From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <thomas@monjalon.net>, <david.marchand@redhat.com>,
<hemant.agrawal@nxp.com>, <anoobj@marvell.com>,
<pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>,
<declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>,
<roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>,
<asomalap@amd.com>, <ruifeng.wang@arm.com>,
<konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>,
<ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>,
<adwivedi@marvell.com>, <ciara.power@intel.com>,
Akhil Goyal <gakhil@marvell.com>
Subject: [dpdk-dev] [PATCH 1/3] security: rework session framework
Date: Thu, 30 Sep 2021 20:20:12 +0530 [thread overview]
Message-ID: <20210930145014.2476799-2-gakhil@marvell.com> (raw)
In-Reply-To: <20210930145014.2476799-1-gakhil@marvell.com>
As per current design, rte_security_session_create()
unnecesarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.
TODO:
- inline APIs for opaque data and fast_mdata
- move rte_security_session struct to security_driver.h
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
app/test-crypto-perf/cperf_ops.c | 8 +-
.../cperf_test_pmd_cyclecount.c | 2 +-
app/test/test_cryptodev.c | 17 +-
app/test/test_ipsec.c | 11 +-
app/test/test_security.c | 229 ++++++++----------
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 5 +-
.../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 30 +--
drivers/crypto/caam_jr/caam_jr.c | 32 +--
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +-
drivers/crypto/cnxk/cn10k_ipsec.c | 53 +---
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 2 +-
drivers/crypto/cnxk/cn9k_ipsec.c | 50 +---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 +--
drivers/crypto/dpaa_sec/dpaa_sec.c | 38 ++-
drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +-
drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 11 +-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +-
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 54 +----
drivers/crypto/qat/qat_sym.c | 3 +-
drivers/crypto/qat/qat_sym.h | 8 +-
drivers/crypto/qat/qat_sym_session.c | 21 +-
drivers/crypto/qat/qat_sym_session.h | 4 +-
drivers/net/ixgbe/ixgbe_ipsec.c | 36 +--
drivers/net/octeontx2/otx2_ethdev_sec.c | 51 +---
drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +-
drivers/net/txgbe/txgbe_ipsec.c | 36 +--
examples/ipsec-secgw/ipsec.c | 9 +-
lib/security/rte_security.c | 28 ++-
lib/security/rte_security.h | 41 ++--
lib/security/rte_security_driver.h | 16 +-
30 files changed, 264 insertions(+), 581 deletions(-)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 4b7d66edb2..1b3cbe77b9 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -49,8 +49,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
for (i = 0; i < nb_ops; i++) {
struct rte_crypto_sym_op *sym_op = ops[i]->sym;
- struct rte_security_session *sec_sess =
- (struct rte_security_session *)sess;
uint32_t buf_sz;
uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -58,7 +56,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
- rte_security_attach_session(ops[i], sec_sess);
+ rte_security_attach_session(ops[i], (void *)sess);
sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
src_buf_offset);
@@ -673,7 +671,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
/* Create security session */
return (void *)rte_security_session_create(ctx,
- &sess_conf, sess_mp, priv_mp);
+ &sess_conf, sess_mp);
}
if (options->op_type == CPERF_DOCSIS) {
enum rte_security_docsis_direction direction;
@@ -716,7 +714,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
/* Create security session */
return (void *)rte_security_session_create(ctx,
- &sess_conf, sess_mp, priv_mp);
+ &sess_conf, sess_mp);
}
#endif
sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 844659aeca..cbbbedd9ba 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
(struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx,
- (struct rte_security_session *)ctx->sess);
+ (void *)ctx->sess);
} else
#endif
{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e6ceeb487f..82f819211a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -81,7 +81,7 @@ struct crypto_unittest_params {
union {
struct rte_cryptodev_sym_session *sess;
#ifdef RTE_LIB_SECURITY
- struct rte_security_session *sec_session;
+ void *sec_session;
#endif
};
#ifdef RTE_LIB_SECURITY
@@ -8276,8 +8276,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx,
- &sess_conf, ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ &sess_conf, ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s()-%d line %d failed %s: ",
@@ -8537,8 +8536,7 @@ test_pdcp_proto_SGL(int i, int oop,
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx,
- &sess_conf, ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ &sess_conf, ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s()-%d line %d failed %s: ",
@@ -9022,8 +9020,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (ut_params->sec_session == NULL)
return TEST_SKIPPED;
@@ -9420,8 +9417,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s(%d) line %d: %s\n",
@@ -9596,8 +9592,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = {
static int
dummy_sec_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess, struct rte_mempool *mp)
+ void *sess)
{
RTE_SET_USED(device);
RTE_SET_USED(conf);
- RTE_SET_USED(mp);
-
- sess->sess_private_data = NULL;
+ RTE_SET_USED(sess);
return 0;
}
static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
{
RTE_SET_USED(device);
RTE_SET_USED(sess);
@@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
static struct rte_security_session_conf conf;
ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
- &conf, qp->mp_session,
- qp->mp_session_private);
+ &conf, qp->mp_session);
if (ut->ss[j].security.ses == NULL)
return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..b02c2cf207 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -207,7 +207,7 @@
* and put back in session_destroy.
