcore_id);
> > @@ -2388,30 +2386,6 @@ initialize_cryptodevs(struct
> l2fwd_crypto_options
> > *options, unsigned nb_ports,
> >  		} else
> >  			sessions_needed = enabled_cdev_count;
> >
> > -		if (session_pool_socket[socket_id].priv_mp == NULL) {
> > -			char mp_name[RTE_MEMPOOL_NAMESIZE];
> > -
> > -			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> > -				"priv_sess_mp_%u", socket_id);
> > -
> > -			session_pool_socket[socket_id].priv_mp =
> > -					rte_mempool_create(mp_name,
> > -						sessions_needed,
> > -						max_sess_sz,
> > -						0, 0, NULL, NULL, NULL,
> > -						NULL, socket_id,
> > -						0);
> > -
> > -			if (session_pool_socket[socket_id].priv_mp == NULL)
> > {
> > -				printf("Cannot create pool on socket %d\n",
> > -					socket_id);
> > -				return -ENOMEM;
> > -			}
> > -
> > -			printf("Allocated pool \"%s\" on socket %d\n",
> > -				mp_name, socket_id);
> > -		}
> > -
> >  		if (session_pool_socket[socket_id].sess_mp == NULL) {
> >  			char mp_name[RTE_MEMPOOL_NAMESIZE];
> >  			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> > @@ -2421,7 +2395,8 @@ initialize_cryptodevs(struct
> l2fwd_crypto_options
> > *options, unsigned nb_ports,
> >
> > 	rte_cryptodev_sym_session_pool_create(
> >  							mp_name,
> >  							sessions_needed,
> > -							0, 0, 0, socket_id);
> > +							max_sess_sz,
> > +							0, 0, socket_id);
> >
> >  			if (session_pool_socket[socket_id].sess_mp == NULL)
> > {
> >  				printf("Cannot create pool on socket %d\n",
> > @@ -2573,8 +2548,6 @@ initialize_cryptodevs(struct
> l2fwd_crypto_options
> > *options, unsigned nb_ports,
> >
> >  		qp_conf.nb_descriptors = 2048;
> >  		qp_conf.mp_session =
> > session_pool_socket[socket_id].sess_mp;
> > -		qp_conf.mp_session_private =
> > -				session_pool_socket[socket_id].priv_mp;
> >
> >  		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0,
> > &qp_conf,
> >  				socket_id);
> > diff --git a/examples/vhost_crypto/main.c
> b/examples/vhost_crypto/main.c
> > index dea7dcbd07..cbb97aaf76 100644
> > --- a/examples/vhost_crypto/main.c
> > +++ b/examples/vhost_crypto/main.c
> > @@ -46,7 +46,6 @@ struct vhost_crypto_info {
> >  	int vids[MAX_NB_SOCKETS];
> >  	uint32_t nb_vids;
> >  	struct rte_mempool *sess_pool;
> > -	struct rte_mempool *sess_priv_pool;
> >  	struct rte_mempool *cop_pool;
> >  	uint8_t cid;
> >  	uint32_t qid;
> > @@ -304,7 +303,6 @@ new_device(int vid)
> >  	}
> >
> >  	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
> > -			info->sess_priv_pool,
> >  			rte_lcore_to_socket_id(options.los[i].lcore_id));
> >  	if (ret) {
> >  		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
> > @@ -458,7 +456,6 @@ free_resource(void)
> >
> >  		rte_mempool_free(info->cop_pool);
> >  		rte_mempool_free(info->sess_pool);
> > -		rte_mempool_free(info->sess_priv_pool);
> >
> >  		for (j = 0; j < lo->nb_sockets; j++) {
> >  			rte_vhost_driver_unregister(lo->socket_files[i]);
> > @@ -544,16 +541,12 @@ main(int argc, char *argv[])
> >
> >  		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
> >  		info->sess_pool =
> > rte_cryptodev_sym_session_pool_create(name,
> > -				SESSION_MAP_ENTRIES, 0, 0, 0,
> > -				rte_lcore_to_socket_id(lo->lcore_id));
> > -
> > -		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
> > -		info->sess_priv_pool = rte_mempool_create(name,
> >  				SESSION_MAP_ENTRIES,
> >
> > 	rte_cryptodev_sym_get_private_session_size(
> > -				info->cid), 64, 0, NULL, NULL, NULL, NULL,
> > -				rte_lcore_to_socket_id(lo->lcore_id), 0);
> > -		if (!info->sess_priv_pool || !info->sess_pool) {
> > +					info->cid), 0, 0,
> > +				rte_lcore_to_socket_id(lo->lcore_id));
> > +
> > +		if (!info->sess_pool) {
> >  			RTE_LOG(ERR, USER1, "Failed to create mempool");
> >  			goto error_exit;
> >  		}
> > @@ -574,7 +567,6 @@ main(int argc, char *argv[])
> >
> >  		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
> >  		qp_conf.mp_session = info->sess_pool;
> > -		qp_conf.mp_session_private = info->sess_priv_pool;
> >
> >  		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
> >  			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
> > diff --git a/lib/cryptodev/cryptodev_pmd.h
> > b/lib/cryptodev/cryptodev_pmd.h
> > index ae3aac59ae..d758b3b85d 100644
> > --- a/lib/cryptodev/cryptodev_pmd.h
> > +++ b/lib/cryptodev/cryptodev_pmd.h
> > @@ -242,7 +242,6 @@ typedef unsigned int
> > (*cryptodev_asym_get_session_private_size_t)(
> >   * @param	dev		Crypto device pointer
> >   * @param	xform		Single or chain of crypto xforms
> >   * @param	session		Pointer to cryptodev's private session
> > structure
> > - * @param	mp		Mempool where the private session is
> > allocated
> >   *
> >   * @return
> >   *  - Returns 0 if private session structure have been created successfully.
> > @@ -251,9 +250,7 @@ typedef unsigned int
> > (*cryptodev_asym_get_session_private_size_t)(
> >   *  - Returns -ENOMEM if the private session could not be allocated.
> >   */
> >  typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev
> > *dev,
> > -		struct rte_crypto_sym_xform *xform,
> > -		struct rte_cryptodev_sym_session *session,
> > -		struct rte_mempool *mp);
> > +		struct rte_crypto_sym_xform *xform, void *session);
> >  /**
> >   * Configure a Crypto asymmetric session on a device.
> >   *
> > @@ -279,7 +276,7 @@ typedef int
> > (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
> >   * @param	sess		Cryptodev session structure
> >   */
> >  typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
> > -		struct rte_cryptodev_sym_session *sess);
> > +		void *sess);
> >  /**
> >   * Free asymmetric session private data.
> >   *
> > diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
> > index a864f5036f..200617f623 100644
> > --- a/lib/cryptodev/rte_crypto.h
> > +++ b/lib/cryptodev/rte_crypto.h
> > @@ -420,7 +420,7 @@ rte_crypto_op_sym_xforms_alloc(struct
> > rte_crypto_op *op, uint8_t nb_xforms)
> >   */
> >  static inline int
> >  rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
> > -		struct rte_cryptodev_sym_session *sess)
> > +		void *sess)
> >  {
> >  	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
> >  		return -1;
> > diff --git a/lib/cryptodev/rte_crypto_sym.h
> > b/lib/cryptodev/rte_crypto_sym.h
> > index 58c0724743..848da1942c 100644
> > --- a/lib/cryptodev/rte_crypto_sym.h
> > +++ b/lib/cryptodev/rte_crypto_sym.h
> > @@ -932,7 +932,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct
> > rte_crypto_sym_op *sym_op,
> >   */
> >  static inline int
> >  __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op
> > *sym_op,
> > -		struct rte_cryptodev_sym_session *sess)
> > +		void *sess)
> >  {
> >  	sym_op->session = sess;
> >
> > diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> > index 9fa3aff1d3..a31cae202a 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -199,6 +199,8 @@ struct
> > rte_cryptodev_sym_session_pool_private_data {
> >  	/**< number of elements in sess_data array */
> >  	uint16_t user_data_sz;
> >  	/**< session user data will be placed after sess_data */
> > +	uint16_t sess_priv_sz;
> > +	/**< session user data will be placed after sess_data */
> >  };
> >
> >  int
> > @@ -1223,8 +1225,7 @@ rte_cryptodev_queue_pair_setup(uint8_t
> dev_id,
> > uint16_t queue_pair_id,
> >  		return -EINVAL;
> >  	}
> >
> > -	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
> > -			(!qp_conf->mp_session && qp_conf-
> > >mp_session_private)) {
> > +	if (!qp_conf->mp_session) {
> >  		CDEV_LOG_ERR("Invalid mempools\n");
> >  		return -EINVAL;
> >  	}
> > @@ -1232,7 +1233,6 @@ rte_cryptodev_queue_pair_setup(uint8_t
> dev_id,
> > uint16_t queue_pair_id,
> >  	if (qp_conf->mp_session) {
> >  		struct rte_cryptodev_sym_session_pool_private_data
> > *pool_priv;
> >  		uint32_t obj_size = qp_conf->mp_session->elt_size;
> > -		uint32_t obj_priv_size = qp_conf->mp_session_private-
> > >elt_size;
> >  		struct rte_cryptodev_sym_session s = {0};
> >
> >  		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
> > @@ -1244,11 +1244,11 @@ rte_cryptodev_queue_pair_setup(uint8_t
> > dev_id, uint16_t queue_pair_id,
> >
> >  		s.nb_drivers = pool_priv->nb_drivers;
> >  		s.user_data_sz = pool_priv->user_data_sz;
> > +		s.priv_sz = pool_priv->sess_priv_sz;
> >
> > -		if
> > ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
> > -			obj_size) || (s.nb_drivers <= dev->driver_id) ||
> > -
> > 	rte_cryptodev_sym_get_private_session_size(dev_id) >
> > -				obj_priv_size) {
> > +		if
> > (((rte_cryptodev_sym_get_existing_header_session_size(&s) +
> > +				(s.nb_drivers * s.priv_sz)) > obj_size) ||
> > +				(s.nb_drivers <= dev->driver_id)) {
> >  			CDEV_LOG_ERR("Invalid mempool\n");
> >  			return -EINVAL;
> >  		}
> > @@ -1710,11 +1710,11 @@ rte_cryptodev_pmd_callback_process(struct
> > rte_cryptodev *dev,
> >
> >  int
> >  rte_cryptodev_sym_session_init(uint8_t dev_id,
> > -		struct rte_cryptodev_sym_session *sess,
> > -		struct rte_crypto_sym_xform *xforms,
> > -		struct rte_mempool *mp)
> > +		void *sess_opaque,
> > +		struct rte_crypto_sym_xform *xforms)
> >  {
> >  	struct rte_cryptodev *dev;
> > +	struct rte_cryptodev_sym_session *sess = sess_opaque;
> >  	uint32_t sess_priv_sz =
> > rte_cryptodev_sym_get_private_session_size(
> >  			dev_id);
> >  	uint8_t index;
> > @@ -1727,10 +1727,10 @@ rte_cryptodev_sym_session_init(uint8_t
> dev_id,
> >
> >  	dev = rte_cryptodev_pmd_get_dev(dev_id);
> >
> > -	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
> > +	if (sess == NULL || xforms == NULL || dev == NULL)
> >  		return -EINVAL;
> >
> > -	if (mp->elt_size < sess_priv_sz)
> > +	if (sess->priv_sz < sess_priv_sz)
> >  		return -EINVAL;
> >
> >  	index = dev->driver_id;
> > @@ -1740,8 +1740,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
> >  	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops-
> > >sym_session_configure, -ENOTSUP);
> >
> >  	if (sess->sess_data[index].refcnt == 0) {
> > +		sess->sess_data[index].data = (void *)((uint8_t *)sess +
> > +
> > 	rte_cryptodev_sym_get_header_session_size() +
> > +				(index * sess->priv_sz));
> >  		ret = dev->dev_ops->sym_session_configure(dev, xforms,
> > -							sess, mp);
> > +				sess->sess_data[index].data);
> >  		if (ret < 0) {
> >  			CDEV_LOG_ERR(
> >  				"dev_id %d failed to configure session
> > details",
> > @@ -1750,7 +1753,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
> >  		}
> >  	}
> >
> > -	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
> > +	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms);
> >  	sess->sess_data[index].refcnt++;
> >  	return 0;
> >  }
> > @@ -1795,6 +1798,21 @@ rte_cryptodev_asym_session_init(uint8_t
> dev_id,
> >  	rte_cryptodev_trace_asym_session_init(dev_id, sess, xforms, mp);
> >  	return 0;
> >  }
> > +static size_t
> > +get_max_sym_sess_priv_sz(void)
> > +{
> > +	size_t max_sz, sz;
> > +	int16_t cdev_id, n;
> > +
> > +	max_sz = 0;
> > +	n =  rte_cryptodev_count();
> > +	for (cdev_id = 0; cdev_id != n; cdev_id++) {
> > +		sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
> > +		if (sz > max_sz)
> > +			max_sz = sz;
> > +	}
> > +	return max_sz;
> > +}
> >
> >  struct rte_mempool *
> >  rte_cryptodev_sym_session_pool_create(const char *name, uint32_t
> > nb_elts,
> > @@ -1804,15 +1822,15 @@
> rte_cryptodev_sym_session_pool_create(const
> > char *name, uint32_t nb_elts,
> >  	struct rte_mempool *mp;
> >  	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
> >  	uint32_t obj_sz;
> > +	uint32_t sess_priv_sz = get_max_sym_sess_priv_sz();
> >
> >  	obj_sz = rte_cryptodev_sym_get_header_session_size() +
> > user_data_size;
> > -	if (obj_sz > elt_size)
> > +	if (elt_size < obj_sz + (sess_priv_sz * nb_drivers)) {
> >  		CDEV_LOG_INFO("elt_size %u is expanded to %u\n",
> > elt_size,
> > -				obj_sz);
> > -	else
> > -		obj_sz = elt_size;
> > -
> > -	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
> > +				obj_sz + (sess_priv_sz * nb_drivers));
> > +		elt_size = obj_sz + (sess_priv_sz * nb_drivers);
> > +	}
> > +	mp = rte_mempool_create(name, nb_elts, elt_size, cache_size,
> >  			(uint32_t)(sizeof(*pool_priv)),
> >  			NULL, NULL, NULL, NULL,
> >  			socket_id, 0);
> > @@ -1832,6 +1850,7 @@ rte_cryptodev_sym_session_pool_create(const
> > char *name, uint32_t nb_elts,
> >
> >  	pool_priv->nb_drivers = nb_drivers;
> >  	pool_priv->user_data_sz = user_data_size;
> > +	pool_priv->sess_priv_sz = sess_priv_sz;
> >
> >  	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
> >  		elt_size, cache_size, user_data_size, mp);
> > @@ -1865,7 +1884,7 @@ rte_cryptodev_sym_is_valid_session_pool(struct
> > rte_mempool *mp)
> >  	return 1;
> >  }
> >
> > -struct rte_cryptodev_sym_session *
> > +void *
> >  rte_cryptodev_sym_session_create(struct rte_mempool *mp)
> >  {
> >  	struct rte_cryptodev_sym_session *sess;
> > @@ -1886,6 +1905,7 @@ rte_cryptodev_sym_session_create(struct
> > rte_mempool *mp)
> >
> >  	sess->nb_drivers = pool_priv->nb_drivers;
> >  	sess->user_data_sz = pool_priv->user_data_sz;
> > +	sess->priv_sz = pool_priv->sess_priv_sz;
> >  	sess->opaque_data = 0;
> >
> >  	/* Clear device session pointer.
> > @@ -1895,7 +1915,7 @@ rte_cryptodev_sym_session_create(struct
> > rte_mempool *mp)
> >  			rte_cryptodev_sym_session_data_size(sess));
> >
> >  	rte_cryptodev_trace_sym_session_create(mp, sess);
> > -	return sess;
> > +	return (void *)sess;
> >  }
> >
> >  struct rte_cryptodev_asym_session *
> > @@ -1933,9 +1953,9 @@ rte_cryptodev_asym_session_create(struct
> > rte_mempool *mp)
> >  }
> >
> >  int
> > -rte_cryptodev_sym_session_clear(uint8_t dev_id,
> > -		struct rte_cryptodev_sym_session *sess)
> > +rte_cryptodev_sym_session_clear(uint8_t dev_id, void *s)
> >  {
> > +	struct rte_cryptodev_sym_session *sess = s;
> >  	struct rte_cryptodev *dev;
> >  	uint8_t driver_id;
> >
> > @@ -1957,7 +1977,7 @@ rte_cryptodev_sym_session_clear(uint8_t
> dev_id,
> >
> >  	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear,
> > -ENOTSUP);
> >
> > -	dev->dev_ops->sym_session_clear(dev, sess);
> > +	dev->dev_ops->sym_session_clear(dev, sess-
> > >sess_data[driver_id].data);
> >
> >  	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
> >  	return 0;
> > @@ -1988,10 +2008,11 @@ rte_cryptodev_asym_session_clear(uint8_t
> > dev_id,
> >  }
> >
> >  int
> > -rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
> > +rte_cryptodev_sym_session_free(void *s)
> >  {
> >  	uint8_t i;
> >  	struct rte_mempool *sess_mp;
> > +	struct rte_cryptodev_sym_session *sess = s;
> >
> >  	if (sess == NULL)
> >  		return -EINVAL;
> > diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
> > index bb01f0f195..25af6fa7b9 100644
> > --- a/lib/cryptodev/rte_cryptodev.h
> > +++ b/lib/cryptodev/rte_cryptodev.h
> > @@ -537,8 +537,6 @@ struct rte_cryptodev_qp_conf {
> >  	uint32_t nb_descriptors; /**< Number of descriptors per queue pair
> > */
> >  	struct rte_mempool *mp_session;
> >  	/**< The mempool for creating session in sessionless mode */
> > -	struct rte_mempool *mp_session_private;
> > -	/**< The mempool for creating sess private data in sessionless mode
> > */
> >  };
> >
> >  /**
> > @@ -1126,6 +1124,8 @@ struct rte_cryptodev_sym_session {
> >  	/**< number of elements in sess_data array */
> >  	uint16_t user_data_sz;
> >  	/**< session user data will be placed after sess_data */
> > +	uint16_t priv_sz;
> > +	/**< Maximum private session data size which each driver can use */
> >  	__extension__ struct {
> >  		void *data;
> >  		uint16_t refcnt;
> > @@ -1177,10 +1177,10 @@
> rte_cryptodev_sym_session_pool_create(const
> > char *name, uint32_t nb_elts,
> >   * @param   mempool    Symmetric session mempool to allocate session
> >   *                     objects from
> >   * @return
> > - *  - On success return pointer to sym-session
> > + *  - On success return opaque pointer to sym-session
> >   *  - On failure returns NULL
> >   */
> > -struct rte_cryptodev_sym_session *
> > +void *
> >  rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
> >
> >  /**
> > @@ -1209,7 +1209,7 @@ rte_cryptodev_asym_session_create(struct
> > rte_mempool *mempool);
> >   *  - -EBUSY if not all device private data has been freed.
> >   */
> >  int
> > -rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session
> > *sess);
> > +rte_cryptodev_sym_session_free(void *sess);
> >
> >  /**
> >   * Frees asymmetric crypto session header, after checking that all
> > @@ -1229,25 +1229,23 @@ rte_cryptodev_asym_session_free(struct
> > rte_cryptodev_asym_session *sess);
> >
> >  /**
> >   * Fill out private data for the device id, based on its device type.
> > + * Memory for private data is already allocated in sess, driver need
> > + * to fill the content.
> >   *
> >   * @param   dev_id   ID of device that we want the session to be used on
> >   * @param   sess     Session where the private data will be attached to
> >   * @param   xforms   Symmetric crypto transform operations to apply on
> > flow
> >   *                   processed with this session
> > - * @param   mempool  Mempool where the private data is allocated.
> >   *
> >   * @return
> >   *  - On success, zero.
> >   *  - -EINVAL if input parameters are invalid.
> >   *  - -ENOTSUP if crypto device does not support the crypto transform or
> >   *    does not support symmetric operations.
> > - *  - -ENOMEM if the private session could not be allocated.
> >   */
> >  int
> > -rte_cryptodev_sym_session_init(uint8_t dev_id,
> > -			struct rte_cryptodev_sym_session *sess,
> > -			struct rte_crypto_sym_xform *xforms,
> > -			struct rte_mempool *mempool);
> > +rte_cryptodev_sym_session_init(uint8_t dev_id, void *sess,
> > +			struct rte_crypto_sym_xform *xforms);
> >
> >  /**
> >   * Initialize asymmetric session on a device with specific asymmetric xform
> > @@ -1286,8 +1284,7 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
> >   *  - -ENOTSUP if crypto device does not support symmetric operations.
> >   */
> >  int
> > -rte_cryptodev_sym_session_clear(uint8_t dev_id,
> > -			struct rte_cryptodev_sym_session *sess);
> > +rte_cryptodev_sym_session_clear(uint8_t dev_id, void *sess);
> >
> >  /**
> >   * Frees resources held by asymmetric session during
> > rte_cryptodev_session_init
> > diff --git a/lib/cryptodev/rte_cryptodev_trace.h
> > b/lib/cryptodev/rte_cryptodev_trace.h
> > index d1f4f069a3..44da04c425 100644
> > --- a/lib/cryptodev/rte_cryptodev_trace.h
> > +++ b/lib/cryptodev/rte_cryptodev_trace.h
> > @@ -56,7 +56,6 @@ RTE_TRACE_POINT(
> >  	rte_trace_point_emit_u16(queue_pair_id);
> >  	rte_trace_point_emit_u32(conf->nb_descriptors);
> >  	rte_trace_point_emit_ptr(conf->mp_session);
> > -	rte_trace_point_emit_ptr(conf->mp_session_private);
> >  )
> >
> >  RTE_TRACE_POINT(
> > @@ -106,15 +105,13 @@ RTE_TRACE_POINT(
> >  RTE_TRACE_POINT(
> >  	rte_cryptodev_trace_sym_session_init,
> >  	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
> > -		struct rte_cryptodev_sym_session *sess, void *xforms,
> > -		void *mempool),
> > +		struct rte_cryptodev_sym_session *sess, void *xforms),
> >  	rte_trace_point_emit_u8(dev_id);
> >  	rte_trace_point_emit_ptr(sess);
> >  	rte_trace_point_emit_u64(sess->opaque_data);
> >  	rte_trace_point_emit_u16(sess->nb_drivers);
> >  	rte_trace_point_emit_u16(sess->user_data_sz);
> >  	rte_trace_point_emit_ptr(xforms);
> > -	rte_trace_point_emit_ptr(mempool);
> >  )
> >
> >  RTE_TRACE_POINT(
> > diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
> > index ad7904c0ee..efdba9c899 100644
> > --- a/lib/pipeline/rte_table_action.c
> > +++ b/lib/pipeline/rte_table_action.c
> > @@ -1719,7 +1719,7 @@ struct sym_crypto_data {
> >  	uint16_t op_mask;
> >
> >  	/** Session pointer. */
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >
> >  	/** Direction of crypto, encrypt or decrypt */
> >  	uint16_t direction;
> > @@ -1780,7 +1780,7 @@ sym_crypto_apply(struct sym_crypto_data
> *data,
> >  	const struct rte_crypto_auth_xform *auth_xform = NULL;
> >  	const struct rte_crypto_aead_xform *aead_xform = NULL;
> >  	struct rte_crypto_sym_xform *xform = p->xform;
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >  	int ret;
> >
> >  	memset(data, 0, sizeof(*data));
> > @@ -1905,7 +1905,7 @@ sym_crypto_apply(struct sym_crypto_data
> *data,
> >  		return -ENOMEM;
> >
> >  	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
> > -			p->xform, cfg->mp_init);
> > +			p->xform);
> >  	if (ret < 0) {
> >  		rte_cryptodev_sym_session_free(session);
> >  		return ret;
> > @@ -2858,7 +2858,7 @@ rte_table_action_time_read(struct
> > rte_table_action *action,
> >  	return 0;
> >  }
> >
> > -struct rte_cryptodev_sym_session *
> > +void *
> >  rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
> >  	void *data)
> >  {
> > diff --git a/lib/pipeline/rte_table_action.h b/lib/pipeline/rte_table_action.h
> > index 82bc9d9ac9..68db453a8b 100644
> > --- a/lib/pipeline/rte_table_action.h
> > +++ b/lib/pipeline/rte_table_action.h
> > @@ -1129,7 +1129,7 @@ rte_table_action_time_read(struct
> > rte_table_action *action,
> >   *   The pointer to the session on success, NULL otherwise.
> >   */
> >  __rte_experimental
> > -struct rte_cryptodev_sym_session *
> > +void *
> >  rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
> >  	void *data);
> >
> > diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
> > index f54d731139..d9b7beed9c 100644
> > --- a/lib/vhost/rte_vhost_crypto.h
> > +++ b/lib/vhost/rte_vhost_crypto.h
> > @@ -50,8 +50,6 @@ rte_vhost_crypto_driver_start(const char *path);
> >   *  multiple Vhost-crypto devices.
> >   * @param sess_pool
> >   *  The pointer to the created cryptodev session pool.
> > - * @param sess_priv_pool
> > - *  The pointer to the created cryptodev session private data mempool.
> >   * @param socket_id
> >   *  NUMA Socket ID to allocate resources on. *
> >   * @return
> > @@ -61,7 +59,6 @@ rte_vhost_crypto_driver_start(const char *path);
> >  int
> >  rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
> >  		struct rte_mempool *sess_pool,
> > -		struct rte_mempool *sess_priv_pool,
> >  		int socket_id);
> >
> >  /**
> > diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
> > index 926b5c0bd9..b4464c4253 100644
> > --- a/lib/vhost/vhost_crypto.c
> > +++ b/lib/vhost/vhost_crypto.c
> > @@ -338,7 +338,7 @@ vhost_crypto_create_sess(struct vhost_crypto
> > *vcrypto,
> >  		VhostUserCryptoSessionParam *sess_param)
> >  {
> >  	struct rte_crypto_sym_xform xform1 = {0}, xform2 = {0};
> > -	struct rte_cryptodev_sym_session *session;
> > +	void *session;
> >  	int ret;
> >
> >  	switch (sess_param->op_type) {
> > @@ -383,8 +383,7 @@ vhost_crypto_create_sess(struct vhost_crypto
> > *vcrypto,
> >  		return;
> >  	}
> >
> > -	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
> > -			vcrypto->sess_priv_pool) < 0) {
> > +	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1)
> > < 0) {
> >  		VC_LOG_ERR("Failed to initialize session");
> >  		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
> >  		return;
> > @@ -1425,7 +1424,6 @@ rte_vhost_crypto_driver_start(const char *path)
> >  int
> >  rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
> >  		struct rte_mempool *sess_pool,
> > -		struct rte_mempool *sess_priv_pool,
> >  		int socket_id)
> >  {
> >  	struct virtio_net *dev = get_device(vid);
> > @@ -1447,7 +1445,6 @@ rte_vhost_crypto_create(int vid, uint8_t
> > cryptodev_id,
> >  	}
> >
> >  	vcrypto->sess_pool = sess_pool;
> > -	vcrypto->sess_priv_pool = sess_priv_pool;
> >  	vcrypto->cid = cryptodev_id;
> >  	vcrypto->cache_session_id = UINT64_MAX;
> >  	vcrypto->last_session_id = 1;
> > --
> > 2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
@ 2021-10-12 12:26   ` Zhang, Roy Fan
  2021-10-12 12:29     ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-12 12:26 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj, De Lara Guarch,
	Pablo, Trahe, Fiona, Doherty, Declan, matan, g.singh,
	jianjay.zhou, asomalap, ruifeng.wang, Ananyev, Konstantin,
	Nicolau, Radu, ajit.khaparde, rnagadheeraj, adwivedi, Power,
	Ciara, Jian Wang, Jiawen Wu, Wang, Haiyue

Hi Akhil,

Looks like you commented out ixgbe/txgbe from build in this patch,
but you didn't add them back in in the next patch?

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, September 30, 2021 3:50 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; matan@nvidia.com;
> g.singh@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com;
> Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; ajit.khaparde@broadcom.com;
> rnagadheeraj@marvell.com; adwivedi@marvell.com; Power, Ciara
> <ciara.power@intel.com>; Akhil Goyal <gakhil@marvell.com>; Jian Wang
> <jianwang@trustnetic.com>; Jiawen Wu <jiawenwu@trustnetic.com>; Wang,
> Haiyue <haiyue.wang@intel.com>
> Subject: [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
> 
> The PMDs ixgbe and txgbe are currently making
> rte_security_session private data as constant,
> but they are getting filled inside the API.
> This was feasible as the session_private_data
> and rte_security_session pointers were separate.
> But now these two will be from same memory chunk.
> Hence it cannot use them as const.
> Need help from PMD owners to fix this.
> Cc: Jian Wang <jianwang@trustnetic.com>
> Cc: Jiawen Wu <jiawenwu@trustnetic.com>
> Cc: Haiyue Wang <haiyue.wang@intel.com>
> Cc: Fan Zhang <roy.fan.zhang@intel.com>
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
>  drivers/net/meson.build | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/meson.build b/drivers/net/meson.build
> index bcf488f203..4c0cd50cd5 100644
> --- a/drivers/net/meson.build
> +++ b/drivers/net/meson.build
> @@ -30,7 +30,7 @@ drivers = [
>          'igc',
>          'ionic',
>          'ipn3ke',
> -        'ixgbe',
> +	#        'ixgbe',
>          'kni',
>          'liquidio',
>          'memif',
> @@ -55,7 +55,7 @@ drivers = [
>          'szedata2',
>          'tap',
>          'thunderx',
> -        'txgbe',
> +#        'txgbe',
>          'vdev_netvsc',
>          'vhost',
>          'virtio',
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
  2021-10-12 12:26   ` Zhang, Roy Fan
@ 2021-10-12 12:29     ` Akhil Goyal
  2021-10-12 13:32       ` Zhang, Roy Fan
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-12 12:29 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Jian Wang, Jiawen Wu, Wang, Haiyue

> Hi Akhil,
> 
> Looks like you commented out ixgbe/txgbe from build in this patch,
> but you didn't add them back in in the next patch?
> 
Yes because these need attention from the maintainer of these drivers.
I mentioned this in the commit log.

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
  2021-10-12 12:29     ` Akhil Goyal
@ 2021-10-12 13:32       ` Zhang, Roy Fan
  0 siblings, 0 replies; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-12 13:32 UTC (permalink / raw)
  To: Akhil Goyal, dev, Nicolau,  Radu
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Jian Wang, Jiawen Wu, Wang, Haiyue

Adding Radu as a gentle remainder to review the approach.

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 12, 2021 1:30 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Jian Wang
> <jianwang@trustnetic.com>; Jiawen Wu <jiawenwu@trustnetic.com>; Wang,
> Haiyue <haiyue.wang@intel.com>
> Subject: RE: [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe
> 
> > Hi Akhil,
> >
> > Looks like you commented out ixgbe/txgbe from build in this patch,
> > but you didn't add them back in in the next patch?
> >
> Yes because these need attention from the maintainer of these drivers.
> I mentioned this in the commit log.

^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
                   ` (2 preceding siblings ...)
  2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
@ 2021-10-13 19:22 ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
                     ` (7 more replies)
  3 siblings, 8 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As discussed in last release deprecation notice,
crypto and security session framework are reworked
to reduce the need of two mempool objects and
remove the requirement to expose the rte_security_session
and rte_cryptodev_sym_session structures.
Design methodology is explained in the patch description.

Similar work will need to be done for asymmetric sessions
as well. Asymmetric session need another rework and is
postponed to next release. Since it is still in experimental
stage, we can modify the APIs in next release as well.

The patches are compilable with all affected PMDs
and tested with dpdk-test and ipsec-secgw app on CN9k platform.

Changes in v2:
- Added new parameter iova in PMD session configure APIs for
  session priv pointer to be used in QAT/CNXK/etc PMDs.
- Hide rte_cryptodev_sym_session and rte_security_session structs.
- Added compilation workaround for net PMDs(ixgbe/txgbe)
  for inline ipsec.
  Patches with actual fix is beynd the scope of this patchset.
- Added inline APIs to access the opaque data and fast metadata.
- Remove commented code.
TODO
- Release notes/deprecation notice removal.
- Documentation updates.
- Asym APIs - postponed for next release.

Akhil Goyal (7):
  security: rework session framework
  security: hide security session struct
  net/cnxk: rework security session framework
  security: pass session iova in PMD sess create
  cryptodev: rework session framework
  cryptodev: hide sym session structure
  cryptodev: pass session iova in configure session

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  46 ++--
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   7 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +--
 app/test/test_cryptodev.c                     | 147 ++++---------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   1 -
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +--
 app/test/test_ipsec.c                         |  34 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 app/test/test_security.c                      | 196 ++++--------------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |   5 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  65 ++----
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +---
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  65 ++----
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  24 +--
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  20 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  75 +++----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 ++----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  69 ++----
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  67 ++----
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +--
 drivers/crypto/mlx5/mlx5_crypto.c             |  25 +--
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  48 +----
 drivers/crypto/nitrox/nitrox_sym.c            |  33 +--
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +--
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  68 +++---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  63 +++---
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  77 +++----
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +---
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  66 ++----
 drivers/crypto/qat/qat_sym_session.h          |  14 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  10 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  32 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +---
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  64 +++---
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  59 ++----
 drivers/net/cnxk/cnxk_ethdev.c                |   6 +-
 drivers/net/cnxk/cnxk_ethdev.h                |   6 -
 drivers/net/cnxk/cnxk_ethdev_sec.c            |  21 --
 drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  52 ++---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
 examples/fips_validation/fips_dev_self_test.c |  32 +--
 examples/fips_validation/main.c               |  20 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  40 ----
 examples/ipsec-secgw/ipsec.c                  |  12 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  33 ++-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  88 +++++---
 lib/cryptodev/rte_cryptodev.h                 |  70 +++----
 lib/cryptodev/rte_cryptodev_trace.h           |  16 +-
 lib/ipsec/rte_ipsec.h                         |   4 +-
 lib/ipsec/rte_ipsec_group.h                   |  13 +-
 lib/ipsec/ses.c                               |   6 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/security/rte_security.c                   |  32 +--
 lib/security/rte_security.h                   |  85 +++++---
 lib/security/rte_security_driver.h            |  31 ++-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 90 files changed, 816 insertions(+), 1864 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 1/7] security: rework session framework
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 2/7] security: hide security session struct Akhil Goyal
                     ` (6 subsequent siblings)
  7 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As per current design, rte_security_session_create()
unnecesarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 .../cperf_test_pmd_cyclecount.c               |   2 +-
 app/test/test_cryptodev.c                     |  17 +-
 app/test/test_ipsec.c                         |  11 +-
 app/test/test_security.c                      | 193 ++++--------------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |   5 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  30 +--
 drivers/crypto/caam_jr/caam_jr.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   6 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  50 +----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 +---
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  34 +--
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  11 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  54 +----
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  21 +-
 drivers/crypto/qat/qat_sym_session.h          |   4 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
 drivers/net/meson.build                       |   2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  51 ++---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 lib/security/rte_security.c                   |  28 +--
 lib/security/rte_security.h                   |  41 ++--
 lib/security/rte_security_driver.h            |  16 +-
 31 files changed, 203 insertions(+), 615 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 263841c339..6c3aa77dec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -67,8 +67,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -76,7 +74,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
 
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
-		rte_security_attach_session(ops[i], sec_sess);
+		rte_security_attach_session(ops[i], (void *)sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
 							src_buf_offset);
 
@@ -608,7 +606,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -720,7 +717,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 
 	/* Create security session */
 	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+				&sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
@@ -831,11 +828,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -880,7 +877,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 #endif
 	sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index fda97e8ab9..e43e2a3b96 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 		{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 65b64e1af0..79019eb766 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -83,7 +83,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
@@ -8278,8 +8278,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8539,8 +8538,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9024,8 +9022,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -9446,8 +9443,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
@@ -9622,8 +9618,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
-
-	sess->sess_private_data = NULL;
+	RTE_SET_USED(sess);
 	return 0;
 }
 
 static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(sess);
@@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..1cea756880 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -253,39 +234,28 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
-	struct rte_mempool *priv_mp;
 
 	int ret;
 
 	int called;
 	int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
 
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		void *sess)
 {
-	void *sess_priv;
-	int ret;
 
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
-	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
+	if (mock_session_create_exp.ret == 0)
 		mock_session_create_exp.sess = sess;
-	}
 
 	return mock_session_create_exp.ret;
 }
@@ -297,7 +267,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -308,7 +278,7 @@ static struct mock_session_update_data {
 
 static int
 mock_session_update(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_session_conf *conf)
 {
 	mock_session_update_exp.called++;
@@ -351,7 +321,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -362,7 +332,7 @@ static struct mock_session_stats_get_data {
 
 static int
 mock_session_stats_get(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_stats *stats)
 {
 	mock_session_stats_get_exp.called++;
@@ -381,7 +351,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -390,15 +360,9 @@ static struct mock_session_destroy_data {
 } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
 
 static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -412,7 +376,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -424,7 +388,7 @@ static struct mock_set_pkt_metadata_data {
 
 static int
 mock_set_pkt_metadata(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_mbuf *m,
 		void *params)
 {
@@ -536,7 +500,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -549,7 +512,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -563,7 +526,7 @@ static struct security_unittest_params {
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -577,27 +540,13 @@ testsuite_setup(void)
 	ts_params->session_mpool = rte_mempool_create(
 			SECURITY_TEST_MEMPOOL_NAME,
 			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_OBJ_SZ,
+			SECURITY_TEST_SESSION_OBJ_SZ +
+			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
 			0, 0, NULL, NULL, NULL, NULL,
 			SOCKET_ID_ANY, 0);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +561,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -704,7 +649,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -713,12 +658,11 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+	mock_session_get_size_exp.called = 0;
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +701,14 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -781,18 +723,16 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -807,18 +747,16 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -832,16 +770,14 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,14 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+			NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -902,9 +813,8 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -914,34 +824,23 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -955,22 +854,19 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -984,17 +880,15 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +897,6 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1282,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1289,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1305,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1313,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1329,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1337,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1351,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1358,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1377,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1385,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1402,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1410,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2376,6 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index bbf310166e..e8da9ea9e1 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1021,8 +1021,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 	} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		if (likely(op->sym->sec_session != NULL))
 			sess = (struct aesni_mb_session *)
-					get_sec_session_private_data(
-						op->sym->sec_session);
+					(op->sym->sec_session);
 #endif
 	} else {
 		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
@@ -1638,7 +1637,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = (struct aesni_mb_session *)(op->sym->sec_session);
 	} else
 #endif
 	{
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 48a8f91868..39c67e3952 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,10 +1056,8 @@ struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+			     void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -1069,40 +1067,22 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
-			sess_private_data);
-
+	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess);
 	if (ret != 0) {
 		AESNI_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_mb_session));
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
 	return 0;
 }
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 258750afe7..ce7a100778 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 					cryptodev_driver_id);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = (struct caam_jr_session *)(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = caam_jr_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = caam_jr_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index c25c8e67b2..de2eebd507 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -122,8 +122,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = (struct cn10k_sec_session *)
+				(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -360,7 +360,7 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
 	if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND))
 		return;
 
