DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH 0/3] cryptodev: sym session framework rework
@ 2022-08-29 16:06 Fan Zhang
  2022-08-29 16:06 ` [PATCH 1/3] cryptodev: rework session framework Fan Zhang
                   ` (3 more replies)
  0 siblings, 4 replies; 47+ messages in thread
From: Fan Zhang @ 2022-08-29 16:06 UTC (permalink / raw)
  To: dev
  Cc: gakhil, maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	anoobj, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou,
	Fan Zhang

This patchset reworks the symmetric crypto session data structure to
use a single virtual/physical contiguous buffer for symmetric crypto
session and driver private data. In addition the session data
structure is now private. The session is represented as an opaque
pointer in the application.

With the change the session is no longer supported to be accessed
by multiple device drivers. For the same reason
rte_cryptodev_sym_session_init/clear APIs are deprecated as
rte_cryptodev_sym_session_create/free will initialize and
clear the driver specific data field.

Fan Zhang (3):
  cryptodev: rework session framework
  crypto/scheduler: use unified session
  cryptodev: hide sym session structure

 app/test-crypto-perf/cperf_ops.c              |  21 +-
 app/test-crypto-perf/cperf_test_latency.c     |   6 +-
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 app/test-crypto-perf/cperf_test_throughput.c  |   6 +-
 app/test-crypto-perf/cperf_test_verify.c      |   6 +-
 app/test-crypto-perf/main.c                   |  29 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 302 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  42 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
 doc/guides/rel_notes/deprecation.rst          |   9 +
 doc/guides/rel_notes/release_22_11.rst        |   7 +
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  38 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  28 +-
 drivers/crypto/ccp/ccp_crypto.c               |  58 +---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  36 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  31 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  54 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  31 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  37 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   4 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 ++-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  26 +-
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  26 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   8 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +-
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +--
 drivers/crypto/null/null_crypto_pmd.c         |  19 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/qat_sym.c                  |  10 +-
 drivers/crypto/qat/qat_sym.h                  |   4 +-
 drivers/crypto/qat/qat_sym_session.c          |  40 +--
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_failover.c |  19 +-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +
 .../scheduler/scheduler_pkt_size_distr.c      |  84 +++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  87 ++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  30 +-
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  10 +-
 examples/ipsec-secgw/ipsec.c                  |   7 +-
 examples/l2fwd-crypto/main.c                  |  54 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  59 ++--
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_cryptodev.c                 | 280 ++++++----------
 lib/cryptodev/rte_cryptodev.h                 | 153 +++------
 lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
 lib/cryptodev/version.map                     |   6 -
 lib/ipsec/rte_ipsec_group.h                   |   5 +-
 lib/ipsec/ses.c                               |   3 +-
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 82 files changed, 910 insertions(+), 1711 deletions(-)

-- 
2.34.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH 1/3] cryptodev: rework session framework
  2022-08-29 16:06 [PATCH 0/3] cryptodev: sym session framework rework Fan Zhang
@ 2022-08-29 16:06 ` Fan Zhang
  2022-09-15  7:07   ` [EXT] " Akhil Goyal
  2022-08-29 16:06 ` [PATCH 2/3] crypto/scheduler: use unified session Fan Zhang
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 47+ messages in thread
From: Fan Zhang @ 2022-08-29 16:06 UTC (permalink / raw)
  To: dev
  Cc: gakhil, maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	anoobj, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou,
	Fan Zhang

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.

rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  21 +-
 app/test-crypto-perf/cperf_test_latency.c     |   6 +-
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 app/test-crypto-perf/cperf_test_throughput.c  |   6 +-
 app/test-crypto-perf/cperf_test_verify.c      |   6 +-
 app/test-crypto-perf/main.c                   |  29 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 298 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  42 +--
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  38 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  28 +-
 drivers/crypto/ccp/ccp_crypto.c               |  58 +---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  36 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  31 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  54 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  31 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  37 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   4 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 ++-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  26 +-
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  26 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   8 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +-
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +--
 drivers/crypto/null/null_crypto_pmd.c         |  19 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/qat_sym.c                  |  10 +-
 drivers/crypto/qat/qat_sym.h                  |   4 +-
 drivers/crypto/qat/qat_sym_session.c          |  40 +--
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  38 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  30 +-
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  10 +-
 examples/ipsec-secgw/ipsec.c                  |   7 +-
 examples/l2fwd-crypto/main.c                  |  54 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  28 +-
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_cryptodev.c                 | 272 ++++++----------
 lib/cryptodev/rte_cryptodev.h                 | 123 ++------
 lib/cryptodev/rte_cryptodev_trace.h           |  33 +-
 lib/cryptodev/version.map                     |   6 -
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 71 files changed, 545 insertions(+), 1657 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index d746d51082..c6f5735bb0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -912,7 +912,6 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					&sess_conf, sess_mp, priv_mp);
 	}
 #endif
-	sess = rte_cryptodev_sym_session_create(sess_mp);
 	/*
 	 * cipher only
 	 */
@@ -937,8 +936,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &cipher_xform,
+				sess_mp);
 	/*
 	 *  auth only
 	 */
@@ -965,8 +964,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &auth_xform,
+				sess_mp);
 	/*
 	 * cipher and auth
 	 */
@@ -1024,13 +1023,13 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&cipher_xform, sess_mp);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform, sess_mp);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1050,8 +1049,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					options->aead_aad_sz;
 
 		/* Create crypto session */
-		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform,
+				sess_mp);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 6f972cea49..afd8cb209b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -44,10 +44,8 @@ static void
 cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 6b4d09e623..7efeecf848 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -73,10 +73,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		} else
 #endif
-		{
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 
 	rte_mempool_free(ctx->pool);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index cecf30e470..24261a1d10 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -50,10 +50,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		}
 #endif
-		else {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 	rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 5c0dc82290..54f7e8ba2f 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -37,10 +37,8 @@ static void
 cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 17e30a8e74..55d7614d84 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -96,35 +96,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size, 0, 0,
+					socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -135,6 +114,7 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
+		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -322,12 +302,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c
index 81420be73a..30cefcb6dd 100644
--- a/app/test-eventdev/test_perf_common.c
+++ b/app/test-eventdev/test_perf_common.c
@@ -864,18 +864,13 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t)
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	cipher_xform.next = NULL;
 
-	sess = rte_cryptodev_sym_session_create(t->ca_sess_pool);
+	sess = rte_cryptodev_sym_session_create(p->ca.cdev_id, &cipher_xform,
+			t->ca_sess_pool);
 	if (sess == NULL) {
 		evt_err("Failed to create sym session");
 		return NULL;
 	}
 
-	if (rte_cryptodev_sym_session_init(p->ca.cdev_id, sess, &cipher_xform,
-					   t->ca_sess_priv_pool)) {
-		evt_err("Failed to init session");
-		return NULL;
-	}
-
 	return sess;
 }
 
@@ -1382,15 +1377,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 		goto err;
 	}
 
-	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
-		"ca_sess_pool", nb_sessions, 0, 0,
-		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
-	if (t->ca_sess_pool == NULL) {
-		evt_err("Failed to create sym session pool");
-		ret = -ENOMEM;
-		goto err;
-	}
-
 	max_session_size = 0;
 	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		unsigned int session_size;
@@ -1401,12 +1387,11 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 			max_session_size = session_size;
 	}
 
-	max_session_size += sizeof(union rte_event_crypto_metadata);
-	t->ca_sess_priv_pool = rte_mempool_create(
-		"ca_sess_priv_pool", nb_sessions, max_session_size, 0, 0, NULL,
-		NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-	if (t->ca_sess_priv_pool == NULL) {
-		evt_err("failed to create sym session private pool");
+	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
+		"ca_sess_pool", nb_sessions, max_session_size, 0,
+		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
+	if (t->ca_sess_pool == NULL) {
+		evt_err("Failed to create sym session pool");
 		ret = -ENOMEM;
 		goto err;
 	}
@@ -1446,7 +1431,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 		qp_conf.nb_descriptors = NB_CRYPTODEV_DESCRIPTORS;
 		qp_conf.mp_session = t->ca_sess_pool;
-		qp_conf.mp_session_private = t->ca_sess_priv_pool;
 
 		for (qp_id = 0; qp_id < conf.nb_queue_pairs; qp_id++) {
 			ret = rte_cryptodev_queue_pair_setup(
@@ -1467,7 +1451,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 
 	return ret;
@@ -1492,8 +1475,7 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 		for (flow_id = 0; flow_id < t->nb_flows; flow_id++) {
 			sess = p->ca.crypto_sess[flow_id];
 			cdev_id = p->ca.cdev_id;
-			rte_cryptodev_sym_session_clear(cdev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
+			rte_cryptodev_sym_session_free(cdev_id, sess);
 		}
 
 		rte_event_crypto_adapter_queue_pair_del(
@@ -1509,7 +1491,6 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 }
 
diff --git a/app/test-eventdev/test_perf_common.h b/app/test-eventdev/test_perf_common.h
index 8cbd06fe42..d06d52cdf8 100644
--- a/app/test-eventdev/test_perf_common.h
+++ b/app/test-eventdev/test_perf_common.h
@@ -70,7 +70,6 @@ struct test_perf {
 		RTE_EVENT_TIMER_ADAPTER_NUM_MAX] __rte_cache_aligned;
 	struct rte_mempool *ca_op_pool;
 	struct rte_mempool *ca_sess_pool;
-	struct rte_mempool *ca_sess_priv_pool;
 	struct rte_mempool *ca_asym_sess_pool;
 } __rte_cache_aligned;
 
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6ee4480399..c975c38001 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -13,6 +13,7 @@
 #include <rte_pause.h>
 #include <rte_bus_vdev.h>
 #include <rte_ether.h>
+#include <rte_errno.h>
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
@@ -644,23 +645,17 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-
 	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
+			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
+			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
+
 	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
 			"session mempool allocation failed");
 
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -668,7 +663,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -697,15 +691,11 @@ testsuite_teardown(void)
 		rte_mempool_avail_count(ts_params->op_mpool));
 	}
 
-	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
+		rte_mempool_free(ts_params->session_priv_mpool);
+		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -1381,7 +1371,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1441,10 +1430,8 @@ ut_teardown(void)
 #endif
 	{
 		if (ut_params->sess) {
-			rte_cryptodev_sym_session_clear(
-					ts_params->valid_devs[0],
+			rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 					ut_params->sess);
-			rte_cryptodev_sym_session_free(ut_params->sess);
 			ut_params->sess = NULL;
 		}
 	}
@@ -1599,7 +1586,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2144,8 +2130,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
-
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
 	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2190,18 +2174,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	/* Create crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	if (rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2430,7 +2407,6 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	enum rte_crypto_auth_algorithm algo)
 {
 	uint8_t hash_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2450,16 +2426,11 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.digest_length = auth_len;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
 	ut_params->auth_xform.auth.iv.length = iv_len;
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2472,7 +2443,6 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2492,16 +2462,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session */
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2579,7 +2545,6 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 
 {
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2614,17 +2579,12 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
 
@@ -2638,7 +2598,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 {
 	const uint8_t key_len = tdata->key.len;
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2678,16 +2637,11 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2713,7 +2667,6 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2744,26 +2697,19 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	if (cipher_op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 	} else
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
 
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	return 0;
 }
@@ -8194,7 +8140,6 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 		uint8_t iv_len)
 {
 	uint8_t aead_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8216,15 +8161,12 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -8668,7 +8610,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
 				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				NULL);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -12018,7 +11960,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 				   const struct HMAC_MD5_vector *test_case)
 {
 	uint8_t key[64];
-	int status;
 
 	memcpy(key, test_case->key.data, test_case->key.len);
 
@@ -12033,16 +11974,11 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.key.data = key;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+		ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-	if (ut_params->sess == NULL)
-		return TEST_FAILED;
-
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
@@ -12250,12 +12186,9 @@ test_multi_session(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-
 	struct rte_cryptodev_info dev_info;
 	struct rte_cryptodev_sym_session **sessions;
-
 	uint16_t i;
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12282,20 +12215,15 @@ test_multi_session(void)
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-
 		sessions[i] = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
+			return TEST_SKIPPED;
+
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
-
-		status = rte_cryptodev_sym_session_init(
-				ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-		if (status == -ENOTSUP)
-			return TEST_SKIPPED;
-
 		/* Attempt to send a request on each session */
 		TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
 			sessions[i],
@@ -12325,18 +12253,9 @@ test_multi_session(void)
 		}
 	}
 
-	sessions[i] = NULL;
-	/* Next session create should fail */
-	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT_NULL(sessions[i],
-			"Session creation succeeded unexpectedly!");
-
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12387,7 +12306,6 @@ test_multi_session_random_usage(void)
 		},
 
 	};
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12409,11 +12327,6 @@ test_multi_session_random_usage(void)
 					* MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		sessions[i] = rte_cryptodev_sym_session_create(
-				ts_params->session_mpool);
-		TEST_ASSERT_NOT_NULL(sessions[i],
-				"Session creation failed at session number %u",
-				i);
 
 		rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
 				sizeof(struct crypto_unittest_params));
@@ -12423,16 +12336,16 @@ test_multi_session_random_usage(void)
 				ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
 
 		/* Create multiple crypto sessions*/
-		status = rte_cryptodev_sym_session_init(
+		sessions[i] = rte_cryptodev_sym_session_create(
 				ts_params->valid_devs[0],
-				sessions[i],
 				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
-
-		if (status == -ENOTSUP)
+				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
 			return TEST_SKIPPED;
 
-		TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+		TEST_ASSERT_NOT_NULL(sessions[i],
+				"Session creation failed at session number %u",
+				i);
 	}
 
 	srand(time(NULL));
@@ -12470,9 +12383,8 @@ test_multi_session_random_usage(void)
 	}
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12490,7 +12402,6 @@ test_null_invalid_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int ret;
 
 	/* This test is for NULL PMD only */
 	if (gbl_driver_id != rte_cryptodev_driver_id_get(
@@ -12504,17 +12415,13 @@ test_null_invalid_operation(void)
 	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
-
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -12522,14 +12429,11 @@ test_null_invalid_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
 	return TEST_SUCCESS;
@@ -12543,7 +12447,6 @@ test_null_burst_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
 
 	unsigned i, burst_len = NULL_BURST_LENGTH;
 
@@ -12569,19 +12472,14 @@ test_null_burst_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_NULL;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	/* Create Crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(
+				ts_params->valid_devs[0],
+				&ut_params->auth_xform,
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -12692,7 +12590,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12792,7 +12689,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12979,7 +12875,6 @@ static int create_gmac_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t auth_key[tdata->key.len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -12998,15 +12893,13 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -13635,7 +13528,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
 
@@ -13649,15 +13541,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -13670,7 +13560,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(cipher_key, reference->cipher_key.data,
 			reference->cipher_key.len);
@@ -13702,15 +13591,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	}
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -14168,7 +14055,6 @@ test_authenticated_encrypt_with_esn(
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
 	struct rte_cryptodev_info dev_info;
-	int status;
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 	uint64_t feat_flags = dev_info.feature_flags;
@@ -14219,18 +14105,11 @@ test_authenticated_encrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -14355,18 +14234,11 @@ test_authenticated_decrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-
-	if (retval == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -15138,8 +15010,6 @@ test_scheduler_attach_worker_op(void)
 		}
 
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index b5813b956f..4fcdd55660 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -514,11 +513,9 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	 */
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) &&
 			nb_iterates == 0) {
-		sess = rte_cryptodev_sym_session_create(sess_mpool);
-
-		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
-		if (status == -ENOTSUP) {
+		sess = rte_cryptodev_sym_session_create(dev_id, init_xform,
+				sess_mpool);
+		if (sess == NULL) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
 			goto error_exit;
@@ -801,10 +798,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 error_exit:
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
-		if (sess) {
-			rte_cryptodev_sym_session_clear(dev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
-		}
+		if (sess)
+			rte_cryptodev_sym_session_free(dev_id, sess);
 		rte_free(cipher_xform);
 		rte_free(auth_xform);
 	}
@@ -829,7 +824,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 2ecc7e2cea..c6cf9c5401 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -157,7 +157,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *asym_op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_mempool *asym_sess_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
@@ -307,15 +306,10 @@ test_op_forward_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
-		/* Create Crypto session*/
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
-
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
 							&cap);
 		TEST_ASSERT_SUCCESS(ret, "Failed to get adapter capabilities\n");
@@ -683,8 +677,8 @@ test_op_new_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -699,9 +693,6 @@ test_op_new_mode(uint8_t session_less)
 					RTE_CRYPTO_OP_WITH_SESSION,
 					&m_data, sizeof(m_data));
 		}
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
 	} else {
@@ -994,22 +985,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 
 	while ((capability = &info.capabilities[i++])->op !=
@@ -1048,7 +1029,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -1410,11 +1390,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
 
 	/* Free asym session mempool */
 	if (params.asym_sess_mpool != NULL) {
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index aa533483fd..04d231468b 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -370,20 +370,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -428,11 +417,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -647,8 +631,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session, NULL);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
@@ -662,25 +645,15 @@ static int
 create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
-	int32_t rc;
 	struct rte_cryptodev_sym_session *s;
 
-	s = rte_cryptodev_sym_session_create(qp->mp_session);
+	s = rte_cryptodev_sym_session_create(dev_id, ut->crypto_xforms,
+			qp->mp_session);
 	if (s == NULL)
 		return -ENOMEM;
 
-	/* initialize SA crypto session for device */
-	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
-	if (rc == 0) {
-		ut->ss[j].crypto.ses = s;
-		return 0;
-	} else {
-		/* failure, do cleanup */
-		rte_cryptodev_sym_session_clear(dev_id, s);
-		rte_cryptodev_sym_session_free(s);
-		return rc;
-	}
+	ut->ss[j].crypto.ses = s;
+	return 0;
 }
 
 static int
@@ -1196,8 +1169,7 @@ static void
 destroy_crypto_session(struct ipsec_unitest_params *ut,
 	uint8_t crypto_dev, uint32_t j)
 {
-	rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
-	rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
+	rte_cryptodev_sym_session_free(crypto_dev, ut->ss[j].crypto.ses);
 	memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 32127a874c..75a95e3689 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -521,34 +521,23 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL)) {
-			sess = (struct armv8_crypto_session *)
-					get_sym_session_private_data(
-					op->sym->session,
-					cryptodev_driver_id);
+			sess = op->sym->session->data;
 		}
 	} else {
 		/* provide internal session */
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct armv8_crypto_session *)_sess_private_data;
+		sess = (struct armv8_crypto_session *)_sess->data;
 
 		if (unlikely(armv8_crypto_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -674,10 +663,6 @@ process_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index c07ac0489e..176bb9e6a0 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -267,8 +267,7 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -278,43 +277,22 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = sess->data;
 
 	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
 		.dev_configure		= armv8_crypto_pmd_config,
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..d3334dc920 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -211,8 +211,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
 		sess = (struct bcmfs_sym_session *)
-			  get_sym_session_private_data(op->sym->session,
-						       cryptodev_bcmfs_driver_id);
+			op->sym->session->driver_priv_data;
 	}
 
 	if (sess == NULL)
@@ -222,10 +221,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 }
 
 int
-bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -235,45 +233,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+bcmfs_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+			struct rte_cryptodev_sym_session  *sess __rte_unused)
+{}
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..4a0a012ae7 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,8 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    struct rte_cryptodev_sym_session *sess);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8e9cfe73d8..a9c93dea13 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1357,8 +1357,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		ses = (struct caam_jr_session *)
-		get_sym_session_private_data(op->sym->session,
-					cryptodev_driver_id);
+			op->sym->session->driver_priv_data;
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1692,54 +1691,39 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 }
 
 static int
-caam_jr_sym_session_configure(struct rte_cryptodev *dev,
+caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
+	sess_private_data = (void *)sess->driver_priv_data;
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
+caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
 
 	PMD_INIT_FUNC_TRACE();
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index 4bab18323b..bd999abe61 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,9 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1766,9 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1859,9 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2005,9 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2079,9 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2242,9 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2330,9 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2440,9 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2607,9 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2645,9 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2715,9 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2780,9 +2758,8 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op[i]->sym->session,
-						 ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2858,9 +2835,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2934,9 +2909,8 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op_d[i]->sym->session,
-						ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op_d[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 1b600e81ad..e401793a76 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -757,8 +756,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
 	void *sess_private_data;
@@ -769,40 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
+
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
-}
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		      struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops ccp_ops = {
 		.dev_configure		= ccp_pmd_config,
diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h
index 1c4118ee3c..6704e39ab8 100644
--- a/drivers/crypto/ccp/ccp_pmd_private.h
+++ b/drivers/crypto/ccp/ccp_pmd_private.h
@@ -78,8 +78,6 @@ struct ccp_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_mempool *batch_mp;
 	/**< Session Mempool for batch info */
 	struct rte_cryptodev_stats qp_stats;
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index a35a8cd775..7502281ad9 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,33 +56,23 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (struct ccp_session *)
-			get_sym_session_private_data(
-				op->sym->session,
-				ccp_cryptodev_driver_id);
+		sess = (void *)op->sym->session->driver_priv_data;
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
 