*
* @param expected_priv_mp_usage expected number of used priv mp objects
- */
+ *
#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do { \
struct security_testsuite_params *ts_params = &testsuite_params;\
unsigned int priv_mp_usage; \
@@ -218,7 +218,7 @@
"but there are %u allocated objects", \
expected_priv_mp_usage, priv_mp_usage); \
} while (0)
-
+*/
/**
* Mockup structures and functions for rte_security_ops;
*
@@ -253,37 +253,37 @@
static struct mock_session_create_data {
void *device;
struct rte_security_session_conf *conf;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mempool *mp;
- struct rte_mempool *priv_mp;
+// struct rte_mempool *priv_mp;
int ret;
int called;
int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
static int
mock_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *priv_mp)
+ void *sess)
+// struct rte_mempool *priv_mp)
{
- void *sess_priv;
- int ret;
+// void *sess_priv;
+// int ret;
mock_session_create_exp.called++;
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
- MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
+// MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
if (mock_session_create_exp.ret == 0) {
- ret = rte_mempool_get(priv_mp, &sess_priv);
- TEST_ASSERT_EQUAL(0, ret,
- "priv mempool does not have enough objects");
+// ret = rte_mempool_get(priv_mp, &sess_priv);
+// TEST_ASSERT_EQUAL(0, ret,
+// "priv mempool does not have enough objects");
- set_sec_session_private_data(sess, sess_priv);
+// set_sec_session_private_data(sess, sess_priv);
mock_session_create_exp.sess = sess;
}
@@ -297,7 +297,7 @@ mock_session_create(void *device,
*/
static struct mock_session_update_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_session_conf *conf;
int ret;
@@ -308,7 +308,7 @@ static struct mock_session_update_data {
static int
mock_session_update(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf)
{
mock_session_update_exp.called++;
@@ -351,7 +351,7 @@ mock_session_get_size(void *device)
*/
static struct mock_session_stats_get_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_security_stats *stats;
int ret;
@@ -362,7 +362,7 @@ static struct mock_session_stats_get_data {
static int
mock_session_stats_get(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats)
{
mock_session_stats_get_exp.called++;
@@ -381,7 +381,7 @@ mock_session_stats_get(void *device,
*/
static struct mock_session_destroy_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
int ret;
@@ -390,15 +390,9 @@ static struct mock_session_destroy_data {
} mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
{
- void *sess_priv = get_sec_session_private_data(sess);
-
mock_session_destroy_exp.called++;
- if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
- rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
- set_sec_session_private_data(sess, NULL);
- }
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
@@ -412,7 +406,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
*/
static struct mock_set_pkt_metadata_data {
void *device;
- struct rte_security_session *sess;
+ void *sess;
struct rte_mbuf *m;
void *params;
@@ -424,7 +418,7 @@ static struct mock_set_pkt_metadata_data {
static int
mock_set_pkt_metadata(void *device,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m,
void *params)
{
@@ -536,7 +530,6 @@ struct rte_security_ops mock_ops = {
*/
static struct security_testsuite_params {
struct rte_mempool *session_mpool;
- struct rte_mempool *session_priv_mpool;
} testsuite_params = { NULL };
/**
@@ -549,7 +542,7 @@ static struct security_testsuite_params {
static struct security_unittest_params {
struct rte_security_ctx ctx;
struct rte_security_session_conf conf;
- struct rte_security_session *sess;
+ void *sess;
} unittest_params = {
.ctx = {
.device = NULL,
@@ -563,7 +556,7 @@ static struct security_unittest_params {
#define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
#define SECURITY_TEST_MEMPOOL_SIZE 15
#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
/**
* testsuite_setup initializes whole test suite parameters.
@@ -577,26 +570,27 @@ testsuite_setup(void)
ts_params->session_mpool = rte_mempool_create(
SECURITY_TEST_MEMPOOL_NAME,
SECURITY_TEST_MEMPOOL_SIZE,
- SECURITY_TEST_SESSION_OBJ_SZ,
+ SECURITY_TEST_SESSION_OBJ_SZ +
+ SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
0, 0, NULL, NULL, NULL, NULL,
SOCKET_ID_ANY, 0);
TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
"Cannot create mempool %s\n", rte_strerror(rte_errno));
- ts_params->session_priv_mpool = rte_mempool_create(
- SECURITY_TEST_PRIV_MEMPOOL_NAME,
- SECURITY_TEST_MEMPOOL_SIZE,
- SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
- 0, 0, NULL, NULL, NULL, NULL,
- SOCKET_ID_ANY, 0);
- if (ts_params->session_priv_mpool == NULL) {
- RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
- "Cannot create priv mempool %s\n",
- __func__, __LINE__, rte_strerror(rte_errno));
- rte_mempool_free(ts_params->session_mpool);
- ts_params->session_mpool = NULL;
- return TEST_FAILED;
- }
+// ts_params->session_priv_mpool = rte_mempool_create(
+// SECURITY_TEST_PRIV_MEMPOOL_NAME,
+// SECURITY_TEST_MEMPOOL_SIZE,
+// SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
+// 0, 0, NULL, NULL, NULL, NULL,
+// SOCKET_ID_ANY, 0);
+// if (ts_params->session_priv_mpool == NULL) {
+// RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
+// "Cannot create priv mempool %s\n",
+// __func__, __LINE__, rte_strerror(rte_errno));
+// rte_mempool_free(ts_params->session_mpool);
+// ts_params->session_mpool = NULL;
+// return TEST_FAILED;
+// }
return TEST_SUCCESS;
}
@@ -612,10 +606,6 @@ testsuite_teardown(void)
rte_mempool_free(ts_params->session_mpool);
ts_params->session_mpool = NULL;
}
- if (ts_params->session_priv_mpool) {
- rte_mempool_free(ts_params->session_priv_mpool);
- ts_params->session_priv_mpool = NULL;
- }
}
/**
@@ -704,7 +694,7 @@ ut_setup_with_session(void)
{
struct security_unittest_params *ut_params = &unittest_params;
struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
+ void *sess;
int ret = ut_setup();
if (ret != TEST_SUCCESS)
@@ -713,12 +703,11 @@ ut_setup_with_session(void)
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = 0;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
+ mock_session_get_size_exp.called = 0;
TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
sess);
TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +746,14 @@ test_session_create_inv_context(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(NULL, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -781,18 +768,16 @@ test_session_create_inv_context_ops(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = NULL;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -807,18 +792,16 @@ test_session_create_inv_context_ops_fun(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
ut_params->ctx.ops = &empty_ops;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -832,16 +815,14 @@ test_session_create_inv_configuration(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, NULL,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -855,16 +836,14 @@ static int
test_session_create_inv_mempool(void)
{
struct security_unittest_params *ut_params = &unittest_params;
- struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
+ void *sess;
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- NULL, ts_params->session_priv_mpool);
+ NULL);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -874,24 +853,24 @@ test_session_create_inv_mempool(void)