-	sess = get_sec_session_private_data(cop->sym->sec_session);
+	sess = (struct cn10k_sec_session *)(cop->sym->sec_session);
 	sa = &sess->sa;
 
 	mbuf = cop->sym->m_src;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 27df1dcd64..425fe599e0 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,17 +35,15 @@ static int
 cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sec_sess)
+			   struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_outb_param1 param1;
 	struct roc_ot_ipsec_outb_sa *out_sa;
 	struct cnxk_ipsec_outb_rlens rlens;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -114,16 +112,14 @@ static int
 cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
 			  struct rte_security_ipsec_xform *ipsec_xfrm,
 			  struct rte_crypto_sym_xform *crypto_xfrm,
-			  struct rte_security_session *sec_sess)
+			  struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_inb_param1 param1;
 	struct roc_ot_ipsec_inb_sa *in_sa;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -175,7 +171,7 @@ static int
 cn10k_ipsec_session_create(void *dev,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sess)
+			   struct cn10k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct roc_cpt *roc_cpt;
@@ -204,55 +200,28 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 void *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
+	struct cn10k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
-					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
+					 conf->crypto_xform, priv);
 }
 
 static int
-cn10k_sec_session_destroy(void *device __rte_unused,
-			  struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct cn10k_sec_session *priv;
-	struct rte_mempool *sess_mp;
-
-	priv = get_sec_session_private_data(sess);
+	struct cn10k_sec_session *priv = sess;
 
 	if (priv == NULL)
 		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 		return -ENOTSUP;
 	}
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct cn9k_sec_session *)(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 53fb793654..a602d38a11 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -275,14 +275,13 @@ static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sec_sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_outb_sa *out_sa;
-	struct cn9k_sec_session *sess;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 	struct rte_ipv6_hdr *ip6;
@@ -294,7 +293,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 	ctl = &out_sa->common_sa.ctl;
@@ -422,13 +420,12 @@ static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct rte_security_session *sec_sess)
+			 struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_inb_sa *in_sa;
-	struct cn9k_sec_session *sess;
 	struct cn9k_ipsec_sa *sa;
 	const uint8_t *auth_key;
 	union cpt_inst_w4 w4;
@@ -437,7 +434,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len = 0;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -501,7 +497,7 @@ static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -532,53 +528,32 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			void *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
 
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
+					conf->crypto_xform, priv);
 }
 
 static int
-cn9k_sec_session_destroy(void *device __rte_unused,
-			 struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = sess;
 	if (priv == NULL)
 		return 0;
 
@@ -590,13 +565,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index dfa72f3f93..176f1a27a0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1358,8 +1358,7 @@ build_sec_fd(struct rte_crypto_op *op,
 				op->sym->session, cryptodev_driver_id);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = (dpaa2_sec_session *)(op->sym->sec_session);
 #endif
 	else
 		return -ENOTSUP;
@@ -1532,7 +1531,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	struct rte_crypto_op *op;
 	uint16_t len = DPAA2_GET_FD_LEN(fd);
 	int16_t diff = 0;
-	dpaa2_sec_session *sess_priv __rte_unused;
+	dpaa2_sec_session *sess_priv;
 
 	struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
 		DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1545,8 +1544,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -3395,63 +3393,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa2_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	default:
 		return -EINVAL;
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d5aa2748d6..832b6e64ec 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1793,8 +1793,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
 				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+					(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -2572,7 +2571,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2582,7 +2580,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -3117,26 +3114,17 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -3145,29 +3133,21 @@ dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
-	}
 	return 0;
 }
 #endif
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index a72642a772..245a4ad353 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.cipher_key);
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
-		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	uint8_t esn;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct otx2_sec_session *)(op->sym->sec_session);
 	sess = &priv->ipsec.lp;
 	sa = &sess->in_sa;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@ static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct rte_security_session *sec_sess)
+				     struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_out_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	int ret, ctx_len;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -398,7 +396,7 @@ static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct rte_security_session *sec_sess)
+				    struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_in_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -512,7 +508,7 @@ static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct rte_security_session *sess)
+				struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       struct rte_security_session *sess,
-			       struct rte_mempool *mempool)
+			       void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device,
 	if (rte_security_dynfield_register() < 0)
 		return -rte_errno;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	priv->userdata = conf->userdata;
 
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      sess);
+						      priv);
 	else
 		ret = -ENOTSUP;
 
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
 	return ret;
 }
 
 static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
-				struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 
-	priv = get_sec_session_private_data(sess);
-
-	if (priv == NULL)
-		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	memset(priv, 0, sizeof(*priv));
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	if (priv)
+		memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
@@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
-			      struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
 			      struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				op->sym->session, qat_sym_driver_id);
 #ifdef RTE_LIB_SECURITY
 	} else {
-		ctx = (struct qat_sym_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		ctx = (struct qat_sym_session *)(op->sym->sec_session);
 		if (likely(ctx)) {
 			if (unlikely(ctx->bpi_ctx == NULL)) {
 				QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = (struct qat_sym_session *)(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess_private_data)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 int
-qat_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		void *sess);
 int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..cd54a3beee 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-ixgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct ixgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,10 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	uint64_t sess_ptr = (uint64_t)sess;
+	struct ixgbe_crypto_session *ic_session =
+			(struct ixgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index bcf488f203..7a09f7183d 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@ drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-        'cnxk',
+#        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@ static int
 eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 			      struct rte_security_ipsec_xform *ipsec,
 			      struct rte_crypto_sym_xform *crypto_xform,
-			      struct rte_security_session *sec_sess)
+			      struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 	struct otx2_cpt_inst_s inst;
 	struct otx2_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -468,7 +468,7 @@ static int
 eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 			     struct rte_security_ipsec_xform *ipsec,
 			     struct rte_crypto_sym_xform *crypto_xform,
-			     struct rte_security_session *sec_sess)
+			     struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 
 	ctl = &sa->ctl;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -619,7 +619,7 @@ static int
 eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
 		return -ENOTSUP;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	/*
 	 * Save userdata provided by the application. For ingress packets, this
 	 * could be used to identify the SA.
@@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
 						conf->crypto_xform,
-						sess);
+						priv);
 	else
 		ret = -ENOTSUP;
 
 	if (ret)
-		goto mempool_put;
+		return ret;
 
 	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static void
@@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
 }
 
 static int
-otx2_eth_sec_session_destroy(void *device,
-			     struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
 {
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
 	struct otx2_sec_session_ipsec_ip *sess_ip;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
-	if (priv == NULL)
-		return -EINVAL;
-
 	sess_ip = &priv->ipsec.ip;
 
 	if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device,
 			return ret;
 	}
 
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
@@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
-			    struct rte_security_session *session,
-			    struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
 	*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
 		struct nix_iova_s nix_iova;
 	} *sd;
 
-	priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+	priv = (void *)(*rte_security_dynfield(m));
 	sess = &priv->ipsec.ip;
 	sa = &sess->out_sa;
 
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..444da5b8f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-txgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct txgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-txgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
-		       struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +643,10 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
+	uint64_t sess_ptr = (uint64_t)sess;
 	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+			(struct txgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, ipsec_ctx->session_pool,
-					ipsec_ctx->session_priv_pool);
+					&sess_conf, ipsec_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	if (mp->elt_size < sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
 	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+				sess->sess_private_data)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return sess->sess_private_data;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
-			       struct rte_security_stats *stats)
+			       void *sess, struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
 			-ENOTSUP);
@@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
+	struct rte_security_session *s;
 	int ret;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	if (ret != 0)
 		return ret;
 
-	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+	s = container_of(sess, struct rte_security_session, sess_private_data);
+	rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c0ea13892e..2c8e78c4c7 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -491,10 +491,12 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	__extension__ void *sess_private_data[0];
+	/**< Private session material */
 };
 
 /**
@@ -508,11 +510,10 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -527,7 +528,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -558,7 +559,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+			     void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -604,7 +605,7 @@ static inline bool rte_security_dynfield_is_registered(void)
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -622,13 +623,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess);
 		return 0;
 	}
 
@@ -678,26 +679,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  */
 static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+			      void *sess)
 {
 	sym_op->sec_session = sess;
 
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -708,8 +696,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	sess	security session
  */
 static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -771,7 +758,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..5a177d72d7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@ extern "C" {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		void *sess);
 
 /**
  * Free driver private session data.
@@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device,
  * @param	device		Crypto/eth device pointer
  * @param	sess		Security session structure
  */
-typedef int (*security_session_destroy_t)(void *device,
-		struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
 
 /**
  * Update driver private session data.
@@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device,
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
  */
 typedef int (*security_session_update_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_session_conf *conf);
+		void *sess, struct rte_security_session_conf *conf);
 
 /**
  * Get the size of a security session
@@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device);
  *  - Returns -EINVAL if session parameters are invalid.
  */
 typedef int (*security_session_stats_get_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_stats *stats);
+		void *sess, struct rte_security_stats *stats);
 
 __rte_internal
 int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@ int rte_security_dynfield_register(void);
  * Update the mbuf with provided metadata.
  *
  * @param	device		Crypto/eth device pointer
- * @param	sess		Security session structure
+ * @param	sess		Security session
  * @param	mb		Packet buffer
  * @param	params		Metadata
  *
@@ -105,7 +101,7 @@ int rte_security_dynfield_register(void);
  *  - Returns -ve value for errors.
  */
 typedef int (*security_set_pkt_metadata_t)(void *device,
-		struct rte_security_session *sess, struct rte_mbuf *mb,
+		void *sess, struct rte_mbuf *mb,
 		void *params);
 
 /**
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 2/7] security: hide security session struct
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework Akhil Goyal
                     ` (5 subsequent siblings)
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

rte_security_session struct is now hidden in the library.
application can access the opaque data and fast_mdata
using the set/get APIs introduced in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 lib/ipsec/rte_ipsec.h              |  2 +-
 lib/ipsec/rte_ipsec_group.h        |  5 +--
 lib/ipsec/ses.c                    |  3 +-
 lib/security/rte_security.h        | 54 ++++++++++++++++++++++++------
 lib/security/rte_security_driver.h | 13 +++++++
 5 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index dd60d95915..50d8e5098d 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -70,7 +70,7 @@ struct rte_ipsec_session {
 			uint8_t dev_id;
 		} crypto;
 		struct {
-			struct rte_security_session *ses;
+			void *ses;
 			struct rte_security_ctx *ctx;
 			uint32_t ol_flags;
 		} security;
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index ea3bdfad95..0cc5fedbf1 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,12 +44,13 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
+	void *ss;
 	const struct rte_cryptodev_sym_session *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
-		return (void *)(uintptr_t)ss->opaque_data;
+		return (void *)(uintptr_t)
+			rte_security_session_opaque_data_get(ss);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
 		return (void *)(uintptr_t)cs->opaque_data;
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..b12114269f 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -47,7 +47,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
 		ss->crypto.ses->opaque_data = (uintptr_t)ss;
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses,
+				(uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2c8e78c4c7..51fe1abb00 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -490,14 +490,47 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	__extension__ void *sess_private_data[0];
-	/**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
 
 /**
  * Create security session as specified by the session configuration
@@ -628,8 +661,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess);
+		uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
 		return 0;
 	}
 
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 5a177d72d7..13f2f9da32 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,19 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	/** Opaque user defined data */
+	uint64_t opaque_data;
+	/** Fast metadata to be used for inline path */
+	uint64_t fast_mdata;
+	/** Private session material */
+	__extension__ void *sess_private_data[0];
+};
+
 /**
  * Configure a security session on a device.
  *
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 2/7] security: hide security session struct Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create Akhil Goyal
                     ` (4 subsequent siblings)
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal, Nithin Dabilpuram

Aligned the security session create and destroy
as per the recent changes in rte_security
and used the fast mdata field introduced in
rte_security. Enabled compilation of cnxk driver.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++++++++++------------------
 drivers/net/cnxk/cn9k_ethdev_sec.c  | 59 ++++++++++----------------
 drivers/net/cnxk/cnxk_ethdev.c      |  6 +--
 drivers/net/cnxk/cnxk_ethdev.h      |  6 ---
 drivers/net/cnxk/cnxk_ethdev_sec.c  | 21 ----------
 drivers/net/meson.build             |  2 +-
 6 files changed, 48 insertions(+), 110 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 82dc6367dd..3d0f4044d9 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,15 +228,14 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn10k_sec_sess_priv sess_priv;
+	struct cn10k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound, inl_dev;
 	int rc = 0;
 
@@ -264,13 +263,8 @@ cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	/* Acquire lock on inline dev for inbound */
 	if (inbound && inl_dev)
@@ -290,11 +284,11 @@ cn10k_eth_sec_session_create(void *device,
 			plt_err("Failed to create ingress sa, inline dev "
 				"not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -304,7 +298,7 @@ cn10k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
@@ -313,7 +307,7 @@ cn10k_eth_sec_session_create(void *device,
 		rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -326,12 +320,11 @@ cn10k_eth_sec_session_create(void *device,
 		inb_sa->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inl_dev = !!dev->inb.inl_dev;
@@ -352,7 +345,7 @@ cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -365,7 +358,7 @@ cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -377,16 +370,15 @@ cn10k_eth_sec_session_create(void *device,
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
 		/* Prepare session priv */
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
-		sess_priv.mode = outb_sa->w2.s.ipsec_mode;
-		sess_priv.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
+		fast_mdata.mode = outb_sa->w2.s.ipsec_mode;
+		fast_mdata.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -407,29 +399,23 @@ cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
-	rte_mempool_put(mempool, eth_sec);
 	return rc;
 }
 
 static int
-cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn10k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
-	struct roc_ot_ipsec_inb_sa *inb_sa;
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_ot_ipsec_outb_sa *outb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
+	struct roc_ot_ipsec_inb_sa *inb_sa;
 
 	if (eth_sec->inl_dev)
 		roc_nix_inl_dev_lock();
@@ -464,9 +450,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
 	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index b070ad57fc..8a6fa75b37 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn9k_sec_sess_priv sess_priv;
+	struct cn9k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound;
 	int rc = 0;
 
@@ -169,13 +168,8 @@ cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	if (inbound) {
 		struct cn9k_inb_priv_data *inb_priv;
@@ -192,7 +186,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (!inb_sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -200,7 +194,7 @@ cn9k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -209,7 +203,7 @@ cn9k_eth_sec_session_create(void *device,
 		rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -223,16 +217,15 @@ cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inb = true;
@@ -252,7 +245,7 @@ cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -265,7 +258,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -282,14 +275,13 @@ cn9k_eth_sec_session_create(void *device,
 		/* Save rlen info */
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -306,27 +298,21 @@ cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
-	rte_mempool_put(mempool, eth_sec);
+err:
 	return rc;
 }
 
 static int
-cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn9k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
 
 	if (eth_sec->inb) {
 		inb_sa = eth_sec->sa;
@@ -353,10 +339,7 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c
index 966bd23c7f..572b40e11b 100644
--- a/drivers/net/cnxk/cnxk_ethdev.c
+++ b/drivers/net/cnxk/cnxk_ethdev.c
@@ -154,8 +154,7 @@ nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy inbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->inb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		/* Clear lookup mem */
 		cnxk_nix_lookup_mem_sa_base_clear(dev);
@@ -172,8 +171,7 @@ nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy outbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->outb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		rc = roc_nix_inl_outb_fini(nix);
 		if (rc)
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ff21b977b7..eca6c77e7a 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -174,9 +174,6 @@ struct cnxk_eth_sec_sess {
 	/* SPI */
 	uint32_t spi;
 
-	/* Back pointer to session */
-	struct rte_security_session *sess;
-
 	/* Inbound */
 	bool inb;
 
@@ -497,9 +494,6 @@ __rte_internal
 int cnxk_nix_inb_mode_set(struct cnxk_eth_dev *dev, bool use_inl_dev);
 struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev,
 						       uint32_t spi, bool inb);
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess);
 
 /* Other private functions */
 int nix_recalc_mtu(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index ae3e49cc82..b220f4d2cf 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -87,27 +87,6 @@ cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb)
 	return NULL;
 }
 
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess)
-{
-	struct cnxk_eth_sec_sess *eth_sec = NULL;
-
-	/* Search in inbound list */
-	TAILQ_FOREACH(eth_sec, &dev->inb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	/* Search in outbound list */
-	TAILQ_FOREACH(eth_sec, &dev->outb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	return NULL;
-}
-
 static unsigned int
 cnxk_eth_sec_session_get_size(void *device __rte_unused)
 {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index 7a09f7183d..bcf488f203 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@ drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-#        'cnxk',
+        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
                     ` (2 preceding siblings ...)
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework Akhil Goyal
                     ` (3 subsequent siblings)
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Some PMDs need session physical address which can be passed
to the hardware. But since security_session_create
does not allow PMD to get mempool object, the PMD cannot
call rte_mempool_virt2iova().
Hence the library layer need to calculate the iova for session
private data and pass it to the PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec.c                         |  3 +-
 app/test/test_security.c                      |  5 +--
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  2 +-
 drivers/crypto/caam_jr/caam_jr.c              |  3 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              | 35 +++++++++++--------
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  3 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 33 +++++++++--------
 drivers/crypto/qat/qat_sym_session.c          | 10 +++---
 drivers/crypto/qat/qat_sym_session.h          |  2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  2 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  3 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  2 +-
 lib/security/rte_security.c                   |  6 +++-
 lib/security/rte_security_driver.h            |  4 +--
 18 files changed, 71 insertions(+), 51 deletions(-)

diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 2ffa2a8e79..3b49a0b13a 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,11 +148,12 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	void *sess)
+	void *sess, rte_iova_t sess_iova)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
 	RTE_SET_USED(sess);
+	RTE_SET_USED(sess_iova);
 	return 0;
 }
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 1cea756880..50981f62fa 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -246,9 +246,10 @@ static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess)
+		void *sess,
+		rte_iova_t sess_iova)
 {
-
+	RTE_SET_USED(sess_iova);
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 39c67e3952..8ae6d18f36 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,7 +1056,7 @@ struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-			     void *sess)
+			     void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index ce7a100778..0567f1e066 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1909,7 +1909,8 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				void *sess)
+				void *sess,
+				rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 425fe599e0..b0dcd71e35 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -200,7 +200,7 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 void *sess)
+			 void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct cn10k_sec_session *priv = sess;
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index a602d38a11..b3d2f8c012 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -16,8 +16,8 @@
 #include "roc_api.h"
 
 static inline int
-cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
-		      uint8_t opcode, size_t ctx_len)
+cn9k_cpt_enq_sa_write(struct cnxk_cpt_qp *qp, uint8_t opcode,
+		      size_t ctx_len, rte_iova_t sess_iova)
 {
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	uint64_t lmtline = qp->lmtline.lmt_base;
@@ -39,9 +39,9 @@ cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = sess_iova;
 	inst.w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
 
 	inst.w0.u64 = 0;
@@ -275,7 +275,8 @@ static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
@@ -409,18 +410,20 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(out_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND,
+		ctx_len, sess_iova);
 }
 
 static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct cn9k_sec_session *sess)
+			 struct cn9k_sec_session *sess,
+			 rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
@@ -474,11 +477,12 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(in_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND,
+		ctx_len, sess_iova);
 }
 
 static inline int
@@ -497,7 +501,8 @@ static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -520,15 +525,15 @@ cn9k_ipsec_session_create(void *dev,
 
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform,
-						sess);
+						sess, sess_iova);
 	else
 		return cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform,
-						 sess);
+						 sess, sess_iova);
 }
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			void *sess)
+			void *sess, rte_iova_t sess_iova)
 {
 	struct cn9k_sec_session *priv = sess;
 
@@ -542,7 +547,7 @@ cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
 	}
 
 	return cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, priv);
+					conf->crypto_xform, priv, sess_iova);
 }
 
 static int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 176f1a27a0..15ea5de18d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3393,7 +3393,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  void *sess)
+				  void *sess,
+				  rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 832b6e64ec..0497931c67 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3114,7 +3114,8 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 void *sess)
+				 void *sess,
+				 rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 56900e3187..5a8be84444 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -87,7 +87,8 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
 
 static int
 otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
-		      struct otx2_cpt_qp *qptr, uint8_t opcode)
+		      struct otx2_cpt_qp *qptr, uint8_t opcode,
+		      rte_iova_t sess_iova)
 {
 	uint64_t lmt_status, time_out;
 	void *lmtline = qptr->lmtline;
@@ -107,9 +108,9 @@ otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
 	inst.param1 = 0;
 	inst.param2 = 0;
 	inst.dlen = lp->ctx_len << 3;
-	inst.dptr = rte_mempool_virt2iova(lp);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.cptr = rte_mempool_virt2iova(lp);
+	inst.cptr = sess_iova;
 	inst.egrp  = OTX2_CPT_EGRP_SE;
 
 	inst.u64[0] = 0;
@@ -203,7 +204,8 @@ static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct otx2_sec_session *sess)
+				     struct otx2_sec_session *sess,
+				     rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -379,7 +381,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -389,14 +391,15 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				    auth_xform, cipher_xform);
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct otx2_sec_session *sess)
+				    struct otx2_sec_session *sess,
+				    rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -473,7 +476,7 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -501,14 +504,15 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	}
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_INB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_INB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct otx2_sec_session *sess)
+				struct otx2_sec_session *sess,
+				rte_iova_t sess_iova)
 {
 	int ret;
 
@@ -523,16 +527,17 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 
 	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,
-							   crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 	else
 		return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,
-							    crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 }
 
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       void *sess)
+			       void *sess,
+			       rte_iova_t sess_iova)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
@@ -548,7 +553,7 @@ otx2_crypto_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      priv);
+						      priv, sess_iova);
 	else
 		ret = -ENOTSUP;
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2a22347c7f..2c0e44dff4 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2232,7 +2232,8 @@ qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2251,7 +2252,6 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2282,8 +2282,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 
 int
 qat_security_session_create(void *dev,
-				struct rte_security_session_conf *conf,
-				void *sess_private_data)
+			struct rte_security_session_conf *conf,
+			void *sess_private_data, rte_iova_t sess_priv_iova)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
@@ -2295,7 +2295,7 @@ qat_security_session_create(void *dev,
 	}
 
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, sess_priv_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
 		return ret;
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 7fcc1d6f7b..b93dc549ef 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,7 +166,7 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 int
 qat_security_session_destroy(void *dev, void *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3d0f4044d9..ee0847e35c 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,7 +228,7 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     void *sess_priv)
+			     void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 8a6fa75b37..7c10339295 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,7 +137,7 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess_priv)
+			    void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index cd54a3beee..f2d4cfa2ba 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,7 +369,7 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct ixgbe_crypto_session *ic_session = session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index ef851fe52c..c1901f8f34 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -638,7 +638,8 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess)
+			    void *sess,
+			    rte_iova_t sess_iova __rte_unused)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 444da5b8f3..6187e84063 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,7 +349,7 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct txgbe_crypto_session *ic_session = session;
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 06560b9cba..93eaf395bb 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -45,6 +45,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	rte_iova_t sess_priv_iova;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
@@ -57,8 +58,11 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
+	sess_priv_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_security_session, sess_private_data);
+
 	if (instance->ops->session_create(instance->device, conf,
-				sess->sess_private_data)) {
+				sess->sess_private_data, sess_priv_iova)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 13f2f9da32..04c418a893 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -38,7 +38,7 @@ struct rte_security_session {
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
+ * @param	sess_iova	Private session IOVA
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -48,7 +48,7 @@ struct rte_security_session {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 
 /**
  * Free driver private session data.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
                     ` (3 preceding siblings ...)
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure Akhil Goyal
                     ` (2 subsequent siblings)
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object for both the session and session
private data. The API rte_cryptodev_sym_session_init will now not
take mempool object.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app in rte_cryptodev_sym_session_init
and other APIs.

With this change, rte_cryptodev_sym_session_init will send
pointer to session private data of corresponding driver to the PMD
based on the driver_id for filling the PMD data.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently nb_drivers are getting updated in RTE_INIT which
result in increasing the memory requirements for session.
User can compile off drivers which are not in use to reduce the
memory consumption of a session.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  33 ++---
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +---
 app/test/test_cryptodev.c                     | 130 +++++-------------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   1 -
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +---
 app/test/test_ipsec.c                         |  22 +--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c  |  33 +----
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  34 +----
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  32 ++---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +----
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  18 ++-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  18 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 +++-----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  13 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  31 +----
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  34 +----
 drivers/crypto/mlx5/mlx5_crypto.c             |  24 +---
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  36 ++---
 drivers/crypto/nitrox/nitrox_sym.c            |  31 +----
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +----
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 +++-----
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  52 +++----
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +----
 drivers/crypto/qat/qat_sym_session.c          |  29 +---
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c    |  34 +----
 drivers/crypto/virtio/virtio_cryptodev.c      |  31 ++---
 drivers/crypto/zuc/rte_zuc_pmd_ops.c          |  35 +----
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  32 ++---
 examples/fips_validation/main.c               |  20 +--
 examples/ipsec-secgw/ipsec-secgw.c            |  40 ------
 examples/ipsec-secgw/ipsec.c                  |   3 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +-----
 examples/vhost_crypto/main.c                  |  16 +--
 lib/cryptodev/cryptodev_pmd.h                 |   7 +-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  73 ++++++----
 lib/cryptodev/rte_cryptodev.h                 |  23 ++--
 lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 66 files changed, 366 insertions(+), 1051 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 6c3aa77dec..ec867b0174 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -13,7 +13,7 @@ static int
 cperf_set_ops_asym(struct rte_crypto_op **ops,
 		   uint32_t src_buf_offset __rte_unused,
 		   uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops,
-		   struct rte_cryptodev_sym_session *sess,
+		   void *sess,
 		   const struct cperf_options *options __rte_unused,
 		   const struct cperf_test_vector *test_vector __rte_unused,
 		   uint16_t iv_offset __rte_unused,
@@ -56,7 +56,7 @@ static int
 cperf_set_ops_security(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset __rte_unused,
 		uint32_t dst_buf_offset __rte_unused,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -141,7 +141,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -181,7 +181,7 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -221,7 +221,7 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -278,7 +278,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -379,7 +379,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -495,7 +495,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_aead(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -720,9 +720,8 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 				&sess_conf, sess_mp);
 }
 
-static struct rte_cryptodev_sym_session *
+static void *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -747,7 +746,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (sess == NULL)
 			return NULL;
 		rc = rte_cryptodev_asym_session_init(dev_id, (void *)sess,
-						     &xform, priv_mp);
+						     &xform, sess_mp);
 		if (rc < 0) {
 			if (sess != NULL) {
 				rte_cryptodev_asym_session_clear(dev_id,
@@ -905,8 +904,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform);
 	/*
 	 *  auth only
 	 */
@@ -933,8 +931,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform);
 	/*
 	 * cipher and auth
 	 */
@@ -993,12 +990,12 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+					sess, &cipher_xform);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+					sess, &auth_xform);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1019,7 +1016,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create crypto session */
 		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+					sess, &aead_xform);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 30d38f90e3..d3513590f1 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -12,15 +12,15 @@
 #include "cperf_test_vectors.h"
 
 
-typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+typedef void *(*cperf_sessions_create_t)(
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 69f55de50a..63d520ee66 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -24,7 +24,7 @@ struct cperf_latency_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -59,7 +59,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -84,7 +83,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index e43e2a3b96..11083ea141 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -27,7 +27,7 @@ struct cperf_pmd_cyclecount_ctx {
 	struct rte_crypto_op **ops;
 	struct rte_crypto_op **ops_processed;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -93,7 +93,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -120,7 +119,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 739ed9e573..887f42c532 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -18,7 +18,7 @@ struct cperf_throughput_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -65,7 +65,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -88,7 +87,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 1962438034..0b3d4f7c59 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -18,7 +18,7 @@ struct cperf_verify_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -51,7 +51,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -74,7 +73,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 6fdb92fb7c..7a9fb9a64d 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -119,35 +119,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size,
+					0, 0, socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -345,12 +324,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
@@ -705,7 +681,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 79019eb766..ac408863dc 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -81,7 +81,7 @@ struct crypto_unittest_params {
 #endif
 
 	union {
-		struct rte_cryptodev_sym_session *sess;
+		void *sess;
 #ifdef RTE_LIB_SECURITY
 		void *sec_session;
 #endif
@@ -121,7 +121,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_param,
 		const uint8_t *cipher,
@@ -598,23 +598,11 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
-
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -622,7 +610,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -652,11 +639,6 @@ testsuite_teardown(void)
 	}
 
 	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
@@ -1332,7 +1314,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1554,7 +1535,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2148,8 +2128,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 
 	/* Create crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
@@ -2249,7 +2228,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2290,7 +2269,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2403,8 +2382,7 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2445,8 +2423,7 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2568,8 +2545,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2631,8 +2607,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2701,13 +2676,11 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	} else
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
@@ -7840,8 +7813,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -11018,8 +10990,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 
 	if (ut_params->sess == NULL)
 		return TEST_FAILED;
@@ -11232,7 +11203,7 @@ test_multi_session(void)
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 
 	uint16_t i;
 
@@ -11255,9 +11226,7 @@ test_multi_session(void)
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
-	sessions = rte_malloc(NULL,
-			sizeof(struct rte_cryptodev_sym_session *) *
-			(MAX_NB_SESSIONS + 1), 0);
+	sessions = rte_malloc(NULL, sizeof(void *) * (MAX_NB_SESSIONS + 1), 0);
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
@@ -11266,8 +11235,7 @@ test_multi_session(void)
 				ts_params->session_mpool);
 
 		rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				sessions[i], &ut_params->auth_xform);
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
@@ -11305,8 +11273,7 @@ test_multi_session(void)
 	sessions[i] = NULL;
 	/* Next session create should fail */
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			sessions[i], &ut_params->auth_xform);
 	TEST_ASSERT_NULL(sessions[i],
 			"Session creation succeeded unexpectedly!");
 
@@ -11337,7 +11304,7 @@ test_multi_session_random_usage(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 	uint32_t i, j;
 	struct multi_session_params ut_paramz[] = {
 
@@ -11381,8 +11348,7 @@ test_multi_session_random_usage(void)
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
 	sessions = rte_malloc(NULL,
-			(sizeof(struct rte_cryptodev_sym_session *)
-					* MAX_NB_SESSIONS) + 1, 0);
+			(sizeof(void *) * MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
 		sessions[i] = rte_cryptodev_sym_session_create(
@@ -11399,8 +11365,7 @@ test_multi_session_random_usage(void)
 		rte_cryptodev_sym_session_init(
 				ts_params->valid_devs[0],
 				sessions[i],
-				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_paramz[i].ut_params.auth_xform);
 
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
@@ -11483,8 +11448,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11501,8 +11465,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11547,8 +11510,7 @@ test_null_burst_operation(void)
 
 	/* Create Crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
@@ -11660,7 +11622,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -11760,7 +11721,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -11969,8 +11929,7 @@ static int create_gmac_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12614,8 +12573,7 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12667,8 +12625,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13175,8 +13132,7 @@ test_authenticated_encrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13307,8 +13263,7 @@ test_authenticated_decrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -14029,11 +13984,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
-
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
 			RTE_LOG(ERR, USER1,
@@ -14050,32 +14000,14 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
+						MAX_NB_SESSIONS,
+						session_size, 0, 0,
 						SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
index 1cdd84d01f..a3a10d484b 100644
--- a/app/test/test_cryptodev.h
+++ b/app/test/test_cryptodev.h
@@ -89,7 +89,6 @@ struct crypto_testsuite_params {
 	struct rte_mempool *large_mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 603b2e4609..2152b89180 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -924,7 +924,6 @@ testsuite_setup(void)
 	/* configure qp */
 	ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_mpool;
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			dev_id, qp_id, &ts_params->qp_conf,
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index 3cdb2c96e8..9417803f18 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -81,7 +80,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_crypto_sym_op *sym_op = NULL;
 	struct rte_crypto_op *op = NULL;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session *sess = NULL;
+	void *sess = NULL;
 
 	int status = TEST_SUCCESS;
 	const struct blockcipher_test_data *tdata = t->test_data;
@@ -514,7 +513,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		sess = rte_cryptodev_sym_session_create(sess_mpool);
 
 		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
+				init_xform);
 		if (status == -ENOTSUP) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
@@ -831,7 +830,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 0c7ebe6981..76d2aeab6d 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -61,7 +61,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
 	uint8_t internal_port_op_fwd;
@@ -167,7 +166,7 @@ static int
 test_op_forward_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -203,7 +202,7 @@ test_op_forward_mode(uint8_t session_less)
 
 		/* Create Crypto session*/
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -366,7 +365,7 @@ static int
 test_op_new_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -409,7 +408,7 @@ test_op_new_mode(uint8_t session_less)
 						&m_data, sizeof(m_data));
 		}
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
@@ -550,22 +549,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 	conf.nb_queue_pairs = info.max_nb_queue_pairs;
 	conf.socket_id = SOCKET_ID_ANY;
@@ -577,7 +566,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -931,12 +919,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
-
 	/* Free ops mempool */
 	if (params.op_mpool != NULL) {
 		RTE_LOG(DEBUG, USER1, "EVENT_CRYPTO_SYM_OP_POOL count %u\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 3b49a0b13a..1e3913489d 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -356,20 +356,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -414,11 +403,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -645,7 +629,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
 	int32_t rc;
-	struct rte_cryptodev_sym_session *s;
+	void *s;
 
 	s = rte_cryptodev_sym_session_create(qp->mp_session);
 	if (s == NULL)
@@ -653,7 +637,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 
 	/* initiliaze SA crypto session for device */
 	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
+			ut->crypto_xforms);
 	if (rc == 0) {
 		ut->ss[j].crypto.ses = s;
 		return 0;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index edb7275e76..75330292af 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -235,7 +235,6 @@ aesni_gcm_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -259,10 +258,8 @@ aesni_gcm_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct aesni_gcm_private *internals = dev->data->dev_private;
 
@@ -271,42 +268,24 @@ aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_GCM_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
 	ret = aesni_gcm_set_session_parameters(internals->ops,
-				sess_private_data, xform);
+				sess, xform);
 	if (ret != 0) {
 		AESNI_GCM_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct aesni_gcm_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_gcm_session));
 }
 
 struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 8ae6d18f36..997c4f330d 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -944,7 +944,6 @@ aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -974,11 +973,8 @@ aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 /** Configure a aesni multi-buffer session from a crypto xform chain */
 static int
 aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
-	void *sess_private_data;
 	struct aesni_mb_private *internals = dev->data->dev_private;
 	int ret;
 
@@ -987,43 +983,25 @@ aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_MB_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_session_parameters(internals->mb_mgr,
-			sess_private_data, xform);
+			sess, xform);
 	if (ret != 0) {
 		AESNI_MB_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	RTE_SET_USED(dev);
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_mb_session));
 }
 
 struct rte_cryptodev_ops aesni_mb_pmd_ops = {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 1b2749fe62..2d3b54b063 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -268,10 +267,8 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -279,42 +276,23 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
+	ret = armv8_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct armv8_crypto_session));
 }
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..b4b167d0c2 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -224,10 +224,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	void *sess_private_data;
+	RTE_SET_USED(dev);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -235,44 +234,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = crypto_set_session_parameters(sess_private_data, xform);
+	ret = crypto_set_session_parameters(sess, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct bcmfs_sym_session));
 }
 
 unsigned int
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..7faafe2fd5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,12 +93,10 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    void *sess);
 
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess);
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 0567f1e066..a1fd6d996a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1692,52 +1692,36 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 static int
 caam_jr_sym_session_configure(struct rte_cryptodev *dev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
-	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
+	memset(sess, 0, sizeof(struct caam_jr_session));
+	ret = caam_jr_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+caam_jr_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	RTE_SET_USED(dev);
+
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 0d615d311c..cac1268130 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -758,11 +757,9 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  void *sess)
 {
 	int ret;
-	void *sess_private_data;
 	struct ccp_private *internals;
 
 	if (unlikely(sess == NULL || xform == NULL)) {
@@ -770,39 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
 	internals = (struct ccp_private *)dev->data->dev_private;
-	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
+	ret = ccp_set_session_parameters(sess, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct ccp_session));
 }
 
 struct rte_cryptodev_ops ccp_ops = {
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index de2eebd507..76c992858f 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -32,17 +32,18 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, (void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -147,9 +148,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
-				rte_mempool_put(qp->sess_mp, op->sym->session);
+				sym_session_clear(op->sym->session);
 				return 0;
 			}
 			w7 = sess->cpt_inst_w7;
@@ -474,8 +473,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 4c2dc5b080..5f83581131 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -81,17 +81,19 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+			(void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -126,8 +128,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
 						     inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -484,8 +485,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 41d8fe49e1..52d9cf0cf3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -379,7 +379,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -493,27 +492,20 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      void *sess) 
 {
 	struct cnxk_se_sess *sess_priv;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret < 0))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct cnxk_se_sess));
 
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
+	sess_priv = sess;
 
 	switch (ret) {
 	case CNXK_CPT_CIPHER:
@@ -547,7 +539,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	if (ret)
-		goto priv_put;
+		return -ENOTSUP;
 
 	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
 	    cpt_mac_len_verify(&xform->auth)) {
@@ -557,66 +549,45 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 			sess_priv->roc_se_ctx.auth_key = NULL;
 		}
 
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
 
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
+	struct cnxk_se_sess *sess_priv = sess;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	sess_priv = priv;
-
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	RTE_SET_USED(dev);
+
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index c5332dec53..3c09d10582 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -111,18 +111,15 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   void *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  void *sess);
 
-void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(void *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 15ea5de18d..d4f223f2f9 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3439,49 +3439,32 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa2_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa2_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0497931c67..a9295eb154 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2537,33 +2537,18 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
-
 	return 0;
 }
 
@@ -2584,18 +2569,14 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index f075054807..b2e5c92598 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -220,7 +220,6 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -243,10 +242,8 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct kasumi_private *internals = dev->data->dev_private;
 
@@ -255,43 +252,24 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		KASUMI_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = kasumi_set_session_parameters(internals->mgr,
-					sess_private_data, xform);
+					sess, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+kasumi_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct kasumi_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct kasumi_session));
 }
 
 struct rte_cryptodev_ops kasumi_pmd_ops = {
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 6a2f8b6ac6..9c60c3d117 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -165,14 +165,12 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  void *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data = session;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -183,17 +181,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -228,27 +218,21 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
 
 static void
-mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
-			      struct rte_cryptodev_sym_session *sess)
+mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = sess;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index e04a2c88c7..2e4b27ea21 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -704,7 +704,6 @@ mrvl_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			break;
 
 		qp->sess_mp = qp_conf->mp_session;
-		qp->sess_mp_priv = qp_conf->mp_session_private;
 
 		memset(&qp->stats, 0, sizeof(qp->stats));
 		dev->data->queue_pairs[qp_id] = qp;
@@ -735,12 +734,9 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
  */
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
 	int ret;
 
 	if (sess == NULL) {
@@ -748,25 +744,16 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct mrvl_crypto_session));
 
-	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
-
-	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
+	ret = mrvl_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
-	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
+	mrvl_sess = (struct mrvl_crypto_session *)sess;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
 				&mrvl_sess->sam_sess) < 0) {
 		MRVL_LOG(DEBUG, "Failed to create session!");
@@ -789,17 +776,13 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
  * @returns 0. Always.
  */
 static void
-mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
-			(struct mrvl_crypto_session *)sess_priv;
+			(struct mrvl_crypto_session *)sess;
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -807,9 +790,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		}
 
 		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index f8b7edcd69..0c9bbfef46 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -532,22 +532,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 static int
 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *mp_obj;
 	struct nitrox_crypto_ctx *ctx;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
+	RTE_SET_USED(cdev);
+	ctx = sess;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -586,28 +580,17 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 	}
 
 	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev, void *sess)
 {
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
+	RTE_SET_USED(cdev);
+	if (sess)
+		memset(sess, 0, sizeof(struct nitrox_crypto_ctx));
 }
 
 static struct nitrox_crypto_ctx *
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index a8b5a06e7f..65bfa8dcf7 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -234,7 +234,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -258,10 +257,8 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -269,42 +266,23 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = null_crypto_set_session_parameters(sess_private_data, xform);
+	ret = null_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct null_crypto_session));
 }
 
 static struct rte_cryptodev_ops pmd_ops = {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 9e8fd495cf..abd0963be0 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,29 +242,22 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -301,8 +293,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -316,56 +306,46 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static int
 otx_cpt_session_cfg(struct rte_cryptodev *dev,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
-		  struct rte_cryptodev_sym_session *sess)
+otx_cpt_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -576,7 +556,6 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
@@ -589,8 +568,12 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	sess->sess_data[otx_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -604,7 +587,7 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	return req;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -913,7 +896,6 @@ free_sym_session_data(const struct cpt_instance *instance,
 	memset(cop->sym->session, 0,
 	       rte_cryptodev_sym_get_existing_header_session_size(
 		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 7b744cd4b4..dcfbc49996 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -371,29 +371,21 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -414,7 +406,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		}
 
 		if (ret)
-			goto priv_put;
+			return -ENOTSUP;
 	}
 
 	if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
@@ -425,12 +417,9 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 			rte_free(ctx->auth_key);
 			ctx->auth_key = NULL;
 		}
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
-	set_sym_session_private_data(sess, driver_id, misc);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -451,11 +440,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	misc->cpt_inst_w7 = vq_cmd_w3.u64;
 