-		if (rte_mempool_get(qp->sess_mp, &_sess))
-			return NULL;
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		sess = (struct ccp_session *)_sess_private_data;
+		sess = (void *)_sess->driver_priv_data;
 
 		internals = (struct ccp_private *)qp->dev->data->dev_private;
 		if (unlikely(ccp_set_session_parameters(sess, op->sym->xform,
 							internals) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-					 ccp_cryptodev_driver_id,
-					 _sess_private_data);
+		op->sym->session = _sess;
 	}
 
 	return sess;
@@ -161,13 +151,10 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	for (i = 0; i < nb_dequeued; i++)
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
-			struct ccp_session *sess = (struct ccp_session *)
-					get_sym_session_private_data(
-						ops[i]->sym->session,
-						ccp_cryptodev_driver_id);
+			struct ccp_session *sess =
+				(void *)ops[i]->sym->session->driver_priv_data;
 
-			rte_mempool_put(qp->sess_mp_priv,
-					sess);
+			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
 					ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 586941cd70..f96e132513 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -22,24 +22,23 @@
 static inline struct cnxk_se_sess *
 cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn10k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
-	if (ret)
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+				    sess);
+	if (ret) {
+		rte_mempool_put(qp->sess_mp, (void *)sess);
 		goto sess_put;
+	}
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
+	priv = (void *)sess->driver_priv_data;
 	sym_op->session = sess;
 
 	return priv;
@@ -111,8 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = get_sym_session_private_data(
-				sym_op->session, cn10k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -128,8 +126,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 				return 0;
 			}
@@ -296,8 +293,9 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn10k_cryptodev_driver_id);
+			priv = (void *)(
+				((struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -334,8 +332,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn10k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
@@ -543,7 +540,6 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 {
 	const uint8_t uc_compcode = res->uc_compcode;
 	const uint8_t compcode = res->compcode;
-	unsigned int sz;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
@@ -620,11 +616,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b753c1cb4b..a44f111ba6 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,23 +56,20 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 static inline struct cnxk_se_sess *
 cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn9k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
+	priv = (void *)sess->driver_priv_data;
 
 	sym_op->session = sess;
 
@@ -95,8 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = get_sym_session_private_data(
-				sym_op->session, cn9k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -110,8 +106,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -349,8 +344,9 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn9k_cryptodev_driver_id);
+			priv = (void *)((
+				(struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -387,8 +383,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn9k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
@@ -583,8 +578,6 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 			      struct cpt_inflight_req *infl_req,
 			      struct cpt_cn9k_res_s *res)
 {
-	unsigned int sz;
-
 	if (likely(res->compcode == CPT_COMP_GOOD)) {
 		if (unlikely(res->uc_compcode)) {
 			if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
@@ -645,11 +638,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cf91b92c2c..0c76dd36a6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -406,7 +406,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -620,25 +619,14 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv;
-	void *priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
-
 	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
 	if (ret)
 		goto priv_put;
@@ -684,61 +672,37 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
-
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
 
 priv_put:
-	rte_mempool_put(pool, priv);
-
 	return ret;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       struct rte_cryptodev_sym_session *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
-
-	driver_id = dev->driver_id;
 
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
-
-	if (priv == NULL)
-		return;
-
-	sess_priv = priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
-
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 			   struct rte_cryptodev_sym_session *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ffe4ae19aa..ca90567620 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -78,8 +78,6 @@ struct cnxk_cpt_qp {
 	/**< Crypto adapter related info */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 };
 
 int cnxk_cpt_dev_config(struct rte_cryptodev *dev,
@@ -104,18 +102,16 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   struct rte_cryptodev_sym_session *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  struct rte_cryptodev_sym_session *sess);
 
 void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+		struct rte_cryptodev_sym_session *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(struct rte_cryptodev_sym_session *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8444f1a795..5a38d53022 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,8 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-				op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1678,8 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3754,51 +3752,36 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 }
 #endif
 static int
-dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index e68a4875dd..795be3acc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,8 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, cryptodev_driver_id);
+		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 05415dbf3b..0cc773fba6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,10 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sym_session_private_data(
-					op->sym->session,
-					dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1927,10 +1924,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sym_session_private_data(
-						op->sym->session,
-						dpaa_cryptodev_driver_id);
+				ses = (void *)
+					op->sym->session->driver_priv_data;
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2676,31 +2671,19 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -2714,7 +2697,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2724,7 +2706,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -2733,14 +2714,10 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
-	if (sess_priv) {
-		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	free_session_memory(dev, s);
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d081953e26..d2e4d9d787 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1017,8 +1017,8 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)
+			session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 7e8396b4a3..90ce5bc965 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -264,7 +264,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->pmd_type = internals->pmd_type;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	qp->ingress_queue = ipsec_mb_qp_create_processed_ops_ring(qp,
 		qp_conf->nb_descriptors, socket_id);
@@ -312,9 +311,8 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess, struct rte_mempool *mempool)
+	struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
 		&ipsec_mb_pmds[internals->pmd_type];
@@ -330,42 +328,22 @@ ipsec_mb_sym_session_configure(
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		free_mb_mgr(mb_mgr);
-		return -ENOMEM;
-	}
-
-	ret = (*pmd_data->session_configure)(mb_mgr, sess_private_data, xform);
+	ret = (*pmd_data->session_configure)(mb_mgr,
+			(void *)sess->driver_priv_data, xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		free_mb_mgr(mb_mgr);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	free_mb_mgr(mb_mgr);
 	return 0;
 }
 
 /** Clear the session memory */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-			       struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, ipsec_mb_sym_session_get_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index d074b33133..14f962ef28 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -136,8 +136,6 @@ struct ipsec_mb_qp {
 	struct rte_ring *ingress_queue;
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
-	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
 	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
@@ -399,8 +397,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool);
+	struct rte_cryptodev_sym_session *sess);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
@@ -411,50 +408,50 @@ ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
 static __rte_always_inline void *
 ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 {
-	void *sess = NULL;
+	struct rte_cryptodev_sym_session *sess = NULL;
 	uint32_t driver_id = ipsec_mb_get_driver_id(qp->pmd_type);
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	uint8_t sess_type = op->sess_type;
 	void *_sess;
-	void *_sess_private_data = NULL;
 	struct ipsec_mb_internals *pmd_data = &ipsec_mb_pmds[qp->pmd_type];
 
 	switch (sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		if (likely(sym_op->session != NULL))
-			sess = get_sym_session_private_data(sym_op->session,
-							    driver_id);
+			sess = sym_op->session;
+		else
+			goto error_exit;
 	break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
 		if (!qp->sess_mp ||
 		    rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (!qp->sess_mp_priv ||
-		    rte_mempool_get(qp->sess_mp_priv,
-					(void **)&_sess_private_data))
-			return NULL;
+		sess = _sess;
+		if (sess->sess_data_sz < pmd_data->session_priv_size) {
+			rte_mempool_put(qp->sess_mp, _sess);
+			goto error_exit;
+		}
 
-		sess = _sess_private_data;
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-				sess, sym_op->xform) != 0)) {
+			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
-			sess = NULL;
+			goto error_exit;
 		}
 
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sess->driver_id = driver_id;
+		sym_op->session = sess;
+
 	break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	if (unlikely(sess == NULL))
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return (void *)sess->driver_priv_data;
 
-	return sess;
+error_exit:
+	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return NULL;
 }
 
 #endif /* _IPSEC_MB_PRIVATE_H_ */
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 2c033c6f28..e4f274b608 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -241,10 +241,6 @@ handle_completed_gcm_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_gcm_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -455,44 +451,35 @@ static inline struct aesni_gcm_session *
 aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	     struct rte_crypto_op *op)
 {
-	struct aesni_gcm_session *sess = NULL;
-	uint32_t driver_id =
-	    ipsec_mb_get_driver_id(IPSEC_MB_PMD_TYPE_AESNI_GCM);
+	struct rte_cryptodev_sym_session *sess = NULL;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct aesni_gcm_session *)
-			    get_sym_session_private_data(sym_op->session,
-							 driver_id);
+			sess = sym_op->session;
 	} else {
-		void *_sess;
-		void *_sess_private_data = NULL;
-
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (rte_mempool_get(qp->sess_mp, (void **)&sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
+		if (unlikely(sess->sess_data_sz <
+				sizeof(struct aesni_gcm_session))) {
+			rte_mempool_put(qp->sess_mp, sess);
 			return NULL;
-
-		sess = (struct aesni_gcm_session *)_sess_private_data;
+		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				 _sess_private_data, sym_op->xform) != 0)) {
-			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
+				(void *)sess->driver_priv_data,
+				sym_op->xform) != 0)) {
+			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sym_op->session = sess;
 	}
 
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return sess;
+	return (void *)sess->driver_priv_data;
 }
 
 static uint16_t
@@ -712,22 +699,15 @@ aesni_gmac_sgl_verify(struct aesni_gcm_session *s,
 
 /** Process CPU crypto bulk operations */
 static uint32_t
-aesni_gcm_process_bulk(struct rte_cryptodev *dev,
+aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			struct rte_cryptodev_sym_session *sess,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s;
+	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
-	s = (struct aesni_gcm_session *) get_sym_session_private_data(sess,
-		dev->driver_id);
-	if (unlikely(s == NULL)) {
-		aesni_gcm_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 6d5d3ce8eb..fe5a7005f3 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1710,8 +1710,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 {
 	struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data;
 	struct aesni_mb_session *sess = NULL;
-	uint32_t driver_id = ipsec_mb_get_driver_id(
-						IPSEC_MB_PMD_TYPE_AESNI_MB);
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
 	uint8_t is_docsis_sec = 0;
@@ -1725,15 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-	{
-		sess = get_sym_session_private_data(op->sym->session,
-						driver_id);
-	}
-
-	if (unlikely(sess == NULL)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
-		return op;
-	}
+		sess = (void *)op->sym->session->driver_priv_data;
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -1771,10 +1761,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_mb_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -2028,7 +2014,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
 }
 
 static uint32_t
-aesni_mb_process_bulk(struct rte_cryptodev *dev,
+aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
 	struct rte_crypto_sym_vec *vec)
 {
@@ -2037,15 +2023,9 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s;
+	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
-	s = get_sym_session_private_data(sess, dev->driver_id);
-	if (s == NULL) {
-		ipsec_mb_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
index d953d6e5f5..97e7cef233 100644
--- a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
+++ b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
@@ -290,10 +290,6 @@ handle_completed_chacha20_poly1305_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct chacha20_poly1305_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index c9d4f9d0ae..b2fb168154 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -231,11 +231,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct kasumi_session));
-			memset(
-			    ops[i]->sym->session, 0,
-			    rte_cryptodev_sym_get_existing_header_session_size(
-				ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -287,8 +282,9 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct kasumi_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct kasumi_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 	return processed_op;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 9a85f46721..f052d6d847 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -362,10 +362,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct snow3g_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -417,8 +413,9 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct snow3g_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct snow3g_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index e36c7092d6..92fd9d1808 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -239,10 +239,6 @@ process_ops(struct rte_crypto_op **ops, enum ipsec_mb_operation op_type,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(sessions[i], 0, sizeof(struct zuc_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index eb7616257e..46ea507cf5 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -171,14 +171,13 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  struct rte_cryptodev_sym_session *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data =
+		(void *)session->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -189,17 +188,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -239,8 +230,6 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
@@ -250,16 +239,13 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
@@ -369,8 +355,8 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess = get_sym_session_private_data
-				(op->sym->session, mlx5_crypto_driver_id);
+	struct mlx5_crypto_session *sess =
+		(void *)op->sym->session->driver_priv_data;
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..bb86f671a4 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -597,13 +597,7 @@ mrvl_request_prepare_crp(struct sam_cio_op_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sym_session_private_data(
-					     op->sym->session,
-					     cryptodev_driver_id);
-	if (unlikely(sess == NULL)) {
-		MRVL_LOG(ERR, "Session was not created for this device!");
-		return -EINVAL;
-	}
+	sess = (struct mrvl_crypto_session *)op->sym->session->data;
 
 	request->sa = sess->sam_sess;
 	request->cookie = op;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index f828dc9db5..214c0fcb08 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -736,8 +736,7 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	void *sess_private_data;
@@ -748,23 +747,15 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
+	sess_private_data = sess->data;
 	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
 
 	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
 	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
@@ -791,8 +782,7 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = sess->data;
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
@@ -803,11 +793,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
 			MRVL_LOG(ERR, "Error while destroying session!");
 		}
-
-		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index cb5393d2f1..505024a810 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -530,24 +530,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 }
 
 static int
-nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
+nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
-	void *mp_obj;
-	struct nitrox_crypto_ctx *ctx;
+	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -585,38 +577,23 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
+	ctx->iova = sess->driver_priv_data_iova;
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
-{
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
-}
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev __rte_unused,
+			  struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct nitrox_crypto_ctx *
 get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return get_sym_session_private_data(op->sym->session,
-							   nitrox_sym_drv_id);
+			return (void *)op->sym->session->driver_priv_data;
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 9ecb434fd0..09aac3065e 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -58,7 +58,7 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(op->sym->session, 0,
 				sizeof(struct null_crypto_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
@@ -78,30 +78,21 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
 			sess = (struct null_crypto_session *)
-					get_sym_session_private_data(
-					sym_op->session, cryptodev_driver_id);
+				sym_op->session->driver_priv_data;
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct null_crypto_session *)_sess_private_data;
+		sess = (struct null_crypto_session *)_sess->driver_priv_data;
 
 		if (unlikely(null_crypto_set_session_parameters(sess,
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+		sym_op->session = _sess;
 	}
 
 	return sess;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 90a675dfff..fb43d3f7b5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -233,7 +233,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -256,8 +255,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -267,43 +265,22 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops pmd_ops = {
 		.dev_configure		= null_crypto_pmd_config,
diff --git a/drivers/crypto/null/null_crypto_pmd_private.h b/drivers/crypto/null/null_crypto_pmd_private.h
index 89c4345b6f..ae34ce6671 100644
--- a/drivers/crypto/null/null_crypto_pmd_private.h
+++ b/drivers/crypto/null/null_crypto_pmd_private.h
@@ -31,8 +31,6 @@ struct null_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 } __rte_cache_aligned;
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 7aee67ab09..cd5ebc2af6 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,25 +242,19 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
+	void *priv = (void *)sess->driver_priv_data;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
@@ -301,9 +294,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
+	misc->ctx_dma_addr = sess->driver_priv_data_iova +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -316,17 +307,14 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
+	void *priv = (void *)sess->driver_priv_data;
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
 	if (priv == NULL)
@@ -336,35 +324,26 @@ sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
 	ctx = SESS_PRIV(misc);
 
 	rte_free(ctx->auth_key);
-
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
 }
 
 static int
-otx_cpt_session_cfg(struct rte_cryptodev *dev,
+otx_cpt_session_cfg(struct rte_cryptodev *dev __rte_unused,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
+otx_cpt_session_clear(struct rte_cryptodev *dev __rte_unused,
 		  struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -528,10 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)
-			get_sym_session_private_data(sym_op->session,
-						     otx_cryptodev_driver_id);
-
+	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -560,21 +536,18 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(instance->sess_mp);
-	if (sess == NULL) {
+	if (rte_mempool_get(instance->sess_mp, (void **)&sess) < 0) {
 		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	ret = sym_session_configure(sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
@@ -583,12 +556,10 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	/* Enqueue op with the tmp session set */
 	req = otx_cpt_enq_single_sym(instance, op);
 	if (unlikely(req == NULL))
-		goto priv_put;
+		goto sess_put;
 
 	return req;
 
-priv_put:
-	sym_session_clear(driver_id, sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -873,13 +844,9 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = get_sym_session_private_data(
-		cop->sym->session, otx_cryptodev_driver_id);
+	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+
 	memset(sess_private_data_t, 0, cpt_get_session_size());
-	memset(cop->sym->session, 0,
-	       rte_cryptodev_sym_get_existing_header_session_size(
-		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index c34fd9a546..ed6841e460 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -70,8 +70,6 @@ struct openssl_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 392b546a63..48e8ff107b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,10 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (struct openssl_session *)
-						get_sym_session_private_data(
-						op->sym->session,
-						cryptodev_driver_id);
+				sess = (void *)
+					op->sym->session->driver_priv_data;
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
@@ -901,32 +899,26 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 			return asym_sess;
 		}
 	} else {
+		struct rte_cryptodev_sym_session *_sess;
 		/* sessionless asymmetric not supported */
 		if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
 			return NULL;
 
 		/* provide internal session */
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		rte_mempool_get(qp->sess_mp, (void **)&_sess);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct openssl_session *)_sess_private_data;
+		sess = (struct openssl_session *)_sess->driver_priv_data;
 
 		if (unlikely(openssl_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+
 	}
 
 	if (sess == NULL)
@@ -2900,10 +2892,6 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index f7ddbf9c73..2a3662ee5a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -764,7 +764,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -794,10 +793,9 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -805,24 +803,14 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = openssl_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1328,20 +1316,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	openssl_reset_session(sess_priv);
 }
 
 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index db6316fbe9..408ae9e42b 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,12 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = get_sym_session_private_data(op->sym->session,
-				qat_sym_driver_id);
-		if (unlikely(!ctx)) {
-			QAT_DP_LOG(ERR, "No session for this device");
-			return -EINVAL;
-		}
+		ctx = (void *)op->sym->session->driver_priv_data;
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -391,8 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (struct qat_sym_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, qat_sym_driver_id);
+	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 074612c11b..2853ac5b88 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -317,9 +317,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 #endif
 	{
 		sess = (struct qat_sym_session *)
-				get_sym_session_private_data(
-				rx_op->sym->session,
-				qat_sym_driver_id);
+			rx_op->sym->session->driver_priv_data;
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 52b3455cf0..8dd2357702 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -219,22 +219,13 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
+qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
-
-	if (sess_priv) {
-		if (s->bpi_ctx)
-			bpi_cipher_ctx_free(s->bpi_ctx);
-		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct qat_sym_session *s = (void *)sess->driver_priv_data;
 
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (s->bpi_ctx)
+		bpi_cipher_ctx_free(s->bpi_ctx);
 }
 
 static int
@@ -505,35 +496,24 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform,
+			(void *)sess->driver_priv_data,
+			sess->driver_priv_data_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
 
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	ossl_legacy_provider_unload();
 # endif
@@ -542,7 +522,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_cryptodev_private *internals = dev->data->dev_private;
@@ -551,7 +532,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int qat_cmd_id;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 01908abd9e..9e4aab06a6 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -123,12 +123,12 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		struct rte_cryptodev_sym_session *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_private_iova);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index f3a1bd626c..b93821783b 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -468,44 +468,18 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 }
 
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+	struct rte_crypto_sym_xform *xform __rte_unused,
+	struct rte_cryptodev_sym_session *sess __rte_unused)
 {
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-	int ret;
-
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
-		if (ret < 0) {
-			CR_SCHED_LOG(ERR, "unable to config sym session");
-			return ret;
-		}
-	}
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-
-	/* Clear private data of workers */
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		rte_cryptodev_sym_session_clear(worker->dev_id, sess);
-	}
-}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index ed64866758..6b9e57ee66 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,8 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -952,12 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)get_sym_session_private_data(
-		sess, cryptodev_virtio_driver_id);
-	if (session == NULL) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid session parameter");
-		return;
-	}
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1070,10 +1064,6 @@ virtio_crypto_sym_clear_session(
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("Close session %"PRIu64" successfully ",
 			session->session_id);
 
-	memset(session, 0, sizeof(struct virtio_crypto_session));
-	struct rte_mempool *sess_mp = rte_mempool_from_obj(session);
-	set_sym_session_private_data(sess, cryptodev_virtio_driver_id, NULL);
-	rte_mempool_put(sess_mp, session);
 	rte_free(malloc_virt_addr);
 }
 
@@ -1292,11 +1282,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1311,12 +1299,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1328,19 +1313,12 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1402,10 +1380,6 @@ virtio_crypto_sym_configure_session(
 			"Unsupported operation chain order parameter");
 		goto error_out;
 	}
-
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 08359b3a39..b7f492a7f2 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,8 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(struct virtio_crypto_session *)get_sym_session_private_data(
-		cop->sym->session, cryptodev_virtio_driver_id);
+		(void *)cop->sym->session->driver_priv_data;
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index 19af134bbe..bce903e007 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -1479,13 +1478,8 @@ run_single_test(uint8_t dev_id,
 		return ret;
 	}
 
-	sess = rte_cryptodev_sym_session_create(env->sess_pool);
-	if (!sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
-	if (ret < 0) {
+	sess = rte_cryptodev_sym_session_create(dev_id, &xform, env->sess_pool);
+	if (!sess) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
 	}
@@ -1508,8 +1502,7 @@ run_single_test(uint8_t dev_id,
 				1);
 	} while (n_deqd == 0);
 
-	rte_cryptodev_sym_session_clear(dev_id, sess);
-	rte_cryptodev_sym_session_free(sess);
+	rte_cryptodev_sym_session_free(dev_id, sess);
 
 	if (env->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
 		return -1;
@@ -1527,7 +1520,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 	rte_mempool_free(env->mpool);
 	rte_mempool_free(env->op_pool);
 	rte_mempool_free(env->sess_pool);
-	rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1535,7 +1527,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1579,25 +1571,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 8bd5a66889..23878f17cd 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -54,7 +54,6 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
@@ -69,7 +68,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -109,16 +108,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -133,7 +127,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -150,7 +143,6 @@ cryptodev_fips_validate_app_int(void)
 