* Test execution of rte_security_session_create with NULL session
* priv mempool
*/
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
- struct security_unittest_params *ut_params = &unittest_params;
- struct security_testsuite_params *ts_params = &testsuite_params;
- struct rte_security_session *sess;
-
- sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool, NULL);
- TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
- sess, NULL, "%p");
- TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
- TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
- TEST_ASSERT_SESSION_COUNT(0);
-
- return TEST_SUCCESS;
-}
+//static int
+//test_session_create_inv_sess_priv_mempool(void)
+//{
+// struct security_unittest_params *ut_params = &unittest_params;
+// struct security_testsuite_params *ts_params = &testsuite_params;
+// struct rte_security_session *sess;
+//
+// sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+// ts_params->session_mpool, NULL);
+// TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+// sess, NULL, "%p");
+// TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+// TEST_ASSERT_MEMPOOL_USAGE(0);
+// TEST_ASSERT_PRIV_MP_USAGE(0);
+// TEST_ASSERT_SESSION_COUNT(0);
+//
+// return TEST_SUCCESS;
+//}
/**
* Test execution of rte_security_session_create in case when mempool
@@ -902,9 +881,9 @@ test_session_create_mempool_empty(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
- void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
- struct rte_security_session *sess;
+// struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+ void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+ void *sess;
/* Get all available objects from mempool. */
int i, ret;
@@ -914,34 +893,34 @@ test_session_create_mempool_empty(void)
TEST_ASSERT_EQUAL(0, ret,
"Expect getting %d object from mempool"
" to succeed", i);
- ret = rte_mempool_get(ts_params->session_priv_mpool,
- (void **)(&tmp1[i]));
- TEST_ASSERT_EQUAL(0, ret,
- "Expect getting %d object from priv mempool"
- " to succeed", i);
+// ret = rte_mempool_get(ts_params->session_priv_mpool,
+// (void **)(&tmp1[i]));
+// TEST_ASSERT_EQUAL(0, ret,
+// "Expect getting %d object from priv mempool"
+// " to succeed", i);
}
TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
- TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+// TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
+// ts_params->session_priv_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
- TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+// TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
TEST_ASSERT_SESSION_COUNT(0);
/* Put objects back to the pool. */
for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
rte_mempool_put(ts_params->session_mpool,
(void *)(tmp[i]));
- rte_mempool_put(ts_params->session_priv_mpool,
- (tmp1[i]));
+// rte_mempool_put(ts_params->session_priv_mpool,
+// (tmp1[i]));
}
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
+// TEST_ASSERT_PRIV_MP_USAGE(0);
return TEST_SUCCESS;
}
@@ -955,22 +934,22 @@ test_session_create_ops_failure(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
+// mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = -1; /* Return failure status. */
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
+// ts_params->session_priv_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
sess, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
+// TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
return TEST_SUCCESS;
@@ -984,17 +963,17 @@ test_session_create_success(void)
{
struct security_testsuite_params *ts_params = &testsuite_params;
struct security_unittest_params *ut_params = &unittest_params;
- struct rte_security_session *sess;
+ void *sess;
mock_session_create_exp.device = NULL;
mock_session_create_exp.conf = &ut_params->conf;
mock_session_create_exp.mp = ts_params->session_mpool;
- mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
+// mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
mock_session_create_exp.ret = 0; /* Return success status. */
sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
- ts_params->session_mpool,
- ts_params->session_priv_mpool);
+ ts_params->session_mpool);
+// ts_params->session_priv_mpool);
TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
sess);
TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +982,7 @@ test_session_create_success(void)
sess, mock_session_create_exp.sess);
TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
+// TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
/*
@@ -1389,7 +1368,6 @@ test_session_destroy_inv_context(void)
struct security_unittest_params *ut_params = &unittest_params;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1375,6 @@ test_session_destroy_inv_context(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1414,7 +1391,6 @@ test_session_destroy_inv_context_ops(void)
ut_params->ctx.ops = NULL;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1399,6 @@ test_session_destroy_inv_context_ops(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1440,7 +1415,6 @@ test_session_destroy_inv_context_ops_fun(void)
ut_params->ctx.ops = &empty_ops;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1423,6 @@ test_session_destroy_inv_context_ops_fun(void)
ret, -ENOTSUP, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1464,7 +1437,6 @@ test_session_destroy_inv_session(void)
struct security_unittest_params *ut_params = &unittest_params;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1444,6 @@ test_session_destroy_inv_session(void)
ret, -EINVAL, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1492,7 +1463,6 @@ test_session_destroy_ops_failure(void)
mock_session_destroy_exp.ret = -1;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1471,6 @@ test_session_destroy_ops_failure(void)
ret, -1, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
return TEST_SUCCESS;
@@ -1519,7 +1488,6 @@ test_session_destroy_success(void)
mock_session_destroy_exp.sess = ut_params->sess;
mock_session_destroy_exp.ret = 0;
TEST_ASSERT_MEMPOOL_USAGE(1);
- TEST_ASSERT_PRIV_MP_USAGE(1);
TEST_ASSERT_SESSION_COUNT(1);
int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1496,6 @@ test_session_destroy_success(void)
ret, 0, "%d");
TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
TEST_ASSERT_MEMPOOL_USAGE(0);
- TEST_ASSERT_PRIV_MP_USAGE(0);
TEST_ASSERT_SESSION_COUNT(0);
/*
@@ -2495,8 +2462,8 @@ static struct unit_test_suite security_testsuite = {
test_session_create_inv_configuration),
TEST_CASE_ST(ut_setup, ut_teardown,
test_session_create_inv_mempool),
- TEST_CASE_ST(ut_setup, ut_teardown,
- test_session_create_inv_sess_priv_mempool),
+// TEST_CASE_ST(ut_setup, ut_teardown,
+// test_session_create_inv_sess_priv_mempool),
TEST_CASE_ST(ut_setup, ut_teardown,
test_session_create_mempool_empty),
TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 60963a8208..93a56994da 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1022,8 +1022,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
if (likely(op->sym->sec_session != NULL))
sess = (struct aesni_mb_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ (op->sym->sec_session);
#endif
} else {
void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
@@ -1639,7 +1638,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
* this is for DOCSIS
*/
is_docsis_sec = 1;
- sess = get_sec_session_private_data(op->sym->sec_session);