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 static __rte_always_inline int32_t __rte_hot
@@ -765,7 +749,6 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			      struct pending_queue *pend_q,
 			      unsigned int burst_index)
 {
-	const int driver_id = otx2_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	int ret;
@@ -775,8 +758,12 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	if (sess == NULL)
 		return -ENOMEM;
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    qp->sess_mp_priv);
+	sess->sess_data[otx2_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx2_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx2_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -790,7 +777,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	return 0;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return ret;
@@ -1035,8 +1022,7 @@ otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 					cop->sym->session);
 			memset(cop->sym->session, 0, sz);
@@ -1291,7 +1277,6 @@ otx2_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -1330,21 +1315,22 @@ otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 static void
 otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+			   void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
index 01c081a216..5f63eaf7b7 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
@@ -8,29 +8,21 @@
 #include "cpt_pmd_logs.h"
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static __rte_always_inline uint8_t
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 52715f86f8..1b48a6b400 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -741,7 +741,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -772,10 +771,8 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -783,24 +780,12 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = openssl_set_session_parameters(sess_private_data, xform);
+	ret = openssl_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1154,19 +1139,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+	if (sess) {
+		openssl_reset_session(sess);
+		memset(sess, 0, sizeof(struct openssl_session));
 	}
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2c0e44dff4..3bca88385a 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -172,21 +172,14 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+qat_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (struct qat_sym_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
@@ -458,31 +451,17 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess_private_data)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index b93dc549ef..c7dceb2add 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -112,8 +112,7 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		void *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
@@ -135,8 +134,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 				struct qat_sym_session *session);
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *session);
+qat_sym_session_clear(struct rte_cryptodev *dev, void *session);
 
 unsigned int
 qat_sym_session_get_private_size(struct rte_cryptodev *dev);
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 465b88ade8..87260b5a22 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -476,9 +476,7 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+	struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
@@ -488,7 +486,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct scheduler_worker *worker = &sched_ctx->workers[i];
 
 		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
+					xform);
 		if (ret < 0) {
 			CR_SCHED_LOG(ERR, "unable to config sym session");
 			return ret;
@@ -500,8 +498,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 3f46014b7d..b0f8f6d86a 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -226,7 +226,6 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -250,10 +249,8 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 	struct snow3g_private *internals = dev->data->dev_private;
 
@@ -262,43 +259,24 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		SNOW3G_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = snow3g_set_session_parameters(internals->mgr,
-					sess_private_data, xform);
+					sess, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+snow3g_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct snow3g_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct snow3g_session));
 }
 
 struct rte_cryptodev_ops snow3g_pmd_ops = {
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 8faa39df4a..de52fec32e 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -37,11 +37,10 @@ static void virtio_crypto_dev_free_mbufs(struct rte_cryptodev *dev);
 static unsigned int virtio_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev);
 static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		void *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -927,7 +926,7 @@ virtio_crypto_check_sym_clear_session_paras(
 static void
 virtio_crypto_sym_clear_session(
 		struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	struct virtio_crypto_hw *hw;
 	struct virtqueue *vq;
@@ -1290,11 +1289,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		void *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1309,12 +1306,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1326,19 +1320,13 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
 
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1401,9 +1389,6 @@ virtio_crypto_sym_configure_session(
 		goto error_out;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 38642d45ab..04126c8a04 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -226,7 +226,6 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -250,10 +249,8 @@ zuc_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -261,43 +258,23 @@ zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		ZUC_LOG(ERR,
-			"Couldn't get object from session mempool");
-
-		return -ENOMEM;
-	}
-
-	ret = zuc_set_session_parameters(sess_private_data, xform);
+	ret = zuc_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		ZUC_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-zuc_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+zuc_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct zuc_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct zuc_session));
 }
 
 struct rte_cryptodev_ops zuc_pmd_ops = {
diff --git a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
index b33cb7e139..8522f2dfda 100644
--- a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
+++ b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
@@ -38,8 +38,7 @@ otx2_ca_deq_post_process(const struct otx2_cpt_qp *qp,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			memset(cop->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session));
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index b4eab05a98..bbc27a1b6f 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -981,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1173,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1212,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1251,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1464,7 +1463,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
@@ -1484,8 +1483,7 @@ run_single_test(uint8_t dev_id,
 	if (!sess)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
+	ret = rte_cryptodev_sym_session_init(dev_id, sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
@@ -1533,8 +1531,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 		rte_mempool_free(env->op_pool);
 	if (env->sess_pool)
 		rte_mempool_free(env->sess_pool);
-	if (env->sess_priv_pool)
-		rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1542,7 +1538,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1586,25 +1582,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index b0de3d269a..837afddcda 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -48,13 +48,12 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
 	uint16_t digest_len;
 	struct rte_crypto_op *op;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t self_test;
 	struct fips_dev_broken_test_config *broken_test_config;
 } env;
@@ -63,7 +62,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -103,16 +102,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -127,7 +121,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -141,8 +134,6 @@ cryptodev_fips_validate_app_int(void)
 	rte_mempool_free(env.mpool);
 	if (env.sess_mpool)
 		rte_mempool_free(env.sess_mpool);
-	if (env.sess_priv_mpool)
-		rte_mempool_free(env.sess_priv_mpool);
 	if (env.op_pool)
 		rte_mempool_free(env.op_pool);
 
@@ -158,7 +149,6 @@ cryptodev_fips_validate_app_uninit(void)
 	rte_cryptodev_sym_session_free(env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1179,7 +1169,7 @@ fips_run_test(void)
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
+			env.sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 7b01872c6f..b148bb8ecf 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1216,15 +1216,11 @@ ipsec_poll_mode_worker(void)
 	qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	qconf->inbound.cdev_map = cdev_map_in;
 	qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	qconf->outbound.cdev_map = cdev_map_out;
 	qconf->outbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->frag.pool_dir = socket_ctx[socket_id].mbuf_pool;
 	qconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;
 
@@ -2142,8 +2138,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2405,38 +2399,6 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
-
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
 {
@@ -2938,8 +2900,6 @@ main(int32_t argc, char **argv)
 
 		pool_init(&socket_ctx[socket_id], socket_id, nb_bufs_in_pool);
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 03d907cba8..a5921de11c 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -143,8 +143,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 		ips->crypto.ses = rte_cryptodev_sym_session_create(
 				ipsec_ctx->session_pool);
 		rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
-				ips->crypto.ses, sa->xforms,
-				ipsec_ctx->session_priv_pool);
+				ips->crypto.ses, sa->xforms);
 
 		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
 				&cdev_info);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8405c48171..673c64e8dc 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -243,7 +243,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 6f49239c4a..c65855a460 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -540,14 +540,10 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,
 	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
 	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 
 	RTE_LOG(INFO, IPSEC,
 		"Launching event mode worker (non-burst - Tx internal port - "
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c2ffbdd506..11070466fb 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -188,7 +188,7 @@ struct l2fwd_crypto_params {
 	struct l2fwd_iv auth_iv;
 	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
@@ -229,7 +229,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -671,11 +670,11 @@ generate_random_key(uint8_t *key, unsigned length)
 }
 
 /* Session is created and is later attached to the crypto operation. 8< */
-static struct rte_cryptodev_sym_session *
+static void *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -703,8 +702,7 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		return NULL;
 
 	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
+				first_xform) < 0)
 		return NULL;
 
 	return session;
@@ -730,7 +728,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			US_PER_S * BURST_TX_DRAIN_US;
 	struct l2fwd_crypto_params *cparams;
 	struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	if (qconf->nb_rx_ports == 0) {
 		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
@@ -2388,30 +2386,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
@@ -2421,7 +2395,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					rte_cryptodev_sym_session_pool_create(
 							mp_name,
 							sessions_needed,
-							0, 0, 0, socket_id);
+							max_sess_sz,
+							0, 0, socket_id);
 
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
@@ -2573,8 +2548,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index dea7dcbd07..cbb97aaf76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+					info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 0d1bef0e67..94f427a912 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -310,9 +309,7 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_crypto_sym_xform *xform, void *session);
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -338,7 +335,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  * @param	sess		Cryptodev session structure
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 /**
  * Free asymmetric session private data.
  *
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index a864f5036f..200617f623 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -420,7 +420,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  */
 static inline int
 rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 58c0724743..848da1942c 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -932,7 +932,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 2378892d40..6d3390ad03 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -201,6 +201,8 @@ struct rte_cryptodev_sym_session_pool_private_data {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t sess_priv_sz;
+	/**< session user data will be placed after sess_data */
 };
 
 int
@@ -1228,8 +1230,7 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
+	if (!qp_conf->mp_session) {
 		CDEV_LOG_ERR("Invalid mempools\n");
 		return -EINVAL;
 	}
@@ -1237,7 +1238,6 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
 		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
@@ -1249,11 +1249,11 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 
 		s.nb_drivers = pool_priv->nb_drivers;
 		s.user_data_sz = pool_priv->user_data_sz;
+		s.priv_sz = pool_priv->sess_priv_sz;
 
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (((rte_cryptodev_sym_get_existing_header_session_size(&s) +
+				(s.nb_drivers * s.priv_sz)) > obj_size) ||
+				(s.nb_drivers <= dev->driver_id)) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1715,11 +1715,11 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 
 int
 rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
+		void *sess_opaque,
+		struct rte_crypto_sym_xform *xforms)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = sess_opaque;
 	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
 			dev_id);
 	uint8_t index;
@@ -1732,10 +1732,10 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
+	if (sess == NULL || xforms == NULL || dev == NULL)
 		return -EINVAL;
 
-	if (mp->elt_size < sess_priv_sz)
+	if (sess->priv_sz < sess_priv_sz)
 		return -EINVAL;
 
 	index = dev->driver_id;
@@ -1745,8 +1745,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
 
 	if (sess->sess_data[index].refcnt == 0) {
+		sess->sess_data[index].data = (void *)((uint8_t *)sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(index * sess->priv_sz));
 		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
+				sess->sess_data[index].data);
 		if (ret < 0) {
 			CDEV_LOG_ERR(
 				"dev_id %d failed to configure session details",
@@ -1755,7 +1758,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 		}
 	}
 
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
+	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms);
 	sess->sess_data[index].refcnt++;
 	return 0;
 }
@@ -1800,6 +1803,21 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
 	rte_cryptodev_trace_asym_session_init(dev_id, sess, xforms, mp);
 	return 0;
 }
+static size_t
+get_max_sym_sess_priv_sz(void)
+{
+	size_t max_sz, sz;
+	int16_t cdev_id, n;
+
+	max_sz = 0;
+	n =  rte_cryptodev_count();
+	for (cdev_id = 0; cdev_id != n; cdev_id++) {
+		sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
+		if (sz > max_sz)
+			max_sz = sz;
+	}
+	return max_sz;
+}
 
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
@@ -1809,15 +1827,15 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_mempool *mp;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
+	uint32_t sess_priv_sz = get_max_sym_sess_priv_sz();
 
 	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
+	if (elt_size < obj_sz + (sess_priv_sz * nb_drivers)) {
 		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
-
-	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
+				obj_sz + (sess_priv_sz * nb_drivers));
+		elt_size = obj_sz + (sess_priv_sz * nb_drivers);
+	}
+	mp = rte_mempool_create(name, nb_elts, elt_size, cache_size,
 			(uint32_t)(sizeof(*pool_priv)),
 			NULL, NULL, NULL, NULL,
 			socket_id, 0);
@@ -1837,6 +1855,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 
 	pool_priv->nb_drivers = nb_drivers;
 	pool_priv->user_data_sz = user_data_size;
+	pool_priv->sess_priv_sz = sess_priv_sz;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
 		elt_size, cache_size, user_data_size, mp);
@@ -1870,7 +1889,7 @@ rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
 	return 1;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 {
 	struct rte_cryptodev_sym_session *sess;
@@ -1891,6 +1910,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 
 	sess->nb_drivers = pool_priv->nb_drivers;
 	sess->user_data_sz = pool_priv->user_data_sz;
+	sess->priv_sz = pool_priv->sess_priv_sz;
 	sess->opaque_data = 0;
 
 	/* Clear device session pointer.
@@ -1900,7 +1920,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 			rte_cryptodev_sym_session_data_size(sess));
 
 	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	return (void *)sess;
 }
 
 struct rte_cryptodev_asym_session *
@@ -1938,9 +1958,9 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mp)
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *s)
 {
+	struct rte_cryptodev_sym_session *sess = s;
 	struct rte_cryptodev *dev;
 	uint8_t driver_id;
 
@@ -1962,7 +1982,7 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
-	dev->dev_ops->sym_session_clear(dev, sess);
+	dev->dev_ops->sym_session_clear(dev, sess->sess_data[driver_id].data);
 
 	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
 	return 0;
@@ -1993,10 +2013,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(void *s)
 {
 	uint8_t i;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = s;
 
 	if (sess == NULL)
 		return -EINVAL;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 739ad529e5..78c7ca3e20 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -539,8 +539,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -910,6 +908,8 @@ struct rte_cryptodev_sym_session {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t priv_sz;
+	/**< Maximum private session data size which each driver can use */
 	__extension__ struct {
 		void *data;
 		uint16_t refcnt;
@@ -961,10 +961,10 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   mempool    Symmetric session mempool to allocate session
  *                     objects from
  * @return
- *  - On success return pointer to sym-session
+ *  - On success return opaque pointer to sym-session
  *  - On failure returns NULL
  */
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
 
 /**
@@ -993,7 +993,7 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mempool);
  *  - -EBUSY if not all device private data has been freed.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(void *sess);
 
 /**
  * Frees asymmetric crypto session header, after checking that all
@@ -1013,25 +1013,23 @@ rte_cryptodev_asym_session_free(struct rte_cryptodev_asym_session *sess);
 
 /**
  * Fill out private data for the device id, based on its device type.
+ * Memory for private data is already allocated in sess, driver need
+ * to fill the content.
  *
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   sess     Session where the private data will be attached to
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
  *
  * @return
  *  - On success, zero.
  *  - -EINVAL if input parameters are invalid.
  *  - -ENOTSUP if crypto device does not support the crypto transform or
  *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
  */
 int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
+rte_cryptodev_sym_session_init(uint8_t dev_id, void *sess,
+			struct rte_crypto_sym_xform *xforms);
 
 /**
  * Initialize asymmetric session on a device with specific asymmetric xform
@@ -1070,8 +1068,7 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
  *  - -ENOTSUP if crypto device does not support symmetric operations.
  */
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *sess);
 
 /**
  * Frees resources held by asymmetric session during rte_cryptodev_session_init
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index d1f4f069a3..44da04c425 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -106,15 +105,13 @@ RTE_TRACE_POINT(
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_init,
 	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
+		struct rte_cryptodev_sym_session *sess, void *xforms),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
 	rte_trace_point_emit_u16(sess->nb_drivers);
 	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index 4b0316bfed..c3b7fb84c4 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1719,7 +1719,7 @@ struct sym_crypto_data {
 	uint16_t op_mask;
 
 	/** Session pointer. */
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	/** Direction of crypto, encrypt or decrypt */
 	uint16_t direction;
@@ -1780,7 +1780,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 	const struct rte_crypto_auth_xform *auth_xform = NULL;
 	const struct rte_crypto_aead_xform *aead_xform = NULL;
 	struct rte_crypto_sym_xform *xform = p->xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	memset(data, 0, sizeof(*data));
@@ -1905,7 +1905,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
+			p->xform);
 	if (ret < 0) {
 		rte_cryptodev_sym_session_free(session);
 		return ret;
@@ -2858,7 +2858,7 @@ rte_table_action_time_read(struct rte_table_action *action,
 	return 0;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data)
 {
diff --git a/lib/pipeline/rte_table_action.h b/lib/pipeline/rte_table_action.h
index 82bc9d9ac9..68db453a8b 100644
--- a/lib/pipeline/rte_table_action.h
+++ b/lib/pipeline/rte_table_action.h
@@ -1129,7 +1129,7 @@ rte_table_action_time_read(struct rte_table_action *action,
  *   The pointer to the session on success, NULL otherwise.
  */
 __rte_experimental
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data);
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index f54d731139..d9b7beed9c 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -50,8 +50,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -61,7 +59,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 926b5c0bd9..b4464c4253 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -338,7 +338,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		VhostUserCryptoSessionParam *sess_param)
 {
 	struct rte_crypto_sym_xform xform1 = {0}, xform2 = {0};
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	switch (sess_param->op_type) {
@@ -383,8 +383,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
+	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1) < 0) {
 		VC_LOG_ERR("Failed to initialize session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
@@ -1425,7 +1424,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1447,7 +1445,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
                     ` (4 preceding siblings ...)
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session Akhil Goyal
  2021-10-14 11:47   ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec_perf.c          |  4 +--
 lib/cryptodev/cryptodev_pmd.h       | 22 +++++++++++++
 lib/cryptodev/rte_cryptodev.c       | 11 ++++---
 lib/cryptodev/rte_cryptodev.h       | 51 ++++++++++++++---------------
 lib/cryptodev/rte_cryptodev_trace.h | 13 ++------
 lib/ipsec/rte_ipsec.h               |  2 +-
 lib/ipsec/rte_ipsec_group.h         | 12 +++----
 lib/ipsec/ses.c                     |  3 +-
 8 files changed, 67 insertions(+), 51 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index 92106bf374..7e1cc7b920 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -215,7 +215,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	static uint64_t dummy_ses[10];
 	size_t sz;
 	int rc;
 
@@ -235,7 +235,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 94f427a912..8d2a15d495 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -589,6 +589,28 @@ void
 cryptodev_fp_ops_set(struct rte_crypto_fp_ops *fp_ops,
 		     const struct rte_cryptodev *dev);
 
+/**
+ * @internal
+ * Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint16_t nb_drivers;
+	/**< number of elements in sess_data array */
+	uint16_t user_data_sz;
+	/**< session user data will be placed after sess_data */
+	uint16_t priv_sz;
+	/**< Maximum private session data size which each driver can use */
+	__extension__ struct {
+		void *data;
+		uint16_t refcnt;
+	} sess_data[0];
+	/**< Driver specific session material, variable size */
+};
+
 static inline void *
 get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
 		uint8_t driver_id) {
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 6d3390ad03..d516a444c6 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -2142,11 +2142,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *session,
 					void *data,
 					uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2158,9 +2158,9 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *session)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2177,9 +2177,10 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *session, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	struct rte_cryptodev *dev;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 78c7ca3e20..17e105105b 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -897,26 +897,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	uint16_t priv_sz;
-	/**< Maximum private session data size which each driver can use */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[0];
-	/**< Driver specific session material, variable size */
-};
-
 /** Cryptodev asymmetric crypto session */
 struct rte_cryptodev_asym_session {
 	__extension__ void *sess_private_data[0];
@@ -1194,8 +1174,7 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
@@ -1211,8 +1190,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Perform actual crypto processing (encrypt/digest or auth/decrypt)
@@ -1229,7 +1207,7 @@ rte_cryptodev_sym_session_get_user_data(
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1250,11 +1228,32 @@ rte_cryptodev_get_raw_dp_ctx_size(uint8_t dev_id);
  * pointer.
  */
 union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+	void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Enqueue a vectorized operation descriptor into the device queue but the
  * driver may or may not start processing until rte_cryptodev_raw_enqueue_done()
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 44da04c425..7d0e3773e6 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,13 +73,9 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *mempool, void *sess),
 	rte_trace_point_emit_ptr(mempool);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 )
 
 RTE_TRACE_POINT(
@@ -92,7 +88,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
@@ -105,12 +101,9 @@ RTE_TRACE_POINT(
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_init,
 	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms),
+		void *sess, void *xforms),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 )
 
diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index 50d8e5098d..d54a64c4aa 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -66,7 +66,7 @@ struct rte_ipsec_session {
 	/** session and related data */
 	union {
 		struct {
-			struct rte_cryptodev_sym_session *ses;
+			void *ses;
 			uint8_t dev_id;
 		} crypto;
 		struct {
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 0cc5fedbf1..e27d4e6f4c 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	void *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *ses;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ss = cop->sym[0].sec_session;
+		ses = cop->sym[0].sec_session;
 		return (void *)(uintptr_t)
-			rte_security_session_opaque_data_get(ss);
+			rte_security_session_opaque_data_get(ses);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-		cs = cop->sym[0].session;
-		return (void *)(uintptr_t)cs->opaque_data;
+		ses = cop->sym[0].session;
+		return (void *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(ses);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index b12114269f..bfd3cbf1d3 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(
+				ss->crypto.ses, (uintptr_t)ss);
 	else
 		rte_security_session_opaque_data_set(ss->security.ses,
 				(uintptr_t)ss);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
                     ` (5 preceding siblings ...)
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure Akhil Goyal
@ 2021-10-13 19:22   ` Akhil Goyal
  2021-10-14 11:47   ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  7 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-13 19:22 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Some PMDs need session physical address which can be passed
to the hardware. But since sym_session_configure
does not allow PMD to get mempool object, the PMD cannot
call rte_mempool_virt2iova().
Hence the library layer need to calculate the iova for session
private data and pass it to the PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c   |  2 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c |  3 ++-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c       |  2 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c       |  2 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.h       |  2 +-
 drivers/crypto/caam_jr/caam_jr.c               |  2 +-
 drivers/crypto/ccp/ccp_pmd_ops.c               |  2 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c       |  4 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h       |  3 ++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c    |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c             |  3 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c     |  2 +-
 drivers/crypto/mlx5/mlx5_crypto.c              |  3 ++-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c        |  3 ++-
 drivers/crypto/nitrox/nitrox_sym.c             |  4 ++--
 drivers/crypto/null/null_crypto_pmd_ops.c      |  2 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c    | 16 ++++++++++------
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c  | 17 +++++++++++------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c   |  2 +-
 drivers/crypto/qat/qat_sym_session.c           | 10 ++++++----
 drivers/crypto/qat/qat_sym_session.h           |  6 ++++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c   |  3 ++-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c     |  2 +-
 drivers/crypto/virtio/virtio_cryptodev.c       |  5 +++--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c           |  2 +-
 lib/cryptodev/cryptodev_pmd.h                  |  6 ++++--
 lib/cryptodev/rte_cryptodev.c                  |  6 +++++-
 27 files changed, 71 insertions(+), 45 deletions(-)

diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 75330292af..52166674d0 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -258,7 +258,7 @@ aesni_gcm_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 aesni_gcm_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct aesni_gcm_private *internals = dev->data->dev_private;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 997c4f330d..b7a806d51c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -973,7 +973,8 @@ aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 /** Configure a aesni multi-buffer session from a crypto xform chain */
 static int
 aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *sess)
+		struct rte_crypto_sym_xform *xform, void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	struct aesni_mb_private *internals = dev->data->dev_private;
 	int ret;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 2d3b54b063..9d9a6cf3dc 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -267,7 +267,7 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index b4b167d0c2..bee97596e0 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -224,7 +224,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    void *sess)
+			    void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	RTE_SET_USED(dev);
 	int ret;
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index 7faafe2fd5..0df7d07830 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,7 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    void *sess);
+			    void *sess, rte_iova_t sess_iova __rte_unused);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a1fd6d996a..a03f05293b 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1692,7 +1692,7 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 static int
 caam_jr_sym_session_configure(struct rte_cryptodev *dev,
 			      struct rte_crypto_sym_xform *xform,
-			      void *sess)
+			      void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index cac1268130..0730aba083 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -757,7 +757,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  void *sess)
+			  void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct ccp_private *internals;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 52d9cf0cf3..5b88e5efa6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -494,7 +494,7 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 int
 sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      void *sess) 
+		      void *sess)
 {
 	struct cnxk_se_sess *sess_priv;
 	int ret;
@@ -560,7 +560,7 @@ sym_session_configure(struct roc_cpt *roc_cpt,
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       void *sess)
+			       void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 3c09d10582..978bd022e0 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -111,7 +111,8 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   void *sess);
+				   void *sess,
+				   rte_iova_t sess_iova __rte_unused);
 
 int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index d4f223f2f9..95f54011d1 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3439,7 +3439,7 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index a9295eb154..3370c18d7a 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2537,7 +2537,8 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *sess)
+		struct rte_crypto_sym_xform *xform, void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index b2e5c92598..2a15f63ff1 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -242,7 +242,7 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct kasumi_private *internals = dev->data->dev_private;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 9c60c3d117..dc41896b4f 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -165,7 +165,8 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  void *session)
+				  void *session,
+				  rte_iova_t sess_iova __rte_unused)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
 	struct mlx5_crypto_session *sess_private_data = session;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 2e4b27ea21..d5cbb12458 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -734,7 +734,8 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
  */
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *sess)
+		struct rte_crypto_sym_xform *xform, void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	int ret;
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 0c9bbfef46..99ee23b7fc 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -532,7 +532,7 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 static int
 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 			      struct rte_crypto_sym_xform *xform,
-			      void *sess)
+			      void *sess, rte_iova_t sess_iova)
 {
 	struct nitrox_crypto_ctx *ctx;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
@@ -579,7 +579,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
+	ctx->iova = sess_iova;
 	return 0;
 err:
 	return ret;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 65bfa8dcf7..54bcee7af5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -257,7 +257,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index abd0963be0..27ac6d0123 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -243,7 +243,7 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 
 static int
 sym_session_configure(struct rte_crypto_sym_xform *xform,
-		      void *sess)
+		      void *sess, rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
@@ -293,8 +293,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
-			     sizeof(struct cpt_sess_misc);
+	misc->ctx_dma_addr = sess_iova + sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
 	vq_cmd_w3.s.grp = 0;
@@ -330,12 +329,12 @@ sym_session_clear(void *sess)
 static int
 otx_cpt_session_cfg(struct rte_cryptodev *dev,
 		    struct rte_crypto_sym_xform *xform,
-		    void *sess)
+		    void *sess, rte_iova_t sess_iova)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 	RTE_SET_USED(dev);
 
-	return sym_session_configure(xform, sess);
+	return sym_session_configure(xform, sess, sess_iova);
 }
 
 
@@ -558,6 +557,7 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 {
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
+	rte_iova_t sess_iova;
 	void *req;
 	int ret;
 
@@ -572,8 +572,12 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 			(void *)((uint8_t *)sess +
 			rte_cryptodev_sym_get_header_session_size() +
 			(otx_cryptodev_driver_id * sess->priv_sz));
+	sess_iova = rte_mempool_virt2iova(sess) +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx_cryptodev_driver_id * sess->priv_sz);
 	ret = sym_session_configure(sym_op->xform,
-			sess->sess_data[otx_cryptodev_driver_id].data);
+			sess->sess_data[otx_cryptodev_driver_id].data,
+			sess_iova);
 	if (ret)
 		goto sess_put;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index dcfbc49996..aa843f2e82 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -371,7 +371,8 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
+sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess,
+		      rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
@@ -420,8 +421,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
 		return -ENOTSUP;
 	}
 
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
-			     sizeof(struct cpt_sess_misc);
+	misc->ctx_dma_addr = sess_iova + sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
 	vq_cmd_w3.s.cptr = misc->ctx_dma_addr + offsetof(struct cpt_ctx,
@@ -751,6 +751,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 {
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
+	rte_iova_t sess_iova;
 	int ret;
 
 	/* Create temporary session */
@@ -762,8 +763,12 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			(void *)((uint8_t *)sess +
 			rte_cryptodev_sym_get_header_session_size() +
 			(otx2_cryptodev_driver_id * sess->priv_sz));
+	sess_iova = rte_mempool_virt2iova(sess) +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx2_cryptodev_driver_id * sess->priv_sz);
 	ret = sym_session_configure(sym_op->xform,
-			sess->sess_data[otx2_cryptodev_driver_id].data);
+			sess->sess_data[otx2_cryptodev_driver_id].data,
+			sess_iova);
 	if (ret)
 		goto sess_put;
 
@@ -1315,12 +1320,12 @@ otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       void *sess)
+			       void *sess, rte_iova_t sess_iova)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 	RTE_SET_USED(dev);
 
-	return sym_session_configure(xform, sess);
+	return sym_session_configure(xform, sess, sess_iova);
 }
 
 static void
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 1b48a6b400..02382f3c6a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -771,7 +771,7 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3bca88385a..ef92f22c1a 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -451,11 +451,13 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess_private_data)
+		void *sess_private_data,
+		rte_iova_t sess_iova)
 {
 	int ret;
 
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data,
+			sess_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
@@ -540,7 +542,8 @@ qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_sym_dev_private *internals = dev->data->dev_private;
@@ -550,7 +553,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int handle_mixed = 0;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index c7dceb2add..4b7de4c9e7 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -112,11 +112,13 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform,
+		void *session_private,
+		rte_iova_t sess_iova __rte_unused);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 87260b5a22..ddc80f165d 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -476,7 +476,8 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform, void *sess)
+	struct rte_crypto_sym_xform *xform, void *sess,
+	rte_iova_t sess_iova __rte_unused)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index b0f8f6d86a..d543f74a73 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -249,7 +249,7 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct snow3g_private *internals = dev->data->dev_private;
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index de52fec32e..e306225432 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,7 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		void *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *session);
+		void *session, rte_iova_t sess_iova __rte_unused);
 
 /*
  * The set of PCI devices this driver supports
@@ -1306,7 +1306,8 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct virtio_crypto_session *session;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 04126c8a04..4495f07013 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -249,7 +249,7 @@ zuc_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 zuc_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 8d2a15d495..a6e663c1b5 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -300,7 +300,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
- * @param	session		Pointer to cryptodev's private session structure
+ * @param	session		Pointer to cryptodev's private session
+ * @param	sess_iova	Iova of private session pointer
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -309,7 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session);
+		struct rte_crypto_sym_xform *xform, void *session,
+		rte_iova_t sess_iova);
 /**
  * Configure a Crypto asymmetric session on a device.
  *
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index d516a444c6..c492518595 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1722,6 +1722,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	struct rte_cryptodev_sym_session *sess = sess_opaque;
 	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
 			dev_id);
+	rte_iova_t sess_iova;
 	uint8_t index;
 	int ret;
 
@@ -1748,8 +1749,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 		sess->sess_data[index].data = (void *)((uint8_t *)sess +
 				rte_cryptodev_sym_get_header_session_size() +
 				(index * sess->priv_sz));
+		sess_iova = rte_mempool_virt2iova(sess) +
+				rte_cryptodev_sym_get_header_session_size() +
+				(index * sess->priv_sz);
 		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-				sess->sess_data[index].data);
+				sess->sess_data[index].data, sess_iova);
 		if (ret < 0) {
 			CDEV_LOG_ERR(
 				"dev_id %d failed to configure session details",
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
                     ` (6 preceding siblings ...)
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session Akhil Goyal
@ 2021-10-14 11:47   ` Akhil Goyal
  2021-10-14 12:30     ` Zhang, Roy Fan
  2021-10-14 17:07     ` Zhang, Roy Fan
  7 siblings, 2 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-14 11:47 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde,
	Nagadheeraj Rottela, Ankur Dwivedi, ciara.power, haiyue.wang,
	jiawenwu, jianwang

> Subject: [PATCH v2 0/7] crypto/security session framework rework
> 
> As discussed in last release deprecation notice,
> crypto and security session framework are reworked
> to reduce the need of two mempool objects and
> remove the requirement to expose the rte_security_session
> and rte_cryptodev_sym_session structures.
> Design methodology is explained in the patch description.
> 
> Similar work will need to be done for asymmetric sessions
> as well. Asymmetric session need another rework and is
> postponed to next release. Since it is still in experimental
> stage, we can modify the APIs in next release as well.
> 
> The patches are compilable with all affected PMDs
> and tested with dpdk-test and ipsec-secgw app on CN9k platform.
> 
> Changes in v2:
> - Added new parameter iova in PMD session configure APIs for
>   session priv pointer to be used in QAT/CNXK/etc PMDs.
> - Hide rte_cryptodev_sym_session and rte_security_session structs.
> - Added compilation workaround for net PMDs(ixgbe/txgbe)
>   for inline ipsec.
>   Patches with actual fix is beynd the scope of this patchset.
> - Added inline APIs to access the opaque data and fast metadata.
> - Remove commented code.
> TODO
> - Release notes/deprecation notice removal.
> - Documentation updates.
> - Asym APIs - postponed for next release.
> 
> Akhil Goyal (7):
>   security: rework session framework
>   security: hide security session struct
>   net/cnxk: rework security session framework
>   security: pass session iova in PMD sess create
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   cryptodev: pass session iova in configure session
> 
The series is rebased over following to avoid merge conflicts
http://patches.dpdk.org/user/todo/dpdk/?series=19519
http://patches.dpdk.org/user/todo/dpdk/?series=19467
http://patches.dpdk.org/user/todo/dpdk/?series=19551

(HEAD -> next-crypto) cryptodev: pass session iova in configure session
cryptodev: hide sym session structure
cryptodev: rework session framework
security: pass session iova in PMD sess create
net/cnxk: rework security session framework
security: hide security session struct
security: rework session framework
cryptodev: move device specific structures
cryptodev: update fast path APIs to use new flat array
cryptodev: move inline APIs into separate structure
cryptodev: allocate max space for internal qp array
cryptodev: separate out internal structures
security: add reserved bitfields
security: hide internal API
cryptodev: remove LIST_END enumerators
test/crypto-perf: support lookaside IPsec

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 11:47   ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
@ 2021-10-14 12:30     ` Zhang, Roy Fan
  2021-10-14 12:34       ` Akhil Goyal
  2021-10-14 17:07     ` Zhang, Roy Fan
  1 sibling, 1 reply; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-14 12:30 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 14, 2021 12:48 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
...
> The series is rebased over following to avoid merge conflicts
> http://patches.dpdk.org/user/todo/dpdk/?series=19519

The series 19519 will make multi-process case not working for all crypto PMDs. 
Please provide a solution first.
 
> http://patches.dpdk.org/user/todo/dpdk/?series=19467
> http://patches.dpdk.org/user/todo/dpdk/?series=19551
> 
> (HEAD -> next-crypto) cryptodev: pass session iova in configure session
> cryptodev: hide sym session structure
> cryptodev: rework session framework
> security: pass session iova in PMD sess create
> net/cnxk: rework security session framework
> security: hide security session struct
> security: rework session framework
> cryptodev: move device specific structures
> cryptodev: update fast path APIs to use new flat array
> cryptodev: move inline APIs into separate structure
> cryptodev: allocate max space for internal qp array
> cryptodev: separate out internal structures
> security: add reserved bitfields
> security: hide internal API
> cryptodev: remove LIST_END enumerators
> test/crypto-perf: support lookaside IPsec

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 12:30     ` Zhang, Roy Fan
@ 2021-10-14 12:34       ` Akhil Goyal
  0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-14 12:34 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

> Hi Akhil,
> 
> The series 19519 will make multi-process case not working for all crypto
> PMDs.
> Please provide a solution first.
> 
Yes I am working on it, will update the series asap.

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 11:47   ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
  2021-10-14 12:30     ` Zhang, Roy Fan
@ 2021-10-14 17:07     ` Zhang, Roy Fan
  2021-10-14 18:23       ` Akhil Goyal
  1 sibling, 1 reply; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-14 17:07 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi,

Unfortunately the patches still cause seg-fault at QAT and SW PMDs.

- for qat it fails at rte_security_ops->session_size_get not implemented.
- for sw pmds the queue pair's session private mempools are not set.