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 
 	return ret;
@@ -161,11 +153,9 @@ cryptodev_fips_validate_app_uninit(void)
 {
 	rte_pktmbuf_free(env.mbuf);
 	rte_crypto_op_free(env.op);
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
+	rte_cryptodev_sym_session_free(env.dev_id, env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1201,13 +1191,9 @@ fips_run_test(void)
 	if (ret < 0)
 		return ret;
 
-	env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
-	if (!env.sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
-	if (ret < 0) {
+	env.sess = rte_cryptodev_sym_session_create(env.dev_id, &xform,
+			env.sess_mpool);
+	if (!env.sess) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
 		goto exit;
@@ -1236,9 +1222,10 @@ fips_run_test(void)
 	vec.status = env.op->status;
 
 exit:
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
-	env.sess = NULL;
+	if (env.sess) {
+		rte_cryptodev_sym_session_free(env.dev_id, env.sess);
+		env.sess = NULL;
+	}
 
 	return ret;
 }
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8a25b83535..ce4b4ba806 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1693,8 +1693,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = qp_desc_nb;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2523,12 +2521,8 @@ one_session_free(struct rte_ipsec_session *ips)
 		if (ips->crypto.ses == NULL)
 			return 0;
 
-		ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
-						      ips->crypto.ses);
-		if (ret)
-			return ret;
-
-		ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+		ret = rte_cryptodev_sym_session_free(ips->crypto.dev_id,
+				ips->crypto.ses);
 	} else {
 		/* Session has not been created */
 		if (ips->security.ctx == NULL || ips->security.ses == NULL)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 7b7bfff696..bb84dcec7e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -174,11 +174,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 
 		}
 		ips->crypto.dev_id = cdev_id;
-		ips->crypto.ses = rte_cryptodev_sym_session_create(
-				skt_ctx->session_pool);
-		rte_cryptodev_sym_session_init(cdev_id,
-				ips->crypto.ses, sa->xforms,
-				skt_ctx->session_priv_pool);
+		ips->crypto.ses = rte_cryptodev_sym_session_create(cdev_id,
+				sa->xforms, skt_ctx->session_pool);
 
 		rte_cryptodev_info_get(cdev_id, &cdev_info);
 	}
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bf4b862379..b555e63ff6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -228,7 +228,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -675,7 +674,6 @@ static struct rte_cryptodev_sym_session *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -697,17 +695,8 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		first_xform = &options->auth_xform;
 	}
 
-	session = rte_cryptodev_sym_session_create(
+	return rte_cryptodev_sym_session_create(cdev_id, first_xform,
 			session_pool_socket[socket_id].sess_mp);
-	if (session == NULL)
-		return NULL;
-
-	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
-		return NULL;
-
-	return session;
 }
 /* >8 End of creation of session. */
 
@@ -2380,13 +2369,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
-		/*
-		 * Two sessions objects are required for each session
-		 * (one for the header, one for the private data)
-		 */
 		if (!strcmp(dev_info.driver_name, "crypto_scheduler")) {
 #ifdef RTE_CRYPTO_SCHEDULER
-			uint32_t nb_workers =
+			/* scheduler session header + 1 session per worker */
+			uint32_t nb_workers = 1 +
 				rte_cryptodev_scheduler_workers_get(cdev_id,
 								NULL);
 
@@ -2395,41 +2381,15 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 				"sess_mp_%u", socket_id);
 
 			session_pool_socket[socket_id].sess_mp =
-					rte_cryptodev_sym_session_pool_create(
-							mp_name,
-							sessions_needed,
-							0, 0, 0, socket_id);
-
+				rte_cryptodev_sym_session_pool_create(
+					mp_name, sessions_needed, max_sess_sz,
+					0, 0, socket_id);
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
 					socket_id);
@@ -2580,8 +2540,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index 7d75623a5e..02987ebd76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+				info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 3dcc3cb7ed..f518a0f89b 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -311,8 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
+
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -337,6 +336,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
+
 /**
  * Clear asymmetric session private data.
  *
@@ -637,28 +637,6 @@ __rte_internal
 void *
 rte_cryptodev_session_event_mdata_get(struct rte_crypto_op *op);
 
-static inline void *
-get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id) {
-	if (unlikely(sess->nb_drivers <= driver_id))
-		return NULL;
-
-	return sess->sess_data[driver_id].data;
-}
-
-static inline void
-set_sym_session_private_data(struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id, void *private_data)
-{
-	if (unlikely(sess->nb_drivers <= driver_id)) {
-		CDEV_LOG_ERR("Set private data for driver %u not allowed\n",
-				driver_id);
-		return;
-	}
-
-	sess->sess_data[driver_id].data = private_data;
-}
-
 /**
  * @internal
  * Cryptodev asymmetric crypto session.
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index c5bfe08b79..019fc0c800 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -39,12 +39,6 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_free,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_session_free,
 	lib.cryptodev.asym.free)
 
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_init,
-	lib.cryptodev.sym.init)
-
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_clear,
-	lib.cryptodev.sym.clear)
-
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_enqueue_burst,
 	lib.cryptodev.enq.burst)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 42f3221052..63b8255a45 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -190,12 +190,9 @@ const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
-/**
- * The private data structure stored in the sym session mempool private data.
- */
 struct rte_cryptodev_sym_session_pool_private_data {
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint16_t sess_data_sz;
+	/**< driver session data size */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
 };
@@ -1202,6 +1199,24 @@ rte_cryptodev_get_qp_status(uint8_t dev_id, uint16_t queue_pair_id)
 	return 0;
 }
 
+static uint8_t
+rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp,
+	uint32_t sess_priv_size)
+{
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (!mp)
+		return 0;
+
+	pool_priv = rte_mempool_get_priv(mp);
+
+	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
+			pool_priv->sess_data_sz < sess_priv_size)
+		return 0;
+
+	return 1;
+}
+
 int
 rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		const struct rte_cryptodev_qp_conf *qp_conf, int socket_id)
@@ -1225,17 +1240,8 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
-		CDEV_LOG_ERR("Invalid mempools\n");
-		return -EINVAL;
-	}
-
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
-		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
 		if (!pool_priv || qp_conf->mp_session->private_data_size <
@@ -1244,13 +1250,9 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 			return -EINVAL;
 		}
 
-		s.nb_drivers = pool_priv->nb_drivers;
-		s.user_data_sz = pool_priv->user_data_sz;
-
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (!rte_cryptodev_sym_is_valid_session_pool(
+			qp_conf->mp_session,
+			rte_cryptodev_sym_get_private_session_size(dev_id))) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1710,53 +1712,6 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 	rte_spinlock_unlock(&rte_cryptodev_cb_lock);
 }
 
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
-{
-	struct rte_cryptodev *dev;
-	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
-			dev_id);
-	uint8_t index;
-	int ret;
-
-	if (!rte_cryptodev_is_valid_dev(dev_id)) {
-		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
-		return -EINVAL;
-	}
-
-	dev = rte_cryptodev_pmd_get_dev(dev_id);
-
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
-		return -EINVAL;
-
-	if (mp->elt_size < sess_priv_sz)
-		return -EINVAL;
-
-	index = dev->driver_id;
-	if (index >= sess->nb_drivers)
-		return -EINVAL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
-
-	if (sess->sess_data[index].refcnt == 0) {
-		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
-		if (ret < 0) {
-			CDEV_LOG_ERR(
-				"dev_id %d failed to configure session details",
-				dev_id);
-			return ret;
-		}
-	}
-
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
-	sess->sess_data[index].refcnt++;
-	return 0;
-}
-
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t user_data_size,
@@ -1766,16 +1721,13 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
 
-	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
-		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
+	obj_sz = sizeof(struct rte_cryptodev_sym_session) + elt_size +
+		user_data_size;
 
+	obj_sz =  RTE_ALIGN_CEIL(obj_sz, RTE_CACHE_LINE_SIZE);
 	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
-			(uint32_t)(sizeof(*pool_priv)),
-			NULL, NULL, NULL, NULL,
+			(uint32_t)(sizeof(*pool_priv)), NULL, NULL,
+			NULL, NULL,
 			socket_id, 0);
 	if (mp == NULL) {
 		CDEV_LOG_ERR("%s(name=%s) failed, rte_errno=%d\n",
@@ -1791,7 +1743,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 		return NULL;
 	}
 
-	pool_priv->nb_drivers = nb_drivers;
+	pool_priv->sess_data_sz = elt_size;
 	pool_priv->user_data_sz = user_data_size;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
@@ -1849,64 +1801,68 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	return mp;
 }
 
-static unsigned int
-rte_cryptodev_sym_session_data_size(struct rte_cryptodev_sym_session *sess)
-{
-	return (sizeof(sess->sess_data[0]) * sess->nb_drivers) +
-			sess->user_data_sz;
-}
-
-static uint8_t
-rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp)
 {
+	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
-	if (!mp)
-		return 0;
-
-	pool_priv = rte_mempool_get_priv(mp);
-
-	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
-			pool_priv->nb_drivers != nb_drivers ||
-			mp->elt_size <
-				rte_cryptodev_sym_get_header_session_size()
-				+ pool_priv->user_data_sz)
-		return 0;
+	uint32_t sess_priv_sz;
+	int ret;
 
-	return 1;
-}
+	if (!rte_cryptodev_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
 
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mp)
-{
-	struct rte_cryptodev_sym_session *sess;
-	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+	if (xforms == NULL) {
+		CDEV_LOG_ERR("Invalid xform\n");
+		return NULL;
+	}
 
-	if (!rte_cryptodev_sym_is_valid_session_pool(mp)) {
+	sess_priv_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
+	if (!rte_cryptodev_sym_is_valid_session_pool(mp, sess_priv_sz)) {
 		CDEV_LOG_ERR("Invalid mempool\n");
 		return NULL;
 	}
 
-	pool_priv = rte_mempool_get_priv(mp);
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	/* Allocate a session structure from the session pool */
 	if (rte_mempool_get(mp, (void **)&sess)) {
 		CDEV_LOG_ERR("couldn't get object from session mempool");
+		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	sess->nb_drivers = pool_priv->nb_drivers;
+	pool_priv = rte_mempool_get_priv(mp);
+	sess->driver_id = dev->driver_id;
+	sess->sess_data_sz = pool_priv->sess_data_sz;
 	sess->user_data_sz = pool_priv->user_data_sz;
-	sess->opaque_data = 0;
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_cryptodev_sym_session, driver_priv_data);
 
-	/* Clear device session pointer.
-	 * Include the flag indicating presence of user data
-	 */
-	memset(sess->sess_data, 0,
-			rte_cryptodev_sym_session_data_size(sess));
+	if (dev->dev_ops->sym_session_configure == NULL) {
+		rte_errno = ENOTSUP;
+		goto error_exit;
+	}
 
-	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	ret = dev->dev_ops->sym_session_configure(dev, xforms, sess);
+	if (ret < 0) {
+		rte_errno = -ret;
+		goto error_exit;
+	}
+	sess->driver_id = dev->driver_id;
+
+	rte_cryptodev_trace_sym_session_create(dev_id, sess, xforms, mp);
+
+	return (void *)sess;
+error_exit:
+	rte_mempool_put(mp, (void *)sess);
+	return NULL;
 }
 
 int
@@ -1985,11 +1941,15 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_cryptodev *dev;
-	uint8_t driver_id;
+	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (sess == NULL)
+		return -EINVAL;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
@@ -2001,37 +1961,24 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 	if (dev == NULL || sess == NULL)
 		return -EINVAL;
 
-	driver_id = dev->driver_id;
-	if (sess->sess_data[driver_id].refcnt == 0)
-		return 0;
-	if (--sess->sess_data[driver_id].refcnt != 0)
-		return -EBUSY;
+	sess_mp = rte_mempool_from_obj(sess);
+	if (!sess_mp)
+		return -EINVAL;
+	pool_priv = rte_mempool_get_priv(sess_mp);
+
+	if (sess->driver_id != dev->driver_id) {
+		CDEV_LOG_ERR("Session created by driver %u but freed by %u",
+			sess->driver_id, dev->driver_id);
+		return -EINVAL;
+	}
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
 	dev->dev_ops->sym_session_clear(dev, sess);
-
-	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
-	return 0;
-}
-
-int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t i;
-	struct rte_mempool *sess_mp;
-
-	if (sess == NULL)
-		return -EINVAL;
-
-	/* Check that all device private data has been freed */
-	for (i = 0; i < sess->nb_drivers; i++) {
-		if (sess->sess_data[i].refcnt != 0)
-			return -EBUSY;
-	}
+	memset(sess->driver_priv_data, 0, pool_priv->sess_data_sz +
+		pool_priv->user_data_sz);
 
 	/* Return session to mempool */
-	sess_mp = rte_mempool_from_obj(sess);
 	rte_mempool_put(sess_mp, sess);
 
 	rte_cryptodev_trace_sym_session_free(sess);
@@ -2068,33 +2015,6 @@ rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess)
 	return 0;
 }
 
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void)
-{
-	/*
-	 * Header contains pointers to the private data of all registered
-	 * drivers and all necessary information to ensure safely clear
-	 * or free al session.
-	 */
-	struct rte_cryptodev_sym_session s = {0};
-
-	s.nb_drivers = nb_drivers;
-
-	return (unsigned int)(sizeof(s) +
-			rte_cryptodev_sym_session_data_size(&s));
-}
-
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess)
-{
-	if (!sess)
-		return 0;
-	else
-		return (unsigned int)(sizeof(*sess) +
-				rte_cryptodev_sym_session_data_size(sess));
-}
-
 unsigned int
 rte_cryptodev_asym_get_header_session_size(void)
 {
@@ -2141,9 +2061,8 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 
 int
 rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
-					void *data,
-					uint16_t size)
+		struct rte_cryptodev_sym_session *sess, void *data,
+		uint16_t size)
 {
 	if (sess == NULL)
 		return -EINVAL;
@@ -2151,18 +2070,17 @@ rte_cryptodev_sym_session_set_user_data(
 	if (sess->user_data_sz < size)
 		return -ENOMEM;
 
-	rte_memcpy(sess->sess_data + sess->nb_drivers, data, size);
+	rte_memcpy(sess->driver_priv_data + sess->sess_data_sz, data, size);
 	return 0;
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
 {
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
-	return (void *)(sess->sess_data + sess->nb_drivers);
+	return (void *)(sess->driver_priv_data + sess->sess_data_sz);
 }
 
 int
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 56f459c6a0..0c65958f25 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -544,8 +544,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -909,17 +907,21 @@ rte_cryptodev_get_sec_ctx(uint8_t dev_id);
  * has a fixed algo, key, op-type, digest_len etc.
  */
 struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint8_t driver_id;
 	uint64_t opaque_data;
 	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
 	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[];
-	/**< Driver specific session material, variable size */
+	/**< session user data will be placed after sess data */
+	rte_iova_t driver_priv_data_iova;
+	/**< session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
 };
 
 /**
@@ -954,6 +956,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t priv_size,
 	int socket_id);
 
+
 /**
  * Create an asymmetric session mempool.
  *
@@ -980,17 +983,22 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t cache_size, uint16_t user_data_size, int socket_id);
 
 /**
- * Create symmetric crypto session header (generic with no private data)
+ * Create symmetric crypto session and fill out private data for the device id,
+ * based on its device type.
+ *
+ * @param   dev_id   ID of device that we want the session to be used on
+ * @param   xforms   Symmetric crypto transform operations to apply on flow
+ *                   processed with this session
+ * @param   mempool  Mempool where the private data is allocated.
  *
- * @param   mempool    Symmetric session mempool to allocate session
- *                     objects from
  * @return
- *  - On success return pointer to sym-session
- *  - On failure returns NULL
+ *  - On success return pointer to sym-session.
+ *  - On failure returns NULL.
  */
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
-
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp);
 /**
  * Create and initialise an asymmetric crypto session structure.
  * Calls the PMD to configure the private session data.
@@ -1015,19 +1023,20 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 		void **session);
 
 /**
- * Frees symmetric crypto session header, after checking that all
- * the device private data has been freed, returning it
- * to its original mempool.
+ * Frees session for the device id and returning it to its mempool.
+ * It is the application's responsibility to ensure that the session
+ * is not still in-flight operations using it.
  *
+ * @param   dev_id   ID of device that uses the session.
  * @param   sess     Session header to be freed.
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
- *  - -EBUSY if not all device private data has been freed.
+ *  - -EINVAL if session is NULL or the mismatched device ids.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1044,72 +1053,6 @@ __rte_experimental
 int
 rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess);
 
-/**
- * Fill out private data for the device id, based on its device type.
- *
- * @param   dev_id   ID of device that we want the session to be used on
- * @param   sess     Session where the private data will be attached to
- * @param   xforms   Symmetric crypto transform operations to apply on flow
- *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
- *
- * @return
- *  - On success, zero.
- *  - -EINVAL if input parameters are invalid.
- *  - -ENOTSUP if crypto device does not support the crypto transform or
- *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
- */
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
-
-/**
- * Frees private data for the device id, based on its device type,
- * returning it to its mempool. It is the application's responsibility
- * to ensure that private session data is not cleared while there are
- * still in-flight operations using it.
- *
- * @param   dev_id   ID of device that uses the session.
- * @param   sess     Session containing the reference to the private data
- *
- * @return
- *  - 0 if successful.
- *  - -EINVAL if device is invalid or session is NULL.
- *  - -ENOTSUP if crypto device does not support symmetric operations.
- */
-int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
-
-/**
- * Get the size of the header session, for all registered drivers excluding
- * the user data size.
- *
- * @return
- *   Size of the symmetric header session.
- */
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void);
-
-/**
- * Get the size of the header session from created session.
- *
- * @param sess
- *   The sym cryptodev session pointer
- *
- * @return
- *   - If sess is not NULL, return the size of the header session including
- *   the private data size defined within sess.
- *   - If sess is NULL, return 0.
- */
-__rte_experimental
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess);
-
 /**
  * Get the size of the asymmetric session header.
  *
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index a3f6048e7d..055c44fb22 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -74,13 +73,16 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
-	rte_trace_point_emit_ptr(mempool);
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
+		struct rte_cryptodev_sym_session *sess, void *xforms,
+		void *mempool),
+	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
+	rte_trace_point_emit_u8(sess->driver_id);
 	rte_trace_point_emit_u16(sess->user_data_sz);
+	rte_trace_point_emit_ptr(xforms);
+	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
@@ -117,27 +119,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_ptr(sess);
 )
 
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_init,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
-	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
-)
-
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_clear,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-)
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 5aee87c6f7..6fcf6ae985 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -38,12 +38,9 @@ DPDK_23 {
 	rte_cryptodev_sym_capability_check_auth;
 	rte_cryptodev_sym_capability_check_cipher;
 	rte_cryptodev_sym_capability_get;
-	rte_cryptodev_sym_get_header_session_size;
 	rte_cryptodev_sym_get_private_session_size;
-	rte_cryptodev_sym_session_clear;
 	rte_cryptodev_sym_session_create;
 	rte_cryptodev_sym_session_free;
-	rte_cryptodev_sym_session_init;
 
 	local: *;
 };
@@ -60,7 +57,6 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-	rte_cryptodev_sym_get_existing_header_session_size;
 	rte_cryptodev_sym_session_get_user_data;
 	rte_cryptodev_sym_session_pool_create;
 	rte_cryptodev_sym_session_set_user_data;
@@ -78,8 +74,6 @@ EXPERIMENTAL {
 	__rte_cryptodev_trace_asym_session_create;
 	__rte_cryptodev_trace_sym_session_free;
 	__rte_cryptodev_trace_asym_session_free;
-	__rte_cryptodev_trace_sym_session_init;
-	__rte_cryptodev_trace_sym_session_clear;
 	__rte_cryptodev_trace_dequeue_burst;
 	__rte_cryptodev_trace_enqueue_burst;
 
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index b1310be565..cb792bbe0d 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1898,17 +1898,11 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		}
 	}
 
-	session = rte_cryptodev_sym_session_create(cfg->mp_create);
+	session = rte_cryptodev_sym_session_create(cfg->cryptodev_id,
+			p->xform, cfg->mp_create);
 	if (!session)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
-	if (ret < 0) {
-		rte_cryptodev_sym_session_free(session);
-		return ret;
-	}
-
 	data->data_offset = (uint16_t)p->data_offset;
 	data->session = session;
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index b49e389579..2b01ecda08 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -54,8 +54,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -65,7 +63,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 54946f46d9..7321da21b7 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -197,7 +197,6 @@ struct vhost_crypto {
 	struct rte_hash *session_map;
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *wb_pool;
 
 	/** DPDK cryptodev ID */
@@ -376,31 +375,21 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	session = rte_cryptodev_sym_session_create(vcrypto->sess_pool);
+	session = rte_cryptodev_sym_session_create(vcrypto->cid, &xform1,
+			vcrypto->sess_pool);
 	if (!session) {
 		VC_LOG_ERR("Failed to create session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
-		VC_LOG_ERR("Failed to initialize session");
-		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
-		return;
-	}
-
 	/* insert hash to map */
 	if (rte_hash_add_key_data(vcrypto->session_map,
 			&vcrypto->last_session_id, session) < 0) {
 		VC_LOG_ERR("Failed to insert session to hash table");
 
-		if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0)
-			VC_LOG_ERR("Failed to clear session");
-		else {
-			if (rte_cryptodev_sym_session_free(session) < 0)
-				VC_LOG_ERR("Failed to free session");
-		}
+		if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0)
+			VC_LOG_ERR("Failed to free session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
@@ -427,12 +416,7 @@ vhost_crypto_close_sess(struct vhost_crypto *vcrypto, uint64_t session_id)
 		return -VIRTIO_CRYPTO_INVSESS;
 	}
 
-	if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0) {
-		VC_LOG_DBG("Failed to clear session");
-		return -VIRTIO_CRYPTO_ERR;
-	}
-
-	if (rte_cryptodev_sym_session_free(session) < 0) {
+	if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0) {
 		VC_LOG_DBG("Failed to free session");
 		return -VIRTIO_CRYPTO_ERR;
 	}
@@ -1393,7 +1377,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1415,7 +1398,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.34.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH 2/3] crypto/scheduler: use unified session
  2022-08-29 16:06 [PATCH 0/3] cryptodev: sym session framework rework Fan Zhang
  2022-08-29 16:06 ` [PATCH 1/3] cryptodev: rework session framework Fan Zhang
@ 2022-08-29 16:06 ` Fan Zhang
  2022-09-15  7:06   ` [EXT] " Akhil Goyal
  2022-09-18 13:01   ` Akhil Goyal
  2022-08-29 16:06 ` [PATCH 3/3] cryptodev: hide sym session structure Fan Zhang
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
  3 siblings, 2 replies; 47+ messages in thread
From: Fan Zhang @ 2022-08-29 16:06 UTC (permalink / raw)
  To: dev
  Cc: gakhil, maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	anoobj, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou,
	Fan Zhang

This patch updates the scheduler PMD to use unified session
data structure. Previously thanks to the private session
array in cryptodev sym session there are no necessary
change needed for scheduler PMD other than the way ops
are enqueued/dequeued. The patch inherits the same design
in the original session data structure to the scheduler PMD
so the cryptodev sym session can be as a linear buffer for
both session header and driver private data.