+ sess = (struct aesni_mb_session *)(op->sym->sec_session);
} else
#endif
{
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 48a8f91868..39c67e3952 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,10 +1056,8 @@ struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
*/
static int
aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
@@ -1069,40 +1067,22 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
return -EINVAL;
}
- if (rte_mempool_get(mempool, &sess_private_data)) {
- AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
- ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
- sess_private_data);
-
+ ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess);
if (ret != 0) {
AESNI_MB_LOG(ERR, "Failed to configure session parameters");
-
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/** Clear the memory of session so it doesn't leave key material behind */
static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess)
{
- void *sess_priv = get_sec_session_private_data(sess);
+ if (sess)
+ memset(sess, 0, sizeof(struct aesni_mb_session));
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
- memset(sess_priv, 0, sizeof(struct aesni_mb_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
- }
return 0;
}
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 258750afe7..ce7a100778 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
cryptodev_driver_id);
break;
case RTE_CRYPTO_OP_SECURITY_SESSION:
- ses = (struct caam_jr_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ ses = (struct caam_jr_session *)(op->sym->sec_session);
break;
default:
CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
static int
caam_jr_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- CAAM_JR_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = caam_jr_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = caam_jr_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
@@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev,
}
if (ret != 0) {
CAAM_JR_ERR("failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/* Clear the memory of session so it doesn't leave key material behind */
static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ struct caam_jr_session *s = (struct caam_jr_session *)sess;
+ if (sess) {
rte_free(s->cipher_key.data);
rte_free(s->auth_key.data);
memset(sess, 0, sizeof(struct caam_jr_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 3caf05aab9..99968cc353 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -120,8 +120,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- sec_sess = get_sec_session_private_data(
- sym_op->sec_session);
+ sec_sess = (struct cn10k_sec_session *)
+ (sym_op->sec_session);
ret = cpt_sec_inst_fill(op, sec_sess, &inst[0]);
if (unlikely(ret))
return 0;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index ebb2a7ec48..6f31fd04c6 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,16 +35,14 @@ static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sess)
{
struct roc_ot_ipsec_outb_sa *out_sa;
struct cnxk_ipsec_outb_rlens rlens;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
out_sa = &sa->out_sa;
@@ -93,15 +91,13 @@ static int
cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sess)
{
struct roc_ot_ipsec_inb_sa *in_sa;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
in_sa = &sa->in_sa;
@@ -132,7 +128,7 @@ static int
cn10k_ipsec_session_create(void *dev,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sess)
+ struct cn10k_sec_session *sess)
{
struct rte_cryptodev *crypto_dev = dev;
struct roc_cpt *roc_cpt;
@@ -161,55 +157,28 @@ cn10k_ipsec_session_create(void *dev,
static int
cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct cn10k_sec_session *priv;
- int ret;
+ struct cn10k_sec_session *priv = sess;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
return -EINVAL;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- plt_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
- ret = -ENOTSUP;
- goto mempool_put;
+ return -ENOTSUP;
}
- ret = cn10k_ipsec_session_create(device, &conf->ipsec,
- conf->crypto_xform, sess);
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
+ return cn10k_ipsec_session_create(device, &conf->ipsec,
+ conf->crypto_xform, priv);
}
static int
-cn10k_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
{
- struct cn10k_sec_session *priv;
- struct rte_mempool *sess_mp;
-
- priv = get_sec_session_private_data(sess);
+ struct cn10k_sec_session *priv = sess;
if (priv == NULL)
return 0;
-
- sess_mp = rte_mempool_from_obj(priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
+ memset(priv, 0, sizeof(*priv));
return 0;
}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
return -ENOTSUP;
}
- priv = get_sec_session_private_data(op->sym->sec_session);
+ priv = (struct cn9k_sec_session *)(op->sym->sec_session);
sa = &priv->sa;
if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 63ae025030..f3a6df0145 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -274,13 +274,12 @@ static int
cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct cn9k_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
struct roc_ie_on_ip_template *template = NULL;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_outb_sa *out_sa;
- struct cn9k_sec_session *sess;
struct roc_ie_on_sa_ctl *ctl;
struct cn9k_ipsec_sa *sa;
struct rte_ipv6_hdr *ip6;
@@ -292,7 +291,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
size_t ctx_len;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
out_sa = &sa->out_sa;
ctl = &out_sa->common_sa.ctl;
@@ -420,12 +418,11 @@ static int
cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct cn9k_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform = crypto_xform;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_inb_sa *in_sa;
- struct cn9k_sec_session *sess;
struct cn9k_ipsec_sa *sa;
const uint8_t *auth_key;
union cpt_inst_w4 w4;
@@ -434,7 +431,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
size_t ctx_len = 0;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
in_sa = &sa->in_sa;
@@ -498,7 +494,7 @@ static int
cn9k_ipsec_session_create(void *dev,
struct rte_security_ipsec_xform *ipsec_xform,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct cn9k_sec_session *sess)
{
struct rte_cryptodev *crypto_dev = dev;
struct cnxk_cpt_qp *qp;
@@ -529,53 +525,32 @@ cn9k_ipsec_session_create(void *dev,
static int
cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct cn9k_sec_session *priv;
- int ret;
+ struct cn9k_sec_session *priv = sess;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
return -EINVAL;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- plt_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
memset(priv, 0, sizeof(*priv));
- set_sec_session_private_data(sess, priv);
-
if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
- ret = -ENOTSUP;
- goto mempool_put;
+ return -ENOTSUP;
}
- ret = cn9k_ipsec_session_create(device, &conf->ipsec,
- conf->crypto_xform, sess);
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
+ return cn9k_ipsec_session_create(device, &conf->ipsec,
+ conf->crypto_xform, priv);
}
static int
-cn9k_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
{
struct roc_ie_on_outb_sa *out_sa;
struct cn9k_sec_session *priv;
- struct rte_mempool *sess_mp;
struct roc_ie_on_sa_ctl *ctl;
struct cn9k_ipsec_sa *sa;
- priv = get_sec_session_private_data(sess);
+ priv = sess;
if (priv == NULL)
return 0;