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 14, 2021 12:48 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
> 
> > Subject: [PATCH v2 0/7] crypto/security session framework rework
> >
> > As discussed in last release deprecation notice,
> > crypto and security session framework are reworked
> > to reduce the need of two mempool objects and
> > remove the requirement to expose the rte_security_session
> > and rte_cryptodev_sym_session structures.
> > Design methodology is explained in the patch description.
> >
> > Similar work will need to be done for asymmetric sessions
> > as well. Asymmetric session need another rework and is
> > postponed to next release. Since it is still in experimental
> > stage, we can modify the APIs in next release as well.
> >
> > The patches are compilable with all affected PMDs
> > and tested with dpdk-test and ipsec-secgw app on CN9k platform.
> >
> > Changes in v2:
> > - Added new parameter iova in PMD session configure APIs for
> >   session priv pointer to be used in QAT/CNXK/etc PMDs.
> > - Hide rte_cryptodev_sym_session and rte_security_session structs.
> > - Added compilation workaround for net PMDs(ixgbe/txgbe)
> >   for inline ipsec.
> >   Patches with actual fix is beynd the scope of this patchset.
> > - Added inline APIs to access the opaque data and fast metadata.
> > - Remove commented code.
> > TODO
> > - Release notes/deprecation notice removal.
> > - Documentation updates.
> > - Asym APIs - postponed for next release.
> >
> > Akhil Goyal (7):
> >   security: rework session framework
> >   security: hide security session struct
> >   net/cnxk: rework security session framework
> >   security: pass session iova in PMD sess create
> >   cryptodev: rework session framework
> >   cryptodev: hide sym session structure
> >   cryptodev: pass session iova in configure session
> >
> The series is rebased over following to avoid merge conflicts
> http://patches.dpdk.org/user/todo/dpdk/?series=19519
> http://patches.dpdk.org/user/todo/dpdk/?series=19467
> http://patches.dpdk.org/user/todo/dpdk/?series=19551
> 
> (HEAD -> next-crypto) cryptodev: pass session iova in configure session
> cryptodev: hide sym session structure
> cryptodev: rework session framework
> security: pass session iova in PMD sess create
> net/cnxk: rework security session framework
> security: hide security session struct
> security: rework session framework
> cryptodev: move device specific structures
> cryptodev: update fast path APIs to use new flat array
> cryptodev: move inline APIs into separate structure
> cryptodev: allocate max space for internal qp array
> cryptodev: separate out internal structures
> security: add reserved bitfields
> security: hide internal API
> cryptodev: remove LIST_END enumerators
> test/crypto-perf: support lookaside IPsec

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 17:07     ` Zhang, Roy Fan
@ 2021-10-14 18:23       ` Akhil Goyal
  2021-10-14 18:57         ` Akhil Goyal
  2021-10-15  8:12         ` Zhang, Roy Fan
  0 siblings, 2 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-14 18:23 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Fan,
> 
> Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> 
> - for qat it fails at rte_security_ops->session_size_get not implemented.
> - for sw pmds the queue pair's session private mempools are not set.
> 
Can you check if below change works for Kasumi. I will replicate for others.

diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index abedcd616d..fe0e78e516 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -38,8 +38,6 @@ struct kasumi_qp {
        /**< Ring for placing processed ops */
        struct rte_mempool *sess_mp;
        /**< Session Mempool */
-       struct rte_mempool *sess_mp_priv;
-       /**< Session Private Data Mempool */
        struct rte_cryptodev_stats qp_stats;
        /**< Queue pair statistics */
        uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d6f927417a..1fc59c8b8a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
                                        op->sym->session,
                                        cryptodev_driver_id);
        } else {
-               void *_sess = NULL;
-               void *_sess_private_data = NULL;
+               struct rte_cryptodev_sym_session *_sess = NULL;

-               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+               /* Create temporary session */
+               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
+               if (_sess == NULL)
                        return NULL;

-               if (rte_mempool_get(qp->sess_mp_priv,
-                               (void **)&_sess_private_data))
-                       return NULL;
-
-               sess = (struct kasumi_session *)_sess_private_data;
-
+               _sess->sess_data[cryptodev_driver_id].data =
+                               (void *)((uint8_t *)_sess +
+                               rte_cryptodev_sym_get_header_session_size() +
+                               (cryptodev_driver_id * _sess->priv_sz));
+               sess = _sess->sess_data[cryptodev_driver_id].data;
                if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
                                op->sym->xform) != 0)) {
                        rte_mempool_put(qp->sess_mp, _sess);
-                       rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
                        sess = NULL;
                }
                op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-               set_sym_session_private_data(op->sym->session,
-                               cryptodev_driver_id, _sess_private_data);
        }

        if (unlikely(sess == NULL))
@@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
                        memset(ops[i]->sym->session, 0,
                        rte_cryptodev_sym_get_existing_header_session_size(
                                        ops[i]->sym->session));
-                       rte_mempool_put(qp->sess_mp_priv, session);
                        rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
                        ops[i]->sym->session = NULL;
                }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 18:23       ` Akhil Goyal
@ 2021-10-14 18:57         ` Akhil Goyal
  2021-10-15 15:33           ` Zhang, Roy Fan
  2021-10-15  8:12         ` Zhang, Roy Fan
  1 sibling, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-14 18:57 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Fan,
Check for below QAT fix also 
> >
> > Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> >
> > - for qat it fails at rte_security_ops->session_size_get not implemented.
And for this one
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index efda921c05..96cd9d2eee 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -306,6 +306,7 @@ static struct rte_security_ops security_qat_ops = {

                .session_create = qat_security_session_create,
                .session_update = NULL,
+               .session_get_size = qat_security_session_get_size,
                .session_stats_get = NULL,
                .session_destroy = qat_security_session_destroy,
                .set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index ef92f22c1a..41b5542343 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2297,4 +2297,10 @@ qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
        }
        return 0;
 }
+
+static unsigned int
+qat_security_session_get_size(void *device __rte_unused)
+{
+       return sizeof(struct qat_sym_session);
+}
 #endif

> > - for sw pmds the queue pair's session private mempools are not set.
> >
> Can you check if below change works for Kasumi. I will replicate for others.
> 
> diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h
> b/drivers/crypto/kasumi/kasumi_pmd_private.h
> index abedcd616d..fe0e78e516 100644
> --- a/drivers/crypto/kasumi/kasumi_pmd_private.h
> +++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
> @@ -38,8 +38,6 @@ struct kasumi_qp {
>         /**< Ring for placing processed ops */
>         struct rte_mempool *sess_mp;
>         /**< Session Mempool */
> -       struct rte_mempool *sess_mp_priv;
> -       /**< Session Private Data Mempool */
>         struct rte_cryptodev_stats qp_stats;
>         /**< Queue pair statistics */
>         uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
> diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> index d6f927417a..1fc59c8b8a 100644
> --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> @@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp, struct
> rte_crypto_op *op)
>                                         op->sym->session,
>                                         cryptodev_driver_id);
>         } else {
> -               void *_sess = NULL;
> -               void *_sess_private_data = NULL;
> +               struct rte_cryptodev_sym_session *_sess = NULL;
> 
> -               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
> +               /* Create temporary session */
> +               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
> +               if (_sess == NULL)
>                         return NULL;
> 
> -               if (rte_mempool_get(qp->sess_mp_priv,
> -                               (void **)&_sess_private_data))
> -                       return NULL;
> -
> -               sess = (struct kasumi_session *)_sess_private_data;
> -
> +               _sess->sess_data[cryptodev_driver_id].data =
> +                               (void *)((uint8_t *)_sess +
> +                               rte_cryptodev_sym_get_header_session_size() +
> +                               (cryptodev_driver_id * _sess->priv_sz));
> +               sess = _sess->sess_data[cryptodev_driver_id].data;
>                 if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
>                                 op->sym->xform) != 0)) {
>                         rte_mempool_put(qp->sess_mp, _sess);
> -                       rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
>                         sess = NULL;
>                 }
>                 op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
> -               set_sym_session_private_data(op->sym->session,
> -                               cryptodev_driver_id, _sess_private_data);
>         }
> 
>         if (unlikely(sess == NULL))
> @@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct
> kasumi_session *session,
>                         memset(ops[i]->sym->session, 0,
>                         rte_cryptodev_sym_get_existing_header_session_size(
>                                         ops[i]->sym->session));
> -                       rte_mempool_put(qp->sess_mp_priv, session);
>                         rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
>                         ops[i]->sym->session = NULL;
>                 }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 18:23       ` Akhil Goyal
  2021-10-14 18:57         ` Akhil Goyal
@ 2021-10-15  8:12         ` Zhang, Roy Fan
  1 sibling, 0 replies; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-15  8:12 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Akhil,

It shall work but Kasumi tests are passing :-)
It is snow3g and aesni-mb/gcm that are failing.
Thanks

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 14, 2021 7:24 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
> 
> Hi Fan,
> >
> > Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> >
> > - for qat it fails at rte_security_ops->session_size_get not implemented.
> > - for sw pmds the queue pair's session private mempools are not set.
> >
> Can you check if below change works for Kasumi. I will replicate for others.
> 
> diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h
> b/drivers/crypto/kasumi/kasumi_pmd_private.h
> index abedcd616d..fe0e78e516 100644
> --- a/drivers/crypto/kasumi/kasumi_pmd_private.h
> +++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
> @@ -38,8 +38,6 @@ struct kasumi_qp {
>         /**< Ring for placing processed ops */
>         struct rte_mempool *sess_mp;
>         /**< Session Mempool */
> -       struct rte_mempool *sess_mp_priv;
> -       /**< Session Private Data Mempool */
>         struct rte_cryptodev_stats qp_stats;
>         /**< Queue pair statistics */
>         uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
> diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> index d6f927417a..1fc59c8b8a 100644
> --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> @@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp, struct
> rte_crypto_op *op)
>                                         op->sym->session,
>                                         cryptodev_driver_id);
>         } else {
> -               void *_sess = NULL;
> -               void *_sess_private_data = NULL;
> +               struct rte_cryptodev_sym_session *_sess = NULL;
> 
> -               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
> +               /* Create temporary session */
> +               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
> +               if (_sess == NULL)
>                         return NULL;
> 
> -               if (rte_mempool_get(qp->sess_mp_priv,
> -                               (void **)&_sess_private_data))
> -                       return NULL;
> -
> -               sess = (struct kasumi_session *)_sess_private_data;
> -
> +               _sess->sess_data[cryptodev_driver_id].data =
> +                               (void *)((uint8_t *)_sess +
> +                               rte_cryptodev_sym_get_header_session_size() +
> +                               (cryptodev_driver_id * _sess->priv_sz));
> +               sess = _sess->sess_data[cryptodev_driver_id].data;
>                 if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
>                                 op->sym->xform) != 0)) {
>                         rte_mempool_put(qp->sess_mp, _sess);
> -                       rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
>                         sess = NULL;
>                 }
>                 op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
> -               set_sym_session_private_data(op->sym->session,
> -                               cryptodev_driver_id, _sess_private_data);
>         }
> 
>         if (unlikely(sess == NULL))
> @@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct
> kasumi_session *session,
>                         memset(ops[i]->sym->session, 0,
>                         rte_cryptodev_sym_get_existing_header_session_size(
>                                         ops[i]->sym->session));
> -                       rte_mempool_put(qp->sess_mp_priv, session);
>                         rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
>                         ops[i]->sym->session = NULL;
>                 }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-14 18:57         ` Akhil Goyal
@ 2021-10-15 15:33           ` Zhang, Roy Fan
  2021-10-15 17:42             ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-15 15:33 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Akhil,

I tried to fix the problems of seg faults.
The seg-faults are gone now but all asym tests are failing too.
The reason is the rte_cryptodev_queue_pair_setup() checks the session mempool same for sym and asym.
Since we don't have a rte_cryptodev_asym_session_pool_create() the session mempool created by 
test_cryptodev_asym.c  with rte_mempool_create() will fail the mempool check when setting up the queue pair.

If you think my fix may be useful (although not resolving asym issue) I can send it.

Regards,
Fan



> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 14, 2021 7:57 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
> 
> Hi Fan,
> Check for below QAT fix also
> > >
> > > Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> > >
> > > - for qat it fails at rte_security_ops->session_size_get not implemented.
> And for this one
> diff --git a/drivers/crypto/qat/qat_sym_pmd.c
> b/drivers/crypto/qat/qat_sym_pmd.c
> index efda921c05..96cd9d2eee 100644
> --- a/drivers/crypto/qat/qat_sym_pmd.c
> +++ b/drivers/crypto/qat/qat_sym_pmd.c
> @@ -306,6 +306,7 @@ static struct rte_security_ops security_qat_ops = {
> 
>                 .session_create = qat_security_session_create,
>                 .session_update = NULL,
> +               .session_get_size = qat_security_session_get_size,
>                 .session_stats_get = NULL,
>                 .session_destroy = qat_security_session_destroy,
>                 .set_pkt_metadata = NULL,
> diff --git a/drivers/crypto/qat/qat_sym_session.c
> b/drivers/crypto/qat/qat_sym_session.c
> index ef92f22c1a..41b5542343 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -2297,4 +2297,10 @@ qat_security_session_destroy(void *dev
> __rte_unused, void *sess_priv)
>         }
>         return 0;
>  }
> +
> +static unsigned int
> +qat_security_session_get_size(void *device __rte_unused)
> +{
> +       return sizeof(struct qat_sym_session);
> +}
>  #endif
> 
> > > - for sw pmds the queue pair's session private mempools are not set.
> > >
> > Can you check if below change works for Kasumi. I will replicate for others.
> >
> > diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > index abedcd616d..fe0e78e516 100644
> > --- a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > +++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > @@ -38,8 +38,6 @@ struct kasumi_qp {
> >         /**< Ring for placing processed ops */
> >         struct rte_mempool *sess_mp;
> >         /**< Session Mempool */
> > -       struct rte_mempool *sess_mp_priv;
> > -       /**< Session Private Data Mempool */
> >         struct rte_cryptodev_stats qp_stats;
> >         /**< Queue pair statistics */
> >         uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
> > diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > index d6f927417a..1fc59c8b8a 100644
> > --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > @@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp, struct
> > rte_crypto_op *op)
> >                                         op->sym->session,
> >                                         cryptodev_driver_id);
> >         } else {
> > -               void *_sess = NULL;
> > -               void *_sess_private_data = NULL;
> > +               struct rte_cryptodev_sym_session *_sess = NULL;
> >
> > -               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
> > +               /* Create temporary session */
> > +               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
> > +               if (_sess == NULL)
> >                         return NULL;
> >
> > -               if (rte_mempool_get(qp->sess_mp_priv,
> > -                               (void **)&_sess_private_data))
> > -                       return NULL;
> > -
> > -               sess = (struct kasumi_session *)_sess_private_data;
> > -
> > +               _sess->sess_data[cryptodev_driver_id].data =
> > +                               (void *)((uint8_t *)_sess +
> > +                               rte_cryptodev_sym_get_header_session_size() +
> > +                               (cryptodev_driver_id * _sess->priv_sz));
> > +               sess = _sess->sess_data[cryptodev_driver_id].data;
> >                 if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
> >                                 op->sym->xform) != 0)) {
> >                         rte_mempool_put(qp->sess_mp, _sess);
> > -                       rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
> >                         sess = NULL;
> >                 }
> >                 op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
> > -               set_sym_session_private_data(op->sym->session,
> > -                               cryptodev_driver_id, _sess_private_data);
> >         }
> >
> >         if (unlikely(sess == NULL))
> > @@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct
> > kasumi_session *session,
> >                         memset(ops[i]->sym->session, 0,
> >                         rte_cryptodev_sym_get_existing_header_session_size(
> >                                         ops[i]->sym->session));
> > -                       rte_mempool_put(qp->sess_mp_priv, session);
> >                         rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
> >                         ops[i]->sym->session = NULL;
> >                 }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-15 15:33           ` Zhang, Roy Fan
@ 2021-10-15 17:42             ` Akhil Goyal
  2021-10-15 18:47               ` Akhil Goyal
  2021-10-16 13:21               ` Zhang, Roy Fan
  0 siblings, 2 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-15 17:42 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

> Hi Akhil,
> 
> I tried to fix the problems of seg faults.
> The seg-faults are gone now but all asym tests are failing too.
> The reason is the rte_cryptodev_queue_pair_setup() checks the session
> mempool same for sym and asym.
> Since we don't have a rte_cryptodev_asym_session_pool_create() the
> session mempool created by
> test_cryptodev_asym.c  with rte_mempool_create() will fail the mempool
> check when setting up the queue pair.
> 
> If you think my fix may be useful (although not resolving asym issue) I can
> send it.
> 
Is it a different fix than what I proposed below? If yes, you can send the diff.
I already made the below changes for all the PMDs.
I will try to fix the asym issue, but I suppose it can be dealt in the app
Which can be fixed separately in RC2.

Also, found the root cause of multi process issue, working on making the patches.
Will send v3 soon with all 3 issues(docsis/mp/sessless) fixed atleast.
For Asym, may send a separate patch.

> > Hi Fan,
> > Check for below QAT fix also
> > > >
> > > > Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> > > >
> > > > - for qat it fails at rte_security_ops->session_size_get not implemented.
> > And for this one
> > diff --git a/drivers/crypto/qat/qat_sym_pmd.c
> > b/drivers/crypto/qat/qat_sym_pmd.c
> > index efda921c05..96cd9d2eee 100644
> > --- a/drivers/crypto/qat/qat_sym_pmd.c
> > +++ b/drivers/crypto/qat/qat_sym_pmd.c
> > @@ -306,6 +306,7 @@ static struct rte_security_ops security_qat_ops = {
> >
> >                 .session_create = qat_security_session_create,
> >                 .session_update = NULL,
> > +               .session_get_size = qat_security_session_get_size,
> >                 .session_stats_get = NULL,
> >                 .session_destroy = qat_security_session_destroy,
> >                 .set_pkt_metadata = NULL,
> > diff --git a/drivers/crypto/qat/qat_sym_session.c
> > b/drivers/crypto/qat/qat_sym_session.c
> > index ef92f22c1a..41b5542343 100644
> > --- a/drivers/crypto/qat/qat_sym_session.c
> > +++ b/drivers/crypto/qat/qat_sym_session.c
> > @@ -2297,4 +2297,10 @@ qat_security_session_destroy(void *dev
> > __rte_unused, void *sess_priv)
> >         }
> >         return 0;
> >  }
> > +
> > +static unsigned int
> > +qat_security_session_get_size(void *device __rte_unused)
> > +{
> > +       return sizeof(struct qat_sym_session);
> > +}
> >  #endif
> >
> > > > - for sw pmds the queue pair's session private mempools are not set.
> > > >
> > > Can you check if below change works for Kasumi. I will replicate for
> others.
> > >
> > > diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > index abedcd616d..fe0e78e516 100644
> > > --- a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > +++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > @@ -38,8 +38,6 @@ struct kasumi_qp {
> > >         /**< Ring for placing processed ops */
> > >         struct rte_mempool *sess_mp;
> > >         /**< Session Mempool */
> > > -       struct rte_mempool *sess_mp_priv;
> > > -       /**< Session Private Data Mempool */
> > >         struct rte_cryptodev_stats qp_stats;
> > >         /**< Queue pair statistics */
> > >         uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
> > > diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > index d6f927417a..1fc59c8b8a 100644
> > > --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > @@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp,
> struct
> > > rte_crypto_op *op)
> > >                                         op->sym->session,
> > >                                         cryptodev_driver_id);
> > >         } else {
> > > -               void *_sess = NULL;
> > > -               void *_sess_private_data = NULL;
> > > +               struct rte_cryptodev_sym_session *_sess = NULL;
> > >
> > > -               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
> > > +               /* Create temporary session */
> > > +               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
> > > +               if (_sess == NULL)
> > >                         return NULL;
> > >
> > > -               if (rte_mempool_get(qp->sess_mp_priv,
> > > -                               (void **)&_sess_private_data))
> > > -                       return NULL;
> > > -
> > > -               sess = (struct kasumi_session *)_sess_private_data;
> > > -
> > > +               _sess->sess_data[cryptodev_driver_id].data =
> > > +                               (void *)((uint8_t *)_sess +
> > > +                               rte_cryptodev_sym_get_header_session_size() +
> > > +                               (cryptodev_driver_id * _sess->priv_sz));
> > > +               sess = _sess->sess_data[cryptodev_driver_id].data;
> > >                 if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
> > >                                 op->sym->xform) != 0)) {
> > >                         rte_mempool_put(qp->sess_mp, _sess);
> > > -                       rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
> > >                         sess = NULL;
> > >                 }
> > >                 op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
> > > -               set_sym_session_private_data(op->sym->session,
> > > -                               cryptodev_driver_id, _sess_private_data);
> > >         }
> > >
> > >         if (unlikely(sess == NULL))
> > > @@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct
> > > kasumi_session *session,
> > >                         memset(ops[i]->sym->session, 0,
> > >                         rte_cryptodev_sym_get_existing_header_session_size(
> > >                                         ops[i]->sym->session));
> > > -                       rte_mempool_put(qp->sess_mp_priv, session);
> > >                         rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
> > >                         ops[i]->sym->session = NULL;
> > >                 }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-15 17:42             ` Akhil Goyal
@ 2021-10-15 18:47               ` Akhil Goyal
  2021-10-16 13:31                 ` Zhang, Roy Fan
  2021-10-16 13:21               ` Zhang, Roy Fan
  1 sibling, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-15 18:47 UTC (permalink / raw)
  To: Zhang, Roy Fan, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

> > Hi Akhil,
> >
> > I tried to fix the problems of seg faults.
> > The seg-faults are gone now but all asym tests are failing too.
> > The reason is the rte_cryptodev_queue_pair_setup() checks the session
> > mempool same for sym and asym.
> > Since we don't have a rte_cryptodev_asym_session_pool_create() the
> > session mempool created by
> > test_cryptodev_asym.c  with rte_mempool_create() will fail the mempool
> > check when setting up the queue pair.
> >
> > If you think my fix may be useful (although not resolving asym issue) I can
> > send it.
> >
> Is it a different fix than what I proposed below? If yes, you can send the diff.
> I already made the below changes for all the PMDs.
> I will try to fix the asym issue, but I suppose it can be dealt in the app
> Which can be fixed separately in RC2.
> 
> Also, found the root cause of multi process issue, working on making the
> patches.
> Will send v3 soon with all 3 issues(docsis/mp/sessless) fixed atleast.
> For Asym, may send a separate patch.
> 
For Asym issue, it looks like the APIs are not written properly and has many
Issues compared to sym.
Looking at the API rte_cryptodev_queue_pair_setup(), it only support
mp_session(or priv_sess_mp) for symmetric sessions even without my changes.

Hence, a qp does not have mempool for sessionless Asym processing and looking at current
Drivers, only QAT support asym session less and it does not use mempool stored in qp.

Hence IMO, it is safe to remove the check from rte_cryptodev_queue_pair_setup()
        if (!qp_conf->mp_session) {
                CDEV_LOG_ERR("Invalid mempools\n");
                return -EINVAL;
        }
Or we can have give a CDEV_LOG_INFO (to indicate session mempool not present, session less won't work) instead of CDEV_LOG_ERR and fall through.

For sym case, it is checking again in next line if session_mp is there or not.

I hope, the asym cases will work once we remove the above check and pass
Null in the asym app while setting up queue pairs. What say?





^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-15 17:42             ` Akhil Goyal
  2021-10-15 18:47               ` Akhil Goyal
@ 2021-10-16 13:21               ` Zhang, Roy Fan
  1 sibling, 0 replies; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-16 13:21 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi Akhil,

I didn't work on the asym problem. As stated in the email I could think of the solution is to add new API to create asym session pool - or you may have better solution. 

BTW current test_cryptodev_asym.c the function testsuite_setup() creates the queue pair before creating the session pool, which will always made the queue pair creation fail at the library layer - as the session pool cannot be empty. I don't think the session pool is mandatory when creating the queue pair as it is only needed for session-less operation even for sym crypto - this change also doesn't make sense for the crypto PMDs who don't support session-less operation.

My sym fix is as same as your proposal. Here is my diff as ref for sym crypto seg fault fix.

diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 330aad8157..990fc99763 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -174,27 +174,25 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
 					sym_op->session,
 					cryptodev_driver_id);
 	} else  {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
+		_sess->sess_data[cryptodev_driver_id].data =
+			(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
 
-		sess = (struct aesni_gcm_session *)_sess_private_data;
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(aesni_gcm_set_session_parameters(qp->ops,
 				sess, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -716,7 +714,6 @@ handle_completed_gcm_crypto_op(struct aesni_gcm_qp *qp,
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2763d1c492..cb37fd6b29 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -52,8 +52,6 @@ struct aesni_gcm_qp {
 	/**< Queue pair statistics */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	uint16_t id;
 	/**< Queue Pair Identifier */
 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index 11e7bf5d18..2398fdf1b8 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -182,8 +182,6 @@ struct aesni_mb_qp {
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t digest_idx;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index e8da9ea9e1..d9e525c86f 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1024,27 +1024,25 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 					(op->sym->sec_session);
 #endif
 	} else {
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
+		_sess->sess_data[cryptodev_driver_id].data =
+			(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
 
-		sess = (struct aesni_mb_session *)_sess_private_data;
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(aesni_mb_set_session_parameters(qp->mb_mgr,
 				sess, op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+		op->sym->session = _sess;
 	}
 
 	if (unlikely(sess == NULL))
@@ -1688,7 +1686,6 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index b7a806d51c..b9c0f8b9ee 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1072,8 +1072,16 @@ aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
 	return aesni_mb_pmd_security_cap;
 }
 
+/** Returns the size of the aesni multi-buffer session structure */
+static unsigned
+aesni_mb_pmd_sec_session_get_size(void *dev __rte_unused)
+{
+	return sizeof(struct aesni_mb_session);
+}
+
 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
 		.session_create = aesni_mb_pmd_sec_sess_create,
+		.session_get_size = aesni_mb_pmd_sec_session_get_size,
 		.session_update = NULL,
 		.session_stats_get = NULL,
 		.session_destroy = aesni_mb_pmd_sec_sess_destroy,
diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index abedcd616d..fe0e78e516 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -38,8 +38,6 @@ struct kasumi_qp {
 	/**< Ring for placing processed ops */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d6f927417a..f130400152 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -139,27 +139,25 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 					op->sym->session,
 					cryptodev_driver_id);
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
+		_sess->sess_data[cryptodev_driver_id].data =
+			(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
 
-		sess = (struct kasumi_session *)_sess_private_data;
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -327,7 +325,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 			memset(ops[i]->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index efda921c05..a55fb4f342 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -305,6 +305,7 @@ qat_security_cap_get(void *device __rte_unused)
 static struct rte_security_ops security_qat_ops = {
 
 		.session_create = qat_security_session_create,
+		.session_get_size = qat_security_session_get_private_size,
 		.session_update = NULL,
 		.session_stats_get = NULL,
 		.session_destroy = qat_security_session_destroy,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index ef92f22c1a..4066230155 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2298,3 +2298,10 @@ qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 	return 0;
 }
 #endif
+
+unsigned int
+qat_security_session_get_private_size(void *dev __rte_unused)
+{
+	return RTE_ALIGN_CEIL(sizeof(struct qat_sym_session), 8);
+}
+
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 4b7de4c9e7..a02ba01adf 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -169,6 +169,9 @@ qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
 		void *sess, rte_iova_t sess_iova);
 int
 qat_security_session_destroy(void *dev, void *sess);
+
+unsigned int
+qat_security_session_get_private_size(void *dev);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 8284ac0b66..02e65393e3 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -149,27 +149,26 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 					op->sym->session,
 					cryptodev_driver_id);
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
+		_sess->sess_data[cryptodev_driver_id].data =
+			(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
+
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
-		sess = (struct snow3g_session *)_sess_private_data;
 
 		if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -352,7 +351,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 			memset(ops[i]->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/snow3g/snow3g_pmd_private.h b/drivers/crypto/snow3g/snow3g_pmd_private.h
index 23cf078a9c..96897d4651 100644
--- a/drivers/crypto/snow3g/snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/snow3g_pmd_private.h
@@ -39,8 +39,6 @@ struct snow3g_qp {
 	/**< Ring for placing processed ops */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[SNOW3G_DIGEST_LENGTH];
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index d4b343a7af..2ac333fc35 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -138,27 +138,25 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 					op->sym->session,
 					cryptodev_driver_id);
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
+		_sess->sess_data[cryptodev_driver_id].data =
+			(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
 
-		sess = (struct zuc_session *)_sess_private_data;
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(zuc_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -341,7 +339,6 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 			memset(ops[i]->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index d8684891ee..23cd9dc458 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -38,8 +38,6 @@ struct zuc_qp {
 	/**< Ring for placing processed ops */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[ZUC_DIGEST_LENGTH];


regards,
Fan



> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, October 15, 2021 6:43 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
> 
> > Hi Akhil,
> >
> > I tried to fix the problems of seg faults.
> > The seg-faults are gone now but all asym tests are failing too.
> > The reason is the rte_cryptodev_queue_pair_setup() checks the session
> > mempool same for sym and asym.
> > Since we don't have a rte_cryptodev_asym_session_pool_create() the
> > session mempool created by
> > test_cryptodev_asym.c  with rte_mempool_create() will fail the mempool
> > check when setting up the queue pair.
> >
> > If you think my fix may be useful (although not resolving asym issue) I can
> > send it.
> >
> Is it a different fix than what I proposed below? If yes, you can send the diff.
> I already made the below changes for all the PMDs.
> I will try to fix the asym issue, but I suppose it can be dealt in the app
> Which can be fixed separately in RC2.
> 
> Also, found the root cause of multi process issue, working on making the
> patches.
> Will send v3 soon with all 3 issues(docsis/mp/sessless) fixed atleast.
> For Asym, may send a separate patch.
> 
> > > Hi Fan,
> > > Check for below QAT fix also
> > > > >
> > > > > Unfortunately the patches still cause seg-fault at QAT and SW PMDs.
> > > > >
> > > > > - for qat it fails at rte_security_ops->session_size_get not
> implemented.
> > > And for this one
> > > diff --git a/drivers/crypto/qat/qat_sym_pmd.c
> > > b/drivers/crypto/qat/qat_sym_pmd.c
> > > index efda921c05..96cd9d2eee 100644
> > > --- a/drivers/crypto/qat/qat_sym_pmd.c
> > > +++ b/drivers/crypto/qat/qat_sym_pmd.c
> > > @@ -306,6 +306,7 @@ static struct rte_security_ops security_qat_ops = {
> > >
> > >                 .session_create = qat_security_session_create,
> > >                 .session_update = NULL,
> > > +               .session_get_size = qat_security_session_get_size,
> > >                 .session_stats_get = NULL,
> > >                 .session_destroy = qat_security_session_destroy,
> > >                 .set_pkt_metadata = NULL,
> > > diff --git a/drivers/crypto/qat/qat_sym_session.c
> > > b/drivers/crypto/qat/qat_sym_session.c
> > > index ef92f22c1a..41b5542343 100644
> > > --- a/drivers/crypto/qat/qat_sym_session.c
> > > +++ b/drivers/crypto/qat/qat_sym_session.c
> > > @@ -2297,4 +2297,10 @@ qat_security_session_destroy(void *dev
> > > __rte_unused, void *sess_priv)
> > >         }
> > >         return 0;
> > >  }
> > > +
> > > +static unsigned int
> > > +qat_security_session_get_size(void *device __rte_unused)
> > > +{
> > > +       return sizeof(struct qat_sym_session);
> > > +}
> > >  #endif
> > >
> > > > > - for sw pmds the queue pair's session private mempools are not set.
> > > > >
> > > > Can you check if below change works for Kasumi. I will replicate for
> > others.
> > > >
> > > > diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > > b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > > index abedcd616d..fe0e78e516 100644
> > > > --- a/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > > +++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
> > > > @@ -38,8 +38,6 @@ struct kasumi_qp {
> > > >         /**< Ring for placing processed ops */
> > > >         struct rte_mempool *sess_mp;
> > > >         /**< Session Mempool */
> > > > -       struct rte_mempool *sess_mp_priv;
> > > > -       /**< Session Private Data Mempool */
> > > >         struct rte_cryptodev_stats qp_stats;
> > > >         /**< Queue pair statistics */
> > > >         uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
> > > > diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > > b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > > index d6f927417a..1fc59c8b8a 100644
> > > > --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > > +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
> > > > @@ -139,27 +139,24 @@ kasumi_get_session(struct kasumi_qp *qp,
> > struct
> > > > rte_crypto_op *op)
> > > >                                         op->sym->session,
> > > >                                         cryptodev_driver_id);
> > > >         } else {
> > > > -               void *_sess = NULL;
> > > > -               void *_sess_private_data = NULL;
> > > > +               struct rte_cryptodev_sym_session *_sess = NULL;
> > > >
> > > > -               if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
> > > > +               /* Create temporary session */
> > > > +               _sess = rte_cryptodev_sym_session_create(qp->sess_mp);
> > > > +               if (_sess == NULL)
> > > >                         return NULL;
> > > >
> > > > -               if (rte_mempool_get(qp->sess_mp_priv,
> > > > -                               (void **)&_sess_private_data))
> > > > -                       return NULL;
> > > > -
> > > > -               sess = (struct kasumi_session *)_sess_private_data;
> > > > -
> > > > +               _sess->sess_data[cryptodev_driver_id].data =
> > > > +                               (void *)((uint8_t *)_sess +
> > > > +                               rte_cryptodev_sym_get_header_session_size() +
> > > > +                               (cryptodev_driver_id * _sess->priv_sz));
> > > > +               sess = _sess->sess_data[cryptodev_driver_id].data;
> > > >                 if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
> > > >                                 op->sym->xform) != 0)) {
> > > >                         rte_mempool_put(qp->sess_mp, _sess);
> > > > -                       rte_mempool_put(qp->sess_mp_priv,
> _sess_private_data);
> > > >                         sess = NULL;
> > > >                 }
> > > >                 op->sym->session = (struct rte_cryptodev_sym_session
> *)_sess;
> > > > -               set_sym_session_private_data(op->sym->session,
> > > > -                               cryptodev_driver_id, _sess_private_data);
> > > >         }
> > > >
> > > >         if (unlikely(sess == NULL))
> > > > @@ -327,7 +324,6 @@ process_ops(struct rte_crypto_op **ops, struct
> > > > kasumi_session *session,
> > > >                         memset(ops[i]->sym->session, 0,
> > > >                         rte_cryptodev_sym_get_existing_header_session_size(
> > > >                                         ops[i]->sym->session));
> > > > -                       rte_mempool_put(qp->sess_mp_priv, session);
> > > >                         rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
> > > >                         ops[i]->sym->session = NULL;
> > > >                 }


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework
  2021-10-15 18:47               ` Akhil Goyal
@ 2021-10-16 13:31                 ` Zhang, Roy Fan
  0 siblings, 0 replies; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-16 13:31 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

Hi,

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, October 15, 2021 7:47 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Anoob Joseph <anoobj@marvell.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> matan@nvidia.com; g.singh@nxp.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>;
> ajit.khaparde@broadcom.com; Nagadheeraj Rottela
> <rnagadheeraj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Power, Ciara <ciara.power@intel.com>; Wang, Haiyue
> <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com
> Subject: RE: [PATCH v2 0/7] crypto/security session framework rework
> 
> > > Hi Akhil,
> > >
> > > I tried to fix the problems of seg faults.
> > > The seg-faults are gone now but all asym tests are failing too.
> > > The reason is the rte_cryptodev_queue_pair_setup() checks the session
> > > mempool same for sym and asym.
> > > Since we don't have a rte_cryptodev_asym_session_pool_create() the
> > > session mempool created by
> > > test_cryptodev_asym.c  with rte_mempool_create() will fail the
> mempool
> > > check when setting up the queue pair.
> > >
> > > If you think my fix may be useful (although not resolving asym issue) I can
> > > send it.
> > >
> > Is it a different fix than what I proposed below? If yes, you can send the
> diff.
> > I already made the below changes for all the PMDs.
> > I will try to fix the asym issue, but I suppose it can be dealt in the app
> > Which can be fixed separately in RC2.
> >
> > Also, found the root cause of multi process issue, working on making the
> > patches.
> > Will send v3 soon with all 3 issues(docsis/mp/sessless) fixed atleast.
> > For Asym, may send a separate patch.
> >
> For Asym issue, it looks like the APIs are not written properly and has many
> Issues compared to sym.
> Looking at the API rte_cryptodev_queue_pair_setup(), it only support
> mp_session(or priv_sess_mp) for symmetric sessions even without my
> changes.
> 
> Hence, a qp does not have mempool for sessionless Asym processing and
> looking at current
> Drivers, only QAT support asym session less and it does not use mempool
> stored in qp.
> 
> Hence IMO, it is safe to remove the check from
> rte_cryptodev_queue_pair_setup()
>         if (!qp_conf->mp_session) {
>                 CDEV_LOG_ERR("Invalid mempools\n");
>                 return -EINVAL;
>         }
> Or we can have give a CDEV_LOG_INFO (to indicate session mempool not
> present, session less won't work) instead of CDEV_LOG_ERR and fall through.
> 

Yes this is a valid fix. It will make queue pair setup work as before.
The old code was like this:

	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
		CDEV_LOG_ERR("Invalid mempools\n");
		return -EINVAL;
	}

The requirement was either you provide 2 mempools (one for session and one for
session private) or you don't provide session mempool when creating queue pair at
all. Only otherwise the error is returned.

> For sym case, it is checking again in next line if session_mp is there or not.
> 
> I hope, the asym cases will work once we remove the above check and pass
> Null in the asym app while setting up queue pairs. What say?

It shall be working.  Thanks.
> 
> 
> 


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
@ 2021-10-18 21:34     ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 1/8] security: rework session framework Akhil Goyal
                         ` (9 more replies)
  0 siblings, 10 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As discussed in last release deprecation notice,
crypto and security session framework are reworked
to reduce the need of two mempool objects and
remove the requirement to expose the rte_security_session
and rte_cryptodev_sym_session structures.
Design methodology is explained in the patch description.

Similar work will need to be done for asymmetric sessions
as well. Asymmetric session need another rework and is
postponed to next release. Since it is still in experimental
stage, we can modify the APIs in next release as well.

The patches are compilable with all affected PMDs
and tested with dpdk-test and test-crypto-perf app on CN9k platform.

The series is rebased over "cryptodev: hide internal structures"
https://patchwork.dpdk.org/project/dpdk/list/?series=19749

Changes in v3
- rebased over next-crypto TOT
- Release notes updated and deprecation notice removed.
- Documentation updates.
- fix session less crypto
- fix asym crypto issue for qp setup
- add sess_iova param to PMD session configure APIs to pass
physical address of session pointer.
- rework cnxk net PMD based on the new session framework.
- added missing op to get size of security session private data

Changes in v2:
- Added new parameter iova in PMD session configure APIs for
  session priv pointer to be used in QAT/CNXK/etc PMDs.
- Hide rte_cryptodev_sym_session and rte_security_session structs.
- Added compilation workaround for net PMDs(ixgbe/txgbe)
  for inline ipsec.
  Patches with actual fix is beynd the scope of this patchset.
- Added inline APIs to access the opaque data and fast metadata.
- Remove commented code.

TODO
- Asym APIs - postponed for next release.