With the change there are inevitable extra cost on both memory
(64 bytes per session per driver type) and cycle count (set
the correct session for each cop based on the worker before
enqueue, and retrieve the original session after dequeue).

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 app/test/test_cryptodev.c                     |   4 +-
 drivers/crypto/scheduler/scheduler_failover.c |  19 ++-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +++
 .../scheduler/scheduler_pkt_size_distr.c      |  84 +++++++++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  | 101 ++++++++++++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 +++++++++++++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 7 files changed, 314 insertions(+), 42 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c975c38001..e181b0aa3e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -14986,8 +14986,8 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
-						SOCKET_ID_ANY);
+						MAX_NB_SESSIONS, session_size,
+						0, 0, SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
diff --git a/drivers/crypto/scheduler/scheduler_failover.c b/drivers/crypto/scheduler/scheduler_failover.c
index 2a0e29fa72..7fadcf66d0 100644
--- a/drivers/crypto/scheduler/scheduler_failover.c
+++ b/drivers/crypto/scheduler/scheduler_failover.c
@@ -16,18 +16,19 @@
 struct fo_scheduler_qp_ctx {
 	struct scheduler_worker primary_worker;
 	struct scheduler_worker secondary_worker;
+	uint8_t primary_worker_index;
+	uint8_t secondary_worker_index;
 
 	uint8_t deq_idx;
 };
 
 static __rte_always_inline uint16_t
 failover_worker_enqueue(struct scheduler_worker *worker,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
+		struct rte_crypto_op **ops, uint16_t nb_ops, uint8_t index)
 {
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
+	scheduler_set_worker_session(ops, nb_ops, index);
 
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
@@ -47,13 +48,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		return 0;
 
 	enqueued_ops = failover_worker_enqueue(&qp_ctx->primary_worker,
-			ops, nb_ops);
+			ops, nb_ops, PRIMARY_WORKER_IDX);
 
 	if (enqueued_ops < nb_ops)
 		enqueued_ops += failover_worker_enqueue(
 				&qp_ctx->secondary_worker,
 				&ops[enqueued_ops],
-				nb_ops - enqueued_ops);
+				nb_ops - enqueued_ops,
+				SECONDARY_WORKER_IDX);
 
 	return enqueued_ops;
 }
@@ -94,7 +96,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	qp_ctx->deq_idx = (~qp_ctx->deq_idx) & WORKER_SWITCH_MASK;
 
 	if (nb_deq_ops == nb_ops)
-		return nb_deq_ops;
+		goto retrieve_session;
 
 	worker = workers[qp_ctx->deq_idx];
 
@@ -104,6 +106,9 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		worker->nb_inflight_cops -= nb_deq_ops2;
 	}
 
+retrieve_session:
+	scheduler_retrieve_session(ops, nb_deq_ops + nb_deq_ops2);
+
 	return nb_deq_ops + nb_deq_ops2;
 }
 
diff --git a/drivers/crypto/scheduler/scheduler_multicore.c b/drivers/crypto/scheduler/scheduler_multicore.c
index 900ab4049d..3dea850661 100644
--- a/drivers/crypto/scheduler/scheduler_multicore.c
+++ b/drivers/crypto/scheduler/scheduler_multicore.c
@@ -183,11 +183,19 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 
 	while (!mc_ctx->stop_signal) {
 		if (pending_enq_ops) {
+			scheduler_set_worker_session(
+				&enq_ops[pending_enq_ops_idx], pending_enq_ops,
+				worker_idx);
 			processed_ops =
 				rte_cryptodev_enqueue_burst(worker->dev_id,
 					worker->qp_id,
 					&enq_ops[pending_enq_ops_idx],
 					pending_enq_ops);
+			if (processed_ops < pending_deq_ops)
+				scheduler_retrieve_session(
+					&enq_ops[pending_enq_ops_idx +
+						processed_ops],
+					pending_deq_ops - processed_ops);
 			pending_enq_ops -= processed_ops;
 			pending_enq_ops_idx += processed_ops;
 			inflight_ops += processed_ops;
@@ -195,9 +203,16 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 			processed_ops = rte_ring_dequeue_burst(enq_ring, (void *)enq_ops,
 							MC_SCHED_BUFFER_SIZE, NULL);
 			if (processed_ops) {
+				scheduler_set_worker_session(enq_ops,
+					processed_ops, worker_idx);
 				pending_enq_ops_idx = rte_cryptodev_enqueue_burst(
 						worker->dev_id, worker->qp_id,
 						enq_ops, processed_ops);
+				if (pending_enq_ops_idx < processed_ops)
+					scheduler_retrieve_session(
+						enq_ops + pending_enq_ops_idx,
+						processed_ops -
+						pending_enq_ops_idx);
 				pending_enq_ops = processed_ops - pending_enq_ops_idx;
 				inflight_ops += pending_enq_ops_idx;
 			}
@@ -214,6 +229,8 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 					worker->dev_id, worker->qp_id, deq_ops,
 					MC_SCHED_BUFFER_SIZE);
 			if (processed_ops) {
+				scheduler_retrieve_session(deq_ops,
+					processed_ops);
 				inflight_ops -= processed_ops;
 				if (reordering_enabled) {
 					uint16_t j;
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 933a5c6978..9204f6f608 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -48,34 +48,54 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	};
 	struct psd_schedule_op *p_enq_op;
 	uint16_t i, processed_ops_pri = 0, processed_ops_sec = 0;
-	uint32_t job_len;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
 	for (i = 0; i < nb_ops && i < 4; i++) {
 		rte_prefetch0(ops[i]->sym);
-		rte_prefetch0(ops[i]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 	}
 
 	for (i = 0; (i < (nb_ops - 8)) && (nb_ops > 8); i += 4) {
+		struct scheduler_session_ctx *sess_ctx[4];
+		uint8_t target[4];
+		uint32_t job_len[4];
+
 		rte_prefetch0(ops[i + 4]->sym);
-		rte_prefetch0(ops[i + 4]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 4]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 5]->sym);
-		rte_prefetch0(ops[i + 5]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 5]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 6]->sym);
-		rte_prefetch0(ops[i + 6]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 6]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 7]->sym);
-		rte_prefetch0(ops[i + 7]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
+
+		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
+		sess_ctx[1] =
+			(void *)ops[i + 1]->sym->session->driver_priv_data;
+		sess_ctx[2] =
+			(void *)ops[i + 2]->sym->session->driver_priv_data;
+		sess_ctx[3] =
+			(void *)ops[i + 3]->sym->session->driver_priv_data;
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
 		 */
-		job_len = ops[i]->sym->cipher.data.length;
-		job_len += (ops[i]->sym->cipher.data.length == 0) *
+		job_len[0] = ops[i]->sym->cipher.data.length;
+		job_len[0] += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
 		/* decide the target op based on the job length */
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[0] = !(job_len[0] & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session =
+				sess_ctx[0]->worker_sess[target[0]];
+		p_enq_op = &enq_ops[target[0]];
 
 		/* stop schedule cops before the queue is full, this shall
 		 * prevent the failed enqueue
@@ -89,10 +109,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i];
 		p_enq_op->pos++;
 
-		job_len = ops[i+1]->sym->cipher.data.length;
-		job_len += (ops[i+1]->sym->cipher.data.length == 0) *
+		job_len[1] = ops[i + 1]->sym->cipher.data.length;
+		job_len[1] += (ops[i + 1]->sym->cipher.data.length == 0) *
 				ops[i+1]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[1] = !(job_len[1] & psd_qp_ctx->threshold);
+		if (ops[i + 1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 1]->sym->session =
+				sess_ctx[1]->worker_sess[target[1]];
+		p_enq_op = &enq_ops[target[1]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -103,10 +127,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+1];
 		p_enq_op->pos++;
 
-		job_len = ops[i+2]->sym->cipher.data.length;
-		job_len += (ops[i+2]->sym->cipher.data.length == 0) *
-				ops[i+2]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[2] = ops[i + 2]->sym->cipher.data.length;
+		job_len[2] += (ops[i + 2]->sym->cipher.data.length == 0) *
+				ops[i + 2]->sym->auth.data.length;
+		target[2] = !(job_len[2] & psd_qp_ctx->threshold);
+		if (ops[i + 2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 2]->sym->session =
+				sess_ctx[2]->worker_sess[target[2]];
+		p_enq_op = &enq_ops[target[2]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -117,10 +145,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+2];
 		p_enq_op->pos++;
 
-		job_len = ops[i+3]->sym->cipher.data.length;
-		job_len += (ops[i+3]->sym->cipher.data.length == 0) *
-				ops[i+3]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[3] = ops[i + 3]->sym->cipher.data.length;
+		job_len[3] += (ops[i + 3]->sym->cipher.data.length == 0) *
+				ops[i + 3]->sym->auth.data.length;
+		target[3] = !(job_len[3] & psd_qp_ctx->threshold);
+		if (ops[i + 3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 3]->sym->session =
+				sess_ctx[1]->worker_sess[target[3]];
+		p_enq_op = &enq_ops[target[3]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -133,10 +165,18 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	}
 
 	for (; i < nb_ops; i++) {
+		struct scheduler_session_ctx *sess_ctx =
+			(void *)ops[i]->sym->session->driver_priv_data;
+		uint32_t job_len;
+		uint8_t target;
+
 		job_len = ops[i]->sym->cipher.data.length;
 		job_len += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target = !(job_len & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session = sess_ctx->worker_sess[target];
+		p_enq_op = &enq_ops[target];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -199,6 +239,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	if (worker->nb_inflight_cops) {
 		nb_deq_ops_pri = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+		scheduler_retrieve_session(ops, nb_deq_ops_pri);
 		worker->nb_inflight_cops -= nb_deq_ops_pri;
 	}
 
@@ -213,6 +254,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		nb_deq_ops_sec = rte_cryptodev_dequeue_burst(worker->dev_id,
 				worker->qp_id, &ops[nb_deq_ops_pri],
 				nb_ops - nb_deq_ops_pri);
+		scheduler_retrieve_session(ops, nb_deq_ops_sec);
 		worker->nb_inflight_cops -= nb_deq_ops_sec;
 
 		if (!worker->nb_inflight_cops)
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index b93821783b..f8aa10af64 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -9,6 +9,7 @@
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
 #include <rte_reorder.h>
+#include <rte_errno.h>
 
 #include "scheduler_pmd_private.h"
 
@@ -467,19 +468,107 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 	return max_priv_sess_size;
 }
 
+struct scheduler_configured_sess_info {
+	uint8_t dev_id;
+	uint8_t driver_id;
+	struct rte_cryptodev_sym_session *sess;
+};
+
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
-	struct rte_crypto_sym_xform *xform __rte_unused,
-	struct rte_cryptodev_sym_session *sess __rte_unused)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
+	struct rte_crypto_sym_xform *xform,
+	struct rte_cryptodev_sym_session *sess)
 {
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct rte_mempool *mp = rte_mempool_from_obj(sess);
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info configured_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_configured_sess = 0;
+	int ret = 0;
+
+	if (mp == NULL)
+		return -EINVAL;
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		struct rte_cryptodev_sym_session *worker_sess;
+
+		for (j = 0; j < n_configured_sess; j++) {
+			if (configured_sess[j].driver_id ==
+					worker->driver_id) {
+				sess_ctx->worker_sess[i] =
+					configured_sess[j].sess;
+				goto next_worker;
+			}
+		}
+
+		if (rte_mempool_avail_count(mp) == 0) {
+			ret = -ENOMEM;
+			goto error_exit;
+		}
+
+		worker_sess = rte_cryptodev_sym_session_create(worker->dev_id,
+			xform, mp);
+		if (worker_sess == NULL) {
+			ret = -rte_errno;
+			goto error_exit;
+		}
+
+		worker_sess->opaque_data = (uint64_t)sess;
+		sess_ctx->worker_sess[i] = worker_sess;
+		configured_sess[n_configured_sess].driver_id =
+			worker->driver_id;
+		configured_sess[n_configured_sess].dev_id = worker->dev_id;
+		configured_sess[n_configured_sess].sess = worker_sess;
+		n_configured_sess++;
+next_worker:
+	}
+
 	return 0;
+error_exit:
+	sess_ctx->ref_cnt = sched_ctx->ref_cnt;
+	for (i = 0; i < n_configured_sess; i++)
+		rte_cryptodev_sym_session_free(configured_sess[i].dev_id,
+			configured_sess[i].sess);
+	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
-		struct rte_cryptodev_sym_session *sess __rte_unused)
-{}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *sess)
+{
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info deleted_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_deleted_sess = 0;
+
+	if (sched_ctx->ref_cnt != sess_ctx->ref_cnt) {
+		CR_SCHED_LOG(WARNING,
+			"Worker updated between session creation/deletion. "
+			"The session may not be freed fully.");
+	}
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+
+		for (j = 0; j < n_deleted_sess; j++) {
+			if (deleted_sess[j].driver_id == worker->driver_id) {
+				sess_ctx->worker_sess[i] = NULL;
+				goto next_worker;
+			}
+		}
+
+		rte_cryptodev_sym_session_free(worker->dev_id,
+			sess_ctx->worker_sess[i]);
+
+		deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
+		sess_ctx->worker_sess[i] = NULL;
+next_worker:
+	}
+}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 4d33b9ab44..0e508727a4 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -22,7 +22,6 @@ struct scheduler_worker {
 	uint8_t dev_id;
 	uint16_t qp_id;
 	uint32_t nb_inflight_cops;
-
 	uint8_t driver_id;
 };
 
@@ -37,6 +36,8 @@ struct scheduler_ctx {
 
 	struct scheduler_worker workers[RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
 	uint32_t nb_workers;
+	/* reference count when the workers are incremented/decremented */
+	uint32_t ref_cnt;
 
 	enum rte_cryptodev_scheduler_mode mode;
 
@@ -61,6 +62,11 @@ struct scheduler_qp_ctx {
 	struct rte_ring *order_ring;
 } __rte_cache_aligned;
 
+struct scheduler_session_ctx {
+	uint32_t ref_cnt;
+	struct rte_cryptodev_sym_session *worker_sess[
+		RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
+};
 
 extern uint8_t cryptodev_scheduler_driver_id;
 
@@ -101,6 +107,118 @@ scheduler_order_drain(struct rte_ring *order_ring,
 	return nb_ops_to_deq;
 }
 
+static __rte_always_inline void
+scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
+		uint8_t worker_index)
+{
+	struct rte_crypto_op **op = ops;
+	uint16_t n = nb_ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[1]->sym->session->driver_priv_data;
+			op[1]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[2]->sym->session->driver_priv_data;
+			op[2]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[3]->sym->session->driver_priv_data;
+			op[3]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+			op++;
+		}
+	}
+}
+
+static __rte_always_inline void
+scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	uint16_t n = nb_ops;
+	struct rte_crypto_op **op = ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[1]->sym->session =
+				(void *)op[1]->sym->session->opaque_data;
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[2]->sym->session =
+				(void *)op[2]->sym->session->opaque_data;
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[3]->sym->session =
+				(void *)op[3]->sym->session->opaque_data;
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		op++;
+	}
+}
+
 /** device specific operations function pointer structure */
 extern struct rte_cryptodev_ops *rte_crypto_scheduler_pmd_ops;
 
diff --git a/drivers/crypto/scheduler/scheduler_roundrobin.c b/drivers/crypto/scheduler/scheduler_roundrobin.c
index ace2dec2ec..ad3f8b842a 100644
--- a/drivers/crypto/scheduler/scheduler_roundrobin.c
+++ b/drivers/crypto/scheduler/scheduler_roundrobin.c
@@ -23,16 +23,17 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 			((struct scheduler_qp_ctx *)qp)->private_qp_ctx;
 	uint32_t worker_idx = rr_qp_ctx->last_enq_worker_idx;
 	struct scheduler_worker *worker = &rr_qp_ctx->workers[worker_idx];
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
-
+	scheduler_set_worker_session(ops, nb_ops, worker_idx);
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+	if (processed_ops < nb_ops)
+		scheduler_retrieve_session(ops + processed_ops,
+			nb_ops - processed_ops);
 
 	worker->nb_inflight_cops += processed_ops;
 
@@ -86,7 +87,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	nb_deq_ops = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
-
+	scheduler_retrieve_session(ops, nb_deq_ops);
 	last_worker_idx += 1;
 	last_worker_idx %= rr_qp_ctx->nb_workers;
 
-- 
2.34.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH 3/3] cryptodev: hide sym session structure
  2022-08-29 16:06 [PATCH 0/3] cryptodev: sym session framework rework Fan Zhang
  2022-08-29 16:06 ` [PATCH 1/3] cryptodev: rework session framework Fan Zhang
  2022-08-29 16:06 ` [PATCH 2/3] crypto/scheduler: use unified session Fan Zhang
@ 2022-08-29 16:06 ` Fan Zhang
  2022-09-18 13:19   ` [EXT] " Akhil Goyal
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
  3 siblings, 1 reply; 47+ messages in thread
From: Fan Zhang @ 2022-08-29 16:06 UTC (permalink / raw)
  To: dev
  Cc: gakhil, maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	anoobj, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou,
	Fan Zhang

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec_perf.c                  |  4 +-
 doc/guides/prog_guide/cryptodev_lib.rst     | 16 ++----
 doc/guides/rel_notes/deprecation.rst        |  9 ++++
 doc/guides/rel_notes/release_22_11.rst      |  7 +++
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c   |  2 +-
 drivers/crypto/qat/qat_sym.c                |  2 +-
 lib/cryptodev/cryptodev_pmd.h               | 31 ++++++++++++
 lib/cryptodev/rte_cryptodev.c               | 16 +++---
 lib/cryptodev/rte_cryptodev.h               | 56 ++++++++++-----------
 lib/cryptodev/rte_cryptodev_trace.h         |  8 +--
 lib/ipsec/rte_ipsec_group.h                 |  5 +-
 lib/ipsec/ses.c                             |  3 +-
 13 files changed, 100 insertions(+), 61 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index b5d0c2e036..b221b7fc32 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -227,7 +227,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	void *dummy_ses = NULL;
 	size_t sz;
 	int rc;
 
@@ -247,7 +247,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 9e54683aa1..01aad842a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -125,13 +125,11 @@ Each queue pairs resources may be allocated on a specified socket.
         uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
         struct rte_mempool *mp_session;
         /**< The mempool for creating session in sessionless mode */
-        struct rte_mempool *mp_session_private;
-        /**< The mempool for creating sess private data in sessionless mode */
     };
 
 
-The fields ``mp_session`` and ``mp_session_private`` are used for creating
-temporary session to process the crypto operations in the session-less mode.
+The field ``mp_session`` is used for creating temporary session to process
+the crypto operations in the session-less mode.
 They can be the same other different mempools. Please note not all Cryptodev
 PMDs supports session-less mode.
 
@@ -595,7 +593,7 @@ chain.
         struct rte_mbuf *m_dst;
 
         union {
-            struct rte_cryptodev_sym_session *session;
+            void *session;
             /**< Handle for the initialised session context */
             struct rte_crypto_sym_xform *xform;
             /**< Session-less API Crypto operation parameters */
@@ -943,15 +941,11 @@ using one of the crypto PMDs available in DPDK.
 