@@ -587,13 +562,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
rte_io_wmb();
- sess_mp = rte_mempool_from_obj(priv);
-
memset(priv, 0, sizeof(*priv));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
-
return 0;
}
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index dfa72f3f93..176f1a27a0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1358,8 +1358,7 @@ build_sec_fd(struct rte_crypto_op *op,
op->sym->session, cryptodev_driver_id);
#ifdef RTE_LIB_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
- sess = (dpaa2_sec_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess = (dpaa2_sec_session *)(op->sym->sec_session);
#endif
else
return -ENOTSUP;
@@ -1532,7 +1531,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
struct rte_crypto_op *op;
uint16_t len = DPAA2_GET_FD_LEN(fd);
int16_t diff = 0;
- dpaa2_sec_session *sess_priv __rte_unused;
+ dpaa2_sec_session *sess_priv;
struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1545,8 +1544,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
mbuf->buf_iova = op->sym->aead.digest.phys_addr;
op->sym->aead.digest.phys_addr = 0L;
- sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
if (sess_priv->dir == DIR_ENC)
mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
else
@@ -3395,63 +3393,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
static int
dpaa2_sec_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- DPAA2_SEC_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = dpaa2_sec_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
case RTE_SECURITY_PROTOCOL_PDCP:
- ret = dpaa2_sec_set_pdcp_session(cdev, conf,
- sess_private_data);
+ ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
break;
default:
return -EINVAL;
}
if (ret != 0) {
DPAA2_SEC_ERR("Failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
/** Clear the memory of session so it doesn't leave key material behind */
static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
- if (sess_priv) {
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
+ if (sess) {
rte_free(s->ctxt);
rte_free(s->cipher_key.data);
rte_free(s->auth_key.data);
memset(s, 0, sizeof(dpaa2_sec_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d5aa2748d6..5a087df090 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1793,8 +1793,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
#ifdef RTE_LIB_SECURITY
case RTE_CRYPTO_OP_SECURITY_SESSION:
ses = (dpaa_sec_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ (op->sym->sec_session);
break;
#endif
default:
@@ -2572,7 +2571,6 @@ static inline void
free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
{
struct dpaa_sec_dev_private *qi = dev->data->dev_private;
- struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
uint8_t i;
for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2582,7 +2580,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
s->qp[i] = NULL;
}
free_session_data(s);
- rte_mempool_put(sess_mp, (void *)s);
}
/** Clear the memory of session so it doesn't leave key material behind */
@@ -3117,26 +3114,23 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
static int
dpaa_sec_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- void *sess_private_data;
+// void *sess_private_data = sess;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
- if (rte_mempool_get(mempool, &sess_private_data)) {
- DPAA_SEC_ERR("Couldn't get object from session mempool");
- return -ENOMEM;
- }
+// if (rte_mempool_get(mempool, &sess_private_data)) {
+// DPAA_SEC_ERR("Couldn't get object from session mempool");
+// return -ENOMEM;
+// }
switch (conf->protocol) {
case RTE_SECURITY_PROTOCOL_IPSEC:
- ret = dpaa_sec_set_ipsec_session(cdev, conf,
- sess_private_data);
+ ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_PDCP:
- ret = dpaa_sec_set_pdcp_session(cdev, conf,
- sess_private_data);
+ ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
break;
case RTE_SECURITY_PROTOCOL_MACSEC:
return -ENOTSUP;
@@ -3146,28 +3140,24 @@ dpaa_sec_security_session_create(void *dev,
if (ret != 0) {
DPAA_SEC_ERR("failed to configure session parameters");
/* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
+// rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
+// set_sec_session_private_data(sess, sess_private_data);
return ret;
}
/** Clear the memory of session so it doesn't leave key material behind */
static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
{
PMD_INIT_FUNC_TRACE();
- void *sess_priv = get_sec_session_private_data(sess);
- dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+ dpaa_sec_session *s = (dpaa_sec_session *)sess;
- if (sess_priv) {
+ if (sess)
free_session_memory((struct rte_cryptodev *)dev, s);
- set_sec_session_private_data(sess, NULL);
- }
return 0;
}
#endif
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index a72642a772..245a4ad353 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
return -EINVAL;
}
- sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
if (unlikely(sess == NULL)) {
MRVL_LOG(ERR, "Session was not created for this device! %d",
cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
/** Clear the memory of session so it doesn't leave key material behind */
static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
{
- void *sess_priv = get_sec_session_private_data(sess);
-
/* Zero out the whole structure */
- if (sess_priv) {
+ if (sess) {
struct mrvl_crypto_session *mrvl_sess =
(struct mrvl_crypto_session *)sess_priv;
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
if (mrvl_sess->sam_sess &&
sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
rte_free(mrvl_sess->sam_sess_params.cipher_key);
rte_free(mrvl_sess->sam_sess_params.auth_key);
rte_free(mrvl_sess->sam_sess_params.cipher_iv);
- memset(sess, 0, sizeof(struct rte_security_session));
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
uint8_t esn;
int ret;
- priv = get_sec_session_private_data(op->sym->sec_session);
+ priv = (struct otx2_sec_session *)(op->sym->sec_session);
sess = &priv->ipsec.lp;
sa = &sess->in_sa;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@ static int
crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
struct otx2_ipsec_po_sa_ctl *ctl;
int cipher_key_len, auth_key_len;
struct otx2_ipsec_po_out_sa *sa;
- struct otx2_sec_session *sess;
struct otx2_cpt_inst_s inst;
struct rte_ipv6_hdr *ip6;
struct rte_ipv4_hdr *ip;
int ret, ctx_len;
- sess = get_sec_session_private_data(sec_sess);
sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
lp = &sess->ipsec.lp;
@@ -398,7 +396,7 @@ static int
crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
struct otx2_ipsec_po_sa_ctl *ctl;
int cipher_key_len, auth_key_len;
struct otx2_ipsec_po_in_sa *sa;
- struct otx2_sec_session *sess;
struct otx2_cpt_inst_s inst;
int ret;
- sess = get_sec_session_private_data(sec_sess);
sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
lp = &sess->ipsec.lp;
@@ -512,7 +508,7 @@ static int
crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct otx2_sec_session *sess)
{
int ret;
@@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
static int
otx2_crypto_sec_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct otx2_sec_session *priv;
+ struct otx2_sec_session *priv = sess;
int ret;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device,
if (rte_security_dynfield_register() < 0)
return -rte_errno;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- otx2_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