Akhil Goyal (8):
  security: rework session framework
  security: hide security session struct
  net/cnxk: rework security session framework
  security: pass session iova in PMD sess create
  drivers/crypto: support security session get size op
  cryptodev: rework session framework
  cryptodev: hide sym session structure
  cryptodev: pass session iova in configure session

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  46 ++--
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   7 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +--
 app/test/test_cryptodev.c                     | 147 ++++---------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   3 +-
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +--
 app/test/test_ipsec.c                         |  34 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 app/test/test_security.c                      | 196 ++++--------------
 doc/guides/prog_guide/cryptodev_lib.rst       |  10 +-
 doc/guides/prog_guide/rte_security.rst        |  11 +-
 doc/guides/rel_notes/deprecation.rst          |   9 -
 doc/guides/rel_notes/release_21_11.rst        |  14 ++
 drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +---
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  71 ++-----
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +--
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  24 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  24 +--
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  20 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  75 +++----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 ++----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  76 ++-----
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  75 ++-----
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  32 +--
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  29 +--
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  23 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  40 ++--
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   1 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |   1 -
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   1 -
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   1 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  25 +--
 drivers/crypto/mvsam/mrvl_pmd_private.h       |   3 -
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  55 ++---
 drivers/crypto/nitrox/nitrox_sym.c            |  33 +--
 drivers/crypto/null/null_crypto_pmd.c         |  20 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +--
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  68 +++---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  63 +++---
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +-
 drivers/crypto/octeontx2/otx2_cryptodev_qp.h  |   2 -
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  77 +++----
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  18 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +---
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_pmd.c              |   1 +
 drivers/crypto/qat/qat_sym_session.c          |  72 ++-----
 drivers/crypto/qat/qat_sym_session.h          |  17 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  10 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  32 +--
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  64 +++---
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  59 ++----
 drivers/net/cnxk/cnxk_ethdev.c                |   6 +-
 drivers/net/cnxk/cnxk_ethdev.h                |   6 -
 drivers/net/cnxk/cnxk_ethdev_sec.c            |  21 --
 drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  52 ++---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
 examples/fips_validation/fips_dev_self_test.c |  32 +--
 examples/fips_validation/main.c               |  20 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  40 ----
 examples/ipsec-secgw/ipsec.c                  |  12 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  33 ++-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  91 ++++----
 lib/cryptodev/rte_cryptodev.h                 |  70 +++----
 lib/cryptodev/rte_cryptodev_trace.h           |  16 +-
 lib/ipsec/rte_ipsec.h                         |   4 +-
 lib/ipsec/rte_ipsec_group.h                   |  13 +-
 lib/ipsec/ses.c                               |   6 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/security/rte_security.c                   |  32 +--
 lib/security/rte_security.h                   |  85 +++++---
 lib/security/rte_security_driver.h            |  31 ++-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 109 files changed, 913 insertions(+), 1880 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 1/8] security: rework session framework
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 2/8] security: hide security session struct Akhil Goyal
                         ` (8 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 .../cperf_test_pmd_cyclecount.c               |   2 +-
 app/test/test_cryptodev.c                     |  17 +-
 app/test/test_ipsec.c                         |  11 +-
 app/test/test_security.c                      | 193 ++++--------------
 drivers/crypto/caam_jr/caam_jr.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   6 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  50 +----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 +---
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  34 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  32 +--
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  11 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  54 +----
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  21 +-
 drivers/crypto/qat/qat_sym_session.h          |   4 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
 drivers/net/meson.build                       |   2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  51 ++---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 lib/security/rte_security.c                   |  28 +--
 lib/security/rte_security.h                   |  41 ++--
 lib/security/rte_security_driver.h            |  16 +-
 32 files changed, 204 insertions(+), 617 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 263841c339..6c3aa77dec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -67,8 +67,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -76,7 +74,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
 
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
-		rte_security_attach_session(ops[i], sec_sess);
+		rte_security_attach_session(ops[i], (void *)sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
 							src_buf_offset);
 
@@ -608,7 +606,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -720,7 +717,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 
 	/* Create security session */
 	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+				&sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
@@ -831,11 +828,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -880,7 +877,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 #endif
 	sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index fda97e8ab9..e43e2a3b96 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 		{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 814a0b401d..996b3b4de6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -83,7 +83,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
@@ -8403,8 +8403,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8675,8 +8674,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9175,8 +9173,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -9597,8 +9594,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
@@ -9773,8 +9769,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
-
-	sess->sess_private_data = NULL;
+	RTE_SET_USED(sess);
 	return 0;
 }
 
 static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(sess);
@@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..1cea756880 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -253,39 +234,28 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
-	struct rte_mempool *priv_mp;
 
 	int ret;
 
 	int called;
 	int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
 
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		void *sess)
 {
-	void *sess_priv;
-	int ret;
 
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
-	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
+	if (mock_session_create_exp.ret == 0)
 		mock_session_create_exp.sess = sess;
-	}
 
 	return mock_session_create_exp.ret;
 }
@@ -297,7 +267,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -308,7 +278,7 @@ static struct mock_session_update_data {
 
 static int
 mock_session_update(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_session_conf *conf)
 {
 	mock_session_update_exp.called++;
@@ -351,7 +321,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -362,7 +332,7 @@ static struct mock_session_stats_get_data {
 
 static int
 mock_session_stats_get(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_stats *stats)
 {
 	mock_session_stats_get_exp.called++;
@@ -381,7 +351,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -390,15 +360,9 @@ static struct mock_session_destroy_data {
 } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
 
 static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -412,7 +376,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -424,7 +388,7 @@ static struct mock_set_pkt_metadata_data {
 
 static int
 mock_set_pkt_metadata(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_mbuf *m,
 		void *params)
 {
@@ -536,7 +500,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -549,7 +512,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -563,7 +526,7 @@ static struct security_unittest_params {
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -577,27 +540,13 @@ testsuite_setup(void)
 	ts_params->session_mpool = rte_mempool_create(
 			SECURITY_TEST_MEMPOOL_NAME,
 			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_OBJ_SZ,
+			SECURITY_TEST_SESSION_OBJ_SZ +
+			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
 			0, 0, NULL, NULL, NULL, NULL,
 			SOCKET_ID_ANY, 0);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +561,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -704,7 +649,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -713,12 +658,11 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+	mock_session_get_size_exp.called = 0;
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +701,14 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -781,18 +723,16 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -807,18 +747,16 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -832,16 +770,14 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,14 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+			NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -902,9 +813,8 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -914,34 +824,23 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -955,22 +854,19 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -984,17 +880,15 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +897,6 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1282,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1289,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1305,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1313,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1329,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1337,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1351,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1358,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1377,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1385,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1402,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1410,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2376,6 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8c56610ac8..00e680cf03 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 					cryptodev_driver_id);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = (struct caam_jr_session *)(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = caam_jr_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = caam_jr_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index c25c8e67b2..de2eebd507 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -122,8 +122,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = (struct cn10k_sec_session *)
+				(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -360,7 +360,7 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
 	if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND))
 		return;
 
-	sess = get_sec_session_private_data(cop->sym->sec_session);
+	sess = (struct cn10k_sec_session *)(cop->sym->sec_session);
 	sa = &sess->sa;
 
 	mbuf = cop->sym->m_src;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 27df1dcd64..425fe599e0 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,17 +35,15 @@ static int
 cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sec_sess)
+			   struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_outb_param1 param1;
 	struct roc_ot_ipsec_outb_sa *out_sa;
 	struct cnxk_ipsec_outb_rlens rlens;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -114,16 +112,14 @@ static int
 cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
 			  struct rte_security_ipsec_xform *ipsec_xfrm,
 			  struct rte_crypto_sym_xform *crypto_xfrm,
-			  struct rte_security_session *sec_sess)
+			  struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_inb_param1 param1;
 	struct roc_ot_ipsec_inb_sa *in_sa;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -175,7 +171,7 @@ static int
 cn10k_ipsec_session_create(void *dev,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sess)
+			   struct cn10k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct roc_cpt *roc_cpt;
@@ -204,55 +200,28 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 void *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
+	struct cn10k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
-					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
+					 conf->crypto_xform, priv);
 }
 
 static int
-cn10k_sec_session_destroy(void *device __rte_unused,
-			  struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct cn10k_sec_session *priv;
-	struct rte_mempool *sess_mp;
-
-	priv = get_sec_session_private_data(sess);
+	struct cn10k_sec_session *priv = sess;
 
 	if (priv == NULL)
 		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 		return -ENOTSUP;
 	}
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct cn9k_sec_session *)(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 53fb793654..a602d38a11 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -275,14 +275,13 @@ static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sec_sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_outb_sa *out_sa;
-	struct cn9k_sec_session *sess;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 	struct rte_ipv6_hdr *ip6;
@@ -294,7 +293,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 	ctl = &out_sa->common_sa.ctl;
@@ -422,13 +420,12 @@ static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct rte_security_session *sec_sess)
+			 struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_inb_sa *in_sa;
-	struct cn9k_sec_session *sess;
 	struct cn9k_ipsec_sa *sa;
 	const uint8_t *auth_key;
 	union cpt_inst_w4 w4;
@@ -437,7 +434,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len = 0;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -501,7 +497,7 @@ static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -532,53 +528,32 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			void *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
 
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
+					conf->crypto_xform, priv);
 }
 
 static int
-cn9k_sec_session_destroy(void *device __rte_unused,
-			 struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = sess;
 	if (priv == NULL)
 		return 0;
 
@@ -590,13 +565,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index cb2ad435bf..feaf3ccd4f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1351,8 +1351,7 @@ build_sec_fd(struct rte_crypto_op *op,
 				op->sym->session, cryptodev_driver_id);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = (dpaa2_sec_session *)(op->sym->sec_session);
 #endif
 	else
 		return -ENOTSUP;
@@ -1525,7 +1524,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	struct rte_crypto_op *op;
 	uint16_t len = DPAA2_GET_FD_LEN(fd);
 	int16_t diff = 0;
-	dpaa2_sec_session *sess_priv __rte_unused;
+	dpaa2_sec_session *sess_priv;
 
 	struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
 		DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1538,8 +1537,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -3388,63 +3386,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa2_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	default:
 		return -EINVAL;
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index a2ffc6c02f..387bd92ab0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1005,8 +1005,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = (dpaa2_sec_session *)session_ctx.sec_sess;
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa2_sec_session *)get_sym_session_private_data(
 			session_ctx.crypto_sess, cryptodev_driver_id);
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 454b9c4785..617c48298f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1790,8 +1790,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
 				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+					(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -2569,7 +2568,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2579,7 +2577,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -3114,26 +3111,17 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -3142,29 +3130,21 @@ dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
-	}
 	return 0;
 }
 #endif
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index 522685f8cf..a07901ebd3 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1010,8 +1010,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = (dpaa_sec_session *)session_ctx.sec_sess;
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)get_sym_session_private_data(
 			session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e05bc04c3b..58ca2a6e54 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1353,8 +1353,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = (struct aesni_mb_session *)
-		get_sec_session_private_data(op->sym->sec_session);
+	session = (struct aesni_mb_session *)(op->sym->sec_session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1491,7 +1490,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = (struct aesni_mb_session *)(op->sym->sec_session);
 	} else
 #endif
 	{
@@ -1894,10 +1893,8 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+		void *sess_private_data)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -1907,41 +1904,24 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);
 
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it does not leave key material behind */
 static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess_priv)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
+	if (sess_priv)
 		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+
 	return 0;
 }
 
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..94e3ff9e5b 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.cipher_key);
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
-		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	uint8_t esn;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct otx2_sec_session *)(op->sym->sec_session);
 	sess = &priv->ipsec.lp;
 	sa = &sess->in_sa;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@ static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct rte_security_session *sec_sess)
+				     struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_out_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	int ret, ctx_len;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -398,7 +396,7 @@ static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct rte_security_session *sec_sess)
+				    struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_in_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -512,7 +508,7 @@ static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct rte_security_session *sess)
+				struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       struct rte_security_session *sess,
-			       struct rte_mempool *mempool)
+			       void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device,
 	if (rte_security_dynfield_register() < 0)
 		return -rte_errno;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	priv->userdata = conf->userdata;
 
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      sess);
+						      priv);
 	else
 		ret = -ENOTSUP;
 
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
 	return ret;
 }
 
 static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
-				struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 
-	priv = get_sec_session_private_data(sess);
-
-	if (priv == NULL)
-		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	memset(priv, 0, sizeof(*priv));
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	if (priv)
+		memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
@@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
-			      struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
 			      struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				op->sym->session, qat_sym_driver_id);
 #ifdef RTE_LIB_SECURITY
 	} else {
-		ctx = (struct qat_sym_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		ctx = (struct qat_sym_session *)(op->sym->sec_session);
 		if (likely(ctx)) {
 			if (unlikely(ctx->bpi_ctx == NULL)) {
 				QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = (struct qat_sym_session *)(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess_private_data)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 int
-qat_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		void *sess);
 int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..cd54a3beee 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-ixgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct ixgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,10 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	uint64_t sess_ptr = (uint64_t)sess;
+	struct ixgbe_crypto_session *ic_session =
+			(struct ixgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index bcf488f203..7a09f7183d 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@ drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-        'cnxk',
+#        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@ static int
 eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 			      struct rte_security_ipsec_xform *ipsec,
 			      struct rte_crypto_sym_xform *crypto_xform,
-			      struct rte_security_session *sec_sess)
+			      struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 	struct otx2_cpt_inst_s inst;
 	struct otx2_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -468,7 +468,7 @@ static int
 eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 			     struct rte_security_ipsec_xform *ipsec,
 			     struct rte_crypto_sym_xform *crypto_xform,
-			     struct rte_security_session *sec_sess)
+			     struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 
 	ctl = &sa->ctl;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -619,7 +619,7 @@ static int
 eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
 		return -ENOTSUP;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	/*
 	 * Save userdata provided by the application. For ingress packets, this
 	 * could be used to identify the SA.
@@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
 						conf->crypto_xform,
-						sess);
+						priv);
 	else
 		ret = -ENOTSUP;
 
 	if (ret)
-		goto mempool_put;
+		return ret;
 
 	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static void
@@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
 }
 
 static int
-otx2_eth_sec_session_destroy(void *device,
-			     struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
 {
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
 	struct otx2_sec_session_ipsec_ip *sess_ip;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
-	if (priv == NULL)
-		return -EINVAL;
-
 	sess_ip = &priv->ipsec.ip;
 
 	if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device,
 			return ret;
 	}
 
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
@@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
-			    struct rte_security_session *session,
-			    struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
 	*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
 		struct nix_iova_s nix_iova;
 	} *sd;
 
-	priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+	priv = (void *)(*rte_security_dynfield(m));
 	sess = &priv->ipsec.ip;
 	sa = &sess->out_sa;
 
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..444da5b8f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-txgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct txgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-txgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
-		       struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +643,10 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
+	uint64_t sess_ptr = (uint64_t)sess;
 	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+			(struct txgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, ipsec_ctx->session_pool,
-					ipsec_ctx->session_priv_pool);
+					&sess_conf, ipsec_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	if (mp->elt_size < sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
 	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+				sess->sess_private_data)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return sess->sess_private_data;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
-			       struct rte_security_stats *stats)
+			       void *sess, struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
 			-ENOTSUP);
@@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
+	struct rte_security_session *s;
 	int ret;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	if (ret != 0)
 		return ret;
 
-	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+	s = container_of(sess, struct rte_security_session, sess_private_data);
+	rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 4c55dcd744..c5ceb3b588 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -509,10 +509,12 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	__extension__ void *sess_private_data[0];
+	/**< Private session material */
 };
 
 /**
@@ -526,11 +528,10 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -545,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -576,7 +577,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+			     void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -622,7 +623,7 @@ static inline bool rte_security_dynfield_is_registered(void)
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -640,13 +641,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess);
 		return 0;
 	}
 
@@ -696,26 +697,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  */
 static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+			      void *sess)
 {
 	sym_op->sec_session = sess;
 
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -726,8 +714,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	sess	security session
  */
 static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -789,7 +776,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..5a177d72d7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@ extern "C" {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		void *sess);
 
 /**
  * Free driver private session data.
@@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device,
  * @param	device		Crypto/eth device pointer
  * @param	sess		Security session structure
  */
-typedef int (*security_session_destroy_t)(void *device,
-		struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
 
 /**
  * Update driver private session data.
@@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device,
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
  */
 typedef int (*security_session_update_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_session_conf *conf);
+		void *sess, struct rte_security_session_conf *conf);
 
 /**
  * Get the size of a security session
@@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device);
  *  - Returns -EINVAL if session parameters are invalid.
  */
 typedef int (*security_session_stats_get_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_stats *stats);
+		void *sess, struct rte_security_stats *stats);
 
 __rte_internal
 int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@ int rte_security_dynfield_register(void);
  * Update the mbuf with provided metadata.
  *
  * @param	device		Crypto/eth device pointer
- * @param	sess		Security session structure
+ * @param	sess		Security session
  * @param	mb		Packet buffer
  * @param	params		Metadata
  *
@@ -105,7 +101,7 @@ int rte_security_dynfield_register(void);
  *  - Returns -ve value for errors.
  */
 typedef int (*security_set_pkt_metadata_t)(void *device,
-		struct rte_security_session *sess, struct rte_mbuf *mb,
+		void *sess, struct rte_mbuf *mb,
 		void *params);
 
 /**
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 2/8] security: hide security session struct
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 1/8] security: rework session framework Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Akhil Goyal
                         ` (7 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

rte_security_session struct is now hidden in the library.
application can access the opaque data and fast_mdata
using the set/get APIs introduced in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 11 ++----
 doc/guides/rel_notes/deprecation.rst   |  4 --
 doc/guides/rel_notes/release_21_11.rst |  7 ++++
 lib/ipsec/rte_ipsec.h                  |  2 +-
 lib/ipsec/rte_ipsec_group.h            |  5 ++-
 lib/ipsec/ses.c                        |  3 +-
 lib/security/rte_security.h            | 54 +++++++++++++++++++++-----
 lib/security/rte_security_driver.h     | 13 +++++++
 8 files changed, 74 insertions(+), 25 deletions(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index ad92c16868..af8f68d0e3 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -543,14 +543,11 @@ and this allows further acceleration of the offload of Crypto workloads.
 
 The Security framework provides APIs to create and free sessions for crypto/ethernet
 devices, where sessions are mempool objects. It is the application's responsibility
-to create and manage two session mempools - one for session and other for session
-private data. The private session data mempool object size should be able to
-accommodate the driver's private data of security session. The application can get
-the size of session private data using API ``rte_security_session_get_size``.
-And the session mempool object size should be enough to accommodate
-``rte_security_session``.
+to create and manage session mempool big enough for session and session
+private data. The application can get the size of session private data using API
+``rte_security_session_get_size``.
 
-Once the session mempools have been created, ``rte_security_session_create()``
+Once the session mempool has been created, ``rte_security_session_create()``
 is used to allocate and initialize a session for the required crypto/ethernet device.
 
 Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 73350e2a69..3add00a8be 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -179,10 +179,6 @@ Deprecation Notices
   session and the private data of session. An opaque pointer can be exposed
   directly to application which can be attached to the ``rte_crypto_op``.
 
-* security: Hide structure ``rte_security_session`` and expose an opaque
-  pointer for the private data to the application which can be attached
-  to the packet while enqueuing.
-
 * eventdev: The file ``rte_eventdev_pmd.h`` will be renamed to ``eventdev_driver.h``
   to make the driver interface as internal and the structures ``rte_eventdev_data``,
   ``rte_eventdev`` and ``rte_eventdevs`` will be moved to a new file named
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 1f3f777c0f..7f1872167e 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -281,6 +281,13 @@ API Changes
 * cryptodev: The structure ``rte_crypto_sym_vec`` was updated to add
   ``dest_sgl`` to support out of place processing.
 
+* security: The structure ``rte_security_session`` was moved to rte_security_driver.h
+  and was hidden from the application. The APIs to create and destroy session were
+  updated to take a single mempool with element size enough to hold session data
+  and session private data. Inline APIs are created to get and set the session data.
+  All sample applications were updated to attach an opaque pointer for the session
+  to the ``rte_crypto_op`` while enqueuing.
+
 * bbdev: Added device info related to data byte endianness processing.
 
 
diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index 5308f250a7..163a2d72b9 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -70,7 +70,7 @@ struct rte_ipsec_session {
 			uint8_t dev_id;
 		} crypto;
 		struct {
-			struct rte_security_session *ses;
+			void *ses;
 			struct rte_security_ctx *ctx;
 			uint32_t ol_flags;
 		} security;
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index ea3bdfad95..0cc5fedbf1 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,12 +44,13 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
+	void *ss;
 	const struct rte_cryptodev_sym_session *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
-		return (void *)(uintptr_t)ss->opaque_data;
+		return (void *)(uintptr_t)
+			rte_security_session_opaque_data_get(ss);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
 		return (void *)(uintptr_t)cs->opaque_data;
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..b12114269f 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -47,7 +47,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
 		ss->crypto.ses->opaque_data = (uintptr_t)ss;
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses,
+				(uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c5ceb3b588..912c79690d 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -508,14 +508,47 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	__extension__ void *sess_private_data[0];
-	/**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
 
 /**
  * Create security session as specified by the session configuration
@@ -646,8 +679,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess);
+		uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
 		return 0;
 	}
 
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 5a177d72d7..13f2f9da32 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,19 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	/** Opaque user defined data */
+	uint64_t opaque_data;
+	/** Fast metadata to be used for inline path */
+	uint64_t fast_mdata;
+	/** Private session material */
+	__extension__ void *sess_private_data[0];
+};
+
 /**
  * Configure a security session on a device.
  *
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 1/8] security: rework session framework Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 2/8] security: hide security session struct Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create Akhil Goyal
                         ` (6 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal, Nithin Dabilpuram

Aligned the security session create and destroy
as per the recent changes in rte_security
and used the fast mdata field introduced in
rte_security. Enabled compilation of cnxk driver.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++++++++++------------------
 drivers/net/cnxk/cn9k_ethdev_sec.c  | 59 ++++++++++----------------
 drivers/net/cnxk/cnxk_ethdev.c      |  6 +--
 drivers/net/cnxk/cnxk_ethdev.h      |  6 ---
 drivers/net/cnxk/cnxk_ethdev_sec.c  | 21 ----------
 drivers/net/meson.build             |  2 +-
 6 files changed, 48 insertions(+), 110 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 82dc6367dd..3d0f4044d9 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,15 +228,14 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn10k_sec_sess_priv sess_priv;
+	struct cn10k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound, inl_dev;
 	int rc = 0;
 
@@ -264,13 +263,8 @@ cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	/* Acquire lock on inline dev for inbound */
 	if (inbound && inl_dev)
@@ -290,11 +284,11 @@ cn10k_eth_sec_session_create(void *device,
 			plt_err("Failed to create ingress sa, inline dev "
 				"not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -304,7 +298,7 @@ cn10k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
@@ -313,7 +307,7 @@ cn10k_eth_sec_session_create(void *device,
 		rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -326,12 +320,11 @@ cn10k_eth_sec_session_create(void *device,
 		inb_sa->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inl_dev = !!dev->inb.inl_dev;
@@ -352,7 +345,7 @@ cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -365,7 +358,7 @@ cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -377,16 +370,15 @@ cn10k_eth_sec_session_create(void *device,
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
 		/* Prepare session priv */
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
-		sess_priv.mode = outb_sa->w2.s.ipsec_mode;
-		sess_priv.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
+		fast_mdata.mode = outb_sa->w2.s.ipsec_mode;
+		fast_mdata.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -407,29 +399,23 @@ cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
-	rte_mempool_put(mempool, eth_sec);
 	return rc;
 }
 
 static int
-cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn10k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
-	struct roc_ot_ipsec_inb_sa *inb_sa;
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_ot_ipsec_outb_sa *outb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
+	struct roc_ot_ipsec_inb_sa *inb_sa;
 
 	if (eth_sec->inl_dev)
 		roc_nix_inl_dev_lock();
@@ -464,9 +450,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
 	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index b070ad57fc..8a6fa75b37 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn9k_sec_sess_priv sess_priv;
+	struct cn9k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound;
 	int rc = 0;
 
@@ -169,13 +168,8 @@ cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	if (inbound) {
 		struct cn9k_inb_priv_data *inb_priv;
@@ -192,7 +186,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (!inb_sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -200,7 +194,7 @@ cn9k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -209,7 +203,7 @@ cn9k_eth_sec_session_create(void *device,
 		rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -223,16 +217,15 @@ cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inb = true;
@@ -252,7 +245,7 @@ cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -265,7 +258,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -282,14 +275,13 @@ cn9k_eth_sec_session_create(void *device,
 		/* Save rlen info */
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -306,27 +298,21 @@ cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
-	rte_mempool_put(mempool, eth_sec);
+err:
 	return rc;
 }
 
 static int
-cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn9k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
 
 	if (eth_sec->inb) {
 		inb_sa = eth_sec->sa;
@@ -353,10 +339,7 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c
index 966bd23c7f..572b40e11b 100644
--- a/drivers/net/cnxk/cnxk_ethdev.c
+++ b/drivers/net/cnxk/cnxk_ethdev.c
@@ -154,8 +154,7 @@ nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy inbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->inb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		/* Clear lookup mem */
 		cnxk_nix_lookup_mem_sa_base_clear(dev);
@@ -172,8 +171,7 @@ nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy outbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->outb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		rc = roc_nix_inl_outb_fini(nix);
 		if (rc)
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ff21b977b7..eca6c77e7a 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -174,9 +174,6 @@ struct cnxk_eth_sec_sess {
 	/* SPI */
 	uint32_t spi;
 
-	/* Back pointer to session */
-	struct rte_security_session *sess;
-
 	/* Inbound */
 	bool inb;
 
@@ -497,9 +494,6 @@ __rte_internal
 int cnxk_nix_inb_mode_set(struct cnxk_eth_dev *dev, bool use_inl_dev);
 struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev,
 						       uint32_t spi, bool inb);
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess);
 
 /* Other private functions */
 int nix_recalc_mtu(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index ae3e49cc82..b220f4d2cf 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -87,27 +87,6 @@ cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb)
 	return NULL;
 }
 
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess)
-{
-	struct cnxk_eth_sec_sess *eth_sec = NULL;
-
-	/* Search in inbound list */
-	TAILQ_FOREACH(eth_sec, &dev->inb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	/* Search in outbound list */
-	TAILQ_FOREACH(eth_sec, &dev->outb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	return NULL;
-}
-
 static unsigned int
 cnxk_eth_sec_session_get_size(void *device __rte_unused)
 {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index 7a09f7183d..bcf488f203 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@ drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-#        'cnxk',
+        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (2 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op Akhil Goyal
                         ` (5 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Some PMDs need session physical address which can be passed
to the hardware. But since security_session_create
does not allow PMD to get mempool object, the PMD cannot
call rte_mempool_virt2iova().
Hence the library layer need to calculate the iova for session
private data and pass it to the PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec.c                         |  3 +-
 app/test/test_security.c                      |  5 +--
 drivers/crypto/caam_jr/caam_jr.c              |  3 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              | 35 +++++++++++--------
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  3 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 33 +++++++++--------
 drivers/crypto/qat/qat_sym_session.c          | 10 +++---
 drivers/crypto/qat/qat_sym_session.h          |  2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  2 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  3 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  2 +-
 lib/security/rte_security.c                   |  6 +++-
 lib/security/rte_security_driver.h            |  4 +--
 18 files changed, 71 insertions(+), 51 deletions(-)

diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 2ffa2a8e79..3b49a0b13a 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,11 +148,12 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	void *sess)
+	void *sess, rte_iova_t sess_iova)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
 	RTE_SET_USED(sess);
+	RTE_SET_USED(sess_iova);
 	return 0;
 }
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 1cea756880..50981f62fa 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -246,9 +246,10 @@ static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess)
+		void *sess,
+		rte_iova_t sess_iova)
 {
-
+	RTE_SET_USED(sess_iova);
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 00e680cf03..298aab154b 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1909,7 +1909,8 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				void *sess)
+				void *sess,
+				rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 425fe599e0..b0dcd71e35 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -200,7 +200,7 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 void *sess)
+			 void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct cn10k_sec_session *priv = sess;
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index a602d38a11..b3d2f8c012 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -16,8 +16,8 @@
 #include "roc_api.h"
 
 static inline int
-cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
-		      uint8_t opcode, size_t ctx_len)
+cn9k_cpt_enq_sa_write(struct cnxk_cpt_qp *qp, uint8_t opcode,
+		      size_t ctx_len, rte_iova_t sess_iova)
 {
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	uint64_t lmtline = qp->lmtline.lmt_base;
@@ -39,9 +39,9 @@ cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = sess_iova;
 	inst.w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
 
 	inst.w0.u64 = 0;
@@ -275,7 +275,8 @@ static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
@@ -409,18 +410,20 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(out_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND,
+		ctx_len, sess_iova);
 }
 
 static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct cn9k_sec_session *sess)
+			 struct cn9k_sec_session *sess,
+			 rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
@@ -474,11 +477,12 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(in_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND,
+		ctx_len, sess_iova);
 }
 
 static inline int
@@ -497,7 +501,8 @@ static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -520,15 +525,15 @@ cn9k_ipsec_session_create(void *dev,
 
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform,
-						sess);
+						sess, sess_iova);
 	else
 		return cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform,
-						 sess);
+						 sess, sess_iova);
 }
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			void *sess)
+			void *sess, rte_iova_t sess_iova)
 {
 	struct cn9k_sec_session *priv = sess;
 
@@ -542,7 +547,7 @@ cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
 	}
 
 	return cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, priv);
+					conf->crypto_xform, priv, sess_iova);
 }
 
 static int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index feaf3ccd4f..51a896c971 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3386,7 +3386,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  void *sess)
+				  void *sess,
+				  rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 617c48298f..2857b19015 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3111,7 +3111,8 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 void *sess)
+				 void *sess,
+				 rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 58ca2a6e54..85397ba7c4 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1893,7 +1893,7 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		void *sess_private_data)
+		void *sess_private_data, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 56900e3187..5a8be84444 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -87,7 +87,8 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
 
 static int
 otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
-		      struct otx2_cpt_qp *qptr, uint8_t opcode)
+		      struct otx2_cpt_qp *qptr, uint8_t opcode,
+		      rte_iova_t sess_iova)
 {
 	uint64_t lmt_status, time_out;
 	void *lmtline = qptr->lmtline;
@@ -107,9 +108,9 @@ otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
 	inst.param1 = 0;
 	inst.param2 = 0;
 	inst.dlen = lp->ctx_len << 3;
-	inst.dptr = rte_mempool_virt2iova(lp);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.cptr = rte_mempool_virt2iova(lp);
+	inst.cptr = sess_iova;
 	inst.egrp  = OTX2_CPT_EGRP_SE;
 
 	inst.u64[0] = 0;
@@ -203,7 +204,8 @@ static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct otx2_sec_session *sess)
+				     struct otx2_sec_session *sess,
+				     rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -379,7 +381,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -389,14 +391,15 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				    auth_xform, cipher_xform);
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct otx2_sec_session *sess)
+				    struct otx2_sec_session *sess,
+				    rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -473,7 +476,7 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -501,14 +504,15 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	}
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_INB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_INB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct otx2_sec_session *sess)
+				struct otx2_sec_session *sess,
+				rte_iova_t sess_iova)
 {
 	int ret;
 
@@ -523,16 +527,17 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 
 	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,
-							   crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 	else
 		return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,
-							    crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 }
 
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       void *sess)
+			       void *sess,
+			       rte_iova_t sess_iova)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
@@ -548,7 +553,7 @@ otx2_crypto_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      priv);
+						      priv, sess_iova);
 	else
 		ret = -ENOTSUP;
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2a22347c7f..2c0e44dff4 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2232,7 +2232,8 @@ qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2251,7 +2252,6 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2282,8 +2282,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 
 int
 qat_security_session_create(void *dev,
-				struct rte_security_session_conf *conf,
-				void *sess_private_data)
+			struct rte_security_session_conf *conf,
+			void *sess_private_data, rte_iova_t sess_priv_iova)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
@@ -2295,7 +2295,7 @@ qat_security_session_create(void *dev,
 	}
 
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, sess_priv_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
 		return ret;
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 7fcc1d6f7b..b93dc549ef 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,7 +166,7 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 int
 qat_security_session_destroy(void *dev, void *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3d0f4044d9..ee0847e35c 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,7 +228,7 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     void *sess_priv)
+			     void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 8a6fa75b37..7c10339295 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,7 +137,7 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess_priv)
+			    void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index cd54a3beee..f2d4cfa2ba 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,7 +369,7 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct ixgbe_crypto_session *ic_session = session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index ef851fe52c..c1901f8f34 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -638,7 +638,8 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess)
+			    void *sess,
+			    rte_iova_t sess_iova __rte_unused)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 444da5b8f3..6187e84063 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,7 +349,7 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct txgbe_crypto_session *ic_session = session;
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 06560b9cba..93eaf395bb 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -45,6 +45,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	rte_iova_t sess_priv_iova;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
@@ -57,8 +58,11 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
+	sess_priv_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_security_session, sess_private_data);
+
 	if (instance->ops->session_create(instance->device, conf,
-				sess->sess_private_data)) {
+				sess->sess_private_data, sess_priv_iova)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 13f2f9da32..04c418a893 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -38,7 +38,7 @@ struct rte_security_session {
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
+ * @param	sess_iova	Private session IOVA
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -48,7 +48,7 @@ struct rte_security_session {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 
 /**
  * Free driver private session data.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (3 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
                         ` (4 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/caam_jr/caam_jr.c            | 6 ++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 7 +++++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 8 ++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 7 +++++++
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c     | 7 +++++++
 drivers/crypto/qat/qat_sym_pmd.c            | 1 +
 drivers/crypto/qat/qat_sym_session.c        | 6 ++++++
 drivers/crypto/qat/qat_sym_session.h        | 3 +++
 8 files changed, 45 insertions(+)

diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 298aab154b..44de978d29 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1948,6 +1948,11 @@ caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
 	return 0;
 }
 
+static unsigned int
+caam_jr_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct caam_jr_session);
+}
 
 static int
 caam_jr_dev_configure(struct rte_cryptodev *dev,
@@ -2042,6 +2047,7 @@ static struct rte_cryptodev_ops caam_jr_ops = {
 static struct rte_security_ops caam_jr_security_ops = {
 	.session_create = caam_jr_security_session_create,
 	.session_update = NULL,
+	.session_get_size = caam_jr_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = caam_jr_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 51a896c971..9115dd8e70 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3428,6 +3428,12 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa2_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa2_sec_session);
+}
 #endif
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
@@ -3816,6 +3822,7 @@ dpaa2_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa2_sec_security_ops = {
 	.session_create = dpaa2_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa2_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa2_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 2857b19015..e38ba21e89 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3148,6 +3148,13 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 		free_session_memory((struct rte_cryptodev *)dev, s);
 	return 0;
 }
+
+static unsigned int
+dpaa_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa_sec_session);
+}
+
 #endif
 static int
 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
@@ -3406,6 +3413,7 @@ dpaa_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa_sec_security_ops = {
 	.session_create = dpaa_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 85397ba7c4..a7b65e565c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1925,6 +1925,12 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess_priv)
 	return 0;
 }
 
+static unsigned int
+aesni_mb_pmd_sec_sess_get_size(void *device __rte_unused)
+{
+	return sizeof(struct aesni_mb_session);
+}
+
 /** Get security capabilities for aesni multi-buffer */
 static const struct rte_security_capability *
 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
@@ -1935,6 +1941,7 @@ aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
 		.session_create = aesni_mb_pmd_sec_sess_create,
 		.session_update = NULL,
+		.session_get_size = aesni_mb_pmd_sec_sess_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = aesni_mb_pmd_sec_sess_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index e04a2c88c7..6ca1bb8b40 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -932,6 +932,12 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
 	return 0;
 }
 
+static unsigned int
+mrvl_crypto_pmd_security_session_create(void *device __rte_unused)
+{
+	return sizeof(struct mrvl_crypto_session);
+}
+
 static const
 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
@@ -996,6 +1002,7 @@ mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
 struct rte_security_ops mrvl_sec_security_pmd_ops = {
 	.session_create = mrvl_crypto_pmd_security_session_create,
 	.session_update = NULL,
+	.session_get_size = mrvl_crypto_pmd_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = mrvl_crypto_pmd_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index d4f087733f..04e97b584a 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -306,6 +306,7 @@ static struct rte_security_ops security_qat_ops = {
 
 		.session_create = qat_security_session_create,
 		.session_update = NULL,
+		.session_get_size = qat_security_session_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = qat_security_session_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2c0e44dff4..cfa7d59914 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2316,4 +2316,10 @@ qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 	}
 	return 0;
 }
+
+unsigned int
+qat_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct qat_sym_session);
+}
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index b93dc549ef..ea329c1f71 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -169,6 +169,9 @@ qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
 		void *sess, rte_iova_t sess_iova);
 int
 qat_security_session_destroy(void *dev, void *sess);
+unsigned int
+qat_security_session_get_size(void *device __rte_unused);
+
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (4 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-20 19:27         ` Ananyev, Konstantin
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure Akhil Goyal
                         ` (3 subsequent siblings)
  9 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object for both the session and session
private data. The API rte_cryptodev_sym_session_init will now not
take mempool object.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app in rte_cryptodev_sym_session_init
and other APIs.

With this change, rte_cryptodev_sym_session_init will send
pointer to session private data of corresponding driver to the PMD
based on the driver_id for filling the PMD data.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently nb_drivers are getting updated in RTE_INIT which
result in increasing the memory requirements for session.
User can compile off drivers which are not in use to reduce the
memory consumption of a session.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  33 ++---
 app/test-crypto-perf/cperf_ops.h              |   6 +-
 app/test-crypto-perf/cperf_test_latency.c     |   5 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   5 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  29 +---
 app/test/test_cryptodev.c                     | 130 +++++-------------
 app/test/test_cryptodev.h                     |   1 -
 app/test/test_cryptodev_asym.c                |   3 +-
 app/test/test_cryptodev_blockcipher.c         |   6 +-
 app/test/test_event_crypto_adapter.c          |  28 +---
 app/test/test_ipsec.c                         |  22 +--
 drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 ++-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +----
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
 drivers/crypto/caam_jr/caam_jr.c              |  32 ++---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +----
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  24 ++--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  18 ++-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  18 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 +++-----
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  15 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  31 +----
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  32 +----
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  29 ++--
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  23 ++--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |   1 -
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   1 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |   1 -
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   1 -
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   1 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  24 +---
 drivers/crypto/mvsam/mrvl_pmd_private.h       |   3 -
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  36 ++---
 drivers/crypto/nitrox/nitrox_sym.c            |  31 +----
 drivers/crypto/null/null_crypto_pmd.c         |  20 ++-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +----
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  60 +++-----
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  52 +++----
 .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +--
 drivers/crypto/octeontx2/otx2_cryptodev_qp.h  |   2 -
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  18 +--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +----
 drivers/crypto/qat/qat_sym_session.c          |  29 +---
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |   9 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  31 ++---
 .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  32 ++---
 examples/fips_validation/main.c               |  20 +--
 examples/ipsec-secgw/ipsec-secgw.c            |  40 ------
 examples/ipsec-secgw/ipsec.c                  |   3 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   4 -
 examples/l2fwd-crypto/main.c                  |  41 +-----
 examples/vhost_crypto/main.c                  |  16 +--
 lib/cryptodev/cryptodev_pmd.h                 |   7 +-
 lib/cryptodev/rte_crypto.h                    |   2 +-
 lib/cryptodev/rte_crypto_sym.h                |   2 +-
 lib/cryptodev/rte_cryptodev.c                 |  76 ++++++----
 lib/cryptodev/rte_cryptodev.h                 |  23 ++--
 lib/cryptodev/rte_cryptodev_trace.h           |   5 +-
 lib/pipeline/rte_table_action.c               |   8 +-
 lib/pipeline/rte_table_action.h               |   2 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |   7 +-
 79 files changed, 396 insertions(+), 1043 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 6c3aa77dec..ec867b0174 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -13,7 +13,7 @@ static int
 cperf_set_ops_asym(struct rte_crypto_op **ops,
 		   uint32_t src_buf_offset __rte_unused,
 		   uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops,
-		   struct rte_cryptodev_sym_session *sess,
+		   void *sess,
 		   const struct cperf_options *options __rte_unused,
 		   const struct cperf_test_vector *test_vector __rte_unused,
 		   uint16_t iv_offset __rte_unused,
@@ -56,7 +56,7 @@ static int
 cperf_set_ops_security(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset __rte_unused,
 		uint32_t dst_buf_offset __rte_unused,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -141,7 +141,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -181,7 +181,7 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector __rte_unused,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
@@ -221,7 +221,7 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -278,7 +278,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -379,7 +379,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -495,7 +495,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 static int
 cperf_set_ops_aead(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
@@ -720,9 +720,8 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 				&sess_conf, sess_mp);
 }
 
-static struct rte_cryptodev_sym_session *
+static void *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -747,7 +746,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (sess == NULL)
 			return NULL;
 		rc = rte_cryptodev_asym_session_init(dev_id, (void *)sess,
-						     &xform, priv_mp);
+						     &xform, sess_mp);
 		if (rc < 0) {
 			if (sess != NULL) {
 				rte_cryptodev_asym_session_clear(dev_id,
@@ -905,8 +904,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform);
 	/*
 	 *  auth only
 	 */
@@ -933,8 +931,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform);
 	/*
 	 * cipher and auth
 	 */
@@ -993,12 +990,12 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+					sess, &cipher_xform);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
 			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+					sess, &auth_xform);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1019,7 +1016,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create crypto session */
 		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+					sess, &aead_xform);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 30d38f90e3..d3513590f1 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -12,15 +12,15 @@
 #include "cperf_test_vectors.h"
 
 
-typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+typedef void *(*cperf_sessions_create_t)(
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		uint32_t src_buf_offset, uint32_t dst_buf_offset,
-		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
+		uint16_t nb_ops, void *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset, uint32_t *imix_idx,
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 69f55de50a..63d520ee66 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -24,7 +24,7 @@ struct cperf_latency_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -59,7 +59,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -84,7 +83,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index e43e2a3b96..11083ea141 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -27,7 +27,7 @@ struct cperf_pmd_cyclecount_ctx {
 	struct rte_crypto_op **ops;
 	struct rte_crypto_op **ops_processed;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -93,7 +93,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -120,7 +119,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 739ed9e573..887f42c532 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -18,7 +18,7 @@ struct cperf_throughput_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -65,7 +65,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -88,7 +87,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 1962438034..0b3d4f7c59 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -18,7 +18,7 @@ struct cperf_verify_ctx {
 
 	struct rte_mempool *pool;
 
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 
 	cperf_populate_ops_t populate_ops;
 
@@ -51,7 +51,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -74,7 +73,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 6fdb92fb7c..7a9fb9a64d 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -119,35 +119,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size,
+					0, 0, socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -345,12 +324,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
@@ -705,7 +681,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 996b3b4de6..c2032b619b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -81,7 +81,7 @@ struct crypto_unittest_params {
 #endif
 
 	union {
-		struct rte_cryptodev_sym_session *sess;
+		void *sess;
 #ifdef RTE_LIB_SECURITY
 		void *sec_session;
 #endif
@@ -121,7 +121,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_param,
 		const uint8_t *cipher,
@@ -612,23 +612,11 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
-
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -636,7 +624,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -666,11 +653,6 @@ testsuite_teardown(void)
 	}
 
 	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
@@ -1346,7 +1328,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1568,7 +1549,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2162,8 +2142,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 
 	/* Create crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
@@ -2263,7 +2242,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 		uint8_t *hmac_key);
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2304,7 +2283,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 
 
 static int
-test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
+test_AES_CBC_HMAC_SHA512_decrypt_perform(void *sess,
 		struct crypto_unittest_params *ut_params,
 		struct crypto_testsuite_params *ts_params,
 		const uint8_t *cipher,
@@ -2417,8 +2396,7 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2459,8 +2437,7 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2582,8 +2559,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2645,8 +2621,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->cipher_xform);
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
 
@@ -2715,13 +2690,11 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	} else
 		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	if (status == -ENOTSUP)
 		return TEST_SKIPPED;
@@ -7965,8 +7938,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -11192,8 +11164,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 
 	if (ut_params->sess == NULL)
 		return TEST_FAILED;
@@ -11406,7 +11377,7 @@ test_multi_session(void)
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 
 	uint16_t i;
 
@@ -11429,9 +11400,7 @@ test_multi_session(void)
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
-	sessions = rte_malloc(NULL,
-			sizeof(struct rte_cryptodev_sym_session *) *
-			(MAX_NB_SESSIONS + 1), 0);
+	sessions = rte_malloc(NULL, sizeof(void *) * (MAX_NB_SESSIONS + 1), 0);
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
@@ -11440,8 +11409,7 @@ test_multi_session(void)
 				ts_params->session_mpool);
 
 		rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				sessions[i], &ut_params->auth_xform);
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
@@ -11479,8 +11447,7 @@ test_multi_session(void)
 	sessions[i] = NULL;
 	/* Next session create should fail */
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			sessions[i], &ut_params->auth_xform);
 	TEST_ASSERT_NULL(sessions[i],
 			"Session creation succeeded unexpectedly!");
 
@@ -11511,7 +11478,7 @@ test_multi_session_random_usage(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session **sessions;
+	void **sessions;
 	uint32_t i, j;
 	struct multi_session_params ut_paramz[] = {
 