     /* Create crypto session and initialize it for the crypto device. */
     struct rte_cryptodev_sym_session *session;
-    session = rte_cryptodev_sym_session_create(session_pool);
+    session = rte_cryptodev_sym_session_create(cdev_id, &cipher_xform,
+                    session_pool);
     if (session == NULL)
         rte_exit(EXIT_FAILURE, "Session could not be created\n");
 
-    if (rte_cryptodev_sym_session_init(cdev_id, session,
-                    &cipher_xform, session_priv_pool) < 0)
-        rte_exit(EXIT_FAILURE, "Session could not be initialized "
-                    "for the crypto device\n");
-
     /* Get a burst of crypto operations. */
     struct rte_crypto_op *crypto_ops[BURST_SIZE];
     if (rte_crypto_op_bulk_alloc(crypto_op_pool,
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index e7583cae4c..ba46b6930f 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -237,3 +237,12 @@ Deprecation Notices
   applications should be updated to use the ``dmadev`` library instead,
   with the underlying HW-functionality being provided by the ``ioat`` or
   ``idxd`` dma drivers
+
+* cryptodev: Hide structure ``rte_cryptodev_sym_session`` to remove unnecessary
+  indirection between session and the private data of session. An opaque pointer
+  can be exposed directly to application which can be attached to the
+  ``rte_crypto_op``.
+
+* cryptodev: The functions ``rte_cryptodev_sym_session_init`` and
+  ``rte_cryptodev_sym_session_clear`` are deprecated. The sym crypto session
+  opaque pointer can no longer be used by different crypto device drivers.
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 7fab9d6550..d6f199573f 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -89,6 +89,13 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* cryptodev: The structure ``rte_cryptodev_sym_session`` was moved to
+  cryptodev_pmd.h and was hidden from the application. The APIs to create/init and
+  destroy sym crypto session were updated to take a single mempool with element size
+  enough to hold session data and session private data. Inline APIs was created to
+  get and set the session data. All sample applications were updated to attach an
+  opaque pointer for the session to the ``rte_crypto_op`` while enqueuing.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 795be3acc3..8c1e0abb95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,7 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d2e4d9d787..93129e7614 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1018,7 +1018,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
-			session_ctx.crypto_sess->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 408ae9e42b..e94a199f4b 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -386,7 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
+	ctx = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 
 	dp_ctx->session = ctx;
 
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index f518a0f89b..7bd39e02a3 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -132,6 +132,37 @@ struct cryptodev_driver {
 	uint8_t id;
 };
 
+/** Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint8_t driver_id;
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
+	uint16_t user_data_sz;
+	/**< session user data will be placed after sess data */
+	rte_iova_t driver_priv_data_iova;
+	/**< session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
+};
+
+/**
+ * Helper macro to get driver private data
+ */
+#define CRYPTODEV_GET_SYM_SESS_PRIV(s) \
+	(void *)(((struct rte_cryptodev_sym_session *)s)->driver_priv_data)
+#define CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(s) \
+	(((struct rte_cryptodev_sym_session *)s)->driver_priv_data_iova)
+
+
 /**
  * Get the rte_cryptodev structure device pointer for the device. Assumes a
  * valid device index.
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 63b8255a45..88dbe71c51 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1941,11 +1941,11 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id, void *_sess)
 {
 	struct rte_cryptodev *dev;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = _sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
 	if (sess == NULL)
@@ -2060,10 +2060,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-		struct rte_cryptodev_sym_session *sess, void *data,
+rte_cryptodev_sym_session_set_user_data(void *_sess, void *data,
 		uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2075,8 +2076,10 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *_sess)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2120,10 +2123,11 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *_sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = _sess;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		sym_crypto_fill_status(vec, EINVAL);
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0c65958f25..0cbdccc61a 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -902,28 +902,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	RTE_MARKER cacheline0;
-	uint8_t driver_id;
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint32_t sess_data_sz;
-	/**< Pointer to the user data stored after sess data */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess data */
-	rte_iova_t driver_priv_data_iova;
-	/**< session driver data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	/**< second cache line - start of the driver session data */
-	uint8_t driver_priv_data[0];
-	/**< Driver specific session data, variable size */
-};
-
 /**
  * Create a symmetric session mempool.
  *
@@ -1036,7 +1014,7 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
  */
 int
 rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess);
+	void *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1136,11 +1114,31 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Get user data stored in a session.
  *
@@ -1153,8 +1151,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Store user data in an asymmetric session.
@@ -1202,7 +1199,7 @@ rte_cryptodev_asym_session_get_user_data(void *sess);
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1244,8 +1241,7 @@ rte_cryptodev_session_event_mdata_set(uint8_t dev_id, void *sess,
  * Union of different crypto session types, including session-less xform
  * pointer.
  */
-union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+union rte_cryptodev_session_ctx {void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 055c44fb22..7b4ec5c389 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,14 +73,10 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess, void *xforms,
 		void *mempool),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u8(sess->driver_id);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 	rte_trace_point_emit_ptr(mempool);
 )
@@ -108,7 +104,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 62c2bd7217..a4e0e128f8 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -45,14 +45,15 @@ static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
 	const struct rte_security_session *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
 		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
-		return (struct rte_ipsec_session *)(uintptr_t)cs->opaque_data;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(cs);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..0d3c932302 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
+			(uintptr_t)ss);
 	else
 		ss->security.ses->opaque_data = (uintptr_t)ss;
 
-- 
2.34.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 2/3] crypto/scheduler: use unified session
  2022-08-29 16:06 ` [PATCH 2/3] crypto/scheduler: use unified session Fan Zhang
@ 2022-09-15  7:06   ` Akhil Goyal
  2022-09-15  7:23     ` Akhil Goyal
  2022-09-18 13:01   ` Akhil Goyal
  1 sibling, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-15  7:06 UTC (permalink / raw)
  To: Fan Zhang, dev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

Hi Fan,

Are these patches getting compiled at your end? Are these a working patchset on Intel platform?
For me it is failing for each of the patch

'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_scheduler_pmd_ops.c.o' -MF 'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_scheduler_pmd_ops.c.o.d' -o 'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_scheduler_pmd_ops.c.o' -c ../drivers/crypto/scheduler/scheduler_pmd_ops.c
../drivers/crypto/scheduler/scheduler_pmd_ops.c: In function 'scheduler_pmd_sym_session_configure':
../drivers/crypto/scheduler/scheduler_pmd_ops.c:525:1: error: label at end of compound statement
  525 | next_worker:
      | ^~~~~~~~~~~
../drivers/crypto/scheduler/scheduler_pmd_ops.c: In function 'scheduler_pmd_sym_session_clear':
../drivers/crypto/scheduler/scheduler_pmd_ops.c:569:1: error: label at end of compound statement
  569 | next_worker:
      | ^~~~~~~~~~~
> This patch updates the scheduler PMD to use unified session
> data structure. Previously thanks to the private session
> array in cryptodev sym session there are no necessary
> change needed for scheduler PMD other than the way ops
> are enqueued/dequeued. The patch inherits the same design
> in the original session data structure to the scheduler PMD
> so the cryptodev sym session can be as a linear buffer for
> both session header and driver private data.
> 
> With the change there are inevitable extra cost on both memory
> (64 bytes per session per driver type) and cycle count (set
> the correct session for each cop based on the worker before
> enqueue, and retrieve the original session after dequeue).
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>



> ---
>  app/test/test_cryptodev.c                     |   4 +-
>  drivers/crypto/scheduler/scheduler_failover.c |  19 ++-
>  .../crypto/scheduler/scheduler_multicore.c    |  17 +++
>  .../scheduler/scheduler_pkt_size_distr.c      |  84 +++++++++---
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  | 101 ++++++++++++++-
>  .../crypto/scheduler/scheduler_pmd_private.h  | 120 +++++++++++++++++-
>  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
>  7 files changed, 314 insertions(+), 42 deletions(-)
> 
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index c975c38001..e181b0aa3e 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -14986,8 +14986,8 @@ test_scheduler_attach_worker_op(void)
>  			ts_params->session_mpool =
>  				rte_cryptodev_sym_session_pool_create(
>  						"test_sess_mp",
> -						MAX_NB_SESSIONS, 0, 0, 0,
> -						SOCKET_ID_ANY);
> +						MAX_NB_SESSIONS,
> session_size,
> +						0, 0, SOCKET_ID_ANY);
>  			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
>  					"session mempool allocation failed");
>  		}
> diff --git a/drivers/crypto/scheduler/scheduler_failover.c
> b/drivers/crypto/scheduler/scheduler_failover.c
> index 2a0e29fa72..7fadcf66d0 100644
> --- a/drivers/crypto/scheduler/scheduler_failover.c
> +++ b/drivers/crypto/scheduler/scheduler_failover.c
> @@ -16,18 +16,19 @@
>  struct fo_scheduler_qp_ctx {
>  	struct scheduler_worker primary_worker;
>  	struct scheduler_worker secondary_worker;
> +	uint8_t primary_worker_index;
> +	uint8_t secondary_worker_index;
> 
>  	uint8_t deq_idx;
>  };
> 
>  static __rte_always_inline uint16_t
>  failover_worker_enqueue(struct scheduler_worker *worker,
> -		struct rte_crypto_op **ops, uint16_t nb_ops)
> +		struct rte_crypto_op **ops, uint16_t nb_ops, uint8_t index)
>  {
> -	uint16_t i, processed_ops;
> +	uint16_t processed_ops;
> 
> -	for (i = 0; i < nb_ops && i < 4; i++)
> -		rte_prefetch0(ops[i]->sym->session);
> +	scheduler_set_worker_session(ops, nb_ops, index);
> 
>  	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
>  			worker->qp_id, ops, nb_ops);
> @@ -47,13 +48,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		return 0;
> 
>  	enqueued_ops = failover_worker_enqueue(&qp_ctx->primary_worker,
> -			ops, nb_ops);
> +			ops, nb_ops, PRIMARY_WORKER_IDX);
> 
>  	if (enqueued_ops < nb_ops)
>  		enqueued_ops += failover_worker_enqueue(
>  				&qp_ctx->secondary_worker,
>  				&ops[enqueued_ops],
> -				nb_ops - enqueued_ops);
> +				nb_ops - enqueued_ops,
> +				SECONDARY_WORKER_IDX);
> 
>  	return enqueued_ops;
>  }
> @@ -94,7 +96,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops,
> uint16_t nb_ops)
>  	qp_ctx->deq_idx = (~qp_ctx->deq_idx) & WORKER_SWITCH_MASK;
> 
>  	if (nb_deq_ops == nb_ops)
> -		return nb_deq_ops;
> +		goto retrieve_session;
> 
>  	worker = workers[qp_ctx->deq_idx];
> 
> @@ -104,6 +106,9 @@ schedule_dequeue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		worker->nb_inflight_cops -= nb_deq_ops2;
>  	}
> 
> +retrieve_session:
> +	scheduler_retrieve_session(ops, nb_deq_ops + nb_deq_ops2);
> +
>  	return nb_deq_ops + nb_deq_ops2;
>  }
> 
> diff --git a/drivers/crypto/scheduler/scheduler_multicore.c
> b/drivers/crypto/scheduler/scheduler_multicore.c
> index 900ab4049d..3dea850661 100644
> --- a/drivers/crypto/scheduler/scheduler_multicore.c
> +++ b/drivers/crypto/scheduler/scheduler_multicore.c
> @@ -183,11 +183,19 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
> 
>  	while (!mc_ctx->stop_signal) {
>  		if (pending_enq_ops) {
> +			scheduler_set_worker_session(
> +				&enq_ops[pending_enq_ops_idx],
> pending_enq_ops,
> +				worker_idx);
>  			processed_ops =
>  				rte_cryptodev_enqueue_burst(worker->dev_id,
>  					worker->qp_id,
>  					&enq_ops[pending_enq_ops_idx],
>  					pending_enq_ops);
> +			if (processed_ops < pending_deq_ops)
> +				scheduler_retrieve_session(
> +					&enq_ops[pending_enq_ops_idx +
> +						processed_ops],
> +					pending_deq_ops - processed_ops);
>  			pending_enq_ops -= processed_ops;
>  			pending_enq_ops_idx += processed_ops;
>  			inflight_ops += processed_ops;
> @@ -195,9 +203,16 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
>  			processed_ops = rte_ring_dequeue_burst(enq_ring,
> (void *)enq_ops,
> 
> 	MC_SCHED_BUFFER_SIZE, NULL);
>  			if (processed_ops) {
> +				scheduler_set_worker_session(enq_ops,
> +					processed_ops, worker_idx);
>  				pending_enq_ops_idx =
> rte_cryptodev_enqueue_burst(
>  						worker->dev_id, worker-
> >qp_id,
>  						enq_ops, processed_ops);
> +				if (pending_enq_ops_idx < processed_ops)
> +					scheduler_retrieve_session(
> +						enq_ops +
> pending_enq_ops_idx,
> +						processed_ops -
> +						pending_enq_ops_idx);
>  				pending_enq_ops = processed_ops -
> pending_enq_ops_idx;
>  				inflight_ops += pending_enq_ops_idx;
>  			}
> @@ -214,6 +229,8 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
>  					worker->dev_id, worker->qp_id,
> deq_ops,
>  					MC_SCHED_BUFFER_SIZE);
>  			if (processed_ops) {
> +				scheduler_retrieve_session(deq_ops,
> +					processed_ops);
>  				inflight_ops -= processed_ops;
>  				if (reordering_enabled) {
>  					uint16_t j;
> diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
> b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
> index 933a5c6978..9204f6f608 100644
> --- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
> +++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
> @@ -48,34 +48,54 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  	};
>  	struct psd_schedule_op *p_enq_op;
>  	uint16_t i, processed_ops_pri = 0, processed_ops_sec = 0;
> -	uint32_t job_len;
> 
>  	if (unlikely(nb_ops == 0))
>  		return 0;
> 
>  	for (i = 0; i < nb_ops && i < 4; i++) {
>  		rte_prefetch0(ops[i]->sym);
> -		rte_prefetch0(ops[i]->sym->session);
> +		rte_prefetch0((uint8_t *)ops[i]->sym->session +
> +			sizeof(struct rte_cryptodev_sym_session));
>  	}
> 
>  	for (i = 0; (i < (nb_ops - 8)) && (nb_ops > 8); i += 4) {
> +		struct scheduler_session_ctx *sess_ctx[4];
> +		uint8_t target[4];
> +		uint32_t job_len[4];
> +
>  		rte_prefetch0(ops[i + 4]->sym);
> -		rte_prefetch0(ops[i + 4]->sym->session);
> +		rte_prefetch0((uint8_t *)ops[i + 4]->sym->session +
> +			sizeof(struct rte_cryptodev_sym_session));
>  		rte_prefetch0(ops[i + 5]->sym);
> -		rte_prefetch0(ops[i + 5]->sym->session);
> +		rte_prefetch0((uint8_t *)ops[i + 5]->sym->session +
> +			sizeof(struct rte_cryptodev_sym_session));
>  		rte_prefetch0(ops[i + 6]->sym);
> -		rte_prefetch0(ops[i + 6]->sym->session);
> +		rte_prefetch0((uint8_t *)ops[i + 6]->sym->session +
> +			sizeof(struct rte_cryptodev_sym_session));
>  		rte_prefetch0(ops[i + 7]->sym);
> -		rte_prefetch0(ops[i + 7]->sym->session);
> +		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
> +			sizeof(struct rte_cryptodev_sym_session));
> +
> +		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
> +		sess_ctx[1] =
> +			(void *)ops[i + 1]->sym->session->driver_priv_data;
> +		sess_ctx[2] =
> +			(void *)ops[i + 2]->sym->session->driver_priv_data;
> +		sess_ctx[3] =
> +			(void *)ops[i + 3]->sym->session->driver_priv_data;
> 
>  		/* job_len is initialized as cipher data length, once
>  		 * it is 0, equals to auth data length
>  		 */
> -		job_len = ops[i]->sym->cipher.data.length;
> -		job_len += (ops[i]->sym->cipher.data.length == 0) *
> +		job_len[0] = ops[i]->sym->cipher.data.length;
> +		job_len[0] += (ops[i]->sym->cipher.data.length == 0) *
>  				ops[i]->sym->auth.data.length;
>  		/* decide the target op based on the job length */
> -		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
> +		target[0] = !(job_len[0] & psd_qp_ctx->threshold);
> +		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			ops[i]->sym->session =
> +				sess_ctx[0]->worker_sess[target[0]];
> +		p_enq_op = &enq_ops[target[0]];
> 
>  		/* stop schedule cops before the queue is full, this shall
>  		 * prevent the failed enqueue
> @@ -89,10 +109,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i];
>  		p_enq_op->pos++;
> 
> -		job_len = ops[i+1]->sym->cipher.data.length;
> -		job_len += (ops[i+1]->sym->cipher.data.length == 0) *
> +		job_len[1] = ops[i + 1]->sym->cipher.data.length;
> +		job_len[1] += (ops[i + 1]->sym->cipher.data.length == 0) *
>  				ops[i+1]->sym->auth.data.length;
> -		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
> +		target[1] = !(job_len[1] & psd_qp_ctx->threshold);
> +		if (ops[i + 1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			ops[i + 1]->sym->session =
> +				sess_ctx[1]->worker_sess[target[1]];
> +		p_enq_op = &enq_ops[target[1]];
> 
>  		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
>  				qp_ctx->max_nb_objs) {
> @@ -103,10 +127,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+1];
>  		p_enq_op->pos++;
> 
> -		job_len = ops[i+2]->sym->cipher.data.length;
> -		job_len += (ops[i+2]->sym->cipher.data.length == 0) *
> -				ops[i+2]->sym->auth.data.length;
> -		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
> +		job_len[2] = ops[i + 2]->sym->cipher.data.length;
> +		job_len[2] += (ops[i + 2]->sym->cipher.data.length == 0) *
> +				ops[i + 2]->sym->auth.data.length;
> +		target[2] = !(job_len[2] & psd_qp_ctx->threshold);
> +		if (ops[i + 2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			ops[i + 2]->sym->session =
> +				sess_ctx[2]->worker_sess[target[2]];
> +		p_enq_op = &enq_ops[target[2]];
> 
>  		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
>  				qp_ctx->max_nb_objs) {
> @@ -117,10 +145,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+2];
>  		p_enq_op->pos++;
> 
> -		job_len = ops[i+3]->sym->cipher.data.length;
> -		job_len += (ops[i+3]->sym->cipher.data.length == 0) *
> -				ops[i+3]->sym->auth.data.length;
> -		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
> +		job_len[3] = ops[i + 3]->sym->cipher.data.length;
> +		job_len[3] += (ops[i + 3]->sym->cipher.data.length == 0) *
> +				ops[i + 3]->sym->auth.data.length;
> +		target[3] = !(job_len[3] & psd_qp_ctx->threshold);
> +		if (ops[i + 3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			ops[i + 3]->sym->session =
> +				sess_ctx[1]->worker_sess[target[3]];
> +		p_enq_op = &enq_ops[target[3]];
> 
>  		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
>  				qp_ctx->max_nb_objs) {
> @@ -133,10 +165,18 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  	}
> 
>  	for (; i < nb_ops; i++) {
> +		struct scheduler_session_ctx *sess_ctx =
> +			(void *)ops[i]->sym->session->driver_priv_data;
> +		uint32_t job_len;
> +		uint8_t target;
> +
>  		job_len = ops[i]->sym->cipher.data.length;
>  		job_len += (ops[i]->sym->cipher.data.length == 0) *
>  				ops[i]->sym->auth.data.length;
> -		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
> +		target = !(job_len & psd_qp_ctx->threshold);
> +		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			ops[i]->sym->session = sess_ctx->worker_sess[target];
> +		p_enq_op = &enq_ops[target];
> 
>  		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
>  				qp_ctx->max_nb_objs) {
> @@ -199,6 +239,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  	if (worker->nb_inflight_cops) {
>  		nb_deq_ops_pri = rte_cryptodev_dequeue_burst(worker-
> >dev_id,
>  			worker->qp_id, ops, nb_ops);
> +		scheduler_retrieve_session(ops, nb_deq_ops_pri);
>  		worker->nb_inflight_cops -= nb_deq_ops_pri;
>  	}
> 
> @@ -213,6 +254,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  		nb_deq_ops_sec = rte_cryptodev_dequeue_burst(worker-
> >dev_id,
>  				worker->qp_id, &ops[nb_deq_ops_pri],
>  				nb_ops - nb_deq_ops_pri);
> +		scheduler_retrieve_session(ops, nb_deq_ops_sec);
>  		worker->nb_inflight_cops -= nb_deq_ops_sec;
> 
>  		if (!worker->nb_inflight_cops)
> diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> index b93821783b..f8aa10af64 100644
> --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
> +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
> @@ -9,6 +9,7 @@
>  #include <rte_cryptodev.h>
>  #include <cryptodev_pmd.h>
>  #include <rte_reorder.h>
> +#include <rte_errno.h>
> 
>  #include "scheduler_pmd_private.h"
> 
> @@ -467,19 +468,107 @@ scheduler_pmd_sym_session_get_size(struct
> rte_cryptodev *dev __rte_unused)
>  	return max_priv_sess_size;
>  }
> 
> +struct scheduler_configured_sess_info {
> +	uint8_t dev_id;
> +	uint8_t driver_id;
> +	struct rte_cryptodev_sym_session *sess;
> +};
> +
>  static int
> -scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev
> __rte_unused,
> -	struct rte_crypto_sym_xform *xform __rte_unused,
> -	struct rte_cryptodev_sym_session *sess __rte_unused)
> +scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
> +	struct rte_crypto_sym_xform *xform,
> +	struct rte_cryptodev_sym_session *sess)
>  {
> +	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> +	struct rte_mempool *mp = rte_mempool_from_obj(sess);
> +	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
> +	struct scheduler_configured_sess_info configured_sess[
> +			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] =
> { 0 };
> +	uint32_t i, j, n_configured_sess = 0;
> +	int ret = 0;
> +
> +	if (mp == NULL)
> +		return -EINVAL;
> +
> +	for (i = 0; i < sched_ctx->nb_workers; i++) {
> +		struct scheduler_worker *worker = &sched_ctx->workers[i];
> +		struct rte_cryptodev_sym_session *worker_sess;
> +
> +		for (j = 0; j < n_configured_sess; j++) {
> +			if (configured_sess[j].driver_id ==
> +					worker->driver_id) {
> +				sess_ctx->worker_sess[i] =
> +					configured_sess[j].sess;
> +				goto next_worker;
> +			}
> +		}
> +
> +		if (rte_mempool_avail_count(mp) == 0) {
> +			ret = -ENOMEM;
> +			goto error_exit;
> +		}
> +
> +		worker_sess = rte_cryptodev_sym_session_create(worker-
> >dev_id,
> +			xform, mp);
> +		if (worker_sess == NULL) {
> +			ret = -rte_errno;
> +			goto error_exit;
> +		}
> +
> +		worker_sess->opaque_data = (uint64_t)sess;
> +		sess_ctx->worker_sess[i] = worker_sess;
> +		configured_sess[n_configured_sess].driver_id =
> +			worker->driver_id;
> +		configured_sess[n_configured_sess].dev_id = worker->dev_id;
> +		configured_sess[n_configured_sess].sess = worker_sess;
> +		n_configured_sess++;
> +next_worker:
> +	}
> +
>  	return 0;
> +error_exit:
> +	sess_ctx->ref_cnt = sched_ctx->ref_cnt;
> +	for (i = 0; i < n_configured_sess; i++)
> +		rte_cryptodev_sym_session_free(configured_sess[i].dev_id,
> +			configured_sess[i].sess);
> +	return ret;
>  }
> 
>  /** Clear the memory of session so it doesn't leave key material behind */
>  static void
> -scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
> -		struct rte_cryptodev_sym_session *sess __rte_unused)
> -{}
> +scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
> +		struct rte_cryptodev_sym_session *sess)
> +{
> +	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
> +	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
> +	struct scheduler_configured_sess_info deleted_sess[
> +			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] =
> { 0 };
> +	uint32_t i, j, n_deleted_sess = 0;
> +
> +	if (sched_ctx->ref_cnt != sess_ctx->ref_cnt) {
> +		CR_SCHED_LOG(WARNING,
> +			"Worker updated between session creation/deletion. "
> +			"The session may not be freed fully.");
> +	}
> +
> +	for (i = 0; i < sched_ctx->nb_workers; i++) {
> +		struct scheduler_worker *worker = &sched_ctx->workers[i];
> +
> +		for (j = 0; j < n_deleted_sess; j++) {
> +			if (deleted_sess[j].driver_id == worker->driver_id) {
> +				sess_ctx->worker_sess[i] = NULL;
> +				goto next_worker;
> +			}
> +		}
> +
> +		rte_cryptodev_sym_session_free(worker->dev_id,
> +			sess_ctx->worker_sess[i]);
> +
> +		deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
> +		sess_ctx->worker_sess[i] = NULL;
> +next_worker:
> +	}
> +}
> 
>  static struct rte_cryptodev_ops scheduler_pmd_ops = {
>  		.dev_configure		= scheduler_pmd_config,
> diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h
> b/drivers/crypto/scheduler/scheduler_pmd_private.h
> index 4d33b9ab44..0e508727a4 100644
> --- a/drivers/crypto/scheduler/scheduler_pmd_private.h
> +++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
> @@ -22,7 +22,6 @@ struct scheduler_worker {
>  	uint8_t dev_id;
>  	uint16_t qp_id;
>  	uint32_t nb_inflight_cops;
> -
>  	uint8_t driver_id;
>  };
> 
> @@ -37,6 +36,8 @@ struct scheduler_ctx {
> 
>  	struct scheduler_worker
> workers[RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
>  	uint32_t nb_workers;
> +	/* reference count when the workers are incremented/decremented */
> +	uint32_t ref_cnt;
> 
>  	enum rte_cryptodev_scheduler_mode mode;
> 
> @@ -61,6 +62,11 @@ struct scheduler_qp_ctx {
>  	struct rte_ring *order_ring;
>  } __rte_cache_aligned;
> 
> +struct scheduler_session_ctx {
> +	uint32_t ref_cnt;
> +	struct rte_cryptodev_sym_session *worker_sess[
> +		RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
> +};
> 
>  extern uint8_t cryptodev_scheduler_driver_id;
> 
> @@ -101,6 +107,118 @@ scheduler_order_drain(struct rte_ring *order_ring,
>  	return nb_ops_to_deq;
>  }
> 
> +static __rte_always_inline void
> +scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
> +		uint8_t worker_index)
> +{
> +	struct rte_crypto_op **op = ops;
> +	uint16_t n = nb_ops;
> +
> +	if (n >= 4) {
> +		rte_prefetch0(op[0]->sym->session);
> +		rte_prefetch0(op[1]->sym->session);
> +		rte_prefetch0(op[2]->sym->session);
> +		rte_prefetch0(op[3]->sym->session);
> +	}
> +
> +	while (n >= 4) {
> +		if (n >= 8) {
> +			rte_prefetch0(op[4]->sym->session);
> +			rte_prefetch0(op[5]->sym->session);
> +			rte_prefetch0(op[6]->sym->session);
> +			rte_prefetch0(op[7]->sym->session);
> +		}
> +
> +		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
> +			struct scheduler_session_ctx *sess_ctx =
> +				(void *)op[0]->sym->session->driver_priv_data;
> +			op[0]->sym->session =
> +				sess_ctx->worker_sess[worker_index];
> +		}
> +
> +		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
> +			struct scheduler_session_ctx *sess_ctx =
> +				(void *)op[1]->sym->session->driver_priv_data;
> +			op[1]->sym->session =
> +				sess_ctx->worker_sess[worker_index];
> +		}
> +
> +		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
> +			struct scheduler_session_ctx *sess_ctx =
> +				(void *)op[2]->sym->session->driver_priv_data;
> +			op[2]->sym->session =
> +				sess_ctx->worker_sess[worker_index];
> +		}
> +
> +		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
> +			struct scheduler_session_ctx *sess_ctx =
> +				(void *)op[3]->sym->session->driver_priv_data;
> +			op[3]->sym->session =
> +				sess_ctx->worker_sess[worker_index];
> +		}
> +
> +		op += 4;
> +		n -= 4;
> +	}
> +
> +	while (n--) {
> +		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
> +			struct scheduler_session_ctx *sess_ctx =
> +				(void *)op[0]->sym->session->driver_priv_data;
> +
> +			op[0]->sym->session =
> +				sess_ctx->worker_sess[worker_index];
> +			op++;
> +		}
> +	}
> +}
> +
> +static __rte_always_inline void
> +scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
> +{
> +	uint16_t n = nb_ops;
> +	struct rte_crypto_op **op = ops;
> +
> +	if (n >= 4) {
> +		rte_prefetch0(op[0]->sym->session);
> +		rte_prefetch0(op[1]->sym->session);
> +		rte_prefetch0(op[2]->sym->session);
> +		rte_prefetch0(op[3]->sym->session);
> +	}
> +
> +	while (n >= 4) {
> +		if (n >= 8) {
> +			rte_prefetch0(op[4]->sym->session);
> +			rte_prefetch0(op[5]->sym->session);
> +			rte_prefetch0(op[6]->sym->session);
> +			rte_prefetch0(op[7]->sym->session);
> +		}
> +
> +		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			op[0]->sym->session =
> +				(void *)op[0]->sym->session->opaque_data;
> +		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			op[1]->sym->session =
> +				(void *)op[1]->sym->session->opaque_data;
> +		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			op[2]->sym->session =
> +				(void *)op[2]->sym->session->opaque_data;
> +		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			op[3]->sym->session =
> +				(void *)op[3]->sym->session->opaque_data;
> +
> +		op += 4;
> +		n -= 4;
> +	}
> +
> +	while (n--) {
> +		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
> +			op[0]->sym->session =
> +				(void *)op[0]->sym->session->opaque_data;
> +		op++;
> +	}
> +}
> +
>  /** device specific operations function pointer structure */
>  extern struct rte_cryptodev_ops *rte_crypto_scheduler_pmd_ops;
> 
> diff --git a/drivers/crypto/scheduler/scheduler_roundrobin.c
> b/drivers/crypto/scheduler/scheduler_roundrobin.c
> index ace2dec2ec..ad3f8b842a 100644
> --- a/drivers/crypto/scheduler/scheduler_roundrobin.c
> +++ b/drivers/crypto/scheduler/scheduler_roundrobin.c
> @@ -23,16 +23,17 @@ schedule_enqueue(void *qp, struct rte_crypto_op
> **ops, uint16_t nb_ops)
>  			((struct scheduler_qp_ctx *)qp)->private_qp_ctx;
>  	uint32_t worker_idx = rr_qp_ctx->last_enq_worker_idx;
>  	struct scheduler_worker *worker = &rr_qp_ctx->workers[worker_idx];
> -	uint16_t i, processed_ops;
> +	uint16_t processed_ops;
> 
>  	if (unlikely(nb_ops == 0))
>  		return 0;
> 
> -	for (i = 0; i < nb_ops && i < 4; i++)
> -		rte_prefetch0(ops[i]->sym->session);
> -
> +	scheduler_set_worker_session(ops, nb_ops, worker_idx);
>  	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
>  			worker->qp_id, ops, nb_ops);
> +	if (processed_ops < nb_ops)
> +		scheduler_retrieve_session(ops + processed_ops,
> +			nb_ops - processed_ops);
> 
>  	worker->nb_inflight_cops += processed_ops;
> 
> @@ -86,7 +87,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops,
> uint16_t nb_ops)
> 
>  	nb_deq_ops = rte_cryptodev_dequeue_burst(worker->dev_id,
>  			worker->qp_id, ops, nb_ops);
> -
> +	scheduler_retrieve_session(ops, nb_deq_ops);
>  	last_worker_idx += 1;
>  	last_worker_idx %= rr_qp_ctx->nb_workers;
> 
> --
> 2.34.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 1/3] cryptodev: rework session framework
  2022-08-29 16:06 ` [PATCH 1/3] cryptodev: rework session framework Fan Zhang
@ 2022-09-15  7:07   ` Akhil Goyal
  2022-09-15  7:26     ` Akhil Goyal
  0 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-15  7:07 UTC (permalink / raw)
  To: Fan Zhang, dev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