priv->userdata = conf->userdata;
if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
conf->crypto_xform,
- sess);
+ priv);
else
ret = -ENOTSUP;
- if (ret)
- goto mempool_put;
-
- return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
return ret;
}
static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
{
- struct otx2_sec_session *priv;
- struct rte_mempool *sess_mp;
+ struct otx2_sec_session *priv = sess;
- priv = get_sec_session_private_data(sess);
-
- if (priv == NULL)
- return 0;
-
- sess_mp = rte_mempool_from_obj(priv);
-
- memset(priv, 0, sizeof(*priv));
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
+ if (priv)
+ memset(priv, 0, sizeof(*priv));
return 0;
}
@@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused)
}
static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
- struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
op->sym->session, qat_sym_driver_id);
#ifdef RTE_LIB_SECURITY
} else {
- ctx = (struct qat_sym_session *)get_sec_session_private_data(
- op->sym->sec_session);
+ ctx = (struct qat_sym_session *)(op->sym->sec_session);
if (likely(ctx)) {
if (unlikely(ctx->bpi_ctx == NULL)) {
QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
op = (struct rte_crypto_op *)ops[i];
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- ctx = (struct qat_sym_session *)
- get_sec_session_private_data(
- op->sym->sec_session);
+ ctx = (struct qat_sym_session *)(op->sym->sec_session);
if (ctx == NULL || ctx->bpi_ctx == NULL)
continue;
@@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
* Assuming at this point that if it's a security
* op, that this is for DOCSIS
*/
- sess = (struct qat_sym_session *)
- get_sec_session_private_data(
- rx_op->sym->sec_session);
+ sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
is_docsis_sec = 1;
} else
#endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
int
qat_security_session_create(void *dev,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess_private_data)
{
- void *sess_private_data;
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
@@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev,
return -EINVAL;
}
- if (rte_mempool_get(mempool, &sess_private_data)) {
- QAT_LOG(ERR, "Couldn't get object from session mempool");
- return -ENOMEM;
- }
-
ret = qat_sec_session_set_docsis_parameters(cdev, conf,
sess_private_data);
if (ret != 0) {
QAT_LOG(ERR, "Failed to configure session parameters");
- /* Return session to mempool */
- rte_mempool_put(mempool, sess_private_data);
return ret;
}
- set_sec_session_private_data(sess, sess_private_data);
-
return ret;
}
int
-qat_security_session_destroy(void *dev __rte_unused,
- struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
{
- void *sess_priv = get_sec_session_private_data(sess);
struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
if (sess_priv) {
if (s->bpi_ctx)
bpi_cipher_ctx_free(s->bpi_ctx);
memset(s, 0, qat_sym_session_get_private_size(dev));
- struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, sess_priv);
}
return 0;
}
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
#ifdef RTE_LIB_SECURITY
int
qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
- struct rte_security_session *sess, struct rte_mempool *mempool);
+ void *sess);
int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
#endif
#endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..7e3f05a067 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
static int
ixgbe_crypto_create_session(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *session,
- struct rte_mempool *mempool)
+ void *session)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
- struct ixgbe_crypto_session *ic_session = NULL;
+ struct ixgbe_crypto_session *ic_session = session;
struct rte_crypto_aead_xform *aead_xform;
struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf;
- if (rte_mempool_get(mempool, (void **)&ic_session)) {
- PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
- return -ENOMEM;
- }
-
if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
conf->crypto_xform->aead.algo !=
RTE_CRYPTO_AEAD_AES_GCM) {
PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
ic_session->spi = conf->ipsec.spi;
ic_session->dev = eth_dev;
- set_sec_session_private_data(session, ic_session);
-
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
if (ixgbe_crypto_add_sa(ic_session)) {
PMD_DRV_LOG(ERR, "Failed to add SA\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -EPERM;
}
}
@@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device)
}
static int
-ixgbe_crypto_remove_session(void *device,
- struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
{
struct rte_eth_dev *eth_dev = device;
struct ixgbe_crypto_session *ic_session =
- (struct ixgbe_crypto_session *)
- get_sec_session_private_data(session);
- struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+ (struct ixgbe_crypto_session *)session;
if (eth_dev != ic_session->dev) {
PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device,
return -EFAULT;
}
- rte_mempool_put(mempool, (void *)ic_session);
-
return 0;
}
@@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
}
static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
- struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
struct rte_mbuf *m, void *params __rte_unused)
{
- struct ixgbe_crypto_session *ic_session =
- get_sec_session_private_data(session);
+ struct ixgbe_crypto_session *ic_session = session;
+
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
union ixgbe_crypto_tx_desc_md *mdata =
(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,8 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
const void *ip_spec,
uint8_t is_ipv6)
{
- struct ixgbe_crypto_session *ic_session
- = get_sec_session_private_data(sess);
+ struct ixgbe_crypto_session *ic_session =
+ (struct ixgbe_crypto_session *)sess;
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
if (is_ipv6) {
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@ static int
eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sec_sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
struct otx2_cpt_inst_s inst;
struct otx2_cpt_qp *qp;
- priv = get_sec_session_private_data(sec_sess);
+ priv = sec_sess;
priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
sess = &priv->ipsec.ip;
@@ -468,7 +468,7 @@ static int
eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sec_sess)
+ struct otx2_sec_session *sec_sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
ctl = &sa->ctl;
- priv = get_sec_session_private_data(sec_sess);
+ priv = sec_sess;
priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
sess = &priv->ipsec.ip;
@@ -619,7 +619,7 @@ static int
eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
- struct rte_security_session *sess)
+ struct otx2_sec_session *sess)
{
int ret;
@@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
static int
otx2_eth_sec_session_create(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mempool)
+ void *sess)
{
- struct otx2_sec_session *priv;
+ struct otx2_sec_session *priv = sess;
int ret;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
return -ENOTSUP;
- if (rte_mempool_get(mempool, (void **)&priv)) {
- otx2_err("Could not allocate security session private data");
- return -ENOMEM;
- }
-
- set_sec_session_private_data(sess, priv);
-
/*
* Save userdata provided by the application. For ingress packets, this
* could be used to identify the SA.