@@ -11555,8 +11522,7 @@ test_multi_session_random_usage(void)
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
 	sessions = rte_malloc(NULL,
-			(sizeof(struct rte_cryptodev_sym_session *)
-					* MAX_NB_SESSIONS) + 1, 0);
+			(sizeof(void *) * MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
 		sessions[i] = rte_cryptodev_sym_session_create(
@@ -11573,8 +11539,7 @@ test_multi_session_random_usage(void)
 		rte_cryptodev_sym_session_init(
 				ts_params->valid_devs[0],
 				sessions[i],
-				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_paramz[i].ut_params.auth_xform);
 
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
@@ -11657,8 +11622,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11675,8 +11639,7 @@ test_null_invalid_operation(void)
 
 	/* Create Crypto session*/
 	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->auth_xform);
 	TEST_ASSERT(ret < 0,
 			"Session creation succeeded unexpectedly");
 
@@ -11721,8 +11684,7 @@ test_null_burst_operation(void)
 
 	/* Create Crypto session*/
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
+			ut_params->sess, &ut_params->cipher_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
@@ -11834,7 +11796,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -11934,7 +11895,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12143,8 +12103,7 @@ static int create_gmac_session(uint8_t dev_id,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12788,8 +12747,7 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -12841,8 +12799,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 			ts_params->session_mpool);
 
 	rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13352,8 +13309,7 @@ test_authenticated_encrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->cipher_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -13484,8 +13440,7 @@ test_authenticated_decrypt_with_esn(
 
 	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
 				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -14214,11 +14169,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
-
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
 			RTE_LOG(ERR, USER1,
@@ -14235,32 +14185,14 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
+						MAX_NB_SESSIONS,
+						session_size, 0, 0,
 						SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
index 90c8287365..f5cdf40e93 100644
--- a/app/test/test_cryptodev.h
+++ b/app/test/test_cryptodev.h
@@ -90,7 +90,6 @@ struct crypto_testsuite_params {
 	struct rte_mempool *large_mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9d19a6d6d9..7b05cb1647 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -923,8 +923,7 @@ testsuite_setup(void)
 
 	/* configure qp */
 	ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
-	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_mpool;
+	ts_params->qp_conf.mp_session = NULL;
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			dev_id, qp_id, &ts_params->qp_conf,
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index 3cdb2c96e8..9417803f18 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -81,7 +80,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_crypto_sym_op *sym_op = NULL;
 	struct rte_crypto_op *op = NULL;
 	struct rte_cryptodev_info dev_info;
-	struct rte_cryptodev_sym_session *sess = NULL;
+	void *sess = NULL;
 
 	int status = TEST_SUCCESS;
 	const struct blockcipher_test_data *tdata = t->test_data;
@@ -514,7 +513,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		sess = rte_cryptodev_sym_session_create(sess_mpool);
 
 		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
+				init_xform);
 		if (status == -ENOTSUP) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
@@ -831,7 +830,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 0c7ebe6981..76d2aeab6d 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -61,7 +61,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
 	uint8_t internal_port_op_fwd;
@@ -167,7 +166,7 @@ static int
 test_op_forward_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -203,7 +202,7 @@ test_op_forward_mode(uint8_t session_less)
 
 		/* Create Crypto session*/
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -366,7 +365,7 @@ static int
 test_op_new_mode(uint8_t session_less)
 {
 	struct rte_crypto_sym_xform cipher_xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	union rte_event_crypto_metadata m_data;
 	struct rte_crypto_sym_op *sym_op;
 	struct rte_crypto_op *op;
@@ -409,7 +408,7 @@ test_op_new_mode(uint8_t session_less)
 						&m_data, sizeof(m_data));
 		}
 		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
+				&cipher_xform);
 		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
@@ -550,22 +549,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 	conf.nb_queue_pairs = info.max_nb_queue_pairs;
 	conf.socket_id = SOCKET_ID_ANY;
@@ -577,7 +566,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -931,12 +919,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
-
 	/* Free ops mempool */
 	if (params.op_mpool != NULL) {
 		RTE_LOG(DEBUG, USER1, "EVENT_CRYPTO_SYM_OP_POOL count %u\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 3b49a0b13a..1e3913489d 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -356,20 +356,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -414,11 +403,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -645,7 +629,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
 	int32_t rc;
-	struct rte_cryptodev_sym_session *s;
+	void *s;
 
 	s = rte_cryptodev_sym_session_create(qp->mp_session);
 	if (s == NULL)
@@ -653,7 +637,7 @@ create_crypto_session(struct ipsec_unitest_params *ut,
 
 	/* initiliaze SA crypto session for device */
 	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
+			ut->crypto_xforms);
 	if (rc == 0) {
 		ut->ss[j].crypto.ses = s;
 		return 0;
diff --git a/drivers/crypto/armv8/armv8_pmd_private.h b/drivers/crypto/armv8/armv8_pmd_private.h
index 75ddba79c1..41292d8851 100644
--- a/drivers/crypto/armv8/armv8_pmd_private.h
+++ b/drivers/crypto/armv8/armv8_pmd_private.h
@@ -106,8 +106,6 @@ struct armv8_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-       /**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 32127a874c..51034de9eb 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -528,27 +528,23 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 		}
 	} else {
 		/* provide internal session */
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct armv8_crypto_session *)_sess_private_data;
-
+		_sess->sess_data[cryptodev_driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 		if (unlikely(armv8_crypto_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -677,7 +673,6 @@ process_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 1b2749fe62..2d3b54b063 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -268,10 +267,8 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -279,42 +276,23 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
+	ret = armv8_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct armv8_crypto_session));
 }
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..b4b167d0c2 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -224,10 +224,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	void *sess_private_data;
+	RTE_SET_USED(dev);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -235,44 +234,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = crypto_set_session_parameters(sess_private_data, xform);
+	ret = crypto_set_session_parameters(sess, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct bcmfs_sym_session));
 }
 
 unsigned int
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..7faafe2fd5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,12 +93,10 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    void *sess);
 
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess);
+bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 44de978d29..4c88ec637a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1692,52 +1692,36 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 static int
 caam_jr_sym_session_configure(struct rte_cryptodev *dev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
-	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
+	memset(sess, 0, sizeof(struct caam_jr_session));
+	ret = caam_jr_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+caam_jr_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	RTE_SET_USED(dev);
+
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 0d615d311c..cac1268130 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -758,11 +757,9 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  void *sess)
 {
 	int ret;
-	void *sess_private_data;
 	struct ccp_private *internals;
 
 	if (unlikely(sess == NULL || xform == NULL)) {
@@ -770,39 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
 	internals = (struct ccp_private *)dev->data->dev_private;
-	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
+	ret = ccp_set_session_parameters(sess, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	RTE_SET_USED(dev);
+	if (sess)
+		memset(sess, 0, sizeof(struct ccp_session));
 }
 
 struct rte_cryptodev_ops ccp_ops = {
diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h
index 1c4118ee3c..6704e39ab8 100644
--- a/drivers/crypto/ccp/ccp_pmd_private.h
+++ b/drivers/crypto/ccp/ccp_pmd_private.h
@@ -78,8 +78,6 @@ struct ccp_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_mempool *batch_mp;
 	/**< Session Mempool for batch info */
 	struct rte_cryptodev_stats qp_stats;
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index a35a8cd775..3e8c1f3b51 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -61,28 +61,26 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 				op->sym->session,
 				ccp_cryptodev_driver_id);
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		void *_sess;
-		void *_sess_private_data = NULL;
 		struct ccp_private *internals;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, &_sess))
-			return NULL;
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+		if (_sess == NULL)
 			return NULL;
 
-		sess = (struct ccp_session *)_sess_private_data;
+		_sess->sess_data[ccp_cryptodev_driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(ccp_cryptodev_driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[ccp_cryptodev_driver_id].data;
 
 		internals = (struct ccp_private *)qp->dev->data->dev_private;
 		if (unlikely(ccp_set_session_parameters(sess, op->sym->xform,
 							internals) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-					 ccp_cryptodev_driver_id,
-					 _sess_private_data);
 	}
 
 	return sess;
@@ -166,8 +164,10 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 						ops[i]->sym->session,
 						ccp_cryptodev_driver_id);
 
-			rte_mempool_put(qp->sess_mp_priv,
-					sess);
+			memset(sess, 0, sizeof(struct ccp_session));
+			memset(ops[i]->sym->session, 0,
+			rte_cryptodev_sym_get_existing_header_session_size(
+				ops[i]->sym->session));
 			rte_mempool_put(qp->sess_mp,
 					ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index de2eebd507..76c992858f 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -32,17 +32,18 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, (void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -147,9 +148,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
-				rte_mempool_put(qp->sess_mp, op->sym->session);
+				sym_session_clear(op->sym->session);
 				return 0;
 			}
 			w7 = sess->cpt_inst_w7;
@@ -474,8 +473,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 4c2dc5b080..5f83581131 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -81,17 +81,19 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (sess == NULL)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	sess->sess_data[driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(driver_id * sess->priv_sz));
+	priv = get_sym_session_private_data(sess, driver_id);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+			(void *)priv);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
 	sym_op->session = sess;
 
 	return priv;
-
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return NULL;
@@ -126,8 +128,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
 						     inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -484,8 +485,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session);
 			memset(cop->sym->session, 0, sz);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index e49f826225..776cf02b57 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -382,7 +382,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -496,27 +495,20 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      void *sess) 
 {
 	struct cnxk_se_sess *sess_priv;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret < 0))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct cnxk_se_sess));
 
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
+	sess_priv = sess;
 
 	switch (ret) {
 	case CNXK_CPT_CIPHER:
@@ -550,7 +542,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	if (ret)
-		goto priv_put;
+		return -ENOTSUP;
 
 	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
 	    cpt_mac_len_verify(&xform->auth)) {
@@ -560,66 +552,45 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 			sess_priv->roc_se_ctx.auth_key = NULL;
 		}
 
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
 
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
+	struct cnxk_se_sess *sess_priv = sess;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	sess_priv = priv;
-
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	RTE_SET_USED(dev);
+
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index c5332dec53..97a2fb1050 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -79,8 +79,6 @@ struct cnxk_cpt_qp {
 	/**< Pending queue */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 	struct cpt_qp_meta_info meta_info;
 	/**< Metabuf info required to support operations on the queue pair */
 	struct roc_cpt_lmtline lmtline;
@@ -111,18 +109,15 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   void *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  void *sess);
 
-void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(void *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 9115dd8e70..717e506998 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3438,49 +3438,32 @@ dpaa2_sec_security_session_get_size(void *device __rte_unused)
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa2_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa2_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index e38ba21e89..fc267784a8 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2534,33 +2534,18 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
+	ret = dpaa_sec_set_session_parameters(dev, xform, sess);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
-
 	return 0;
 }
 
@@ -2581,18 +2566,14 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	RTE_SET_USED(dev);
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 189262c4ad..e4b4de7612 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -262,7 +262,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->pmd_type = internals->pmd_type;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	qp->ingress_queue = ipsec_mb_qp_create_processed_ops_ring(qp,
 		qp_conf->nb_descriptors, socket_id);
@@ -311,9 +310,8 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess, struct rte_mempool *mempool)
+	void *sess)
 {
-	void *sess_private_data;
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
 		&ipsec_mb_pmds[internals->pmd_type];
@@ -329,42 +327,22 @@ ipsec_mb_sym_session_configure(
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		free_mb_mgr(mb_mgr);
-		return -ENOMEM;
-	}
-
-	ret = (*pmd_data->session_configure)(mb_mgr, sess_private_data, xform);
+	ret = (*pmd_data->session_configure)(mb_mgr, sess, xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		free_mb_mgr(mb_mgr);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	free_mb_mgr(mb_mgr);
 	return 0;
 }
 
 /** Clear the session memory */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-			       struct rte_cryptodev_sym_session *sess)
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, ipsec_mb_sym_session_get_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, ipsec_mb_sym_session_get_size(dev));
 }
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index 866722d6f4..38850c6532 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -132,8 +132,6 @@ struct ipsec_mb_qp {
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	enum ipsec_mb_pmd_types pmd_type;
@@ -394,13 +392,11 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool);
+	void *sess);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev, void *sess);
 
 /** Get session from op. If sessionless create a session */
 static __rte_always_inline void *
@@ -410,8 +406,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 	uint32_t driver_id = ipsec_mb_get_driver_id(qp->pmd_type);
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	uint8_t sess_type = op->sess_type;
-	void *_sess;
-	void *_sess_private_data = NULL;
+	struct rte_cryptodev_sym_session *_sess;
 	struct ipsec_mb_internals *pmd_data = &ipsec_mb_pmds[qp->pmd_type];
 
 	switch (sess_type) {
@@ -421,26 +416,22 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 							    driver_id);
 	break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
-		if (!qp->sess_mp ||
-		    rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
+		if (_sess == NULL)
 			return NULL;
 
-		if (!qp->sess_mp_priv ||
-		    rte_mempool_get(qp->sess_mp_priv,
-					(void **)&_sess_private_data))
-			return NULL;
-
-		sess = _sess_private_data;
+		_sess->sess_data[driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[driver_id].data;
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
 				sess, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 
 		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
 	break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 2c203795ab..0c3a689074 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -240,7 +240,6 @@ handle_completed_gcm_crypto_op(struct ipsec_mb_qp *qp,
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -462,27 +461,23 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 			    get_sym_session_private_data(sym_op->session,
 							 driver_id);
 	} else {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if(_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct aesni_gcm_session *)_sess_private_data;
-
+		_sess->sess_data[driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[driver_id].data;
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				 _sess_private_data, sym_op->xform) != 0)) {
+				 sess, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a7b65e565c..e2654b4a0b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1542,7 +1542,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
index d953d6e5f5..7a90836602 100644
--- a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
+++ b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
@@ -293,7 +293,6 @@ handle_completed_chacha20_poly1305_crypto_op(struct ipsec_mb_qp *qp,
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index c9d4f9d0ae..1ecb73a392 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -235,7 +235,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 			    ops[i]->sym->session, 0,
 			    rte_cryptodev_sym_get_existing_header_session_size(
 				ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index ebc9a0b562..13b425d1ad 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -365,7 +365,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 			memset(ops[i]->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index b542264069..616accb2fa 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -239,7 +239,6 @@ process_ops(struct rte_crypto_op **ops, enum ipsec_mb_operation op_type,
 			memset(ops[i]->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 14b6783e13..8babdad59f 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -165,14 +165,12 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  void *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data = session;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -183,17 +181,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -228,27 +218,21 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
 
 static void
-mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
-			      struct rte_cryptodev_sym_session *sess)
+mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = sess;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
diff --git a/drivers/crypto/mvsam/mrvl_pmd_private.h b/drivers/crypto/mvsam/mrvl_pmd_private.h
index 719d73d82c..8ebebd88c5 100644
--- a/drivers/crypto/mvsam/mrvl_pmd_private.h
+++ b/drivers/crypto/mvsam/mrvl_pmd_private.h
@@ -51,9 +51,6 @@ struct mrvl_crypto_qp {
 	/** Session Mempool. */
 	struct rte_mempool *sess_mp;
 
-	/** Session Private Data Mempool. */
-	struct rte_mempool *sess_mp_priv;
-
 	/** Queue pair statistics. */
 	struct rte_cryptodev_stats stats;
 
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 6ca1bb8b40..bf058d254c 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -704,7 +704,6 @@ mrvl_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			break;
 
 		qp->sess_mp = qp_conf->mp_session;
-		qp->sess_mp_priv = qp_conf->mp_session_private;
 
 		memset(&qp->stats, 0, sizeof(qp->stats));
 		dev->data->queue_pairs[qp_id] = qp;
@@ -735,12 +734,9 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
  */
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
 	int ret;
 
 	if (sess == NULL) {
@@ -748,25 +744,16 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
+	memset(sess, 0, sizeof(struct mrvl_crypto_session));
 
-	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
-
-	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
+	ret = mrvl_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
-	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
+	mrvl_sess = (struct mrvl_crypto_session *)sess;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
 				&mrvl_sess->sam_sess) < 0) {
 		MRVL_LOG(DEBUG, "Failed to create session!");
@@ -789,17 +776,13 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
  * @returns 0. Always.
  */
 static void
-mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
-			(struct mrvl_crypto_session *)sess_priv;
+			(struct mrvl_crypto_session *)sess;
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -807,9 +790,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		}
 
 		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index cb5393d2f1..9405cb62f5 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -532,22 +532,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 static int
 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      void *sess)
 {
-	void *mp_obj;
 	struct nitrox_crypto_ctx *ctx;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
+	RTE_SET_USED(cdev);
+	ctx = sess;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -586,28 +580,17 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 	}
 
 	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev, void *sess)
 {
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
+	RTE_SET_USED(cdev);
+	if (sess)
+		memset(sess, 0, sizeof(struct nitrox_crypto_ctx));
 }
 
 static struct nitrox_crypto_ctx *
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 9ecb434fd0..1785a08822 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -81,27 +81,25 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 					get_sym_session_private_data(
 					sym_op->session, cryptodev_driver_id);
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		/* Create temporary session */
+		_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
+		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct null_crypto_session *)_sess_private_data;
+		_sess->sess_data[cryptodev_driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(null_crypto_set_session_parameters(sess,
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	return sess;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index a8b5a06e7f..65bfa8dcf7 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -234,7 +234,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -258,10 +257,8 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -269,42 +266,23 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = null_crypto_set_session_parameters(sess_private_data, xform);
+	ret = null_crypto_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (sess)
+		memset(sess, 0, sizeof(struct null_crypto_session));
 }
 
 static struct rte_cryptodev_ops pmd_ops = {
diff --git a/drivers/crypto/null/null_crypto_pmd_private.h b/drivers/crypto/null/null_crypto_pmd_private.h
index 89c4345b6f..ae34ce6671 100644
--- a/drivers/crypto/null/null_crypto_pmd_private.h
+++ b/drivers/crypto/null/null_crypto_pmd_private.h
@@ -31,8 +31,6 @@ struct null_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 } __rte_cache_aligned;
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 9e8fd495cf..abd0963be0 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,29 +242,22 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -301,8 +293,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -316,56 +306,46 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static int
 otx_cpt_session_cfg(struct rte_cryptodev *dev,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
-		  struct rte_cryptodev_sym_session *sess)
+otx_cpt_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -576,7 +556,6 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
@@ -589,8 +568,12 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	sess->sess_data[otx_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -604,7 +587,7 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	return req;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -913,7 +896,6 @@ free_sym_session_data(const struct cpt_instance *instance,
 	memset(cop->sym->session, 0,
 	       rte_cryptodev_sym_get_existing_header_session_size(
 		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 7b744cd4b4..dcfbc49996 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -371,29 +371,21 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cpt_sess_misc) +
+	memset(sess, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
-	misc = priv;
+	misc = sess;
 
 	for ( ; xform != NULL; xform = xform->next) {
 		switch (xform->type) {
@@ -414,7 +406,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		}
 
 		if (ret)
-			goto priv_put;
+			return -ENOTSUP;
 	}
 
 	if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
@@ -425,12 +417,9 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 			rte_free(ctx->auth_key);
 			ctx->auth_key = NULL;
 		}
-		ret = -ENOTSUP;
-		goto priv_put;
+		return -ENOTSUP;
 	}
 
-	set_sym_session_private_data(sess, driver_id, misc);
-
 	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
 			     sizeof(struct cpt_sess_misc);
 
@@ -451,11 +440,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	misc->cpt_inst_w7 = vq_cmd_w3.u64;
 
 	return 0;
-
-priv_put:
-	rte_mempool_put(pool, priv);
-
-	return -ENOTSUP;
 }
 
 static __rte_always_inline int32_t __rte_hot
@@ -765,7 +749,6 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			      struct pending_queue *pend_q,
 			      unsigned int burst_index)
 {
-	const int driver_id = otx2_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	int ret;
@@ -775,8 +758,12 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	if (sess == NULL)
 		return -ENOMEM;
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    qp->sess_mp_priv);
+	sess->sess_data[otx2_cryptodev_driver_id].data =
+			(void *)((uint8_t *)sess +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx2_cryptodev_driver_id * sess->priv_sz));
+	ret = sym_session_configure(sym_op->xform,
+			sess->sess_data[otx2_cryptodev_driver_id].data);
 	if (ret)
 		goto sess_put;
 
@@ -790,7 +777,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	return 0;
 
 priv_put:
-	sym_session_clear(driver_id, sess);
+	sym_session_clear(sess);
 sess_put:
 	rte_mempool_put(qp->sess_mp, sess);
 	return ret;
@@ -1035,8 +1022,7 @@ otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			sz = rte_cryptodev_sym_get_existing_header_session_size(
 					cop->sym->session);
 			memset(cop->sym->session, 0, sz);
@@ -1291,7 +1277,6 @@ otx2_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -1330,21 +1315,22 @@ otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 static void
 otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
-			   struct rte_cryptodev_sym_session *sess)
+			   void *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
+	RTE_SET_USED(dev);
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
index 01c081a216..5f63eaf7b7 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops_helper.h
@@ -8,29 +8,21 @@
 #include "cpt_pmd_logs.h"
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(void *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
-	if (priv == NULL)
+	if (sess == NULL)
 		return;
 
-	misc = priv;
+	misc = sess;
 	ctx = SESS_PRIV(misc);
 
 	if (ctx->auth_key != NULL)
 		rte_free(ctx->auth_key);
 
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess, 0, cpt_get_session_size());
 }
 
 static __rte_always_inline uint8_t
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_qp.h b/drivers/crypto/octeontx2/otx2_cryptodev_qp.h
index 95bce3621a..82ece44723 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_qp.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_qp.h
@@ -27,8 +27,6 @@ struct otx2_cpt_qp {
 	/**< Pending queue */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 	struct cpt_qp_meta_info meta_info;
 	/**< Metabuf info required to support operations on the queue pair */
 	rte_iova_t iq_dma_addr;
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index b2054b3754..2a9302bc19 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -64,8 +64,6 @@ struct openssl_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5794ed8159..feb4a2dece 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -762,27 +762,24 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 			return NULL;
 
 		/* provide internal session */
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess =
+			rte_cryptodev_sym_session_create(qp->sess_mp);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct openssl_session *)_sess_private_data;
+		_sess->sess_data[cryptodev_driver_id].data =
+				(void *)((uint8_t *)_sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(cryptodev_driver_id * _sess->priv_sz));
+		sess = _sess->sess_data[cryptodev_driver_id].data;
 
 		if (unlikely(openssl_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (sess == NULL)
@@ -2106,7 +2103,6 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		memset(op->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 52715f86f8..1b48a6b400 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -741,7 +741,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -772,10 +771,8 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
-	void *sess_private_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -783,24 +780,12 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = openssl_set_session_parameters(sess_private_data, xform);
+	ret = openssl_set_session_parameters(sess, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1154,19 +1139,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
+	RTE_SET_USED(dev);
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+	if (sess) {
+		openssl_reset_session(sess);
+		memset(sess, 0, sizeof(struct openssl_session));
 	}
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index cfa7d59914..5df8f86420 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -172,21 +172,14 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+qat_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (struct qat_sym_session *)sess;
 
-	if (sess_priv) {
+	if (sess) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
@@ -458,31 +451,17 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess_private_data)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ea329c1f71..299e758d1c 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -112,8 +112,7 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		void *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
@@ -135,8 +134,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 				struct qat_sym_session *session);
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *session);
+qat_sym_session_clear(struct rte_cryptodev *dev, void *session);
 
 unsigned int
 qat_sym_session_get_private_size(struct rte_cryptodev *dev);
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 465b88ade8..87260b5a22 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -476,9 +476,7 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+	struct rte_crypto_sym_xform *xform, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
@@ -488,7 +486,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct scheduler_worker *worker = &sched_ctx->workers[i];
 
 		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
+					xform);
 		if (ret < 0) {
 			CR_SCHED_LOG(ERR, "unable to config sym session");
 			return ret;
@@ -500,8 +498,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev, void *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index ed64866758..70d03869fe 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -37,11 +37,10 @@ static void virtio_crypto_dev_free_mbufs(struct rte_cryptodev *dev);
 static unsigned int virtio_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev);
 static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		void *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -929,7 +928,7 @@ virtio_crypto_check_sym_clear_session_paras(
 static void
 virtio_crypto_sym_clear_session(
 		struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	struct virtio_crypto_hw *hw;
 	struct virtqueue *vq;
@@ -1292,11 +1291,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		void *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1311,12 +1308,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		void *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1328,19 +1322,13 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
 
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1403,9 +1391,6 @@ virtio_crypto_sym_configure_session(
 		goto error_out;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
index b33cb7e139..8522f2dfda 100644
--- a/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
+++ b/drivers/event/octeontx2/otx2_evdev_crypto_adptr_rx.h
@@ -38,8 +38,7 @@ otx2_ca_deq_post_process(const struct otx2_cpt_qp *qp,
 		}
 
 		if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
-			sym_session_clear(otx2_cryptodev_driver_id,
-					  cop->sym->session);
+			sym_session_clear(cop->sym->session);
 			memset(cop->sym->session, 0,
 			rte_cryptodev_sym_get_existing_header_session_size(
 				cop->sym->session));
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index b4eab05a98..bbc27a1b6f 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -981,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1173,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1212,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1251,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1464,7 +1463,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
@@ -1484,8 +1483,7 @@ run_single_test(uint8_t dev_id,
 	if (!sess)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
+	ret = rte_cryptodev_sym_session_init(dev_id, sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
@@ -1533,8 +1531,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 		rte_mempool_free(env->op_pool);
 	if (env->sess_pool)
 		rte_mempool_free(env->sess_pool);
-	if (env->sess_priv_pool)
-		rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1542,7 +1538,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1586,25 +1582,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index b0de3d269a..837afddcda 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -48,13 +48,12 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
 	uint16_t digest_len;
 	struct rte_crypto_op *op;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t self_test;
 	struct fips_dev_broken_test_config *broken_test_config;
 } env;
@@ -63,7 +62,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -103,16 +102,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -127,7 +121,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -141,8 +134,6 @@ cryptodev_fips_validate_app_int(void)
 	rte_mempool_free(env.mpool);
 	if (env.sess_mpool)
 		rte_mempool_free(env.sess_mpool);
-	if (env.sess_priv_mpool)
-		rte_mempool_free(env.sess_priv_mpool);
 	if (env.op_pool)
 		rte_mempool_free(env.op_pool);
 
@@ -158,7 +149,6 @@ cryptodev_fips_validate_app_uninit(void)
 	rte_cryptodev_sym_session_free(env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1179,7 +1169,7 @@ fips_run_test(void)
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
+			env.sess, &xform);
 	if (ret < 0) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index f458d15a7a..ccaa0c31f7 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1206,15 +1206,11 @@ ipsec_poll_mode_worker(void)
 	qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	qconf->inbound.cdev_map = cdev_map_in;
 	qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	qconf->outbound.cdev_map = cdev_map_out;
 	qconf->outbound.session_pool = socket_ctx[socket_id].session_pool;
-	qconf->outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	qconf->frag.pool_dir = socket_ctx[socket_id].mbuf_pool;
 	qconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;
 
@@ -2132,8 +2128,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2395,38 +2389,6 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
-
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
 {
@@ -2928,8 +2890,6 @@ main(int32_t argc, char **argv)
 
 		pool_init(&socket_ctx[socket_id], socket_id, nb_bufs_in_pool);
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 03d907cba8..a5921de11c 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -143,8 +143,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 		ips->crypto.ses = rte_cryptodev_sym_session_create(
 				ipsec_ctx->session_pool);
 		rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
-				ips->crypto.ses, sa->xforms,
-				ipsec_ctx->session_priv_pool);
+				ips->crypto.ses, sa->xforms);
 
 		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
 				&cdev_info);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8405c48171..673c64e8dc 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -243,7 +243,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 6f49239c4a..c65855a460 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -540,14 +540,10 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,
 	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
 	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
 	lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.inbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
 	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
 	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
 	lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
-	lconf.outbound.session_priv_pool =
-			socket_ctx[socket_id].session_priv_pool;
 
 	RTE_LOG(INFO, IPSEC,
 		"Launching event mode worker (non-burst - Tx internal port - "
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 2b029c65e6..154ac7793f 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -188,7 +188,7 @@ struct l2fwd_crypto_params {
 	struct l2fwd_iv auth_iv;
 	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
@@ -229,7 +229,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -671,11 +670,11 @@ generate_random_key(uint8_t *key, unsigned length)
 }
 
 /* Session is created and is later attached to the crypto operation. 8< */
-static struct rte_cryptodev_sym_session *
+static void *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -703,8 +702,7 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		return NULL;
 
 	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
+				first_xform) < 0)
 		return NULL;
 
 	return session;
@@ -730,7 +728,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			US_PER_S * BURST_TX_DRAIN_US;
 	struct l2fwd_crypto_params *cparams;
 	struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	if (qconf->nb_rx_ports == 0) {
 		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
@@ -2388,30 +2386,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
@@ -2421,7 +2395,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					rte_cryptodev_sym_session_pool_create(
 							mp_name,
 							sessions_needed,
-							0, 0, 0, socket_id);
+							max_sess_sz,
+							0, 0, socket_id);
 
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
@@ -2573,8 +2548,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index dea7dcbd07..cbb97aaf76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+					info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 89bf2af399..d35e66d3b5 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -310,9 +309,7 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_crypto_sym_xform *xform, void *session);
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -338,7 +335,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  * @param	sess		Cryptodev session structure
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess);
+		void *sess);
 /**
  * Free asymmetric session private data.
  *
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index a864f5036f..200617f623 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -420,7 +420,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  */
 static inline int
 rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..a84964163c 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -924,7 +924,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+		void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 305e013ebb..783e33bef6 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -201,6 +201,8 @@ struct rte_cryptodev_sym_session_pool_private_data {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t sess_priv_sz;
+	/**< session user data will be placed after sess_data */
 };
 
 int
@@ -1218,16 +1220,9 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
-		CDEV_LOG_ERR("Invalid mempools\n");
-		return -EINVAL;
-	}
-
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
 		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
@@ -1239,11 +1234,11 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 
 		s.nb_drivers = pool_priv->nb_drivers;
 		s.user_data_sz = pool_priv->user_data_sz;
+		s.priv_sz = pool_priv->sess_priv_sz;
 
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (((rte_cryptodev_sym_get_existing_header_session_size(&s) +
+				(s.nb_drivers * s.priv_sz)) > obj_size) ||
+				(s.nb_drivers <= dev->driver_id)) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1705,11 +1700,11 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 
 int
 rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
+		void *sess_opaque,
+		struct rte_crypto_sym_xform *xforms)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = sess_opaque;
 	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
 			dev_id);
 	uint8_t index;
@@ -1722,10 +1717,10 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
+	if (sess == NULL || xforms == NULL || dev == NULL)
 		return -EINVAL;
 
-	if (mp->elt_size < sess_priv_sz)
+	if (sess->priv_sz < sess_priv_sz)
 		return -EINVAL;
 
 	index = dev->driver_id;
@@ -1735,8 +1730,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
 
 	if (sess->sess_data[index].refcnt == 0) {
+		sess->sess_data[index].data = (void *)((uint8_t *)sess +
+				rte_cryptodev_sym_get_header_session_size() +
+				(index * sess->priv_sz));
 		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
+				sess->sess_data[index].data);
 		if (ret < 0) {
 			CDEV_LOG_ERR(
 				"dev_id %d failed to configure session details",
@@ -1745,7 +1743,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 		}
 	}
 
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
+	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms);
 	sess->sess_data[index].refcnt++;
 	return 0;
 }
@@ -1790,6 +1788,21 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
 	rte_cryptodev_trace_asym_session_init(dev_id, sess, xforms, mp);
 	return 0;
 }
+static size_t
+get_max_sym_sess_priv_sz(void)
+{
+	size_t max_sz, sz;
+	int16_t cdev_id, n;
+
+	max_sz = 0;
+	n =  rte_cryptodev_count();
+	for (cdev_id = 0; cdev_id != n; cdev_id++) {
+		sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
+		if (sz > max_sz)
+			max_sz = sz;
+	}
+	return max_sz;
+}
 
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
@@ -1799,15 +1812,15 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_mempool *mp;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
+	uint32_t sess_priv_sz = get_max_sym_sess_priv_sz();
 
 	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
+	if (elt_size < obj_sz + (sess_priv_sz * nb_drivers)) {
 		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
-
-	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
+				obj_sz + (sess_priv_sz * nb_drivers));
+		elt_size = obj_sz + (sess_priv_sz * nb_drivers);
+	}
+	mp = rte_mempool_create(name, nb_elts, elt_size, cache_size,
 			(uint32_t)(sizeof(*pool_priv)),
 			NULL, NULL, NULL, NULL,
 			socket_id, 0);
@@ -1827,6 +1840,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 
 	pool_priv->nb_drivers = nb_drivers;
 	pool_priv->user_data_sz = user_data_size;
+	pool_priv->sess_priv_sz = sess_priv_sz;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
 		elt_size, cache_size, user_data_size, mp);
@@ -1860,7 +1874,7 @@ rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
 	return 1;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 {
 	struct rte_cryptodev_sym_session *sess;
@@ -1881,6 +1895,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 
 	sess->nb_drivers = pool_priv->nb_drivers;
 	sess->user_data_sz = pool_priv->user_data_sz;
+	sess->priv_sz = pool_priv->sess_priv_sz;
 	sess->opaque_data = 0;
 
 	/* Clear device session pointer.
@@ -1890,7 +1905,7 @@ rte_cryptodev_sym_session_create(struct rte_mempool *mp)
 			rte_cryptodev_sym_session_data_size(sess));
 
 	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	return (void *)sess;
 }
 
 struct rte_cryptodev_asym_session *
@@ -1928,9 +1943,9 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mp)
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *s)
 {
+	struct rte_cryptodev_sym_session *sess = s;
 	struct rte_cryptodev *dev;
 	uint8_t driver_id;
 
@@ -1952,7 +1967,7 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
-	dev->dev_ops->sym_session_clear(dev, sess);
+	dev->dev_ops->sym_session_clear(dev, sess->sess_data[driver_id].data);
 
 	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
 	return 0;
@@ -1983,10 +1998,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(void *s)
 {
 	uint8_t i;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = s;
 
 	if (sess == NULL)
 		return -EINVAL;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 56e3868ada..68271fd7e3 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -539,8 +539,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -910,6 +908,8 @@ struct rte_cryptodev_sym_session {
 	/**< number of elements in sess_data array */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
+	uint16_t priv_sz;
+	/**< Maximum private session data size which each driver can use */
 	__extension__ struct {
 		void *data;
 		uint16_t refcnt;
@@ -961,10 +961,10 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   mempool    Symmetric session mempool to allocate session
  *                     objects from
  * @return
- *  - On success return pointer to sym-session
+ *  - On success return opaque pointer to sym-session
  *  - On failure returns NULL
  */
-struct rte_cryptodev_sym_session *
+void *
 rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
 
 /**
@@ -993,7 +993,7 @@ rte_cryptodev_asym_session_create(struct rte_mempool *mempool);
  *  - -EBUSY if not all device private data has been freed.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(void *sess);
 
 /**
  * Frees asymmetric crypto session header, after checking that all
@@ -1013,25 +1013,23 @@ rte_cryptodev_asym_session_free(struct rte_cryptodev_asym_session *sess);
 
 /**
  * Fill out private data for the device id, based on its device type.
+ * Memory for private data is already allocated in sess, driver need
+ * to fill the content.
  *
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   sess     Session where the private data will be attached to
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
  *
  * @return
  *  - On success, zero.
  *  - -EINVAL if input parameters are invalid.
  *  - -ENOTSUP if crypto device does not support the crypto transform or
  *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
  */
 int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
+rte_cryptodev_sym_session_init(uint8_t dev_id, void *sess,
+			struct rte_crypto_sym_xform *xforms);
 
 /**
  * Initialize asymmetric session on a device with specific asymmetric xform
@@ -1070,8 +1068,7 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
  *  - -ENOTSUP if crypto device does not support symmetric operations.
  */
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_clear(uint8_t dev_id, void *sess);
 
 /**
  * Frees resources held by asymmetric session during rte_cryptodev_session_init
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index d1f4f069a3..44da04c425 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -106,15 +105,13 @@ RTE_TRACE_POINT(
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_init,
 	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
+		struct rte_cryptodev_sym_session *sess, void *xforms),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
 	rte_trace_point_emit_u16(sess->nb_drivers);
 	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index 4b0316bfed..c3b7fb84c4 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1719,7 +1719,7 @@ struct sym_crypto_data {
 	uint16_t op_mask;
 
 	/** Session pointer. */
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 
 	/** Direction of crypto, encrypt or decrypt */
 	uint16_t direction;
@@ -1780,7 +1780,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 	const struct rte_crypto_auth_xform *auth_xform = NULL;
 	const struct rte_crypto_aead_xform *aead_xform = NULL;
 	struct rte_crypto_sym_xform *xform = p->xform;
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	memset(data, 0, sizeof(*data));
@@ -1905,7 +1905,7 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		return -ENOMEM;
 
 	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
+			p->xform);
 	if (ret < 0) {
 		rte_cryptodev_sym_session_free(session);
 		return ret;
@@ -2858,7 +2858,7 @@ rte_table_action_time_read(struct rte_table_action *action,
 	return 0;
 }
 
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data)
 {
diff --git a/lib/pipeline/rte_table_action.h b/lib/pipeline/rte_table_action.h
index 82bc9d9ac9..68db453a8b 100644
--- a/lib/pipeline/rte_table_action.h
+++ b/lib/pipeline/rte_table_action.h
@@ -1129,7 +1129,7 @@ rte_table_action_time_read(struct rte_table_action *action,
  *   The pointer to the session on success, NULL otherwise.
  */
 __rte_experimental
-struct rte_cryptodev_sym_session *
+void *
 rte_table_action_crypto_sym_session_get(struct rte_table_action *action,
 	void *data);
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index f54d731139..d9b7beed9c 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -50,8 +50,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -61,7 +59,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 926b5c0bd9..b4464c4253 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -338,7 +338,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		VhostUserCryptoSessionParam *sess_param)
 {
 	struct rte_crypto_sym_xform xform1 = {0}, xform2 = {0};
-	struct rte_cryptodev_sym_session *session;
+	void *session;
 	int ret;
 
 	switch (sess_param->op_type) {
@@ -383,8 +383,7 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
+	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1) < 0) {
 		VC_LOG_ERR("Failed to initialize session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
@@ -1425,7 +1424,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1447,7 +1445,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (5 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session Akhil Goyal
                         ` (2 subsequent siblings)
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec_perf.c              |  4 +-
 doc/guides/prog_guide/cryptodev_lib.rst | 10 ++---
 doc/guides/rel_notes/deprecation.rst    |  5 ---
 doc/guides/rel_notes/release_21_11.rst  |  7 ++++
 lib/cryptodev/cryptodev_pmd.h           | 22 +++++++++++
 lib/cryptodev/rte_cryptodev.c           | 11 +++---
 lib/cryptodev/rte_cryptodev.h           | 51 ++++++++++++-------------
 lib/cryptodev/rte_cryptodev_trace.h     | 13 ++-----
 lib/ipsec/rte_ipsec.h                   |  2 +-
 lib/ipsec/rte_ipsec_group.h             | 12 +++---
 lib/ipsec/ses.c                         |  3 +-
 11 files changed, 78 insertions(+), 62 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index 92106bf374..7e1cc7b920 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -215,7 +215,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	static uint64_t dummy_ses[10];
 	size_t sz;
 	int rc;
 
@@ -235,7 +235,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 9b1cf8d49f..ffebb8b404 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -125,13 +125,11 @@ Each queue pairs resources may be allocated on a specified socket.
         uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
         struct rte_mempool *mp_session;
         /**< The mempool for creating session in sessionless mode */
-        struct rte_mempool *mp_session_private;
-        /**< The mempool for creating sess private data in sessionless mode */
     };
 
 
-The fields ``mp_session`` and ``mp_session_private`` are used for creating
-temporary session to process the crypto operations in the session-less mode.
+The field ``mp_session`` is used for creating temporary session to process
+the crypto operations in the session-less mode.
 They can be the same other different mempools. Please note not all Cryptodev
 PMDs supports session-less mode.
 