> As per current design, rte_cryptodev_sym_session_create() and
> rte_cryptodev_sym_session_init() use separate mempool objects
> for a single session.
> And structure rte_cryptodev_sym_session is not directly used
> by the application, it may cause ABI breakage if the structure
> is modified in future.
> 
> To address these two issues, the rte_cryptodev_sym_session_create
> will take one mempool object that the session and session private
> data are virtually/physically contiguous, and initializes both
> fields. The API rte_cryptodev_sym_session_init is removed.
> 
> rte_cryptodev_sym_session_create will now return an opaque session
> pointer which will be used by the app and other APIs.
> 
> In data path, opaque session pointer is attached to rte_crypto_op
> and the PMD can call an internal library API to get the session
> private data pointer based on the driver id.
> 
> Note: currently single session may be used by different device
> drivers, given it is initialized by them. After the change the
> session created by one device driver cannot be used or
> reinitialized by another driver.
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>

Please fix compilation for unused function ipsec_mb_fill_error_code

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 2/3] crypto/scheduler: use unified session
  2022-09-15  7:06   ` [EXT] " Akhil Goyal
@ 2022-09-15  7:23     ` Akhil Goyal
  0 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-15  7:23 UTC (permalink / raw)
  To: Fan Zhang, dev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

> Hi Fan,
> 
> Are these patches getting compiled at your end? Are these a working patchset
> on Intel platform?
> For me it is failing for each of the patch
> 
> 'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_schedul
> er_pmd_ops.c.o' -MF
> 'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_schedul
> er_pmd_ops.c.o.d' -o
> 'drivers/a715181@@tmp_rte_crypto_scheduler@sta/crypto_scheduler_schedul
> er_pmd_ops.c.o' -c ../drivers/crypto/scheduler/scheduler_pmd_ops.c
> ../drivers/crypto/scheduler/scheduler_pmd_ops.c: In function
> 'scheduler_pmd_sym_session_configure':
> ../drivers/crypto/scheduler/scheduler_pmd_ops.c:525:1: error: label at end of
> compound statement
>   525 | next_worker:
>       | ^~~~~~~~~~~
> ../drivers/crypto/scheduler/scheduler_pmd_ops.c: In function
> 'scheduler_pmd_sym_session_clear':
> ../drivers/crypto/scheduler/scheduler_pmd_ops.c:569:1: error: label at end of
> compound statement
>   569 | next_worker:
>       | ^~~~~~~~~~~

You can try this fix	

diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index f8aa10af64..2bc3f5dd27 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -493,15 +493,19 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
        for (i = 0; i < sched_ctx->nb_workers; i++) {
                struct scheduler_worker *worker = &sched_ctx->workers[i];
                struct rte_cryptodev_sym_session *worker_sess;
+               uint8_t next_worker = 0;

                for (j = 0; j < n_configured_sess; j++) {
                        if (configured_sess[j].driver_id ==
                                        worker->driver_id) {
                                sess_ctx->worker_sess[i] =
                                        configured_sess[j].sess;
-                               goto next_worker;
+                               next_worker = 1;
+                               break;
                        }
                }
+               if (next_worker)
+                       continue;

                if (rte_mempool_avail_count(mp) == 0) {
                        ret = -ENOMEM;
@@ -522,7 +526,6 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
                configured_sess[n_configured_sess].dev_id = worker->dev_id;
                configured_sess[n_configured_sess].sess = worker_sess;
                n_configured_sess++;
-next_worker:
        }

        return 0;
@@ -553,20 +556,23 @@ scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,

        for (i = 0; i < sched_ctx->nb_workers; i++) {
                struct scheduler_worker *worker = &sched_ctx->workers[i];
+               uint8_t next_worker = 0;

                for (j = 0; j < n_deleted_sess; j++) {
                        if (deleted_sess[j].driver_id == worker->driver_id) {
                                sess_ctx->worker_sess[i] = NULL;
-                               goto next_worker;
+                               next_worker = 1;
+                               break;
                        }
                }
+               if (next_worker)
+                       continue;

                rte_cryptodev_sym_session_free(worker->dev_id,
                        sess_ctx->worker_sess[i]);

                deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
                sess_ctx->worker_sess[i] = NULL;
-next_worker:
        }
 }

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 1/3] cryptodev: rework session framework
  2022-09-15  7:07   ` [EXT] " Akhil Goyal
@ 2022-09-15  7:26     ` Akhil Goyal
  0 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-15  7:26 UTC (permalink / raw)
  To: Fan Zhang, dev, konstantin.v.ananyev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

++Konstantin

Requesting everyone in cc to review this patchset from last year.
This patch was not merged in 21.11 due to lack of review.
Please help getting this merged in RC1 for 22.11.

Regards,
Akhil
> -----Original Message-----
> From: Akhil Goyal
> Sent: Thursday, September 15, 2022 12:38 PM
> To: Fan Zhang <roy.fan.zhang@intel.com>; dev@dpdk.org
> Cc: maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com; Anoob Joseph
> <anoobj@marvell.com>; pablo.de.lara.guarch@intel.com; matan@nvidia.com;
> g.singh@nxp.com; jianjay.zhou@huawei.com
> Subject: RE: [EXT] [PATCH 1/3] cryptodev: rework session framework
> 
> > As per current design, rte_cryptodev_sym_session_create() and
> > rte_cryptodev_sym_session_init() use separate mempool objects
> > for a single session.
> > And structure rte_cryptodev_sym_session is not directly used
> > by the application, it may cause ABI breakage if the structure
> > is modified in future.
> >
> > To address these two issues, the rte_cryptodev_sym_session_create
> > will take one mempool object that the session and session private
> > data are virtually/physically contiguous, and initializes both
> > fields. The API rte_cryptodev_sym_session_init is removed.
> >
> > rte_cryptodev_sym_session_create will now return an opaque session
> > pointer which will be used by the app and other APIs.
> >
> > In data path, opaque session pointer is attached to rte_crypto_op
> > and the PMD can call an internal library API to get the session
> > private data pointer based on the driver id.
> >
> > Note: currently single session may be used by different device
> > drivers, given it is initialized by them. After the change the
> > session created by one device driver cannot be used or
> > reinitialized by another driver.
> >
> > Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> 
> Please fix compilation for unused function ipsec_mb_fill_error_code

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 2/3] crypto/scheduler: use unified session
  2022-08-29 16:06 ` [PATCH 2/3] crypto/scheduler: use unified session Fan Zhang
  2022-09-15  7:06   ` [EXT] " Akhil Goyal
@ 2022-09-18 13:01   ` Akhil Goyal
  1 sibling, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-18 13:01 UTC (permalink / raw)
  To: Fan Zhang, dev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index c975c38001..e181b0aa3e 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -14986,8 +14986,8 @@ test_scheduler_attach_worker_op(void)
>  			ts_params->session_mpool =
>  				rte_cryptodev_sym_session_pool_create(
>  						"test_sess_mp",
> -						MAX_NB_SESSIONS, 0, 0, 0,
> -						SOCKET_ID_ANY);
> +						MAX_NB_SESSIONS,
> session_size,
> +						0, 0, SOCKET_ID_ANY);
>  			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
>  					"session mempool allocation failed");
>  		}
This change should not be part of this patch. Please move it to other patch.

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [EXT] [PATCH 3/3] cryptodev: hide sym session structure
  2022-08-29 16:06 ` [PATCH 3/3] cryptodev: hide sym session structure Fan Zhang
@ 2022-09-18 13:19   ` Akhil Goyal
  0 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-18 13:19 UTC (permalink / raw)
  To: Fan Zhang, dev
  Cc: maxime.coquelin, chandu, ruifeng.wang, ajit.khaparde,
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, jianjay.zhou

> +#define CRYPTO_SESS_OPAQUE_DATA_OFF 0

CRYPTO_SESS_OPAQUE_DATA_OFF cannot be 0 as you have added a driver_id at start of struct.


> +/**
> + * Get opaque data from session handle
> + */
> +static inline uint64_t
> +rte_cryptodev_sym_session_opaque_data_get(void *sess)
> +{
> +	return *((uint64_t *)sess - CRYPTO_SESS_OPAQUE_DATA_OFF);
> +}
> +
> +/**
> + * Set opaque data in session handle
> + */
> +static inline void
> +rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
> +{
> +	uint64_t *data;
> +	data = (((uint64_t *)sess) - CRYPTO_SESS_OPAQUE_DATA_OFF);
> +	*data = opaque;
> +}



^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 0/6] crypto/security session framework rework
  2022-08-29 16:06 [PATCH 0/3] cryptodev: sym session framework rework Fan Zhang
                   ` (2 preceding siblings ...)
  2022-08-29 16:06 ` [PATCH 3/3] cryptodev: hide sym session structure Fan Zhang
@ 2022-09-21 15:02 ` Akhil Goyal
  2022-09-21 15:02   ` [PATCH v2 1/6] cryptodev: rework session framework Akhil Goyal
                     ` (8 more replies)
  3 siblings, 9 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal

This patchset reworks the symmetric crypto and security session
data structure to use a single virtual/physical contiguous buffer
for symmetric crypto/security session and driver private data.
In addition the session data structure is now private.
The session is represented as an opaque pointer in the application.

With the change the session is no longer supported to be accessed
by multiple device drivers. For the same reason
rte_cryptodev_sym_session_init/clear APIs are deprecated as
rte_cryptodev_sym_session_create/free will initialize and
clear the driver specific data field.

The change was also submitted last year during DPDK 21.11
timeframe also[1], but was not applied due to lack of feedback from
community. Please help in getting this cleanup merged in this cycle.

Now the similar work was already done for asymmetric crypto.
This patchset is rebased over current tree and fixes all
the issues reported so far.
This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
with a few changes
- Added security session rework also.
- fixed issues in [2] reported on mailing list.
- few other fixes.

Please review and provide feedback as soon as possible
as this is intended to be merged in DPDK 22.11 RC1.

Currently the cnxk platform is tested with this change.
Request everyone to review and test on their platform.

Special note to ixgbe and txgbe maintainers.
There is a wrong implementation for flow creation. Please check.
A hack is added to bypass it. Please fix it separately.