@@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device,
if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
conf->crypto_xform,
- sess);
+ priv);
else
ret = -ENOTSUP;
if (ret)
- goto mempool_put;
+ return ret;
return 0;
-
-mempool_put:
- rte_mempool_put(mempool, priv);
- set_sec_session_private_data(sess, NULL);
- return ret;
}
static void
@@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
}
static int
-otx2_eth_sec_session_destroy(void *device,
- struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
{
struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
struct otx2_sec_session_ipsec_ip *sess_ip;
struct otx2_ipsec_fp_in_sa *sa;
- struct otx2_sec_session *priv;
- struct rte_mempool *sess_mp;
+ struct otx2_sec_session *priv = sess;
int ret;
- priv = get_sec_session_private_data(sess);
- if (priv == NULL)
- return -EINVAL;
-
sess_ip = &priv->ipsec.ip;
if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device,
return ret;
}
- sess_mp = rte_mempool_from_obj(priv);
-
- set_sec_session_private_data(sess, NULL);
- rte_mempool_put(sess_mp, priv);
-
return 0;
}
@@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused)
}
static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
- struct rte_security_session *session,
- struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+ struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
struct nix_iova_s nix_iova;
} *sd;
- priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+ priv = (void *)(*rte_security_dynfield(m));
sess = &priv->ipsec.ip;
sa = &sess->out_sa;
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..cc6370c2f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
static int
txgbe_crypto_create_session(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *session,
- struct rte_mempool *mempool)
+ void *session)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
- struct txgbe_crypto_session *ic_session = NULL;
+ struct txgbe_crypto_session *ic_session = session;
struct rte_crypto_aead_xform *aead_xform;
struct rte_eth_conf *dev_conf = ð_dev->data->dev_conf;
- if (rte_mempool_get(mempool, (void **)&ic_session)) {
- PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
- return -ENOMEM;
- }
-
if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
conf->crypto_xform->aead.algo !=
RTE_CRYPTO_AEAD_AES_GCM) {
PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
ic_session->spi = conf->ipsec.spi;
ic_session->dev = eth_dev;
- set_sec_session_private_data(session, ic_session);
-
if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
if (txgbe_crypto_add_sa(ic_session)) {
PMD_DRV_LOG(ERR, "Failed to add SA\n");
- rte_mempool_put(mempool, (void *)ic_session);
return -EPERM;
}
}
@@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device)
}
static int
-txgbe_crypto_remove_session(void *device,
- struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
{
struct rte_eth_dev *eth_dev = device;
struct txgbe_crypto_session *ic_session =
- (struct txgbe_crypto_session *)
- get_sec_session_private_data(session);
- struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+ (struct txgbe_crypto_session *)session;
if (eth_dev != ic_session->dev) {
PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device,
return -EFAULT;
}
- rte_mempool_put(mempool, (void *)ic_session);
-
return 0;
}
@@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
}
static int
-txgbe_crypto_update_mb(void *device __rte_unused,
- struct rte_security_session *session,
- struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+ struct rte_mbuf *m, void *params __rte_unused)
{
- struct txgbe_crypto_session *ic_session =
- get_sec_session_private_data(session);
+ struct txgbe_crypto_session *ic_session = session;
+
if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
union txgbe_crypto_tx_desc_md *mdata =
(union txgbe_crypto_tx_desc_md *)
@@ -662,7 +644,7 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
uint8_t is_ipv6)
{
struct txgbe_crypto_session *ic_session =
- get_sec_session_private_data(sess);
+ (struct txgbe_crypto_session *)sess;
if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
set_ipsec_conf(sa, &(sess_conf.ipsec));
ips->security.ses = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool,
- ipsec_ctx->session_priv_pool);
+ &sess_conf, ipsec_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
}
ips->security.ses = rte_security_session_create(sec_ctx,
- &sess_conf, skt_ctx->session_pool,
- skt_ctx->session_priv_pool);
+ &sess_conf, skt_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.userdata = (void *) sa;
ips->security.ses = rte_security_session_create(sec_ctx,
- &sess_conf, skt_ctx->session_pool,
- skt_ctx->session_priv_pool);
+ &sess_conf, skt_ctx->session_pool);
if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@ rte_security_dynfield_register(void)
return rte_security_dynfield_offset;
}
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
- struct rte_mempool *mp,
- struct rte_mempool *priv_mp)
+ struct rte_mempool *mp)
{
struct rte_security_session *sess = NULL;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
RTE_PTR_OR_ERR_RET(conf, NULL);
RTE_PTR_OR_ERR_RET(mp, NULL);
- RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+ if (mp->elt_size < sizeof(struct rte_security_session) +
+ instance->ops->session_get_size(instance->device))
+ return NULL;
if (rte_mempool_get(mp, (void **)&sess))
return NULL;
if (instance->ops->session_create(instance->device, conf,
- sess, priv_mp)) {
+ sess->sess_private_data)) {
rte_mempool_put(mp, (void *)sess);
return NULL;
}
instance->sess_cnt++;
- return sess;
+ return sess->sess_private_data;
}
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_security_stats *stats)
+ void *sess, struct rte_security_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
-ENOTSUP);
@@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
}
int
-rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
{
+ struct rte_security_session *s;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
if (ret != 0)
return ret;
- rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+ s = container_of(sess, struct rte_security_session, sess_private_data);
+ rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
if (instance->sess_cnt)
instance->sess_cnt--;
@@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
int
__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params)
{
#ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index ab1a6e1f65..bef42c0686 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -457,10 +457,12 @@ struct rte_security_session_conf {
};
struct rte_security_session {
- void *sess_private_data;
- /**< Private session material */
uint64_t opaque_data;
/**< Opaque user defined data */
+ uint64_t fast_mdata;
+ /**< Fast metadata to be used for inline path */
+ __extension__ void *sess_private_data[0];
+ /**< Private session material */
};
/**
@@ -474,11 +476,10 @@ struct rte_security_session {
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session *
+void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
- struct rte_mempool *mp,
- struct rte_mempool *priv_mp);
+ struct rte_mempool *mp);
/**
* Update security session as specified by the session configuration
@@ -493,7 +494,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
__rte_experimental
int
rte_security_session_update(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_session_conf *conf);
/**
@@ -524,7 +525,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
*/
int
rte_security_session_destroy(struct rte_security_ctx *instance,
- struct rte_security_session *sess);
+ void *sess);
/** Device-specific metadata field type */
typedef uint64_t rte_security_dynfield_t;
@@ -570,7 +571,7 @@ static inline bool rte_security_dynfield_is_registered(void)
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *m, void *params);
/**
@@ -588,13 +589,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
*/
static inline int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
*rte_security_dynfield(mb) =
- (rte_security_dynfield_t)(sess->sess_private_data);
+ (rte_security_dynfield_t)(sess);
return 0;
}
@@ -644,26 +645,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
*/
static inline int
__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
- struct rte_security_session *sess)
+ void *sess)
{
sym_op->sec_session = sess;
return 0;
}
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
- return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
- void *private_data)
-{
- sess->sess_private_data = private_data;
-}
-
/**
* Attach a session to a crypto operation.
