From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4AF58A04C5; Fri, 4 Sep 2020 18:04:19 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 547211C0C6; Fri, 4 Sep 2020 18:04:18 +0200 (CEST) Received: from mailout2.w1.samsung.com (mailout2.w1.samsung.com [210.118.77.12]) by dpdk.org (Postfix) with ESMTP id 0B7B31C0C2 for ; Fri, 4 Sep 2020 18:04:16 +0200 (CEST) Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20200904160415euoutp022b7ad8f73dfb72fd3f49e61736d0900b~xoCyPEpto2637226372euoutp02n for ; Fri, 4 Sep 2020 16:04:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20200904160415euoutp022b7ad8f73dfb72fd3f49e61736d0900b~xoCyPEpto2637226372euoutp02n DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1599235455; bh=8sHGj/0cdGZXrvCjPNLpQujIzc11zwriFfZ4WKNsbDU=; h=Subject:To:Cc:From:Date:In-Reply-To:References:From; b=ffvSIhP3M55c7K1PoaqyunB2uQEcn6XJUvXNVVKd9F8LTokUDt7zGmIqgDozshPBr e4L3UoY2vLMgWgZ5il5qhXaaj/eR7dWqw9WWPaPiC7QrBh1vBxVQq7x8ZNu7rF6QXb HXB0XTywie5pp22Cyzo77DhgZMlW8o8ADLV1E9Rk= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20200904160415eucas1p2917e4fde1237730d62cd39dde5041e62~xoCyF06Ex0097400974eucas1p29; Fri, 4 Sep 2020 16:04:15 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id CC.D3.06456.F75625F5; Fri, 4 Sep 2020 17:04:15 +0100 (BST) Received: from eusmtrp2.samsung.com (unknown [182.198.249.139]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20200904160415eucas1p1309887e2252430c364b45580818f8069~xoCxu54Eb2196321963eucas1p1R; Fri, 4 Sep 2020 16:04:15 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp2.samsung.com (KnoxPortal) with ESMTP id 20200904160415eusmtrp2e588be47140374b0f4de18d0d479d1b4~xoCxuPT6z0391503915eusmtrp2e; Fri, 4 Sep 2020 16:04:15 +0000 (GMT) X-AuditID: cbfec7f2-c30869c000001938-33-5f52657f2849 Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id C8.03.06017.F75625F5; Fri, 4 Sep 2020 17:04:15 +0100 (BST) Received: from [106.210.88.70] (unknown [106.210.88.70]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20200904160414eusmtip2b2f45df519b1a124349adf52741c0172~xoCwiNQzu2164421644eusmtip2c; Fri, 4 Sep 2020 16:04:14 +0000 (GMT) To: akhil.goyal@nxp.com, dev@dpdk.org, thomas@monjalon.net, mdr@ashroe.eu, anoobj@marvell.com Cc: hemant.agrawal@nxp.com, konstantin.ananyev@intel.com, declan.doherty@intel.com, david.coyle@intel.com, radu.nicolau@intel.com From: Lukasz Wojciechowski Message-ID: Date: Fri, 4 Sep 2020 18:04:11 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <20200903200958.28025-1-akhil.goyal@nxp.com> Content-Transfer-Encoding: 8bit Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHKsWRmVeSWpSXmKPExsWy7djP87r1qUHxBtsfalusPzOP0WLZlq1M Fh1Xmxkt3jxoYrF492k7k8XKxxvZLN7/WcRi0b/1KItFW5eAxacHJ1gcuDyWn+tn9fi1YCmr x+I9L5k8Ji+8yOxx7OY0do+N73YwBbBFcdmkpOZklqUW6dslcGV0f4kuWDSTsWJDUxNzA+O1 2i5GDg4JAROJLQu8uhi5OIQEVjBKbHnfwAbhfGGU+DX9DiuE85lRYse6jexdjJxgHas757FA JJYzSqzY28AI4bxllHiyoQ2oip1DWMBZYrY/SL2IQLzEt39HwUqYBZoZJVrebWQFSbAJ2Eoc mfkVzOYVcJP4f/00M4jNIqAicfLpZSYQW1QgTmLr8atMEDWCEidnPmEBsTkFLCX2/roFFmcW kJdo3jqbGcIWl7j1ZD4TyDIJgWvsEjt6j7JAXO0isXMLjC0s8er4FqhvZCT+74Rp2MYocfX3 T0YIZz+jxPXeFVBV1hKH//1mA4UYs4CmxPpd+hBhR4n3Lw8yQgKST+LGW0GII/gkJm2bzgwR 5pXoaBOCqNaTeNozlRFm7Z+1T1gmMCrNQvLaLCTvzELyziyEvQsYWVYxiqeWFuempxYb5qWW 6xUn5haX5qXrJefnbmIEpqrT/45/2sH49VLSIUYBDkYlHl4G+6B4IdbEsuLK3EOMEhzMSiK8 TmdPxwnxpiRWVqUW5ccXleakFh9ilOZgURLnNV70MlZIID2xJDU7NbUgtQgmy8TBKdXAOCVJ nWH6opPKF/+X96i2/emQ6cxISDn3w5ZDstS1o/JY/mfHrpehn63fysw56yR7XHbij8KD53+f OBDy6YPyg3WqWevC1Y5OvhQV3H+Iy9acfa3x6f+zrOfPzdfQMLrho3jSxXjfonk3SzmqnX+6 7nhcKKUSZ5m4/tdWTs/cgOAIr/2GLA9LlFiKMxINtZiLihMBeFOxHFEDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrHIsWRmVeSWpSXmKPExsVy+t/xe7r1qUHxBlOXiVisPzOP0WLZlq1M Fh1Xmxkt3jxoYrF492k7k8XKxxvZLN7/WcRi0b/1KItFW5eAxacHJ1gcuDyWn+tn9fi1YCmr x+I9L5k8Ji+8yOxx7OY0do+N73YwBbBF6dkU5ZeWpCpk5BeX2CpFG1oY6RlaWugZmVjqGRqb x1oZmSrp29mkpOZklqUW6dsl6GV0f4kuWDSTsWJDUxNzA+O12i5GTg4JAROJ1Z3zWLoYuTiE BJYySlzbc5K5i5EDKCEj8eGSAESNsMSfa11sILaQwGtGiWebEroY2TmEBZwlZvuDFIsIxEs0 9ziADGEWaGaU+L/sNDvExB5GicXfbzGCtLIJ2EocmfmVFcTmFXCT+H/9NDOIzSKgInHy6WUm EFtUIE7ice9/ZogaQYmTM5+wgNicApYSe3/dAqthFjCTmLf5ITOELS/RvHU2lC0ucevJfKYJ jEKzkLTPQtIyC0nLLCQtCxhZVjGKpJYW56bnFhvpFSfmFpfmpesl5+duYgTG5bZjP7fsYOx6 F3yIUYCDUYmHl8E+KF6INbGsuDL3EKMEB7OSCK/T2dNxQrwpiZVVqUX58UWlOanFhxhNgZ6b yCwlmpwPTBl5JfGGpobmFpaG5sbmxmYWSuK8HQIHY4QE0hNLUrNTUwtSi2D6mDg4pRoYJ82/ 95ppp5rWya+fmh/8szJOO+i7Z/Fl5vXPVkQunLk3ha9Svi394dotaTw8/Gxpd+RlFRic9kzs k9Ww2VzxuVdwZie/fjqX6Wsh9cNn8mKtpxR875o98fxZ64l9ffOP6d1u8khfEl9dLCMvdthS VfSSOfd5f26bR0s+d2pFuu59qzA/V7xGiaU4I9FQi7moOBEAmcRulOECAAA= X-CMS-MailID: 20200904160415eucas1p1309887e2252430c364b45580818f8069 X-Msg-Generator: CA Content-Type: text/plain; charset="utf-8" X-RootMTR: 20200903201022eucas1p19a5154b9fb7063f72b18dea1114eeed3 X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20200903201022eucas1p19a5154b9fb7063f72b18dea1114eeed3 References: <20200903200958.28025-1-akhil.goyal@nxp.com> Subject: Re: [dpdk-dev] [PATCH] security: update session create API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" W dniu 03.09.2020 o 22:09, akhil.goyal@nxp.com pisze: > From: Akhil Goyal > > The API ``rte_security_session_create`` takes only single > mempool for session and session private data. So the > application need to create mempool for twice the number of > sessions needed and will also lead to wastage of memory as > session private data need more memory compared to session. > Hence the API is modified to take two mempool pointers > - one for session and one for private data. > This is very similar to crypto based session create APIs. > > Signed-off-by: Akhil Goyal > --- > app/test-crypto-perf/cperf_ops.c | 4 +-- > app/test/test_cryptodev.c | 8 +++-- > app/test/test_ipsec.c | 3 +- > app/test/test_security.c | 42 ++++++++++++++++++++------ > doc/guides/prog_guide/rte_security.rst | 6 ++-- > doc/guides/rel_notes/deprecation.rst | 7 ----- > doc/guides/rel_notes/release_20_11.rst | 6 ++++ > examples/ipsec-secgw/ipsec-secgw.c | 12 ++------ > examples/ipsec-secgw/ipsec.c | 9 ++++-- > lib/librte_security/rte_security.c | 6 ++-- > lib/librte_security/rte_security.h | 4 ++- > 11 files changed, 68 insertions(+), 39 deletions(-) > > diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c > index 3da835a9c..3a64a2c34 100644 > --- a/app/test-crypto-perf/cperf_ops.c > +++ b/app/test-crypto-perf/cperf_ops.c > @@ -621,7 +621,7 @@ cperf_create_session(struct rte_mempool *sess_mp, > > /* Create security session */ > return (void *)rte_security_session_create(ctx, > - &sess_conf, sess_mp); > + &sess_conf, sess_mp, priv_mp); > } > if (options->op_type == CPERF_DOCSIS) { > enum rte_security_docsis_direction direction; > @@ -664,7 +664,7 @@ cperf_create_session(struct rte_mempool *sess_mp, > > /* Create security session */ > return (void *)rte_security_session_create(ctx, > - &sess_conf, priv_mp); > + &sess_conf, sess_mp, priv_mp); > } > #endif > sess = rte_cryptodev_sym_session_create(sess_mp); > diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c > index 70bf6fe2c..6d7da1408 100644 > --- a/app/test/test_cryptodev.c > +++ b/app/test/test_cryptodev.c > @@ -7219,7 +7219,8 @@ test_pdcp_proto(int i, int oop, > > /* Create security session */ > ut_params->sec_session = rte_security_session_create(ctx, > - &sess_conf, ts_params->session_priv_mpool); > + &sess_conf, ts_params->session_mpool, > + ts_params->session_priv_mpool); > > if (!ut_params->sec_session) { > printf("TestCase %s()-%d line %d failed %s: ", > @@ -7479,7 +7480,8 @@ test_pdcp_proto_SGL(int i, int oop, > > /* Create security session */ > ut_params->sec_session = rte_security_session_create(ctx, > - &sess_conf, ts_params->session_priv_mpool); > + &sess_conf, ts_params->session_mpool, > + ts_params->session_priv_mpool); > > if (!ut_params->sec_session) { > printf("TestCase %s()-%d line %d failed %s: ", > @@ -7836,6 +7838,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) > > /* Create security session */ > ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, > + ts_params->session_mpool, > ts_params->session_priv_mpool); > > if (!ut_params->sec_session) { > @@ -8011,6 +8014,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) > > /* Create security session */ > ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, > + ts_params->session_mpool, > ts_params->session_priv_mpool); > > if (!ut_params->sec_session) { > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c > index 79d00d7e0..9ad07a179 100644 > --- a/app/test/test_ipsec.c > +++ b/app/test/test_ipsec.c > @@ -632,7 +632,8 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut, > static struct rte_security_session_conf conf; > > ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx, > - &conf, qp->mp_session_private); > + &conf, qp->mp_session, > + qp->mp_session_private); > > if (ut->ss[j].security.ses == NULL) > return -ENOMEM; > diff --git a/app/test/test_security.c b/app/test/test_security.c > index 77fd5adc6..ed7de348f 100644 > --- a/app/test/test_security.c > +++ b/app/test/test_security.c > @@ -237,6 +237,7 @@ static struct mock_session_create_data { > struct rte_security_session_conf *conf; > struct rte_security_session *sess; > struct rte_mempool *mp; > + struct rte_mempool *priv_mp; > > int ret; > session_create op is now called with private mbuf, so you need also to update assert in mock session_create: @@ -248,13 +249,13 @@ static int  mock_session_create(void *device,                 struct rte_security_session_conf *conf,                 struct rte_security_session *sess, -               struct rte_mempool *mp) +               struct rte_mempool *priv_mp)  {         mock_session_create_exp.called++;         MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);         MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf); -       MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, mp); +       MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);         mock_session_create_exp.sess = sess; > @@ -502,6 +503,7 @@ struct rte_security_ops mock_ops = { > */ > static struct security_testsuite_params { > struct rte_mempool *session_mpool; > + struct rte_mempool *session_priv_mpool; > } testsuite_params = { NULL }; > > /** > @@ -525,6 +527,7 @@ static struct security_unittest_params { > }; > > #define SECURITY_TEST_MEMPOOL_NAME "SecurityTestsMempoolName" > +#define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestsPrivMempoolName" Please make the mempool name shorter, otherwise it causes tests to fail: EAL: Test assert testsuite_setup line 558 failed: Cannot create priv mempool File name too long > #define SECURITY_TEST_MEMPOOL_SIZE 15 > #define SECURITY_TEST_SESSION_OBJECT_SIZE sizeof(struct rte_security_session) > > @@ -545,6 +548,17 @@ testsuite_setup(void) > SOCKET_ID_ANY, 0); > TEST_ASSERT_NOT_NULL(ts_params->session_mpool, > "Cannot create mempool %s\n", rte_strerror(rte_errno)); > + > + ts_params->session_priv_mpool = rte_mempool_create( > + SECURITY_TEST_PRIV_MEMPOOL_NAME, > + SECURITY_TEST_MEMPOOL_SIZE, > + rte_security_session_get_size(&unittest_params.ctx), > + 0, 0, NULL, NULL, NULL, NULL, > + SOCKET_ID_ANY, 0); > + TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool, > + "Cannot create priv mempool %s\n", > + rte_strerror(rte_errno)); > + If creation of private data mpool fails, primary mempool need to be freed before function returns failure code. > return TEST_SUCCESS; > } > > @@ -659,7 +673,8 @@ ut_setup_with_session(void) > mock_session_create_exp.ret = 0; > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, > sess); > TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, > @@ -701,7 +716,8 @@ test_session_create_inv_context(void) > struct rte_security_session *sess; > > sess = rte_security_session_create(NULL, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -725,7 +741,8 @@ test_session_create_inv_context_ops(void) > ut_params->ctx.ops = NULL; > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -749,7 +766,8 @@ test_session_create_inv_context_ops_fun(void) > ut_params->ctx.ops = &empty_ops; > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -770,7 +788,8 @@ test_session_create_inv_configuration(void) > struct rte_security_session *sess; > > sess = rte_security_session_create(&ut_params->ctx, NULL, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -790,7 +809,7 @@ test_session_create_inv_mempool(void) > struct rte_security_session *sess; > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - NULL); > + NULL, NULL); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -824,7 +843,8 @@ test_session_create_mempool_empty(void) > TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); > @@ -853,10 +873,12 @@ test_session_create_ops_failure(void) > mock_session_create_exp.device = NULL; > mock_session_create_exp.conf = &ut_params->conf; > mock_session_create_exp.mp = ts_params->session_mpool; > + mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; > mock_session_create_exp.ret = -1; /* Return failure status. */ > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, > sess, NULL, "%p"); > TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); > @@ -879,10 +901,12 @@ test_session_create_success(void) > mock_session_create_exp.device = NULL; > mock_session_create_exp.conf = &ut_params->conf; > mock_session_create_exp.mp = ts_params->session_mpool; > + mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; > mock_session_create_exp.ret = 0; /* Return success status. */ > > sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, > - ts_params->session_mpool); > + ts_params->session_mpool, > + ts_params->session_priv_mpool); > TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, > sess); > TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, > diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst > index 127da2e4f..cff0653f5 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -533,8 +533,10 @@ and this allows further acceleration of the offload of Crypto workloads. > > The Security framework provides APIs to create and free sessions for crypto/ethernet > devices, where sessions are mempool objects. It is the application's responsibility > -to create and manage the session mempools. The mempool object size should be able to > -accommodate the driver's private data of security session. > +to create and manage two session mempools - one for session and other for session > +private data. The mempool object size should be able to accommodate the driver's > +private data of security session. The application can get the size of session private > +data using API ``rte_security_session_get_size``. > > Once the session mempools have been created, ``rte_security_session_create()`` > is used to allocate and initialize a session for the required crypto/ethernet device. > diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst > index 345c38d5b..84be88a13 100644 > --- a/doc/guides/rel_notes/deprecation.rst > +++ b/doc/guides/rel_notes/deprecation.rst > @@ -263,13 +263,6 @@ Deprecation Notices > This feature faces reliability issues and is often conflicting with > new features being implemented. > > -* security: The API ``rte_security_session_create`` takes only single mempool > - for session and session private data. So the application need to create > - mempool for twice the number of sessions needed and will also lead to > - wastage of memory as session private data need more memory compared to session. > - Hence the API will be modified to take two mempool pointers - one for session > - and one for private data. > - > * cryptodev: ``RTE_CRYPTO_AEAD_LIST_END`` from ``enum rte_crypto_aead_algorithm``, > ``RTE_CRYPTO_CIPHER_LIST_END`` from ``enum rte_crypto_cipher_algorithm`` and > ``RTE_CRYPTO_AUTH_LIST_END`` from ``enum rte_crypto_auth_algorithm`` > diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst > index df227a177..04c1a1b81 100644 > --- a/doc/guides/rel_notes/release_20_11.rst > +++ b/doc/guides/rel_notes/release_20_11.rst > @@ -84,6 +84,12 @@ API Changes > Also, make sure to start the actual text at the margin. > ======================================================= > > +* security: The API ``rte_security_session_create`` is updated to take two > + mempool objects one for session and other for session private data. > + So the application need to create two mempools and get the size of session > + private data using API ``rte_security_session_get_size`` for private session > + mempool. > + > > ABI Changes > ----------- > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c > index 8ba15d23c..55a5ea9f4 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -2351,12 +2351,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz) > > snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, > "sess_mp_%u", socket_id); > - /* > - * Doubled due to rte_security_session_create() uses one mempool for > - * session and for session private data. > - */ > nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * > - rte_lcore_count()) * 2; > + rte_lcore_count()); > sess_mp = rte_cryptodev_sym_session_pool_create( > mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, > socket_id); > @@ -2379,12 +2375,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id, > > snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, > "sess_mp_priv_%u", socket_id); > - /* > - * Doubled due to rte_security_session_create() uses one mempool for > - * session and for session private data. > - */ > nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * > - rte_lcore_count()) * 2; > + rte_lcore_count()); > sess_mp = rte_mempool_create(mp_name, > nb_sess, > sess_sz, > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 01faa7ac7..6baeeb342 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -117,7 +117,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa, > set_ipsec_conf(sa, &(sess_conf.ipsec)); > > ips->security.ses = rte_security_session_create(ctx, > - &sess_conf, ipsec_ctx->session_priv_pool); > + &sess_conf, ipsec_ctx->session_pool, > + ipsec_ctx->session_priv_pool); > if (ips->security.ses == NULL) { > RTE_LOG(ERR, IPSEC, > "SEC Session init failed: err: %d\n", ret); > @@ -198,7 +199,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, > } > > ips->security.ses = rte_security_session_create(sec_ctx, > - &sess_conf, skt_ctx->session_pool); > + &sess_conf, skt_ctx->session_pool, > + skt_ctx->session_priv_pool); > if (ips->security.ses == NULL) { > RTE_LOG(ERR, IPSEC, > "SEC Session init failed: err: %d\n", ret); > @@ -378,7 +380,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, > sess_conf.userdata = (void *) sa; > > ips->security.ses = rte_security_session_create(sec_ctx, > - &sess_conf, skt_ctx->session_pool); > + &sess_conf, skt_ctx->session_pool, > + skt_ctx->session_priv_pool); > if (ips->security.ses == NULL) { > RTE_LOG(ERR, IPSEC, > "SEC Session init failed: err: %d\n", ret); > diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c > index 515c29e04..293ca747d 100644 > --- a/lib/librte_security/rte_security.c > +++ b/lib/librte_security/rte_security.c > @@ -26,7 +26,8 @@ > struct rte_security_session * > rte_security_session_create(struct rte_security_ctx *instance, > struct rte_security_session_conf *conf, > - struct rte_mempool *mp) > + struct rte_mempool *mp, > + struct rte_mempool *priv_mp) > { > struct rte_security_session *sess = NULL; > > @@ -37,7 +38,8 @@ rte_security_session_create(struct rte_security_ctx *instance, > if (rte_mempool_get(mp, (void **)&sess)) > return NULL; > > - if (instance->ops->session_create(instance->device, conf, sess, mp)) { > + if (instance->ops->session_create(instance->device, conf, > + sess, priv_mp)) { > rte_mempool_put(mp, (void *)sess); > return NULL; > } > diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h > index 16839e539..1710cdd6a 100644 > --- a/lib/librte_security/rte_security.h > +++ b/lib/librte_security/rte_security.h > @@ -386,6 +386,7 @@ struct rte_security_session { > * @param instance security instance > * @param conf session configuration parameters > * @param mp mempool to allocate session objects from > + * @param priv_mp mempool to allocate session private data objects from > * @return > * - On success, pointer to session > * - On failure, NULL > @@ -393,7 +394,8 @@ struct rte_security_session { > struct rte_security_session * > rte_security_session_create(struct rte_security_ctx *instance, > struct rte_security_session_conf *conf, > - struct rte_mempool *mp); > + struct rte_mempool *mp, > + struct rte_mempool *priv_mp); > > /** > * Update security session as specified by the session configuration -- Lukasz Wojciechowski Principal Software Engineer Samsung R&D Institute Poland Samsung Electronics Office +48 22 377 88 25 l.wojciechow@partner.samsung.com