@@ -942,13 +940,13 @@ using one of the crypto PMDs available in DPDK.
     };
 
     /* Create crypto session and initialize it for the crypto device. */
-    struct rte_cryptodev_sym_session *session;
+    void *session;
     session = rte_cryptodev_sym_session_create(session_pool);
     if (session == NULL)
         rte_exit(EXIT_FAILURE, "Session could not be created\n");
 
     if (rte_cryptodev_sym_session_init(cdev_id, session,
-                    &cipher_xform, session_priv_pool) < 0)
+                    &cipher_xform) < 0)
         rte_exit(EXIT_FAILURE, "Session could not be initialized "
                     "for the crypto device\n");
 
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 3add00a8be..3870b6f95c 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -174,11 +174,6 @@ Deprecation Notices
   and ``rte_vhost_driver_set_protocol_features`` functions will be removed
   and the API functions will be made stable in DPDK 21.11.
 
-* cryptodev: Hide structures ``rte_cryptodev_sym_session`` and
-  ``rte_cryptodev_asym_session`` to remove unnecessary indirection between
-  session and the private data of session. An opaque pointer can be exposed
-  directly to application which can be attached to the ``rte_crypto_op``.
-
 * eventdev: The file ``rte_eventdev_pmd.h`` will be renamed to ``eventdev_driver.h``
   to make the driver interface as internal and the structures ``rte_eventdev_data``,
   ``rte_eventdev`` and ``rte_eventdevs`` will be moved to a new file named
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 7f1872167e..5b14e7d177 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -281,6 +281,13 @@ API Changes
 * cryptodev: The structure ``rte_crypto_sym_vec`` was updated to add
   ``dest_sgl`` to support out of place processing.
 
+* cryptodev: The structure ``rte_cryptodev_sym_session`` was moved to
+  cryptodev_pmd.h and was hidden from the application. The APIs to create/init and
+  destroy sym crypto session were updated to take a single mempool with element size
+  enough to hold session data and session private data. Inline APIs was created to
+  get and set the session data. All sample applications were updated to attach an
+  opaque pointer for the session to the ``rte_crypto_op`` while enqueuing.
+
 * security: The structure ``rte_security_session`` was moved to rte_security_driver.h
   and was hidden from the application. The APIs to create and destroy session were
   updated to take a single mempool with element size enough to hold session data
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index d35e66d3b5..7810ca5b6f 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -602,6 +602,28 @@ void
 cryptodev_fp_ops_set(struct rte_crypto_fp_ops *fp_ops,
 		     const struct rte_cryptodev *dev);
 
+/**
+ * @internal
+ * Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint16_t nb_drivers;
+	/**< number of elements in sess_data array */
+	uint16_t user_data_sz;
+	/**< session user data will be placed after sess_data */
+	uint16_t priv_sz;
+	/**< Maximum private session data size which each driver can use */
+	__extension__ struct {
+		void *data;
+		uint16_t refcnt;
+	} sess_data[0];
+	/**< Driver specific session material, variable size */
+};
+
 static inline void *
 get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
 		uint8_t driver_id) {
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 783e33bef6..4ab9b0f7af 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -2127,11 +2127,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *session,
 					void *data,
 					uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2143,9 +2143,9 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *session)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2162,9 +2162,10 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *session, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
+	struct rte_cryptodev_sym_session *sess = session;
 	struct rte_cryptodev *dev;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 68271fd7e3..a122aa1961 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -897,26 +897,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	uint16_t priv_sz;
-	/**< Maximum private session data size which each driver can use */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[0];
-	/**< Driver specific session material, variable size */
-};
-
 /** Cryptodev asymmetric crypto session */
 struct rte_cryptodev_asym_session {
 	__extension__ void *sess_private_data[0];
@@ -1194,8 +1174,7 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
@@ -1211,8 +1190,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Perform actual crypto processing (encrypt/digest or auth/decrypt)
@@ -1229,7 +1207,7 @@ rte_cryptodev_sym_session_get_user_data(
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1250,11 +1228,32 @@ rte_cryptodev_get_raw_dp_ctx_size(uint8_t dev_id);
  * pointer.
  */
 union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+	void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Enqueue a vectorized operation descriptor into the device queue but the
  * driver may or may not start processing until rte_cryptodev_raw_enqueue_done()
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 44da04c425..7d0e3773e6 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,13 +73,9 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *mempool, void *sess),
 	rte_trace_point_emit_ptr(mempool);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 )
 
 RTE_TRACE_POINT(
@@ -92,7 +88,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
@@ -105,12 +101,9 @@ RTE_TRACE_POINT(
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_init,
 	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms),
+		void *sess, void *xforms),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 )
 
diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index 163a2d72b9..5bc4bde6e8 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -66,7 +66,7 @@ struct rte_ipsec_session {
 	/** session and related data */
 	union {
 		struct {
-			struct rte_cryptodev_sym_session *ses;
+			void *ses;
 			uint8_t dev_id;
 		} crypto;
 		struct {
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 0cc5fedbf1..e27d4e6f4c 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	void *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *ses;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ss = cop->sym[0].sec_session;
+		ses = cop->sym[0].sec_session;
 		return (void *)(uintptr_t)
-			rte_security_session_opaque_data_get(ss);
+			rte_security_session_opaque_data_get(ses);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-		cs = cop->sym[0].session;
-		return (void *)(uintptr_t)cs->opaque_data;
+		ses = cop->sym[0].session;
+		return (void *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(ses);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index b12114269f..bfd3cbf1d3 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(
+				ss->crypto.ses, (uintptr_t)ss);
 	else
 		rte_security_session_opaque_data_set(ss->security.ses,
 				(uintptr_t)ss);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (6 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure Akhil Goyal
@ 2021-10-18 21:34       ` Akhil Goyal
  2021-10-20 14:36       ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Hemant Agrawal
  2021-10-20 15:45       ` Power, Ciara
  9 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2021-10-18 21:34 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj,
	pablo.de.lara.guarch, fiona.trahe, declan.doherty, matan,
	g.singh, roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang,
	Akhil Goyal

Some PMDs need session physical address which can be passed
to the hardware. But since sym_session_configure
does not allow PMD to get mempool object, the PMD cannot
call rte_mempool_virt2iova().
Hence the library layer need to calculate the iova for session
private data and pass it to the PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  2 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  2 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |  2 +-
 drivers/crypto/caam_jr/caam_jr.c              |  2 +-
 drivers/crypto/ccp/ccp_pmd_ops.c              |  2 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  4 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  3 ++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  3 ++-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  2 +-
 drivers/crypto/mlx5/mlx5_crypto.c             |  3 ++-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  3 ++-
 drivers/crypto/nitrox/nitrox_sym.c            |  4 ++--
 drivers/crypto/null/null_crypto_pmd_ops.c     |  2 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c   | 16 ++++++++++------
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 17 +++++++++++------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  2 +-
 drivers/crypto/qat/qat_sym_session.c          | 10 ++++++----
 drivers/crypto/qat/qat_sym_session.h          |  6 ++++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  3 ++-
 drivers/crypto/virtio/virtio_cryptodev.c      |  5 +++--
 lib/cryptodev/cryptodev_pmd.h                 |  6 ++++--
 lib/cryptodev/rte_cryptodev.c                 |  6 +++++-
 24 files changed, 67 insertions(+), 42 deletions(-)

diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 2d3b54b063..9d9a6cf3dc 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -267,7 +267,7 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index b4b167d0c2..bee97596e0 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -224,7 +224,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    void *sess)
+			    void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	RTE_SET_USED(dev);
 	int ret;
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index 7faafe2fd5..0df7d07830 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,7 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    void *sess);
+			    void *sess, rte_iova_t sess_iova __rte_unused);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev, void *sess);
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 4c88ec637a..5b2f2e631b 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1692,7 +1692,7 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 static int
 caam_jr_sym_session_configure(struct rte_cryptodev *dev,
 			      struct rte_crypto_sym_xform *xform,
-			      void *sess)
+			      void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index cac1268130..0730aba083 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -757,7 +757,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  void *sess)
+			  void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct ccp_private *internals;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 776cf02b57..d012b7192e 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -497,7 +497,7 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 int
 sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      void *sess) 
+		      void *sess)
 {
 	struct cnxk_se_sess *sess_priv;
 	int ret;
@@ -563,7 +563,7 @@ sym_session_configure(struct roc_cpt *roc_cpt,
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       void *sess)
+			       void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 97a2fb1050..a2c48d5a5b 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -109,7 +109,8 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   void *sess);
+				   void *sess,
+				   rte_iova_t sess_iova __rte_unused);
 
 int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 717e506998..4426bf4aa3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3438,7 +3438,7 @@ dpaa2_sec_security_session_get_size(void *device __rte_unused)
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index fc267784a8..a206865537 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2534,7 +2534,8 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *sess)
+		struct rte_crypto_sym_xform *xform, void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index e4b4de7612..1b1ee7cf24 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -310,7 +310,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	void *sess)
+	void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index 38850c6532..3f84f7ed7f 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -392,7 +392,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	void *sess);
+	void *sess, rte_iova_t sess_iova);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 8babdad59f..51311cff2a 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -165,7 +165,8 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  void *session)
+				  void *session,
+				  rte_iova_t sess_iova __rte_unused)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
 	struct mlx5_crypto_session *sess_private_data = session;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index bf058d254c..504ce623b8 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -734,7 +734,8 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
  */
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *sess)
+		struct rte_crypto_sym_xform *xform, void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	int ret;
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 9405cb62f5..c6155b0bf5 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -532,7 +532,7 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 static int
 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 			      struct rte_crypto_sym_xform *xform,
-			      void *sess)
+			      void *sess, rte_iova_t sess_iova)
 {
 	struct nitrox_crypto_ctx *ctx;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
@@ -579,7 +579,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
+	ctx->iova = sess_iova;
 	return 0;
 err:
 	return ret;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 65bfa8dcf7..54bcee7af5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -257,7 +257,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index abd0963be0..27ac6d0123 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -243,7 +243,7 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 
 static int
 sym_session_configure(struct rte_crypto_sym_xform *xform,
-		      void *sess)
+		      void *sess, rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
@@ -293,8 +293,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
-			     sizeof(struct cpt_sess_misc);
+	misc->ctx_dma_addr = sess_iova + sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
 	vq_cmd_w3.s.grp = 0;
@@ -330,12 +329,12 @@ sym_session_clear(void *sess)
 static int
 otx_cpt_session_cfg(struct rte_cryptodev *dev,
 		    struct rte_crypto_sym_xform *xform,
-		    void *sess)
+		    void *sess, rte_iova_t sess_iova)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 	RTE_SET_USED(dev);
 
-	return sym_session_configure(xform, sess);
+	return sym_session_configure(xform, sess, sess_iova);
 }
 
 
@@ -558,6 +557,7 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 {
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
+	rte_iova_t sess_iova;
 	void *req;
 	int ret;
 
@@ -572,8 +572,12 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 			(void *)((uint8_t *)sess +
 			rte_cryptodev_sym_get_header_session_size() +
 			(otx_cryptodev_driver_id * sess->priv_sz));
+	sess_iova = rte_mempool_virt2iova(sess) +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx_cryptodev_driver_id * sess->priv_sz);
 	ret = sym_session_configure(sym_op->xform,
-			sess->sess_data[otx_cryptodev_driver_id].data);
+			sess->sess_data[otx_cryptodev_driver_id].data,
+			sess_iova);
 	if (ret)
 		goto sess_put;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index dcfbc49996..aa843f2e82 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -371,7 +371,8 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
+sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess,
+		      rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
@@ -420,8 +421,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform, void *sess)
 		return -ENOTSUP;
 	}
 
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
-			     sizeof(struct cpt_sess_misc);
+	misc->ctx_dma_addr = sess_iova + sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
 	vq_cmd_w3.s.cptr = misc->ctx_dma_addr + offsetof(struct cpt_ctx,
@@ -751,6 +751,7 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 {
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
+	rte_iova_t sess_iova;
 	int ret;
 
 	/* Create temporary session */
@@ -762,8 +763,12 @@ otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			(void *)((uint8_t *)sess +
 			rte_cryptodev_sym_get_header_session_size() +
 			(otx2_cryptodev_driver_id * sess->priv_sz));
+	sess_iova = rte_mempool_virt2iova(sess) +
+			rte_cryptodev_sym_get_header_session_size() +
+			(otx2_cryptodev_driver_id * sess->priv_sz);
 	ret = sym_session_configure(sym_op->xform,
-			sess->sess_data[otx2_cryptodev_driver_id].data);
+			sess->sess_data[otx2_cryptodev_driver_id].data,
+			sess_iova);
 	if (ret)
 		goto sess_put;
 
@@ -1315,12 +1320,12 @@ otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       void *sess)
+			       void *sess, rte_iova_t sess_iova)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 	RTE_SET_USED(dev);
 
-	return sym_session_configure(xform, sess);
+	return sym_session_configure(xform, sess, sess_iova);
 }
 
 static void
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 1b48a6b400..02382f3c6a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -771,7 +771,7 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 5df8f86420..0d1f5a659e 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -451,11 +451,13 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess_private_data)
+		void *sess_private_data,
+		rte_iova_t sess_iova)
 {
 	int ret;
 
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data,
+			sess_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
@@ -540,7 +542,8 @@ qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_sym_dev_private *internals = dev->data->dev_private;
@@ -550,7 +553,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int handle_mixed = 0;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 299e758d1c..129acf1a84 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -112,11 +112,13 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform,
+		void *session_private,
+		rte_iova_t sess_iova __rte_unused);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 87260b5a22..ddc80f165d 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -476,7 +476,8 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform, void *sess)
+	struct rte_crypto_sym_xform *xform, void *sess,
+	rte_iova_t sess_iova __rte_unused)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	uint32_t i;
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 70d03869fe..ca35bff8c2 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,7 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		void *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *session);
+		void *session, rte_iova_t sess_iova __rte_unused);
 
 /*
  * The set of PCI devices this driver supports
@@ -1308,7 +1308,8 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		void *sess)
+		void *sess,
+		rte_iova_t sess_iova __rte_unused)
 {
 	int ret;
 	struct virtio_crypto_session *session;
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 7810ca5b6f..8b55d601a4 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -300,7 +300,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
- * @param	session		Pointer to cryptodev's private session structure
+ * @param	session		Pointer to cryptodev's private session
+ * @param	sess_iova	Iova of private session pointer
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -309,7 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session);
+		struct rte_crypto_sym_xform *xform, void *session,
+		rte_iova_t sess_iova);
 /**
  * Configure a Crypto asymmetric session on a device.
  *
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 4ab9b0f7af..9d5e08bba2 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1707,6 +1707,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	struct rte_cryptodev_sym_session *sess = sess_opaque;
 	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
 			dev_id);
+	rte_iova_t sess_iova;
 	uint8_t index;
 	int ret;
 
@@ -1733,8 +1734,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 		sess->sess_data[index].data = (void *)((uint8_t *)sess +
 				rte_cryptodev_sym_get_header_session_size() +
 				(index * sess->priv_sz));
+		sess_iova = rte_mempool_virt2iova(sess) +
+				rte_cryptodev_sym_get_header_session_size() +
+				(index * sess->priv_sz);
 		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-				sess->sess_data[index].data);
+				sess->sess_data[index].data, sess_iova);
 		if (ret < 0) {
 			CDEV_LOG_ERR(
 				"dev_id %d failed to configure session details",
-- 
2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (7 preceding siblings ...)
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session Akhil Goyal
@ 2021-10-20 14:36       ` Hemant Agrawal
  2021-10-20 15:45       ` Power, Ciara
  9 siblings, 0 replies; 49+ messages in thread
From: Hemant Agrawal @ 2021-10-20 14:36 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, anoobj, pablo.de.lara.guarch,
	fiona.trahe, declan.doherty, matan, Gagandeep Singh,
	roy.fan.zhang, jianjay.zhou, asomalap, ruifeng.wang,
	konstantin.ananyev, radu.nicolau, ajit.khaparde, rnagadheeraj,
	adwivedi, ciara.power, haiyue.wang, jiawenwu, jianwang

Series-
Acked-by:  Hemant Agrawal <hemant.agrawal@nxp.com>


> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Tuesday, October 19, 2021 3:05 AM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com; Hemant Agrawal
> <hemant.agrawal@nxp.com>; anoobj@marvell.com;
> pablo.de.lara.guarch@intel.com; fiona.trahe@intel.com;
> declan.doherty@intel.com; matan@nvidia.com; Gagandeep Singh
> <G.Singh@nxp.com>; roy.fan.zhang@intel.com; jianjay.zhou@huawei.com;
> asomalap@amd.com; ruifeng.wang@arm.com;
> konstantin.ananyev@intel.com; radu.nicolau@intel.com;
> ajit.khaparde@broadcom.com; rnagadheeraj@marvell.com;
> adwivedi@marvell.com; ciara.power@intel.com; haiyue.wang@intel.com;
> jiawenwu@trustnetic.com; jianwang@trustnetic.com; Akhil Goyal
> <gakhil@marvell.com>
> Subject: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework
> rework
> Importance: High
> 
> As discussed in last release deprecation notice, crypto and security session
> framework are reworked to reduce the need of two mempool objects and
> remove the requirement to expose the rte_security_session and
> rte_cryptodev_sym_session structures.
> Design methodology is explained in the patch description.
> 
> Similar work will need to be done for asymmetric sessions as well.
> Asymmetric session need another rework and is postponed to next release.
> Since it is still in experimental stage, we can modify the APIs in next release as
> well.
> 
> The patches are compilable with all affected PMDs and tested with dpdk-test
> and test-crypto-perf app on CN9k platform.
> 
> The series is rebased over "cryptodev: hide internal structures"
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch
> work.dpdk.org%2Fproject%2Fdpdk%2Flist%2F%3Fseries%3D19749&amp;dat
> a=04%7C01%7Chemant.agrawal%40nxp.com%7C670e1914f95c49cbd24608d
> 9927f2b28%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6377018
> 97169217767%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
> QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=KPG
> ZGoNXdfucnr3yA422eGc6EO%2BdXqCj3VSo7IlbX94%3D&amp;reserved=0
> 
> Changes in v3
> - rebased over next-crypto TOT
> - Release notes updated and deprecation notice removed.
> - Documentation updates.
> - fix session less crypto
> - fix asym crypto issue for qp setup
> - add sess_iova param to PMD session configure APIs to pass physical address
> of session pointer.
> - rework cnxk net PMD based on the new session framework.
> - added missing op to get size of security session private data
> 
> Changes in v2:
> - Added new parameter iova in PMD session configure APIs for
>   session priv pointer to be used in QAT/CNXK/etc PMDs.
> - Hide rte_cryptodev_sym_session and rte_security_session structs.
> - Added compilation workaround for net PMDs(ixgbe/txgbe)
>   for inline ipsec.
>   Patches with actual fix is beynd the scope of this patchset.
> - Added inline APIs to access the opaque data and fast metadata.
> - Remove commented code.
> 
> TODO
> - Asym APIs - postponed for next release.
> 
> 
> Akhil Goyal (8):
>   security: rework session framework
>   security: hide security session struct
>   net/cnxk: rework security session framework
>   security: pass session iova in PMD sess create
>   drivers/crypto: support security session get size op
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   cryptodev: pass session iova in configure session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  46 ++--
>  app/test-crypto-perf/cperf_ops.h              |   6 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   5 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |   7 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   5 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  29 +--
>  app/test/test_cryptodev.c                     | 147 ++++---------
>  app/test/test_cryptodev.h                     |   1 -
>  app/test/test_cryptodev_asym.c                |   3 +-
>  app/test/test_cryptodev_blockcipher.c         |   6 +-
>  app/test/test_event_crypto_adapter.c          |  28 +--
>  app/test/test_ipsec.c                         |  34 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 196 ++++--------------
>  doc/guides/prog_guide/cryptodev_lib.rst       |  10 +-
>  doc/guides/prog_guide/rte_security.rst        |  11 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 -
>  doc/guides/rel_notes/release_21_11.rst        |  14 ++
>  drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +--
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +---
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  71 ++-----
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +--
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  24 +--
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  24 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  20 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  75 +++----
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 ++----
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  76 ++-----
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  75 ++-----
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  32 +--
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  29 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  23 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  40 ++--
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   1 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |   1 -
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   1 -
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   1 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +--
>  drivers/crypto/mvsam/mrvl_pmd_private.h       |   3 -
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  55 ++---
>  drivers/crypto/nitrox/nitrox_sym.c            |  33 +--
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +--
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  68 +++---
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  63 +++---
>  .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +-
>  drivers/crypto/octeontx2/otx2_cryptodev_qp.h  |   2 -
>  drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  77 +++----
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  18 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +---
>  drivers/crypto/qat/qat_sym.c                  |   3 +-
>  drivers/crypto/qat/qat_sym.h                  |   8 +-
>  drivers/crypto/qat/qat_sym_pmd.c              |   1 +
>  drivers/crypto/qat/qat_sym_session.c          |  72 ++-----
>  drivers/crypto/qat/qat_sym_session.h          |  17 +-
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  10 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  32 +--
>  .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  64 +++---
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  59 ++----
>  drivers/net/cnxk/cnxk_ethdev.c                |   6 +-
>  drivers/net/cnxk/cnxk_ethdev.h                |   6 -
>  drivers/net/cnxk/cnxk_ethdev_sec.c            |  21 --
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
>  drivers/net/octeontx2/otx2_ethdev_sec.c       |  52 ++---
>  drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
>  examples/fips_validation/fips_dev_self_test.c |  32 +--
>  examples/fips_validation/main.c               |  20 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  40 ----
>  examples/ipsec-secgw/ipsec.c                  |  12 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   4 -
>  examples/l2fwd-crypto/main.c                  |  41 +---
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  33 ++-
>  lib/cryptodev/rte_crypto.h                    |   2 +-
>  lib/cryptodev/rte_crypto_sym.h                |   2 +-
>  lib/cryptodev/rte_cryptodev.c                 |  91 ++++----
>  lib/cryptodev/rte_cryptodev.h                 |  70 +++----
>  lib/cryptodev/rte_cryptodev_trace.h           |  16 +-
>  lib/ipsec/rte_ipsec.h                         |   4 +-
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   6 +-
>  lib/pipeline/rte_table_action.c               |   8 +-
>  lib/pipeline/rte_table_action.h               |   2 +-
>  lib/security/rte_security.c                   |  32 +--
>  lib/security/rte_security.h                   |  85 +++++---
>  lib/security/rte_security_driver.h            |  31 ++-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |   7 +-
>  109 files changed, 913 insertions(+), 1880 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
                         ` (8 preceding siblings ...)
  2021-10-20 14:36       ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Hemant Agrawal
@ 2021-10-20 15:45       ` Power, Ciara
  2021-10-20 16:41         ` Akhil Goyal
  9 siblings, 1 reply; 49+ messages in thread
From: Power, Ciara @ 2021-10-20 15:45 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj, De Lara Guarch,
	Pablo, Trahe, Fiona, Doherty, Declan, matan, g.singh, Zhang,
	Roy Fan, jianjay.zhou, asomalap, ruifeng.wang, Ananyev,
	Konstantin, Nicolau, Radu, ajit.khaparde, rnagadheeraj, adwivedi,
	Wang, Haiyue, jiawenwu, jianwang

Hi Akhil,

>-----Original Message-----
>From: Akhil Goyal <gakhil@marvell.com>
>Sent: Monday 18 October 2021 22:35
>To: dev@dpdk.org
>Cc: thomas@monjalon.net; david.marchand@redhat.com;
>hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo
><pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
>Doherty, Declan <declan.doherty@intel.com>; matan@nvidia.com;
>g.singh@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
>jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com;
>Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu
><radu.nicolau@intel.com>; ajit.khaparde@broadcom.com;
>rnagadheeraj@marvell.com; adwivedi@marvell.com; Power, Ciara
><ciara.power@intel.com>; Wang, Haiyue <haiyue.wang@intel.com>;
>jiawenwu@trustnetic.com; jianwang@trustnetic.com; Akhil Goyal
><gakhil@marvell.com>
>Subject: [PATCH v3 0/8] crypto/security session framework rework
>
>As discussed in last release deprecation notice, crypto and security session
>framework are reworked to reduce the need of two mempool objects and
>remove the requirement to expose the rte_security_session and
>rte_cryptodev_sym_session structures.
>Design methodology is explained in the patch description.
>
>Similar work will need to be done for asymmetric sessions as well. Asymmetric
>session need another rework and is postponed to next release. Since it is still
>in experimental stage, we can modify the APIs in next release as well.
>
>The patches are compilable with all affected PMDs and tested with dpdk-test
>and test-crypto-perf app on CN9k platform.
<snip>

I am seeing test failures for cryptodev_scheduler_autotest:
+ Tests Total :       638
 + Tests Skipped :     280
 + Tests Executed :    638
 + Tests Unsupported:   0
 + Tests Passed :      18
 + Tests Failed :      340

The error showing for each testcase:
scheduler_pmd_sym_session_configure() line 487: unable to config sym session
CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to configure session details

I believe the problem happens in scheduler_pmd_sym_session_configure.
The full sess object is no longer accessible in here, but it is required to be passed to rte_cryptodev_sym_session_init.
The init function expects access to sess rather than the private data, and now fails as a result.

static int
scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
        struct rte_crypto_sym_xform *xform, void *sess,
        rte_iova_t sess_iova __rte_unused)
{
        struct scheduler_ctx *sched_ctx = dev->data->dev_private;
        uint32_t i;
        int ret;
        for (i = 0; i < sched_ctx->nb_workers; i++) {
                struct scheduler_worker *worker = &sched_ctx->workers[i];
                ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
                                        xform);
                if (ret < 0) {
                        CR_SCHED_LOG(ERR, "unable to config sym session");
                        return ret;
                }
        }
        return 0;
}


Thanks,
Ciara

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-20 15:45       ` Power, Ciara
@ 2021-10-20 16:41         ` Akhil Goyal
  2021-10-20 16:48           ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-20 16:41 UTC (permalink / raw)
  To: Power, Ciara, dev, Ananyev, Konstantin, thomas, roy.fan.zhang,
	pablo.de.lara.guarch
  Cc: david.marchand, hemant.agrawal, Anoob Joseph, Trahe, Fiona,
	Doherty, Declan, matan, g.singh, jianjay.zhou, asomalap,
	ruifeng.wang, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Wang, Haiyue, jiawenwu, jianwang,
	Jerin Jacob Kollanukkaran, Nithin Kumar Dabilpuram

> Hi Akhil,
> 
> >Subject: [PATCH v3 0/8] crypto/security session framework rework
> >
> >As discussed in last release deprecation notice, crypto and security session
> >framework are reworked to reduce the need of two mempool objects and
> >remove the requirement to expose the rte_security_session and
> >rte_cryptodev_sym_session structures.
> >Design methodology is explained in the patch description.
> >
> >Similar work will need to be done for asymmetric sessions as well.
> Asymmetric
> >session need another rework and is postponed to next release. Since it is
> still
> >in experimental stage, we can modify the APIs in next release as well.
> >
> >The patches are compilable with all affected PMDs and tested with dpdk-
> test
> >and test-crypto-perf app on CN9k platform.
> <snip>
> 
> I am seeing test failures for cryptodev_scheduler_autotest:
> + Tests Total :       638
>  + Tests Skipped :     280
>  + Tests Executed :    638
>  + Tests Unsupported:   0
>  + Tests Passed :      18
>  + Tests Failed :      340
> 
> The error showing for each testcase:
> scheduler_pmd_sym_session_configure() line 487: unable to config sym
> session
> CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to
> configure session details
> 
> I believe the problem happens in scheduler_pmd_sym_session_configure.
> The full sess object is no longer accessible in here, but it is required to be
> passed to rte_cryptodev_sym_session_init.
> The init function expects access to sess rather than the private data, and now
> fails as a result.
> 
> static int
> scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
>         struct rte_crypto_sym_xform *xform, void *sess,
>         rte_iova_t sess_iova __rte_unused)
> {
>         struct scheduler_ctx *sched_ctx = dev->data->dev_private;
>         uint32_t i;
>         int ret;
>         for (i = 0; i < sched_ctx->nb_workers; i++) {
>                 struct scheduler_worker *worker = &sched_ctx->workers[i];
>                 ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
>                                         xform);
>                 if (ret < 0) {
>                         CR_SCHED_LOG(ERR, "unable to config sym session");
>                         return ret;
>                 }
>         }
>         return 0;
> }
> 
It looks like scheduler PMD is managing the stuff on its own for other PMDs.
The APIs are designed such that the app can call session_init multiple times
With different dev_id on same sess.
But here scheduler PMD internally want to configure other PMDs sess_priv
By calling session_init.

I wonder, why we have this 2 step session_create and session_init?
Why can't we have it similar to security session create and let the scheduler
PMD have its big session private data which can hold priv_data of as many PMDs
as it want to schedule.

Konstantin/Fan/Pablo what are your thoughts on this issue?
Can we resolve this issue at priority in RC1(or probably RC2) for this release or
else we defer it for next ABI break release?

Thomas,
Can we defer this for RC2? It does not seem to be fixed in 1 day.

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-20 16:41         ` Akhil Goyal
@ 2021-10-20 16:48           ` Akhil Goyal
  2021-10-20 18:04             ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-20 16:48 UTC (permalink / raw)
  To: Power, Ciara, dev, Ananyev, Konstantin, thomas, roy.fan.zhang,
	pablo.de.lara.guarch
  Cc: david.marchand, hemant.agrawal, Anoob Joseph, Trahe, Fiona,
	Doherty, Declan, matan, g.singh, jianjay.zhou, asomalap,
	ruifeng.wang, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Wang, Haiyue, jiawenwu, jianwang,
	Jerin Jacob Kollanukkaran, Nithin Kumar Dabilpuram

> > Hi Akhil,
> >
> > >Subject: [PATCH v3 0/8] crypto/security session framework rework
> > >
> > >As discussed in last release deprecation notice, crypto and security session
> > >framework are reworked to reduce the need of two mempool objects and
> > >remove the requirement to expose the rte_security_session and
> > >rte_cryptodev_sym_session structures.
> > >Design methodology is explained in the patch description.
> > >
> > >Similar work will need to be done for asymmetric sessions as well.
> > Asymmetric
> > >session need another rework and is postponed to next release. Since it is
> > still
> > >in experimental stage, we can modify the APIs in next release as well.
> > >
> > >The patches are compilable with all affected PMDs and tested with dpdk-
> > test
> > >and test-crypto-perf app on CN9k platform.
> > <snip>
> >
> > I am seeing test failures for cryptodev_scheduler_autotest:
> > + Tests Total :       638
> >  + Tests Skipped :     280
> >  + Tests Executed :    638
> >  + Tests Unsupported:   0
> >  + Tests Passed :      18
> >  + Tests Failed :      340
> >
> > The error showing for each testcase:
> > scheduler_pmd_sym_session_configure() line 487: unable to config sym
> > session
> > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to
> > configure session details
> >
> > I believe the problem happens in scheduler_pmd_sym_session_configure.
> > The full sess object is no longer accessible in here, but it is required to be
> > passed to rte_cryptodev_sym_session_init.
> > The init function expects access to sess rather than the private data, and
> now
> > fails as a result.
> >
> > static int
> > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> >         struct rte_crypto_sym_xform *xform, void *sess,
> >         rte_iova_t sess_iova __rte_unused)
> > {
> >         struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> >         uint32_t i;
> >         int ret;
> >         for (i = 0; i < sched_ctx->nb_workers; i++) {
> >                 struct scheduler_worker *worker = &sched_ctx->workers[i];
> >                 ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> >                                         xform);
> >                 if (ret < 0) {
> >                         CR_SCHED_LOG(ERR, "unable to config sym session");
> >                         return ret;
> >                 }
> >         }
> >         return 0;
> > }
> >
> It looks like scheduler PMD is managing the stuff on its own for other PMDs.
> The APIs are designed such that the app can call session_init multiple times
> With different dev_id on same sess.
> But here scheduler PMD internally want to configure other PMDs sess_priv
> By calling session_init.
> 
> I wonder, why we have this 2 step session_create and session_init?
> Why can't we have it similar to security session create and let the scheduler
> PMD have its big session private data which can hold priv_data of as many
> PMDs
> as it want to schedule.
> 
> Konstantin/Fan/Pablo what are your thoughts on this issue?
> Can we resolve this issue at priority in RC1(or probably RC2) for this release
> or
> else we defer it for next ABI break release?
> 
> Thomas,
> Can we defer this for RC2? It does not seem to be fixed in 1 day.

On another thought, this can be fixed with current patch also by having a big session
Private data for scheduler PMD which is big enough to hold all other PMDs data which
it want to schedule and then call the sess_configure function pointer of dev directly.
What say? And this PMD change can be done in RC2. And this patchset go as is in RC1.


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-20 16:48           ` Akhil Goyal
@ 2021-10-20 18:04             ` Akhil Goyal
  2021-10-21  8:43               ` Zhang, Roy Fan
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-20 18:04 UTC (permalink / raw)
  To: Power, Ciara, dev, Ananyev, Konstantin, thomas, roy.fan.zhang,
	pablo.de.lara.guarch
  Cc: david.marchand, hemant.agrawal, Anoob Joseph, Trahe, Fiona,
	Doherty, Declan, matan, g.singh, jianjay.zhou, asomalap,
	ruifeng.wang, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Wang, Haiyue, jiawenwu, jianwang,
	Jerin Jacob Kollanukkaran, Nithin Kumar Dabilpuram

> > > I am seeing test failures for cryptodev_scheduler_autotest:
> > > + Tests Total :       638
> > >  + Tests Skipped :     280
> > >  + Tests Executed :    638
> > >  + Tests Unsupported:   0
> > >  + Tests Passed :      18
> > >  + Tests Failed :      340
> > >
> > > The error showing for each testcase:
> > > scheduler_pmd_sym_session_configure() line 487: unable to config sym
> > > session
> > > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed
> to
> > > configure session details
> > >
> > > I believe the problem happens in
> scheduler_pmd_sym_session_configure.
> > > The full sess object is no longer accessible in here, but it is required to be
> > > passed to rte_cryptodev_sym_session_init.
> > > The init function expects access to sess rather than the private data, and
> > now
> > > fails as a result.
> > >
> > > static int
> > > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> > >         struct rte_crypto_sym_xform *xform, void *sess,
> > >         rte_iova_t sess_iova __rte_unused)
> > > {
> > >         struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> > >         uint32_t i;
> > >         int ret;
> > >         for (i = 0; i < sched_ctx->nb_workers; i++) {
> > >                 struct scheduler_worker *worker = &sched_ctx->workers[i];
> > >                 ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> > >                                         xform);
> > >                 if (ret < 0) {
> > >                         CR_SCHED_LOG(ERR, "unable to config sym session");
> > >                         return ret;
> > >                 }
> > >         }
> > >         return 0;
> > > }
> > >
> > It looks like scheduler PMD is managing the stuff on its own for other
> PMDs.
> > The APIs are designed such that the app can call session_init multiple times
> > With different dev_id on same sess.
> > But here scheduler PMD internally want to configure other PMDs sess_priv
> > By calling session_init.
> >
> > I wonder, why we have this 2 step session_create and session_init?
> > Why can't we have it similar to security session create and let the scheduler
> > PMD have its big session private data which can hold priv_data of as many
> > PMDs
> > as it want to schedule.
> >
> > Konstantin/Fan/Pablo what are your thoughts on this issue?
> > Can we resolve this issue at priority in RC1(or probably RC2) for this release
> > or
> > else we defer it for next ABI break release?
> >
> > Thomas,
> > Can we defer this for RC2? It does not seem to be fixed in 1 day.
> 
> On another thought, this can be fixed with current patch also by having a big
> session
> Private data for scheduler PMD which is big enough to hold all other PMDs
> data which
> it want to schedule and then call the sess_configure function pointer of dev
> directly.
> What say? And this PMD change can be done in RC2. And this patchset go as
> is in RC1.
Here is the diff in scheduler PMD which should fix this issue in current patchset.

diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index b92ffd6026..0611ea2c6a 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -450,9 +450,8 @@ scheduler_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 }

 static uint32_t
-scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+get_max_session_priv_size(struct scheduler_ctx *sched_ctx)
 {
-       struct scheduler_ctx *sched_ctx = dev->data->dev_private;
        uint8_t i = 0;
        uint32_t max_priv_sess_size = 0;

@@ -469,20 +468,35 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
        return max_priv_sess_size;
 }

+static uint32_t
+scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev)
+{
+       struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+
+       return get_max_session_priv_size(sched_ctx) * sched_ctx->nb_workers;
+}
+
 static int
 scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
        struct rte_crypto_sym_xform *xform, void *sess,
        rte_iova_t sess_iova __rte_unused)
 {
        struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+       uint32_t worker_sess_priv_sz = get_max_session_priv_size(sched_ctx);
        uint32_t i;
        int ret;

        for (i = 0; i < sched_ctx->nb_workers; i++) {
                struct scheduler_worker *worker = &sched_ctx->workers[i];
+               struct rte_cryptodev *worker_dev =
+                               rte_cryptodev_pmd_get_dev(worker->dev_id);
+               uint8_t index = worker_dev->driver_id;

-               ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-                                       xform);
+               ret = worker_dev->dev_ops->sym_session_configure(
+                               worker_dev,
+                               xform,
+                               (uint8_t *)sess + (index * worker_sess_priv_sz),
+                               sess_iova + (index * worker_sess_priv_sz));
                if (ret < 0) {
                        CR_SCHED_LOG(ERR, "unable to config sym session");
                        return ret;

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
@ 2021-10-20 19:27         ` Ananyev, Konstantin
  2021-10-21  6:53           ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Ananyev, Konstantin @ 2021-10-20 19:27 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, anoobj, De Lara Guarch,
	Pablo, Trahe, Fiona, Doherty, Declan, matan, g.singh, Zhang,
	Roy Fan, jianjay.zhou, asomalap, ruifeng.wang, Nicolau, Radu,
	ajit.khaparde, rnagadheeraj, adwivedi, Power, Ciara, Wang,
	Haiyue, jiawenwu, jianwang


Hi Akhil,


> As per current design, rte_cryptodev_sym_session_create() and
> rte_cryptodev_sym_session_init() use separate mempool objects
> for a single session.
> And structure rte_cryptodev_sym_session is not directly used
> by the application, it may cause ABI breakage if the structure
> is modified in future.
> 
> To address these two issues, the rte_cryptodev_sym_session_create
> will take one mempool object for both the session and session
> private data. The API rte_cryptodev_sym_session_init will now not
> take mempool object.
> rte_cryptodev_sym_session_create will now return an opaque session
> pointer which will be used by the app in rte_cryptodev_sym_session_init
> and other APIs.
> 
> With this change, rte_cryptodev_sym_session_init will send
> pointer to session private data of corresponding driver to the PMD
> based on the driver_id for filling the PMD data.
> 
> In data path, opaque session pointer is attached to rte_crypto_op
> and the PMD can call an internal library API to get the session
> private data pointer based on the driver id.
> 
> Note: currently nb_drivers are getting updated in RTE_INIT which
> result in increasing the memory requirements for session.
> User can compile off drivers which are not in use to reduce the
> memory consumption of a session.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---

With that patch ipsec-secgw functional tests crashes for AES_GCM test-cases.
To be more specific:
examples/ipsec-secgw/test/run_test.sh -4 tun_aesgcm

[24126592.561071] traps: dpdk-ipsec-secg[3254860] general protection fault ip:7f3ac2397027 sp:7ffeaade8848 error:0 in libIPSec_MB.so.1.0.0[7f3ac238f000+2a20000]

Looking a bit deeper, it fails at:
#0  0x00007ff9274f4027 in aes_keyexp_128_enc_avx512 ()
   from /lib/libIPSec_MB.so.1
#1  0x00007ff929f0ac97 in aes_gcm_pre_128_avx_gen4 ()
   from /lib/libIPSec_MB.so.1
#2  0x0000561757073753 in aesni_gcm_session_configure (mb_mgr=0x56175c5fe400,
    session=0x17e3b72d8, xform=0x17e05d7c0)
    at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
#3  0x00005617570592af in ipsec_mb_sym_session_configure (
    dev=0x56175be0c940 <rte_crypto_devices>, xform=0x17e05d7c0,
    sess=0x17e3b72d8) at ../drivers/crypto/ipsec_mb/ipsec_mb_ops.c:330
#4  0x0000561753b4d6ae in rte_cryptodev_sym_session_init (dev_id=0 '\000',
    sess_opaque=0x17e3b4940, xforms=0x17e05d7c0)
    at ../lib/cryptodev/rte_cryptodev.c:1736
#5  0x0000561752ef99b7 in create_lookaside_session (
    ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140,
    ips=0x17e05d140) at ../examples/ipsec-secgw/ipsec.c:145
#6  0x0000561752f0cf98 in fill_ipsec_session (ss=0x17e05d140,
    ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140)
    at ../examples/ipsec-secgw/ipsec_process.c:89
#7  0x0000561752f0d7dd in ipsec_process (
    ctx=0x56175aa6a210 <lcore_conf+1105232>, trf=0x7ffd192326a0)
    at ../examples/ipsec-secgw/ipsec_process.c:300
#8  0x0000561752f21027 in process_pkts_outbound (
--Type <RET> for more, q to quit, c to continue without paging--
    ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>, traffic=0x7ffd192326a0)
    at ../examples/ipsec-secgw/ipsec-secgw.c:839
#9  0x0000561752f21b2e in process_pkts (
    qconf=0x56175aa57340 <lcore_conf+1027712>, pkts=0x7ffd19233c20,
    nb_pkts=1 '\001', portid=1) at ../examples/ipsec-secgw/ipsec-secgw.c:1072
#10 0x0000561752f224db in ipsec_poll_mode_worker ()
    at ../examples/ipsec-secgw/ipsec-secgw.c:1262
#11 0x0000561752f38adc in ipsec_launch_one_lcore (args=0x56175c549700)
    at ../examples/ipsec-secgw/ipsec_worker.c:654
#12 0x0000561753cbc523 in rte_eal_mp_remote_launch (
    f=0x561752f38ab5 <ipsec_launch_one_lcore>, arg=0x56175c549700,
    call_main=CALL_MAIN) at ../lib/eal/common/eal_common_launch.c:64
#13 0x0000561752f265ed in main (argc=12, argv=0x7ffd19234168)
    at ../examples/ipsec-secgw/ipsec-secgw.c:2978
(gdb) frame 2
#2  0x0000561757073753 in aesni_gcm_session_configure (mb_mgr=0x56175c5fe400,
    session=0x17e3b72d8, xform=0x17e05d7c0)
    at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
132                     mb_mgr->gcm128_pre(key, &sess->gdata_key);

Because of un-expected unaligned memory access:
(gdb) disas
Dump of assembler code for function aes_keyexp_128_enc_avx512:
   0x00007ff9274f400b <+0>:     endbr64
   0x00007ff9274f400f <+4>:     cmp    $0x0,%rdi
   0x00007ff9274f4013 <+8>:     je     0x7ff9274f41b4 <aes_keyexp_128_enc_avx512+425>
   0x00007ff9274f4019 <+14>:    cmp    $0x0,%rsi
   0x00007ff9274f401d <+18>:    je     0x7ff9274f41b4 <aes_keyexp_128_enc_avx512+425>
   0x00007ff9274f4023 <+24>:    vmovdqu (%rdi),%xmm1
=> 0x00007ff9274f4027 <+28>:    vmovdqa %xmm1,(%rsi)

(gdb) print/x $rsi
$12 = 0x17e3b72e8

And this is caused because now AES_GCM session private data is not 16B-bits
aligned anymore:
(gdb) print ((struct aesni_gcm_session *)sess->sess_data[index].data)
$29 = (struct aesni_gcm_session *) 0x17e3b72d8

print &((struct aesni_gcm_session *)sess->sess_data[index].data)->gdata_key
$31 = (struct gcm_key_data *) 0x17e3b72e8

As I understand the reason for that is that we changed the way how sess_data[index].data
is populated. Now it is just:
sess->sess_data[index].data = (void *)((uint8_t *)sess +
                                rte_cryptodev_sym_get_header_session_size() +
                                (index * sess->priv_sz));

So, as I can see, there is no guarantee that PMD's private sess data will be aligned on 16B
as expected.