* This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -674,8 +662,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
* @param sess security session
*/
static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
- struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
{
if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
return -EINVAL;
@@ -737,7 +724,7 @@ struct rte_security_stats {
__rte_experimental
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
+ void *sess,
struct rte_security_stats *stats);
/**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 938373205c..9afefc8c4e 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@ extern "C" {
*/
typedef int (*security_session_create_t)(void *device,
struct rte_security_session_conf *conf,
- struct rte_security_session *sess,
- struct rte_mempool *mp);
+ void *sess);
/**
* Free driver private session data.
@@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device,
* @param device Crypto/eth device pointer
* @param sess Security session structure
*/
-typedef int (*security_session_destroy_t)(void *device,
- struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
/**
* Update driver private session data.
@@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device,
* - Returns -ENOTSUP if crypto device does not support the crypto transform.
*/
typedef int (*security_session_update_t)(void *device,
- struct rte_security_session *sess,
- struct rte_security_session_conf *conf);
+ void *sess, struct rte_security_session_conf *conf);
/**
* Get the size of a security session
@@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device);
* - Returns -EINVAL if session parameters are invalid.
*/
typedef int (*security_session_stats_get_t)(void *device,
- struct rte_security_session *sess,
- struct rte_security_stats *stats);
+ void *sess, struct rte_security_stats *stats);
__rte_experimental
int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@ int rte_security_dynfield_register(void);
* Update the mbuf with provided metadata.
*
* @param device Crypto/eth device pointer
- * @param sess Security session structure
+ * @param sess Security session
* @param mb Packet buffer
* @param params Metadata
*
@@ -105,7 +101,7 @@ int rte_security_dynfield_register(void);
* - Returns -ve value for errors.
*/
typedef int (*security_set_pkt_metadata_t)(void *device,
- struct rte_security_session *sess, struct rte_mbuf *mb,
+ void *sess, struct rte_mbuf *mb,
void *params);
/**
--
2.25.1
next prev parent reply other threads:[~2021-09-30 14:51 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 14:50 [dpdk-dev] [PATCH 0/3] crypto/security session framework rework Akhil Goyal
2021-09-30 14:50 ` Akhil Goyal [this message]
2021-09-30 14:50 ` [dpdk-dev] [PATCH 2/3] drivers/net: temporary disable ixgbe and txgbe Akhil Goyal
2021-10-12 12:26 ` Zhang, Roy Fan
2021-10-12 12:29 ` Akhil Goyal
2021-10-12 13:32 ` Zhang, Roy Fan
2021-09-30 14:50 ` [dpdk-dev] [PATCH 3/3] cryptodev: rework session framework Akhil Goyal
2021-10-01 15:53 ` Zhang, Roy Fan
2021-10-04 19:07 ` Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 1/7] security: rework session framework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 1/8] security: rework session framework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 2/8] security: hide security session struct Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 4/8] security: pass session iova in PMD sess create Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 5/8] drivers/crypto: support security session get size op Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 6/8] cryptodev: rework session framework Akhil Goyal
2021-10-20 19:27 ` Ananyev, Konstantin
2021-10-21 6:53 ` Akhil Goyal
2021-10-21 10:38 ` Ananyev, Konstantin
2021-10-21 12:30 ` Akhil Goyal
2021-10-21 13:11 ` Ananyev, Konstantin
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 7/8] cryptodev: hide sym session structure Akhil Goyal
2021-10-18 21:34 ` [dpdk-dev] [PATCH v3 8/8] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-20 14:36 ` [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework Hemant Agrawal
2021-10-20 15:45 ` Power, Ciara
2021-10-20 16:41 ` Akhil Goyal
2021-10-20 16:48 ` Akhil Goyal
2021-10-20 18:04 ` Akhil Goyal
2021-10-21 8:43 ` Zhang, Roy Fan
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 2/7] security: hide security session struct Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 4/7] security: pass session iova in PMD sess create Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 5/7] cryptodev: rework session framework Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 6/7] cryptodev: hide sym session structure Akhil Goyal
2021-10-13 19:22 ` [dpdk-dev] [PATCH v2 7/7] cryptodev: pass session iova in configure session Akhil Goyal
2021-10-14 11:47 ` [dpdk-dev] [PATCH v2 0/7] crypto/security session framework rework Akhil Goyal
2021-10-14 12:30 ` Zhang, Roy Fan
2021-10-14 12:34 ` Akhil Goyal
2021-10-14 17:07 ` Zhang, Roy Fan
2021-10-14 18:23 ` Akhil Goyal
2021-10-14 18:57 ` Akhil Goyal
2021-10-15 15:33 ` Zhang, Roy Fan
2021-10-15 17:42 ` Akhil Goyal
2021-10-15 18:47 ` Akhil Goyal
2021-10-16 13:31 ` Zhang, Roy Fan
2021-10-16 13:21 ` Zhang, Roy Fan
2021-10-15 8:12 ` Zhang, Roy Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210930145014.2476799-2-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=adwivedi@marvell.com \
--cc=ajit.khaparde@broadcom.com \
--cc=anoobj@marvell.com \
--cc=asomalap@amd.com \
--cc=ciara.power@intel.com \
--cc=david.marchand@redhat.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=g.singh@nxp.com \
--cc=hemant.agrawal@nxp.com \
--cc=jianjay.zhou@huawei.com \
--cc=konstantin.ananyev@intel.com \
--cc=matan@nvidia.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).