[1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-gakhil@marvell.com/
[2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-roy.fan.zhang@intel.com/

Akhil Goyal (5):
  cryptodev: rework session framework
  cryptodev: hide sym session structure
  security: remove priv mempool usage
  drivers/crypto: support security session get size op
  security: hide session structure

Fan Zhang (1):
  crypto/scheduler: use unified session

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  40 +--
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   9 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |  10 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   9 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  30 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 336 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_cryptodev_security_ipsec.c      |   2 +-
 app/test/test_cryptodev_security_ipsec.h      |   2 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  47 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 app/test/test_security.c                      | 178 ++--------
 app/test/test_security_inline_proto.c         |  26 +-
 doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
 doc/guides/rel_notes/deprecation.rst          |   9 +
 doc/guides/rel_notes/release_22_11.rst        |   7 +
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  69 +---
 drivers/crypto/ccp/ccp_crypto.c               |  56 +--
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  62 +---
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
 drivers/crypto/null/null_crypto_pmd.c         |  20 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
 drivers/crypto/qat/qat_sym.c                  |  15 +-
 drivers/crypto/qat/qat_sym.h                  |  16 +-
 drivers/crypto/qat/qat_sym_session.c          |  73 ++--
 drivers/crypto/qat/qat_sym_session.h          |  10 +-
 drivers/crypto/scheduler/scheduler_failover.c |  19 +-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +
 .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
 examples/fips_validation/fips_dev_self_test.c |  40 +--
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
 examples/ipsec-secgw/ipsec.c                  |  16 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   2 +-
 examples/l2fwd-crypto/main.c                  |  54 +--
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_crypto.h                    |   3 +-
 lib/cryptodev/rte_crypto_sym.h                |  11 +-
 lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
 lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
 lib/cryptodev/version.map                     |   6 -
 lib/ipsec/rte_ipsec_group.h                   |  13 +-
 lib/ipsec/ses.c                               |   5 +-
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/security/rte_security.c                   |  33 +-
 lib/security/rte_security.h                   |  90 +++--
 lib/security/rte_security_driver.h            |  31 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 109 files changed, 1255 insertions(+), 2413 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 1/6] cryptodev: rework session framework
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-22 14:06     ` Ji, Kai
  2022-09-21 15:02   ` [PATCH v2 2/6] crypto/scheduler: use unified session Akhil Goyal
                     ` (7 subsequent siblings)
  8 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal, Fan Zhang

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.

rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 app/test-crypto-perf/cperf_ops.c              |  21 +-
 app/test-crypto-perf/cperf_test_latency.c     |   6 +-
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 app/test-crypto-perf/cperf_test_throughput.c  |   6 +-
 app/test-crypto-perf/cperf_test_verify.c      |   6 +-
 app/test-crypto-perf/main.c                   |  29 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 302 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  42 +--
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  38 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  28 +-
 drivers/crypto/ccp/ccp_crypto.c               |  58 +---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  36 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  31 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  31 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  37 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   4 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 ++-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  29 +-
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  26 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   8 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +-
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +--
 drivers/crypto/null/null_crypto_pmd.c         |  19 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/qat_sym.c                  |  10 +-
 drivers/crypto/qat/qat_sym.h                  |   4 +-
 drivers/crypto/qat/qat_sym_session.c          |  40 +--
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  38 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  30 +-
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  10 +-
 examples/ipsec-secgw/ipsec.c                  |   7 +-
 examples/l2fwd-crypto/main.c                  |  54 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  28 +-
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_cryptodev.c                 | 276 ++++++----------
 lib/cryptodev/rte_cryptodev.h                 | 123 ++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  33 +-
 lib/cryptodev/version.map                     |   6 -
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 71 files changed, 553 insertions(+), 1661 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index d746d51082..c6f5735bb0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -912,7 +912,6 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					&sess_conf, sess_mp, priv_mp);
 	}
 #endif
-	sess = rte_cryptodev_sym_session_create(sess_mp);
 	/*
 	 * cipher only
 	 */
@@ -937,8 +936,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &cipher_xform,
+				sess_mp);
 	/*
 	 *  auth only
 	 */
@@ -965,8 +964,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &auth_xform,
+				sess_mp);
 	/*
 	 * cipher and auth
 	 */
@@ -1024,13 +1023,13 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&cipher_xform, sess_mp);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform, sess_mp);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1050,8 +1049,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					options->aead_aad_sz;
 
 		/* Create crypto session */
-		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform,
+				sess_mp);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 6f972cea49..afd8cb209b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -44,10 +44,8 @@ static void
 cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 6b4d09e623..7efeecf848 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -73,10 +73,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		} else
 #endif
-		{
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 
 	rte_mempool_free(ctx->pool);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index cecf30e470..24261a1d10 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -50,10 +50,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		}
 #endif
-		else {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 	rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 5c0dc82290..54f7e8ba2f 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -37,10 +37,8 @@ static void
 cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 17e30a8e74..55d7614d84 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -96,35 +96,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size, 0, 0,
+					socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -135,6 +114,7 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
+		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -322,12 +302,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c
index 81420be73a..30cefcb6dd 100644
--- a/app/test-eventdev/test_perf_common.c
+++ b/app/test-eventdev/test_perf_common.c
@@ -864,18 +864,13 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t)
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	cipher_xform.next = NULL;
 
-	sess = rte_cryptodev_sym_session_create(t->ca_sess_pool);
+	sess = rte_cryptodev_sym_session_create(p->ca.cdev_id, &cipher_xform,
+			t->ca_sess_pool);
 	if (sess == NULL) {
 		evt_err("Failed to create sym session");
 		return NULL;
 	}
 
-	if (rte_cryptodev_sym_session_init(p->ca.cdev_id, sess, &cipher_xform,
-					   t->ca_sess_priv_pool)) {
-		evt_err("Failed to init session");
-		return NULL;
-	}
-
 	return sess;
 }
 
@@ -1382,15 +1377,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 		goto err;
 	}
 
-	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
-		"ca_sess_pool", nb_sessions, 0, 0,
-		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
-	if (t->ca_sess_pool == NULL) {
-		evt_err("Failed to create sym session pool");
-		ret = -ENOMEM;
-		goto err;
-	}
-
 	max_session_size = 0;
 	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		unsigned int session_size;
@@ -1401,12 +1387,11 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 			max_session_size = session_size;
 	}
 
-	max_session_size += sizeof(union rte_event_crypto_metadata);
-	t->ca_sess_priv_pool = rte_mempool_create(
-		"ca_sess_priv_pool", nb_sessions, max_session_size, 0, 0, NULL,
-		NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-	if (t->ca_sess_priv_pool == NULL) {
-		evt_err("failed to create sym session private pool");
+	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
+		"ca_sess_pool", nb_sessions, max_session_size, 0,
+		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
+	if (t->ca_sess_pool == NULL) {
+		evt_err("Failed to create sym session pool");
 		ret = -ENOMEM;
 		goto err;
 	}
@@ -1446,7 +1431,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 		qp_conf.nb_descriptors = NB_CRYPTODEV_DESCRIPTORS;
 		qp_conf.mp_session = t->ca_sess_pool;
-		qp_conf.mp_session_private = t->ca_sess_priv_pool;
 
 		for (qp_id = 0; qp_id < conf.nb_queue_pairs; qp_id++) {
 			ret = rte_cryptodev_queue_pair_setup(
@@ -1467,7 +1451,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 
 	return ret;
@@ -1492,8 +1475,7 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 		for (flow_id = 0; flow_id < t->nb_flows; flow_id++) {
 			sess = p->ca.crypto_sess[flow_id];
 			cdev_id = p->ca.cdev_id;
-			rte_cryptodev_sym_session_clear(cdev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
+			rte_cryptodev_sym_session_free(cdev_id, sess);
 		}
 
 		rte_event_crypto_adapter_queue_pair_del(
@@ -1509,7 +1491,6 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 }
 
diff --git a/app/test-eventdev/test_perf_common.h b/app/test-eventdev/test_perf_common.h
index 8cbd06fe42..d06d52cdf8 100644
--- a/app/test-eventdev/test_perf_common.h
+++ b/app/test-eventdev/test_perf_common.h
@@ -70,7 +70,6 @@ struct test_perf {
 		RTE_EVENT_TIMER_ADAPTER_NUM_MAX] __rte_cache_aligned;
 	struct rte_mempool *ca_op_pool;
 	struct rte_mempool *ca_sess_pool;
-	struct rte_mempool *ca_sess_priv_pool;
 	struct rte_mempool *ca_asym_sess_pool;
 } __rte_cache_aligned;
 
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6ee4480399..e181b0aa3e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -13,6 +13,7 @@
 #include <rte_pause.h>
 #include <rte_bus_vdev.h>
 #include <rte_ether.h>
+#include <rte_errno.h>
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
@@ -644,23 +645,17 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-
 	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
+			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
+			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
+
 	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
 			"session mempool allocation failed");
 
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -668,7 +663,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -697,15 +691,11 @@ testsuite_teardown(void)
 		rte_mempool_avail_count(ts_params->op_mpool));
 	}
 
-	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
+		rte_mempool_free(ts_params->session_priv_mpool);
+		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -1381,7 +1371,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1441,10 +1430,8 @@ ut_teardown(void)
 #endif
 	{
 		if (ut_params->sess) {
-			rte_cryptodev_sym_session_clear(
-					ts_params->valid_devs[0],
+			rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 					ut_params->sess);
-			rte_cryptodev_sym_session_free(ut_params->sess);
 			ut_params->sess = NULL;
 		}
 	}
@@ -1599,7 +1586,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2144,8 +2130,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
-
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
 	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2190,18 +2174,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	/* Create crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	if (rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2430,7 +2407,6 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	enum rte_crypto_auth_algorithm algo)
 {
 	uint8_t hash_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2450,16 +2426,11 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.digest_length = auth_len;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
 	ut_params->auth_xform.auth.iv.length = iv_len;
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2472,7 +2443,6 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2492,16 +2462,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session */
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2579,7 +2545,6 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 
 {
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2614,17 +2579,12 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
 
@@ -2638,7 +2598,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 {
 	const uint8_t key_len = tdata->key.len;
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2678,16 +2637,11 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2713,7 +2667,6 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2744,26 +2697,19 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	if (cipher_op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 	} else
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
 
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	return 0;
 }
@@ -8194,7 +8140,6 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 		uint8_t iv_len)
 {
 	uint8_t aead_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8216,15 +8161,12 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -8668,7 +8610,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
 				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				NULL);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -12018,7 +11960,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 				   const struct HMAC_MD5_vector *test_case)
 {
 	uint8_t key[64];
-	int status;
 
 	memcpy(key, test_case->key.data, test_case->key.len);
 
@@ -12033,16 +11974,11 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.key.data = key;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+		ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-	if (ut_params->sess == NULL)
-		return TEST_FAILED;
-
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
@@ -12250,12 +12186,9 @@ test_multi_session(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-
 	struct rte_cryptodev_info dev_info;
 	struct rte_cryptodev_sym_session **sessions;
-
 	uint16_t i;
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12282,20 +12215,15 @@ test_multi_session(void)
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-
 		sessions[i] = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
+			return TEST_SKIPPED;
+
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
-
-		status = rte_cryptodev_sym_session_init(
-				ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-		if (status == -ENOTSUP)
-			return TEST_SKIPPED;
-
 		/* Attempt to send a request on each session */
 		TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
 			sessions[i],
@@ -12325,18 +12253,9 @@ test_multi_session(void)
 		}
 	}
 
-	sessions[i] = NULL;
-	/* Next session create should fail */
-	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT_NULL(sessions[i],
-			"Session creation succeeded unexpectedly!");
-
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12387,7 +12306,6 @@ test_multi_session_random_usage(void)
 		},
 
 	};
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12409,11 +12327,6 @@ test_multi_session_random_usage(void)
 					* MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		sessions[i] = rte_cryptodev_sym_session_create(
-				ts_params->session_mpool);
-		TEST_ASSERT_NOT_NULL(sessions[i],
-				"Session creation failed at session number %u",
-				i);
 
 		rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
 				sizeof(struct crypto_unittest_params));
@@ -12423,16 +12336,16 @@ test_multi_session_random_usage(void)
 				ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
 
 		/* Create multiple crypto sessions*/
-		status = rte_cryptodev_sym_session_init(
+		sessions[i] = rte_cryptodev_sym_session_create(
 				ts_params->valid_devs[0],
-				sessions[i],
 				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
-
-		if (status == -ENOTSUP)
+				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
 			return TEST_SKIPPED;
 
-		TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+		TEST_ASSERT_NOT_NULL(sessions[i],
+				"Session creation failed at session number %u",
+				i);
 	}
 
 	srand(time(NULL));
@@ -12470,9 +12383,8 @@ test_multi_session_random_usage(void)
 	}
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12490,7 +12402,6 @@ test_null_invalid_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int ret;
 
 	/* This test is for NULL PMD only */
 	if (gbl_driver_id != rte_cryptodev_driver_id_get(
@@ -12504,17 +12415,13 @@ test_null_invalid_operation(void)
 	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
-
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -12522,14 +12429,11 @@ test_null_invalid_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
 	return TEST_SUCCESS;
@@ -12543,7 +12447,6 @@ test_null_burst_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
 
 	unsigned i, burst_len = NULL_BURST_LENGTH;
 
@@ -12569,19 +12472,14 @@ test_null_burst_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_NULL;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	/* Create Crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(
+				ts_params->valid_devs[0],
+				&ut_params->auth_xform,
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -12692,7 +12590,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12792,7 +12689,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12979,7 +12875,6 @@ static int create_gmac_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t auth_key[tdata->key.len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -12998,15 +12893,13 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -13635,7 +13528,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
 
@@ -13649,15 +13541,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -13670,7 +13560,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(cipher_key, reference->cipher_key.data,
 			reference->cipher_key.len);
@@ -13702,15 +13591,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	}
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -14168,7 +14055,6 @@ test_authenticated_encrypt_with_esn(
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
 	struct rte_cryptodev_info dev_info;
-	int status;
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 	uint64_t feat_flags = dev_info.feature_flags;
@@ -14219,19 +14105,12 @@ test_authenticated_encrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
-		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
-
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
 			"Failed to allocate input buffer in mempool");
@@ -14355,18 +14234,11 @@ test_authenticated_decrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-
-	if (retval == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -15114,8 +14986,8 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
-						SOCKET_ID_ANY);
+						MAX_NB_SESSIONS, session_size,
+						0, 0, SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
@@ -15138,8 +15010,6 @@ test_scheduler_attach_worker_op(void)
 		}
 
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index b5813b956f..4fcdd55660 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -514,11 +513,9 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	 */
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) &&
 			nb_iterates == 0) {
-		sess = rte_cryptodev_sym_session_create(sess_mpool);
-
-		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
-		if (status == -ENOTSUP) {
+		sess = rte_cryptodev_sym_session_create(dev_id, init_xform,
+				sess_mpool);
+		if (sess == NULL) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
 			goto error_exit;
@@ -801,10 +798,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 error_exit:
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
-		if (sess) {
-			rte_cryptodev_sym_session_clear(dev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
-		}
+		if (sess)
+			rte_cryptodev_sym_session_free(dev_id, sess);
 		rte_free(cipher_xform);
 		rte_free(auth_xform);
 	}
@@ -829,7 +824,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 2ecc7e2cea..c6cf9c5401 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -157,7 +157,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *asym_op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_mempool *asym_sess_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
@@ -307,15 +306,10 @@ test_op_forward_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
-		/* Create Crypto session*/
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
-
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
 							&cap);
 		TEST_ASSERT_SUCCESS(ret, "Failed to get adapter capabilities\n");
@@ -683,8 +677,8 @@ test_op_new_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -699,9 +693,6 @@ test_op_new_mode(uint8_t session_less)
 					RTE_CRYPTO_OP_WITH_SESSION,
 					&m_data, sizeof(m_data));
 		}
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
 	} else {
@@ -994,22 +985,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 
 	while ((capability = &info.capabilities[i++])->op !=
@@ -1048,7 +1029,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -1410,11 +1390,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
 
 	/* Free asym session mempool */
 	if (params.asym_sess_mpool != NULL) {
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index aa533483fd..04d231468b 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -370,20 +370,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -428,11 +417,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -647,8 +631,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session, NULL);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
@@ -662,25 +645,15 @@ static int
 create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
-	int32_t rc;
 	struct rte_cryptodev_sym_session *s;
 
-	s = rte_cryptodev_sym_session_create(qp->mp_session);
+	s = rte_cryptodev_sym_session_create(dev_id, ut->crypto_xforms,
+			qp->mp_session);
 	if (s == NULL)
 		return -ENOMEM;
 
-	/* initialize SA crypto session for device */
-	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
-	if (rc == 0) {
-		ut->ss[j].crypto.ses = s;
-		return 0;
-	} else {
-		/* failure, do cleanup */
-		rte_cryptodev_sym_session_clear(dev_id, s);
-		rte_cryptodev_sym_session_free(s);
-		return rc;
-	}
+	ut->ss[j].crypto.ses = s;
+	return 0;
 }
 
 static int
@@ -1196,8 +1169,7 @@ static void
 destroy_crypto_session(struct ipsec_unitest_params *ut,
 	uint8_t crypto_dev, uint32_t j)
 {
-	rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
-	rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
+	rte_cryptodev_sym_session_free(crypto_dev, ut->ss[j].crypto.ses);
 	memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 32127a874c..75a95e3689 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -521,34 +521,23 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL)) {
-			sess = (struct armv8_crypto_session *)
-					get_sym_session_private_data(
-					op->sym->session,
-					cryptodev_driver_id);
+			sess = op->sym->session->data;
 		}
 	} else {
 		/* provide internal session */
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct armv8_crypto_session *)_sess_private_data;
+		sess = (struct armv8_crypto_session *)_sess->data;
 
 		if (unlikely(armv8_crypto_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -674,10 +663,6 @@ process_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index c07ac0489e..176bb9e6a0 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -267,8 +267,7 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -278,43 +277,22 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = sess->data;
 
 	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
 		.dev_configure		= armv8_crypto_pmd_config,
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..d3334dc920 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -211,8 +211,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
 		sess = (struct bcmfs_sym_session *)
-			  get_sym_session_private_data(op->sym->session,
-						       cryptodev_bcmfs_driver_id);
+			op->sym->session->driver_priv_data;
 	}
 
 	if (sess == NULL)
@@ -222,10 +221,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 }
 
 int
-bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -235,45 +233,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+bcmfs_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+			struct rte_cryptodev_sym_session  *sess __rte_unused)
+{}
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..4a0a012ae7 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,8 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    struct rte_cryptodev_sym_session *sess);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8e9cfe73d8..a9c93dea13 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1357,8 +1357,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		ses = (struct caam_jr_session *)
-		get_sym_session_private_data(op->sym->session,
-					cryptodev_driver_id);
+			op->sym->session->driver_priv_data;
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1692,54 +1691,39 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 }
 
 static int
-caam_jr_sym_session_configure(struct rte_cryptodev *dev,
+caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
+	sess_private_data = (void *)sess->driver_priv_data;
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
+caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
 
 	PMD_INIT_FUNC_TRACE();
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index 4bab18323b..bd999abe61 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,9 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1766,9 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1859,9 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2005,9 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2079,9 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2242,9 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2330,9 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2440,9 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2607,9 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2645,9 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2715,9 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2780,9 +2758,8 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op[i]->sym->session,
-						 ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2858,9 +2835,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2934,9 +2909,8 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op_d[i]->sym->session,
-						ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op_d[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 1b600e81ad..e401793a76 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -757,8 +756,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
 	void *sess_private_data;
@@ -769,40 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
+
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
-}
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		      struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops ccp_ops = {
 		.dev_configure		= ccp_pmd_config,
diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h
index 1c4118ee3c..6704e39ab8 100644
--- a/drivers/crypto/ccp/ccp_pmd_private.h
+++ b/drivers/crypto/ccp/ccp_pmd_private.h
@@ -78,8 +78,6 @@ struct ccp_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_mempool *batch_mp;
 	/**< Session Mempool for batch info */
 	struct rte_cryptodev_stats qp_stats;
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index a35a8cd775..7502281ad9 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,33 +56,23 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (struct ccp_session *)
-			get_sym_session_private_data(
-				op->sym->session,
-				ccp_cryptodev_driver_id);
+		sess = (void *)op->sym->session->driver_priv_data;
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
 
-		if (rte_mempool_get(qp->sess_mp, &_sess))
-			return NULL;
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		sess = (struct ccp_session *)_sess_private_data;
+		sess = (void *)_sess->driver_priv_data;
 
 		internals = (struct ccp_private *)qp->dev->data->dev_private;
 		if (unlikely(ccp_set_session_parameters(sess, op->sym->xform,
 							internals) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-					 ccp_cryptodev_driver_id,
-					 _sess_private_data);
+		op->sym->session = _sess;
 	}
 
 	return sess;
@@ -161,13 +151,10 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	for (i = 0; i < nb_dequeued; i++)
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
-			struct ccp_session *sess = (struct ccp_session *)
-					get_sym_session_private_data(
-						ops[i]->sym->session,
-						ccp_cryptodev_driver_id);
+			struct ccp_session *sess =
+				(void *)ops[i]->sym->session->driver_priv_data;
 