^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-20 19:27         ` Ananyev, Konstantin
@ 2021-10-21  6:53           ` Akhil Goyal
  2021-10-21 10:38             ` Ananyev, Konstantin
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-21  6:53 UTC (permalink / raw)
  To: Ananyev, Konstantin, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, Zhang, Roy Fan, jianjay.zhou, asomalap, ruifeng.wang,
	Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela, Ankur Dwivedi,
	Power, Ciara, Wang, Haiyue, jiawenwu, jianwang

 
> > As per current design, rte_cryptodev_sym_session_create() and
> > rte_cryptodev_sym_session_init() use separate mempool objects
> > for a single session.
> > And structure rte_cryptodev_sym_session is not directly used
> > by the application, it may cause ABI breakage if the structure
> > is modified in future.
> >
> > To address these two issues, the rte_cryptodev_sym_session_create
> > will take one mempool object for both the session and session
> > private data. The API rte_cryptodev_sym_session_init will now not
> > take mempool object.
> > rte_cryptodev_sym_session_create will now return an opaque session
> > pointer which will be used by the app in rte_cryptodev_sym_session_init
> > and other APIs.
> >
> > With this change, rte_cryptodev_sym_session_init will send
> > pointer to session private data of corresponding driver to the PMD
> > based on the driver_id for filling the PMD data.
> >
> > In data path, opaque session pointer is attached to rte_crypto_op
> > and the PMD can call an internal library API to get the session
> > private data pointer based on the driver id.
> >
> > Note: currently nb_drivers are getting updated in RTE_INIT which
> > result in increasing the memory requirements for session.
> > User can compile off drivers which are not in use to reduce the
> > memory consumption of a session.
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > ---
> 
> With that patch ipsec-secgw functional tests crashes for AES_GCM test-cases.
> To be more specific:
> examples/ipsec-secgw/test/run_test.sh -4 tun_aesgcm
> 
> [24126592.561071] traps: dpdk-ipsec-secg[3254860] general protection fault
> ip:7f3ac2397027 sp:7ffeaade8848 error:0 in
> libIPSec_MB.so.1.0.0[7f3ac238f000+2a20000]
> 
> Looking a bit deeper, it fails at:
> #0  0x00007ff9274f4027 in aes_keyexp_128_enc_avx512 ()
>    from /lib/libIPSec_MB.so.1
> #1  0x00007ff929f0ac97 in aes_gcm_pre_128_avx_gen4 ()
>    from /lib/libIPSec_MB.so.1
> #2  0x0000561757073753 in aesni_gcm_session_configure
> (mb_mgr=0x56175c5fe400,
>     session=0x17e3b72d8, xform=0x17e05d7c0)
>     at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
> #3  0x00005617570592af in ipsec_mb_sym_session_configure (
>     dev=0x56175be0c940 <rte_crypto_devices>, xform=0x17e05d7c0,
>     sess=0x17e3b72d8) at ../drivers/crypto/ipsec_mb/ipsec_mb_ops.c:330
> #4  0x0000561753b4d6ae in rte_cryptodev_sym_session_init (dev_id=0
> '\000',
>     sess_opaque=0x17e3b4940, xforms=0x17e05d7c0)
>     at ../lib/cryptodev/rte_cryptodev.c:1736
> #5  0x0000561752ef99b7 in create_lookaside_session (
>     ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140,
>     ips=0x17e05d140) at ../examples/ipsec-secgw/ipsec.c:145
> #6  0x0000561752f0cf98 in fill_ipsec_session (ss=0x17e05d140,
>     ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140)
>     at ../examples/ipsec-secgw/ipsec_process.c:89
> #7  0x0000561752f0d7dd in ipsec_process (
>     ctx=0x56175aa6a210 <lcore_conf+1105232>, trf=0x7ffd192326a0)
>     at ../examples/ipsec-secgw/ipsec_process.c:300
> #8  0x0000561752f21027 in process_pkts_outbound (
> --Type <RET> for more, q to quit, c to continue without paging--
>     ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>,
> traffic=0x7ffd192326a0)
>     at ../examples/ipsec-secgw/ipsec-secgw.c:839
> #9  0x0000561752f21b2e in process_pkts (
>     qconf=0x56175aa57340 <lcore_conf+1027712>, pkts=0x7ffd19233c20,
>     nb_pkts=1 '\001', portid=1) at ../examples/ipsec-secgw/ipsec-secgw.c:1072
> #10 0x0000561752f224db in ipsec_poll_mode_worker ()
>     at ../examples/ipsec-secgw/ipsec-secgw.c:1262
> #11 0x0000561752f38adc in ipsec_launch_one_lcore (args=0x56175c549700)
>     at ../examples/ipsec-secgw/ipsec_worker.c:654
> #12 0x0000561753cbc523 in rte_eal_mp_remote_launch (
>     f=0x561752f38ab5 <ipsec_launch_one_lcore>, arg=0x56175c549700,
>     call_main=CALL_MAIN) at ../lib/eal/common/eal_common_launch.c:64
> #13 0x0000561752f265ed in main (argc=12, argv=0x7ffd19234168)
>     at ../examples/ipsec-secgw/ipsec-secgw.c:2978
> (gdb) frame 2
> #2  0x0000561757073753 in aesni_gcm_session_configure
> (mb_mgr=0x56175c5fe400,
>     session=0x17e3b72d8, xform=0x17e05d7c0)
>     at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
> 132                     mb_mgr->gcm128_pre(key, &sess->gdata_key);
> 
> Because of un-expected unaligned memory access:
> (gdb) disas
> Dump of assembler code for function aes_keyexp_128_enc_avx512:
>    0x00007ff9274f400b <+0>:     endbr64
>    0x00007ff9274f400f <+4>:     cmp    $0x0,%rdi
>    0x00007ff9274f4013 <+8>:     je     0x7ff9274f41b4
> <aes_keyexp_128_enc_avx512+425>
>    0x00007ff9274f4019 <+14>:    cmp    $0x0,%rsi
>    0x00007ff9274f401d <+18>:    je     0x7ff9274f41b4
> <aes_keyexp_128_enc_avx512+425>
>    0x00007ff9274f4023 <+24>:    vmovdqu (%rdi),%xmm1
> => 0x00007ff9274f4027 <+28>:    vmovdqa %xmm1,(%rsi)
> 
> (gdb) print/x $rsi
> $12 = 0x17e3b72e8
> 
> And this is caused because now AES_GCM session private data is not 16B-bits
> aligned anymore:
> (gdb) print ((struct aesni_gcm_session *)sess->sess_data[index].data)
> $29 = (struct aesni_gcm_session *) 0x17e3b72d8
> 
> print &((struct aesni_gcm_session *)sess->sess_data[index].data)-
> >gdata_key
> $31 = (struct gcm_key_data *) 0x17e3b72e8
> 
> As I understand the reason for that is that we changed the way how
> sess_data[index].data
> is populated. Now it is just:
> sess->sess_data[index].data = (void *)((uint8_t *)sess +
>                                 rte_cryptodev_sym_get_header_session_size() +
>                                 (index * sess->priv_sz));
> 
> So, as I can see, there is no guarantee that PMD's private sess data will be
> aligned on 16B
> as expected.
> 
Agreed, that there is no guarantee that the sess_priv will be aligned.
I believe this is requirement from the PMD side for a particular alignment.
Is it possible for the PMD to use __rte_aligned for the fields which are required to
Be aligned. For aesni_gcm it is 16B aligned requirement, for some other PMD it may be
64B alignment. 

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework
  2021-10-20 18:04             ` Akhil Goyal
@ 2021-10-21  8:43               ` Zhang, Roy Fan
  0 siblings, 0 replies; 49+ messages in thread
From: Zhang, Roy Fan @ 2021-10-21  8:43 UTC (permalink / raw)
  To: Akhil Goyal, Power, Ciara, dev, Ananyev, Konstantin, thomas,
	De Lara Guarch, Pablo
  Cc: david.marchand, hemant.agrawal, Anoob Joseph, Trahe, Fiona,
	Doherty, Declan, matan, g.singh, jianjay.zhou, asomalap,
	ruifeng.wang, Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela,
	Ankur Dwivedi, Wang, Haiyue, jiawenwu, jianwang,
	Jerin Jacob Kollanukkaran, Nithin Kumar Dabilpuram

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, October 20, 2021 7:05 PM
> To: Power, Ciara <ciara.power@intel.com>; dev@dpdk.org; Ananyev,
> Konstantin <konstantin.ananyev@intel.com>; thomas@monjalon.net; Zhang,
> Roy Fan <roy.fan.zhang@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: david.marchand@redhat.com; hemant.agrawal@nxp.com; Anoob Joseph
> <anoobj@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Doherty,
> Declan <declan.doherty@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com;
> Nicolau, Radu <radu.nicolau@intel.com>; ajit.khaparde@broadcom.com;
> Nagadheeraj Rottela <rnagadheeraj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; Wang, Haiyue <haiyue.wang@intel.com>;
> jiawenwu@trustnetic.com; jianwang@trustnetic.com; Jerin Jacob
> Kollanukkaran <jerinj@marvell.com>; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>
> Subject: RE: [PATCH v3 0/8] crypto/security session framework rework
> 
> > > > I am seeing test failures for cryptodev_scheduler_autotest:
> > > > + Tests Total :       638
> > > >  + Tests Skipped :     280
> > > >  + Tests Executed :    638
> > > >  + Tests Unsupported:   0
> > > >  + Tests Passed :      18
> > > >  + Tests Failed :      340
> > > >
> > > > The error showing for each testcase:
> > > > scheduler_pmd_sym_session_configure() line 487: unable to config
> sym
> > > > session
> > > > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2
> failed
> > to
> > > > configure session details
> > > >
> > > > I believe the problem happens in
> > scheduler_pmd_sym_session_configure.
> > > > The full sess object is no longer accessible in here, but it is required to
> be
> > > > passed to rte_cryptodev_sym_session_init.
> > > > The init function expects access to sess rather than the private data,
> and
> > > now
> > > > fails as a result.
> > > >
> > > > static int
> > > > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> > > >         struct rte_crypto_sym_xform *xform, void *sess,
> > > >         rte_iova_t sess_iova __rte_unused)
> > > > {
> > > >         struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> > > >         uint32_t i;
> > > >         int ret;
> > > >         for (i = 0; i < sched_ctx->nb_workers; i++) {
> > > >                 struct scheduler_worker *worker = &sched_ctx->workers[i];
> > > >                 ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> > > >                                         xform);
> > > >                 if (ret < 0) {
> > > >                         CR_SCHED_LOG(ERR, "unable to config sym session");
> > > >                         return ret;
> > > >                 }
> > > >         }
> > > >         return 0;
> > > > }
> > > >
> > > It looks like scheduler PMD is managing the stuff on its own for other
> > PMDs.
> > > The APIs are designed such that the app can call session_init multiple
> times
> > > With different dev_id on same sess.
> > > But here scheduler PMD internally want to configure other PMDs
> sess_priv
> > > By calling session_init.
> > >
> > > I wonder, why we have this 2 step session_create and session_init?
> > > Why can't we have it similar to security session create and let the
> scheduler
> > > PMD have its big session private data which can hold priv_data of as many
> > > PMDs
> > > as it want to schedule.
> > >
> > > Konstantin/Fan/Pablo what are your thoughts on this issue?
> > > Can we resolve this issue at priority in RC1(or probably RC2) for this
> release
> > > or
> > > else we defer it for next ABI break release?
> > >
> > > Thomas,
> > > Can we defer this for RC2? It does not seem to be fixed in 1 day.
> >
> > On another thought, this can be fixed with current patch also by having a
> big
> > session
> > Private data for scheduler PMD which is big enough to hold all other PMDs
> > data which
> > it want to schedule and then call the sess_configure function pointer of dev
> > directly.
> > What say? And this PMD change can be done in RC2. And this patchset go
> as
> > is in RC1.
> Here is the diff in scheduler PMD which should fix this issue in current
> patchset.
> 
> diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> index b92ffd6026..0611ea2c6a 100644
> --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> @@ -450,9 +450,8 @@ scheduler_pmd_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  }
> 
>  static uint32_t
> -scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev
> __rte_unused)
> +get_max_session_priv_size(struct scheduler_ctx *sched_ctx)
>  {
> -       struct scheduler_ctx *sched_ctx = dev->data->dev_private;
>         uint8_t i = 0;
>         uint32_t max_priv_sess_size = 0;
> 
> @@ -469,20 +468,35 @@ scheduler_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>         return max_priv_sess_size;
>  }
> 
> +static uint32_t
> +scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev)
> +{
> +       struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> +
> +       return get_max_session_priv_size(sched_ctx) * sched_ctx-
> >nb_workers;
> +}
> +
>  static int
>  scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
>         struct rte_crypto_sym_xform *xform, void *sess,
>         rte_iova_t sess_iova __rte_unused)
>  {
>         struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> +       uint32_t worker_sess_priv_sz = get_max_session_priv_size(sched_ctx);
>         uint32_t i;
>         int ret;
> 
>         for (i = 0; i < sched_ctx->nb_workers; i++) {
>                 struct scheduler_worker *worker = &sched_ctx->workers[i];
> +               struct rte_cryptodev *worker_dev =
> +                               rte_cryptodev_pmd_get_dev(worker->dev_id);
> +               uint8_t index = worker_dev->driver_id;
> 
> -               ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
> -                                       xform);
> +               ret = worker_dev->dev_ops->sym_session_configure(
> +                               worker_dev,
> +                               xform,
> +                               (uint8_t *)sess + (index * worker_sess_priv_sz),
> +                               sess_iova + (index * worker_sess_priv_sz));

This won't work. This will make the session configuration finish successfully
 but  the private data the worker initialized is not the private data the worker
will use during enqueue/dequeue (workers only uses the session private
data based on its driver id).

>                 if (ret < 0) {
>                         CR_SCHED_LOG(ERR, "unable to config sym session");
>                         return ret;

^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-21  6:53           ` Akhil Goyal
@ 2021-10-21 10:38             ` Ananyev, Konstantin
  2021-10-21 12:30               ` Akhil Goyal
  0 siblings, 1 reply; 49+ messages in thread
From: Ananyev, Konstantin @ 2021-10-21 10:38 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, Zhang, Roy Fan, jianjay.zhou, asomalap, ruifeng.wang,
	Nicolau, Radu, ajit.khaparde, Nagadheeraj Rottela, Ankur Dwivedi,
	Power, Ciara, Wang, Haiyue, jiawenwu, jianwang


> > > As per current design, rte_cryptodev_sym_session_create() and
> > > rte_cryptodev_sym_session_init() use separate mempool objects
> > > for a single session.
> > > And structure rte_cryptodev_sym_session is not directly used
> > > by the application, it may cause ABI breakage if the structure
> > > is modified in future.
> > >
> > > To address these two issues, the rte_cryptodev_sym_session_create
> > > will take one mempool object for both the session and session
> > > private data. The API rte_cryptodev_sym_session_init will now not
> > > take mempool object.
> > > rte_cryptodev_sym_session_create will now return an opaque session
> > > pointer which will be used by the app in rte_cryptodev_sym_session_init
> > > and other APIs.
> > >
> > > With this change, rte_cryptodev_sym_session_init will send
> > > pointer to session private data of corresponding driver to the PMD
> > > based on the driver_id for filling the PMD data.
> > >
> > > In data path, opaque session pointer is attached to rte_crypto_op
> > > and the PMD can call an internal library API to get the session
> > > private data pointer based on the driver id.
> > >
> > > Note: currently nb_drivers are getting updated in RTE_INIT which
> > > result in increasing the memory requirements for session.
> > > User can compile off drivers which are not in use to reduce the
> > > memory consumption of a session.
> > >
> > > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > > ---
> >
> > With that patch ipsec-secgw functional tests crashes for AES_GCM test-cases.
> > To be more specific:
> > examples/ipsec-secgw/test/run_test.sh -4 tun_aesgcm
> >
> > [24126592.561071] traps: dpdk-ipsec-secg[3254860] general protection fault
> > ip:7f3ac2397027 sp:7ffeaade8848 error:0 in
> > libIPSec_MB.so.1.0.0[7f3ac238f000+2a20000]
> >
> > Looking a bit deeper, it fails at:
> > #0  0x00007ff9274f4027 in aes_keyexp_128_enc_avx512 ()
> >    from /lib/libIPSec_MB.so.1
> > #1  0x00007ff929f0ac97 in aes_gcm_pre_128_avx_gen4 ()
> >    from /lib/libIPSec_MB.so.1
> > #2  0x0000561757073753 in aesni_gcm_session_configure
> > (mb_mgr=0x56175c5fe400,
> >     session=0x17e3b72d8, xform=0x17e05d7c0)
> >     at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
> > #3  0x00005617570592af in ipsec_mb_sym_session_configure (
> >     dev=0x56175be0c940 <rte_crypto_devices>, xform=0x17e05d7c0,
> >     sess=0x17e3b72d8) at ../drivers/crypto/ipsec_mb/ipsec_mb_ops.c:330
> > #4  0x0000561753b4d6ae in rte_cryptodev_sym_session_init (dev_id=0
> > '\000',
> >     sess_opaque=0x17e3b4940, xforms=0x17e05d7c0)
> >     at ../lib/cryptodev/rte_cryptodev.c:1736
> > #5  0x0000561752ef99b7 in create_lookaside_session (
> >     ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140,
> >     ips=0x17e05d140) at ../examples/ipsec-secgw/ipsec.c:145
> > #6  0x0000561752f0cf98 in fill_ipsec_session (ss=0x17e05d140,
> >     ctx=0x56175aa6a210 <lcore_conf+1105232>, sa=0x17e05d140)
> >     at ../examples/ipsec-secgw/ipsec_process.c:89
> > #7  0x0000561752f0d7dd in ipsec_process (
> >     ctx=0x56175aa6a210 <lcore_conf+1105232>, trf=0x7ffd192326a0)
> >     at ../examples/ipsec-secgw/ipsec_process.c:300
> > #8  0x0000561752f21027 in process_pkts_outbound (
> > --Type <RET> for more, q to quit, c to continue without paging--
> >     ipsec_ctx=0x56175aa6a210 <lcore_conf+1105232>,
> > traffic=0x7ffd192326a0)
> >     at ../examples/ipsec-secgw/ipsec-secgw.c:839
> > #9  0x0000561752f21b2e in process_pkts (
> >     qconf=0x56175aa57340 <lcore_conf+1027712>, pkts=0x7ffd19233c20,
> >     nb_pkts=1 '\001', portid=1) at ../examples/ipsec-secgw/ipsec-secgw.c:1072
> > #10 0x0000561752f224db in ipsec_poll_mode_worker ()
> >     at ../examples/ipsec-secgw/ipsec-secgw.c:1262
> > #11 0x0000561752f38adc in ipsec_launch_one_lcore (args=0x56175c549700)
> >     at ../examples/ipsec-secgw/ipsec_worker.c:654
> > #12 0x0000561753cbc523 in rte_eal_mp_remote_launch (
> >     f=0x561752f38ab5 <ipsec_launch_one_lcore>, arg=0x56175c549700,
> >     call_main=CALL_MAIN) at ../lib/eal/common/eal_common_launch.c:64
> > #13 0x0000561752f265ed in main (argc=12, argv=0x7ffd19234168)
> >     at ../examples/ipsec-secgw/ipsec-secgw.c:2978
> > (gdb) frame 2
> > #2  0x0000561757073753 in aesni_gcm_session_configure
> > (mb_mgr=0x56175c5fe400,
> >     session=0x17e3b72d8, xform=0x17e05d7c0)
> >     at ../drivers/crypto/ipsec_mb/pmd_aesni_gcm.c:132
> > 132                     mb_mgr->gcm128_pre(key, &sess->gdata_key);
> >
> > Because of un-expected unaligned memory access:
> > (gdb) disas
> > Dump of assembler code for function aes_keyexp_128_enc_avx512:
> >    0x00007ff9274f400b <+0>:     endbr64
> >    0x00007ff9274f400f <+4>:     cmp    $0x0,%rdi
> >    0x00007ff9274f4013 <+8>:     je     0x7ff9274f41b4
> > <aes_keyexp_128_enc_avx512+425>
> >    0x00007ff9274f4019 <+14>:    cmp    $0x0,%rsi
> >    0x00007ff9274f401d <+18>:    je     0x7ff9274f41b4
> > <aes_keyexp_128_enc_avx512+425>
> >    0x00007ff9274f4023 <+24>:    vmovdqu (%rdi),%xmm1
> > => 0x00007ff9274f4027 <+28>:    vmovdqa %xmm1,(%rsi)
> >
> > (gdb) print/x $rsi
> > $12 = 0x17e3b72e8
> >
> > And this is caused because now AES_GCM session private data is not 16B-bits
> > aligned anymore:
> > (gdb) print ((struct aesni_gcm_session *)sess->sess_data[index].data)
> > $29 = (struct aesni_gcm_session *) 0x17e3b72d8
> >
> > print &((struct aesni_gcm_session *)sess->sess_data[index].data)-
> > >gdata_key
> > $31 = (struct gcm_key_data *) 0x17e3b72e8
> >
> > As I understand the reason for that is that we changed the way how
> > sess_data[index].data
> > is populated. Now it is just:
> > sess->sess_data[index].data = (void *)((uint8_t *)sess +
> >                                 rte_cryptodev_sym_get_header_session_size() +
> >                                 (index * sess->priv_sz));
> >
> > So, as I can see, there is no guarantee that PMD's private sess data will be
> > aligned on 16B
> > as expected.
> >
> Agreed, that there is no guarantee that the sess_priv will be aligned.
> I believe this is requirement from the PMD side for a particular alignment.

Yes, it is PMD specific requirement.
The problem is that with new approach you proposed there is no simple way for PMD to
fulfil that requirement.
In current version of DPDK:
- PMD reports size of private data, note that it reports extra space needed
   to align its data properly inside provided buffer.
- Then it ss up to higher layer to allocate mempool with elements big enough to hold 
   PMD private data.
- At session init that mempool is passed to PMD sym_session_confgure() and it is 
 PMD responsibility to allocate buffer (from given mempool) for its private data
  align it properly, and update sess->sess_data[].data.
With this patch:
 -  PMD still reports size of private data, but now it is cryptodev layer who allocates
     memory for PMD private data and updates sess->sess_data[].data.
  
So PMD simply has no way to allocate/align its private data in a way it likes to.
Of course it can simply do alignment on the fly for each operation, something like:

void *p = get_sym_session_private_data(sess, dev->driver_id);
sess_priv = RTE_PTR_ALIGN_FLOOR(p, PMD_SES_ALIGN);

But it is way too ugly and error-prone. 

Another potential problem with that approach (when cryptodev allocates memory for 
PMD private session data and updates sess->sess_data[].data for it) - it could happen
that private data for different PMDs can endup on the same cache-line. 
If we'll ever have a case with simultaneous session processing by multiple-devices
it can cause all sorts of performance problems.

All in all - these changes for (remove second mempool, change the way we allocate/setup
session private data) seems premature to me.
So, I think to go ahead with this series (hiding rte_cryptodev_sym_session) for 21.11
we need to drop changes for sess_data[] management allocation and keep only changes
directly related to hide sym_session.    
My apologies for not reviewing/testing properly that series earlier.

> Is it possible for the PMD to use __rte_aligned for the fields which are required to

The data structure inside PMD is properly aligned.
The problem is that now cryptodev layer might provide to PMD memory that is not properly aligned.

> Be aligned. For aesni_gcm it is 16B aligned requirement, for some other PMD it may be
> 64B alignment.





^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-21 10:38             ` Ananyev, Konstantin
@ 2021-10-21 12:30               ` Akhil Goyal
  2021-10-21 13:11                 ` Ananyev, Konstantin
  0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2021-10-21 12:30 UTC (permalink / raw)
  To: Ananyev, Konstantin, dev, Zhang, Roy Fan
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch, Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Nicolau, Radu,
	ajit.khaparde, Nagadheeraj Rottela, Ankur Dwivedi, Power, Ciara,
	Wang, Haiyue, jiawenwu, jianwang, Jerin Jacob Kollanukkaran,
	Nithin Kumar Dabilpuram

> The problem is that with new approach you proposed there is no simple way
> for PMD to
> fulfil that requirement.
> In current version of DPDK:
> - PMD reports size of private data, note that it reports extra space needed
>    to align its data properly inside provided buffer.
> - Then it ss up to higher layer to allocate mempool with elements big enough
> to hold
>    PMD private data.
> - At session init that mempool is passed to PMD sym_session_confgure() and
> it is
>  PMD responsibility to allocate buffer (from given mempool) for its private
> data
>   align it properly, and update sess->sess_data[].data.
> With this patch:
>  -  PMD still reports size of private data, but now it is cryptodev layer who
> allocates
>      memory for PMD private data and updates sess->sess_data[].data.
> 
> So PMD simply has no way to allocate/align its private data in a way it likes
> to.
> Of course it can simply do alignment on the fly for each operation, something
> like:
> 
> void *p = get_sym_session_private_data(sess, dev->driver_id);
> sess_priv = RTE_PTR_ALIGN_FLOOR(p, PMD_SES_ALIGN);
> 
> But it is way too ugly and error-prone.
> 
> Another potential problem with that approach (when cryptodev allocates
> memory for
> PMD private session data and updates sess->sess_data[].data for it) - it could
> happen
> that private data for different PMDs can endup on the same cache-line.
> If we'll ever have a case with simultaneous session processing by multiple-
> devices
> it can cause all sorts of performance problems.

To resolve above 2 issues(performance and pointer CEIL in PMD), can you check
If following diff in library would work?
----------------------------------------------------------------------------------------------------
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 9d5e08bba2..7beb5339ea 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1731,12 +1731,13 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
        RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);

        if (sess->sess_data[index].refcnt == 0) {
-               sess->sess_data[index].data = (void *)((uint8_t *)sess +
+               sess->sess_data[index].data = RTE_PTR_ALIGN_CEIL(
+                               (void *)((uint8_t *)sess +
                                rte_cryptodev_sym_get_header_session_size() +
-                               (index * sess->priv_sz));
-               sess_iova = rte_mempool_virt2iova(sess) +
+                               (index * sess->priv_sz)), RTE_CACHE_LINE_SIZE);
+               sess_iova = RTE_ALIGN_CEIL(rte_mempool_virt2iova(sess) +
                                rte_cryptodev_sym_get_header_session_size() +
-                               (index * sess->priv_sz);
+                               (index * sess->priv_sz), RTE_CACHE_LINE_SIZE);
                ret = dev->dev_ops->sym_session_configure(dev, xforms,
                                sess->sess_data[index].data, sess_iova);
                if (ret < 0) {
@@ -1805,7 +1806,7 @@ get_max_sym_sess_priv_sz(void)
                if (sz > max_sz)
                        max_sz = sz;
        }
-       return max_sz;
+       return RTE_ALIGN_CEIL(max_sz,RTE_CACHE_LINE_SIZE);
 }

 struct rte_mempool *
----------------------------------------------------------------------------------------
> 
> All in all - these changes for (remove second mempool, change the way we
> allocate/setup
> session private data) seems premature to me.
> So, I think to go ahead with this series (hiding rte_cryptodev_sym_session)
> for 21.11
> we need to drop changes for sess_data[] management allocation and keep
> only changes
> directly related to hide sym_session.
> My apologies for not reviewing/testing properly that series earlier.
> 

The changes are huge and will affect a lot of people. We needed help
From all the pmd owners to look into this.
We can drop this series, citing not enough review happened, but the issues
that were raised could have been resolved till RC2 for the cases that are currently
broken.
However, there is one more issue that was not highlighted here was that, in case of
Scheduler PMD there are a lot of inappropriate stuff which hampers these changes.
Because of which we will end up reserving huge memory space which will be unused
if scheduler PMD is compiled in.
We can have a simple single API for session creation similar to rte_security.
And let scheduler PMD manage all the memory by itself for all the PMDs which
it want to schedule.

We can defer this series for now, and can work on Asymmetric crypto
first (probably in 22.02) which is still in experimental state. This will help in getting
these changes matured enough for sym session which we can take up in 22.11.

I believe Intel people are planning for new features in asymmetric crypto.
It makes more sense that they can align it as per the discussed approach.

Regards,
Akhil


^ permalink raw reply	[flat|nested] 49+ messages in thread

* Re: [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework
  2021-10-21 12:30               ` Akhil Goyal
@ 2021-10-21 13:11                 ` Ananyev, Konstantin
  0 siblings, 0 replies; 49+ messages in thread
From: Ananyev, Konstantin @ 2021-10-21 13:11 UTC (permalink / raw)
  To: Akhil Goyal, dev, Zhang, Roy Fan
  Cc: thomas, david.marchand, hemant.agrawal, Anoob Joseph,
	De Lara Guarch,  Pablo, Trahe, Fiona, Doherty, Declan, matan,
	g.singh, jianjay.zhou, asomalap, ruifeng.wang, Nicolau, Radu,
	ajit.khaparde, Nagadheeraj Rottela, Ankur Dwivedi, Power, Ciara,
	Wang, Haiyue, jiawenwu, jianwang, Jerin Jacob Kollanukkaran,
	Nithin Kumar Dabilpuram


 
> > The problem is that with new approach you proposed there is no simple way
> > for PMD to
> > fulfil that requirement.
> > In current version of DPDK:
> > - PMD reports size of private data, note that it reports extra space needed
> >    to align its data properly inside provided buffer.
> > - Then it ss up to higher layer to allocate mempool with elements big enough
> > to hold
> >    PMD private data.
> > - At session init that mempool is passed to PMD sym_session_confgure() and
> > it is
> >  PMD responsibility to allocate buffer (from given mempool) for its private
> > data
> >   align it properly, and update sess->sess_data[].data.
> > With this patch:
> >  -  PMD still reports size of private data, but now it is cryptodev layer who
> > allocates
> >      memory for PMD private data and updates sess->sess_data[].data.
> >
> > So PMD simply has no way to allocate/align its private data in a way it likes
> > to.
> > Of course it can simply do alignment on the fly for each operation, something
> > like:
> >
> > void *p = get_sym_session_private_data(sess, dev->driver_id);
> > sess_priv = RTE_PTR_ALIGN_FLOOR(p, PMD_SES_ALIGN);
> >
> > But it is way too ugly and error-prone.
> >
> > Another potential problem with that approach (when cryptodev allocates
> > memory for
> > PMD private session data and updates sess->sess_data[].data for it) - it could
> > happen
> > that private data for different PMDs can endup on the same cache-line.
> > If we'll ever have a case with simultaneous session processing by multiple-
> > devices
> > it can cause all sorts of performance problems.
> 
> To resolve above 2 issues(performance and pointer CEIL in PMD), can you check
> If following diff in library would work?
> ----------------------------------------------------------------------------------------------------
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 9d5e08bba2..7beb5339ea 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -1731,12 +1731,13 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
>         RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
> 
>         if (sess->sess_data[index].refcnt == 0) {
> -               sess->sess_data[index].data = (void *)((uint8_t *)sess +
> +               sess->sess_data[index].data = RTE_PTR_ALIGN_CEIL(
> +                               (void *)((uint8_t *)sess +
>                                 rte_cryptodev_sym_get_header_session_size() +
> -                               (index * sess->priv_sz));
> -               sess_iova = rte_mempool_virt2iova(sess) +
> +                               (index * sess->priv_sz)), RTE_CACHE_LINE_SIZE);
> +               sess_iova = RTE_ALIGN_CEIL(rte_mempool_virt2iova(sess) +
>                                 rte_cryptodev_sym_get_header_session_size() +
> -                               (index * sess->priv_sz);
> +                               (index * sess->priv_sz), RTE_CACHE_LINE_SIZE);
>                 ret = dev->dev_ops->sym_session_configure(dev, xforms,
>                                 sess->sess_data[index].data, sess_iova);
>                 if (ret < 0) {
> @@ -1805,7 +1806,7 @@ get_max_sym_sess_priv_sz(void)
>                 if (sz > max_sz)
>                         max_sz = sz;
>         }
> -       return max_sz;
> +       return RTE_ALIGN_CEIL(max_sz,RTE_CACHE_LINE_SIZE);
>  }
> 
>  struct rte_mempool *

Yep, aligning each PMD private data on CACHE_LINE will help to overcome that issue.
Though it means that we need to allocate extra CACHE_LINE bytes for each sess_data
element. That could be a significant amount.
 Also I am still not sure that cryptodev layer should allocate/manage space for PMD
private session data. It would be really hard to predict all possible requirements that
each PMD can have. I think better to leave it to PMD itself, as it knows best what
it needs.

> ----------------------------------------------------------------------------------------
> >
> > All in all - these changes for (remove second mempool, change the way we
> > allocate/setup
> > session private data) seems premature to me.
> > So, I think to go ahead with this series (hiding rte_cryptodev_sym_session)
> > for 21.11
> > we need to drop changes for sess_data[] management allocation and keep
> > only changes
> > directly related to hide sym_session.
> > My apologies for not reviewing/testing properly that series earlier.
> >
> 
> The changes are huge and will affect a lot of people. We needed help
> From all the pmd owners to look into this.

Agree.

> We can drop this series, citing not enough review happened, but the issues
> that were raised could have been resolved till RC2 for the cases that are currently
> broken.
> However, there is one more issue that was not highlighted here was that, in case of
> Scheduler PMD there are a lot of inappropriate stuff which hampers these changes.
> Because of which we will end up reserving huge memory space which will be unused
> if scheduler PMD is compiled in.
> We can have a simple single API for session creation similar to rte_security.
> And let scheduler PMD manage all the memory by itself for all the PMDs which
> it want to schedule.

Yes, same thoughts here:
if we can have just one device per session (as we have for security) it would help
to come up with simple and clean approach.
From my perspective, probably better to create a simple, clean API first,
and then try to re-work scheduler PMD to work with new one.    
 
> We can defer this series for now, and can work on Asymmetric crypto
> first (probably in 22.02) which is still in experimental state. This will help in getting
> these changes matured enough for sym session which we can take up in 22.11.

Sounds like a good plan to me.

> I believe Intel people are planning for new features in asymmetric crypto.
> It makes more sense that they can align it as per the discussed approach.
> 
> Regards,
> Akhil


^ permalink raw reply	[flat|nested] 49+ messages in thread

end of thread, other threads:[~2021-10-21 13:13 UTC | newest]

Thread overview: 49+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
2021-09-30 14:50 ` [dpdk-dev] [PATCH 1/3] security: rework session framework Akhil Goyal
2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
2021-10-12 12:26   ` Zhang, Roy Fan
2021-10-12 12:29     ` Akhil Goyal
2021-10-12 13:32       ` Zhang, Roy Fan
2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
2021-10-01 15:53   ` Zhang, Roy Fan
2021-10-04 19:07     ` Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
2021-10-18 21:34     ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 1/8] security: rework session framework Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 2/8] security: hide security session struct Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
2021-10-20 19:27         ` Ananyev, Konstantin
2021-10-21  6:53           ` Akhil Goyal
2021-10-21 10:38             ` Ananyev, Konstantin
2021-10-21 12:30               ` Akhil Goyal
2021-10-21 13:11                 ` Ananyev, Konstantin
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure Akhil Goyal
2021-10-18 21:34       ` [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-20 14:36       ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Hemant Agrawal
2021-10-20 15:45       ` Power, Ciara
2021-10-20 16:41         ` Akhil Goyal
2021-10-20 16:48           ` Akhil Goyal
2021-10-20 18:04             ` Akhil Goyal
2021-10-21  8:43               ` Zhang, Roy Fan
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 2/7] security: hide security session struct Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure Akhil Goyal
2021-10-13 19:22   ` [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-14 11:47   ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-14 12:30     ` Zhang, Roy Fan
2021-10-14 12:34       ` Akhil Goyal
2021-10-14 17:07     ` Zhang, Roy Fan
2021-10-14 18:23       ` Akhil Goyal
2021-10-14 18:57         ` Akhil Goyal
2021-10-15 15:33           ` Zhang, Roy Fan
2021-10-15 17:42             ` Akhil Goyal
2021-10-15 18:47               ` Akhil Goyal
2021-10-16 13:31                 ` Zhang, Roy Fan
2021-10-16 13:21               ` Zhang, Roy Fan
2021-10-15  8:12         ` Zhang, Roy Fan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).