-			rte_mempool_put(qp->sess_mp_priv,
-					sess);
+			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
 					ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 586941cd70..f96e132513 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -22,24 +22,23 @@
 static inline struct cnxk_se_sess *
 cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn10k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
-	if (ret)
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+				    sess);
+	if (ret) {
+		rte_mempool_put(qp->sess_mp, (void *)sess);
 		goto sess_put;
+	}
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
+	priv = (void *)sess->driver_priv_data;
 	sym_op->session = sess;
 
 	return priv;
@@ -111,8 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = get_sym_session_private_data(
-				sym_op->session, cn10k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -128,8 +126,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 				return 0;
 			}
@@ -296,8 +293,9 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn10k_cryptodev_driver_id);
+			priv = (void *)(
+				((struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -334,8 +332,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn10k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
@@ -543,7 +540,6 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 {
 	const uint8_t uc_compcode = res->uc_compcode;
 	const uint8_t compcode = res->compcode;
-	unsigned int sz;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
@@ -620,11 +616,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b753c1cb4b..a44f111ba6 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,23 +56,20 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 static inline struct cnxk_se_sess *
 cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn9k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
+	priv = (void *)sess->driver_priv_data;
 
 	sym_op->session = sess;
 
@@ -95,8 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = get_sym_session_private_data(
-				sym_op->session, cn9k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -110,8 +106,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -349,8 +344,9 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn9k_cryptodev_driver_id);
+			priv = (void *)((
+				(struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -387,8 +383,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn9k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
@@ -583,8 +578,6 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 			      struct cpt_inflight_req *infl_req,
 			      struct cpt_cn9k_res_s *res)
 {
-	unsigned int sz;
-
 	if (likely(res->compcode == CPT_COMP_GOOD)) {
 		if (unlikely(res->uc_compcode)) {
 			if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
@@ -645,11 +638,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cf91b92c2c..018d7fcee8 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -406,7 +406,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -620,25 +619,15 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv;
-	void *priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
-
+	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
 	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
 	if (ret)
 		goto priv_put;
@@ -684,61 +673,39 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
-
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
 
 priv_put:
-	rte_mempool_put(pool, priv);
-
 	return ret;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       struct rte_cryptodev_sym_session *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
-
-	if (priv == NULL)
-		return;
-
-	sess_priv = priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 			   struct rte_cryptodev_sym_session *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ffe4ae19aa..ca90567620 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -78,8 +78,6 @@ struct cnxk_cpt_qp {
 	/**< Crypto adapter related info */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 };
 
 int cnxk_cpt_dev_config(struct rte_cryptodev *dev,
@@ -104,18 +102,16 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   struct rte_cryptodev_sym_session *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  struct rte_cryptodev_sym_session *sess);
 
 void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+		struct rte_cryptodev_sym_session *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(struct rte_cryptodev_sym_session *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8444f1a795..5a38d53022 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,8 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-				op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1678,8 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3754,51 +3752,36 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 }
 #endif
 static int
-dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index e68a4875dd..795be3acc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,8 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, cryptodev_driver_id);
+		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 05415dbf3b..0cc773fba6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,10 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sym_session_private_data(
-					op->sym->session,
-					dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1927,10 +1924,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sym_session_private_data(
-						op->sym->session,
-						dpaa_cryptodev_driver_id);
+				ses = (void *)
+					op->sym->session->driver_priv_data;
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2676,31 +2671,19 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -2714,7 +2697,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2724,7 +2706,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -2733,14 +2714,10 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
-	if (sess_priv) {
-		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	free_session_memory(dev, s);
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d081953e26..d2e4d9d787 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1017,8 +1017,8 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)
+			session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 7e8396b4a3..90ce5bc965 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -264,7 +264,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->pmd_type = internals->pmd_type;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	qp->ingress_queue = ipsec_mb_qp_create_processed_ops_ring(qp,
 		qp_conf->nb_descriptors, socket_id);
@@ -312,9 +311,8 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess, struct rte_mempool *mempool)
+	struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
 		&ipsec_mb_pmds[internals->pmd_type];
@@ -330,42 +328,22 @@ ipsec_mb_sym_session_configure(
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		free_mb_mgr(mb_mgr);
-		return -ENOMEM;
-	}
-
-	ret = (*pmd_data->session_configure)(mb_mgr, sess_private_data, xform);
+	ret = (*pmd_data->session_configure)(mb_mgr,
+			(void *)sess->driver_priv_data, xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		free_mb_mgr(mb_mgr);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	free_mb_mgr(mb_mgr);
 	return 0;
 }
 
 /** Clear the session memory */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-			       struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, ipsec_mb_sym_session_get_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index d074b33133..14f962ef28 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -136,8 +136,6 @@ struct ipsec_mb_qp {
 	struct rte_ring *ingress_queue;
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
-	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
 	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
@@ -399,8 +397,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool);
+	struct rte_cryptodev_sym_session *sess);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
@@ -411,50 +408,50 @@ ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
 static __rte_always_inline void *
 ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 {
-	void *sess = NULL;
+	struct rte_cryptodev_sym_session *sess = NULL;
 	uint32_t driver_id = ipsec_mb_get_driver_id(qp->pmd_type);
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	uint8_t sess_type = op->sess_type;
 	void *_sess;
-	void *_sess_private_data = NULL;
 	struct ipsec_mb_internals *pmd_data = &ipsec_mb_pmds[qp->pmd_type];
 
 	switch (sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		if (likely(sym_op->session != NULL))
-			sess = get_sym_session_private_data(sym_op->session,
-							    driver_id);
+			sess = sym_op->session;
+		else
+			goto error_exit;
 	break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
 		if (!qp->sess_mp ||
 		    rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (!qp->sess_mp_priv ||
-		    rte_mempool_get(qp->sess_mp_priv,
-					(void **)&_sess_private_data))
-			return NULL;
+		sess = _sess;
+		if (sess->sess_data_sz < pmd_data->session_priv_size) {
+			rte_mempool_put(qp->sess_mp, _sess);
+			goto error_exit;
+		}
 
-		sess = _sess_private_data;
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-				sess, sym_op->xform) != 0)) {
+			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
-			sess = NULL;
+			goto error_exit;
 		}
 
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sess->driver_id = driver_id;
+		sym_op->session = sess;
+
 	break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	if (unlikely(sess == NULL))
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return (void *)sess->driver_priv_data;
 
-	return sess;
+error_exit:
+	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return NULL;
 }
 
 #endif /* _IPSEC_MB_PRIVATE_H_ */
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 2c033c6f28..e4f274b608 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -241,10 +241,6 @@ handle_completed_gcm_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_gcm_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -455,44 +451,35 @@ static inline struct aesni_gcm_session *
 aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	     struct rte_crypto_op *op)
 {
-	struct aesni_gcm_session *sess = NULL;
-	uint32_t driver_id =
-	    ipsec_mb_get_driver_id(IPSEC_MB_PMD_TYPE_AESNI_GCM);
+	struct rte_cryptodev_sym_session *sess = NULL;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct aesni_gcm_session *)
-			    get_sym_session_private_data(sym_op->session,
-							 driver_id);
+			sess = sym_op->session;
 	} else {
-		void *_sess;
-		void *_sess_private_data = NULL;
-
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (rte_mempool_get(qp->sess_mp, (void **)&sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
+		if (unlikely(sess->sess_data_sz <
+				sizeof(struct aesni_gcm_session))) {
+			rte_mempool_put(qp->sess_mp, sess);
 			return NULL;
-
-		sess = (struct aesni_gcm_session *)_sess_private_data;
+		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				 _sess_private_data, sym_op->xform) != 0)) {
-			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
+				(void *)sess->driver_priv_data,
+				sym_op->xform) != 0)) {
+			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sym_op->session = sess;
 	}
 
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return sess;
+	return (void *)sess->driver_priv_data;
 }
 
 static uint16_t
@@ -712,22 +699,15 @@ aesni_gmac_sgl_verify(struct aesni_gcm_session *s,
 
 /** Process CPU crypto bulk operations */
 static uint32_t
-aesni_gcm_process_bulk(struct rte_cryptodev *dev,
+aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			struct rte_cryptodev_sym_session *sess,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s;
+	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
-	s = (struct aesni_gcm_session *) get_sym_session_private_data(sess,
-		dev->driver_id);
-	if (unlikely(s == NULL)) {
-		aesni_gcm_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 6d5d3ce8eb..f03235dfee 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1710,8 +1710,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 {
 	struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data;
 	struct aesni_mb_session *sess = NULL;
-	uint32_t driver_id = ipsec_mb_get_driver_id(
-						IPSEC_MB_PMD_TYPE_AESNI_MB);
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
 	uint8_t is_docsis_sec = 0;
@@ -1725,15 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-	{
-		sess = get_sym_session_private_data(op->sym->session,
-						driver_id);
-	}
-
-	if (unlikely(sess == NULL)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
-		return op;
-	}
+		sess = (void *)op->sym->session->driver_priv_data;
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -1771,10 +1761,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_mb_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -1962,7 +1948,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	return processed_jobs;
 }
 
-
+#if 0
 static inline void
 ipsec_mb_fill_error_code(struct rte_crypto_sym_vec *vec, int32_t err)
 {
@@ -1971,6 +1957,7 @@ ipsec_mb_fill_error_code(struct rte_crypto_sym_vec *vec, int32_t err)
 	for (i = 0; i != vec->num; ++i)
 		vec->status[i] = err;
 }
+#endif
 
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
@@ -2028,7 +2015,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
 }
 
 static uint32_t
-aesni_mb_process_bulk(struct rte_cryptodev *dev,
+aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
 	struct rte_crypto_sym_vec *vec)
 {
@@ -2037,15 +2024,9 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s;
+	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
-	s = get_sym_session_private_data(sess, dev->driver_id);
-	if (s == NULL) {
-		ipsec_mb_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
index d953d6e5f5..97e7cef233 100644
--- a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
+++ b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
@@ -290,10 +290,6 @@ handle_completed_chacha20_poly1305_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct chacha20_poly1305_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index c9d4f9d0ae..b2fb168154 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -231,11 +231,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct kasumi_session));
-			memset(
-			    ops[i]->sym->session, 0,
-			    rte_cryptodev_sym_get_existing_header_session_size(
-				ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -287,8 +282,9 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct kasumi_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct kasumi_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 	return processed_op;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 9a85f46721..f052d6d847 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -362,10 +362,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct snow3g_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -417,8 +413,9 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct snow3g_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct snow3g_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index e36c7092d6..92fd9d1808 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -239,10 +239,6 @@ process_ops(struct rte_crypto_op **ops, enum ipsec_mb_operation op_type,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(sessions[i], 0, sizeof(struct zuc_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index eb7616257e..46ea507cf5 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -171,14 +171,13 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  struct rte_cryptodev_sym_session *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data =
+		(void *)session->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -189,17 +188,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -239,8 +230,6 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
@@ -250,16 +239,13 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
@@ -369,8 +355,8 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess = get_sym_session_private_data
-				(op->sym->session, mlx5_crypto_driver_id);
+	struct mlx5_crypto_session *sess =
+		(void *)op->sym->session->driver_priv_data;
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..bb86f671a4 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -597,13 +597,7 @@ mrvl_request_prepare_crp(struct sam_cio_op_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sym_session_private_data(
-					     op->sym->session,
-					     cryptodev_driver_id);
-	if (unlikely(sess == NULL)) {
-		MRVL_LOG(ERR, "Session was not created for this device!");
-		return -EINVAL;
-	}
+	sess = (struct mrvl_crypto_session *)op->sym->session->data;
 
 	request->sa = sess->sam_sess;
 	request->cookie = op;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index f828dc9db5..214c0fcb08 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -736,8 +736,7 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	void *sess_private_data;
@@ -748,23 +747,15 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
+	sess_private_data = sess->data;
 	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
 
 	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
 	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
@@ -791,8 +782,7 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = sess->data;
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
@@ -803,11 +793,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
 			MRVL_LOG(ERR, "Error while destroying session!");
 		}
-
-		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index cb5393d2f1..505024a810 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -530,24 +530,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 }
 
 static int
-nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
+nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
-	void *mp_obj;
-	struct nitrox_crypto_ctx *ctx;
+	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -585,38 +577,23 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
+	ctx->iova = sess->driver_priv_data_iova;
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
-{
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
-}
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev __rte_unused,
+			  struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct nitrox_crypto_ctx *
 get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return get_sym_session_private_data(op->sym->session,
-							   nitrox_sym_drv_id);
+			return (void *)op->sym->session->driver_priv_data;
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 9ecb434fd0..09aac3065e 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -58,7 +58,7 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(op->sym->session, 0,
 				sizeof(struct null_crypto_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
@@ -78,30 +78,21 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
 			sess = (struct null_crypto_session *)
-					get_sym_session_private_data(
-					sym_op->session, cryptodev_driver_id);
+				sym_op->session->driver_priv_data;
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct null_crypto_session *)_sess_private_data;
+		sess = (struct null_crypto_session *)_sess->driver_priv_data;
 
 		if (unlikely(null_crypto_set_session_parameters(sess,
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+		sym_op->session = _sess;
 	}
 
 	return sess;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 90a675dfff..fb43d3f7b5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -233,7 +233,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -256,8 +255,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -267,43 +265,22 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops pmd_ops = {
 		.dev_configure		= null_crypto_pmd_config,
diff --git a/drivers/crypto/null/null_crypto_pmd_private.h b/drivers/crypto/null/null_crypto_pmd_private.h
index 89c4345b6f..ae34ce6671 100644
--- a/drivers/crypto/null/null_crypto_pmd_private.h
+++ b/drivers/crypto/null/null_crypto_pmd_private.h
@@ -31,8 +31,6 @@ struct null_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 } __rte_cache_aligned;
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 7aee67ab09..cd5ebc2af6 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,25 +242,19 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
+	void *priv = (void *)sess->driver_priv_data;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
@@ -301,9 +294,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
+	misc->ctx_dma_addr = sess->driver_priv_data_iova +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -316,17 +307,14 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
+	void *priv = (void *)sess->driver_priv_data;
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
 	if (priv == NULL)
@@ -336,35 +324,26 @@ sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
 	ctx = SESS_PRIV(misc);
 
 	rte_free(ctx->auth_key);
-
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
 }
 
 static int
-otx_cpt_session_cfg(struct rte_cryptodev *dev,
+otx_cpt_session_cfg(struct rte_cryptodev *dev __rte_unused,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
+otx_cpt_session_clear(struct rte_cryptodev *dev __rte_unused,
 		  struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -528,10 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)
-			get_sym_session_private_data(sym_op->session,
-						     otx_cryptodev_driver_id);
-
+	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -560,21 +536,18 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(instance->sess_mp);
-	if (sess == NULL) {
+	if (rte_mempool_get(instance->sess_mp, (void **)&sess) < 0) {
 		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	ret = sym_session_configure(sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
@@ -583,12 +556,10 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	/* Enqueue op with the tmp session set */
 	req = otx_cpt_enq_single_sym(instance, op);
 	if (unlikely(req == NULL))
-		goto priv_put;
+		goto sess_put;
 
 	return req;
 
-priv_put:
-	sym_session_clear(driver_id, sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -873,13 +844,9 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = get_sym_session_private_data(
-		cop->sym->session, otx_cryptodev_driver_id);
+	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+
 	memset(sess_private_data_t, 0, cpt_get_session_size());
-	memset(cop->sym->session, 0,
-	       rte_cryptodev_sym_get_existing_header_session_size(
-		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index c34fd9a546..ed6841e460 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -70,8 +70,6 @@ struct openssl_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 392b546a63..48e8ff107b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,10 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (struct openssl_session *)
-						get_sym_session_private_data(
-						op->sym->session,
-						cryptodev_driver_id);
+				sess = (void *)
+					op->sym->session->driver_priv_data;
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
@@ -901,32 +899,26 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 			return asym_sess;
 		}
 	} else {
+		struct rte_cryptodev_sym_session *_sess;
 		/* sessionless asymmetric not supported */
 		if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
 			return NULL;
 
 		/* provide internal session */
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		rte_mempool_get(qp->sess_mp, (void **)&_sess);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct openssl_session *)_sess_private_data;
+		sess = (struct openssl_session *)_sess->driver_priv_data;
 
 		if (unlikely(openssl_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+
 	}
 
 	if (sess == NULL)
@@ -2900,10 +2892,6 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index f7ddbf9c73..2a3662ee5a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -764,7 +764,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -794,10 +793,9 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -805,24 +803,14 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = openssl_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1328,20 +1316,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	openssl_reset_session(sess_priv);
 }
 
 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index db6316fbe9..408ae9e42b 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,12 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = get_sym_session_private_data(op->sym->session,
-				qat_sym_driver_id);
-		if (unlikely(!ctx)) {
-			QAT_DP_LOG(ERR, "No session for this device");
-			return -EINVAL;
-		}
+		ctx = (void *)op->sym->session->driver_priv_data;
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -391,8 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (struct qat_sym_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, qat_sym_driver_id);
+	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 074612c11b..2853ac5b88 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -317,9 +317,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 #endif
 	{
 		sess = (struct qat_sym_session *)
-				get_sym_session_private_data(
-				rx_op->sym->session,
-				qat_sym_driver_id);
+			rx_op->sym->session->driver_priv_data;
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 52b3455cf0..8dd2357702 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -219,22 +219,13 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
+qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (void *)sess->driver_priv_data;
 
-	if (sess_priv) {
-		if (s->bpi_ctx)
-			bpi_cipher_ctx_free(s->bpi_ctx);
-		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (s->bpi_ctx)
+		bpi_cipher_ctx_free(s->bpi_ctx);
 }
 
 static int
@@ -505,35 +496,24 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform,
+			(void *)sess->driver_priv_data,
+			sess->driver_priv_data_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
 
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	ossl_legacy_provider_unload();
 # endif
@@ -542,7 +522,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_cryptodev_private *internals = dev->data->dev_private;
@@ -551,7 +532,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int qat_cmd_id;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 01908abd9e..9e4aab06a6 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -123,12 +123,12 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		struct rte_cryptodev_sym_session *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_private_iova);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index f3a1bd626c..b93821783b 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -468,44 +468,18 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 }
 
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+	struct rte_crypto_sym_xform *xform __rte_unused,
+	struct rte_cryptodev_sym_session *sess __rte_unused)
 {
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-	int ret;
-
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
-		if (ret < 0) {
-			CR_SCHED_LOG(ERR, "unable to config sym session");
-			return ret;
-		}
-	}
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-
-	/* Clear private data of workers */
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		rte_cryptodev_sym_session_clear(worker->dev_id, sess);
-	}
-}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index ed64866758..6b9e57ee66 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,8 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -952,12 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)get_sym_session_private_data(
-		sess, cryptodev_virtio_driver_id);
-	if (session == NULL) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid session parameter");
-		return;
-	}
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1070,10 +1064,6 @@ virtio_crypto_sym_clear_session(
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("Close session %"PRIu64" successfully ",
 			session->session_id);
 
-	memset(session, 0, sizeof(struct virtio_crypto_session));
-	struct rte_mempool *sess_mp = rte_mempool_from_obj(session);
-	set_sym_session_private_data(sess, cryptodev_virtio_driver_id, NULL);
-	rte_mempool_put(sess_mp, session);
 	rte_free(malloc_virt_addr);
 }
 
@@ -1292,11 +1282,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1311,12 +1299,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1328,19 +1313,12 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1402,10 +1380,6 @@ virtio_crypto_sym_configure_session(
 			"Unsupported operation chain order parameter");
 		goto error_out;
 	}
-
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 08359b3a39..b7f492a7f2 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,8 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(struct virtio_crypto_session *)get_sym_session_private_data(
-		cop->sym->session, cryptodev_virtio_driver_id);
+		(void *)cop->sym->session->driver_priv_data;
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index 19af134bbe..bce903e007 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -1479,13 +1478,8 @@ run_single_test(uint8_t dev_id,
 		return ret;
 	}
 
-	sess = rte_cryptodev_sym_session_create(env->sess_pool);
-	if (!sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
-	if (ret < 0) {
+	sess = rte_cryptodev_sym_session_create(dev_id, &xform, env->sess_pool);
+	if (!sess) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
 	}
@@ -1508,8 +1502,7 @@ run_single_test(uint8_t dev_id,
 				1);
 	} while (n_deqd == 0);
 
-	rte_cryptodev_sym_session_clear(dev_id, sess);
-	rte_cryptodev_sym_session_free(sess);
+	rte_cryptodev_sym_session_free(dev_id, sess);
 
 	if (env->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
 		return -1;
@@ -1527,7 +1520,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 	rte_mempool_free(env->mpool);
 	rte_mempool_free(env->op_pool);
 	rte_mempool_free(env->sess_pool);
-	rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1535,7 +1527,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1579,25 +1571,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 8bd5a66889..23878f17cd 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -54,7 +54,6 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
@@ -69,7 +68,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -109,16 +108,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -133,7 +127,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -150,7 +143,6 @@ cryptodev_fips_validate_app_int(void)
 
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 
 	return ret;
@@ -161,11 +153,9 @@ cryptodev_fips_validate_app_uninit(void)
 {
 	rte_pktmbuf_free(env.mbuf);
 	rte_crypto_op_free(env.op);
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
+	rte_cryptodev_sym_session_free(env.dev_id, env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1201,13 +1191,9 @@ fips_run_test(void)
 	if (ret < 0)
 		return ret;
 
-	env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
-	if (!env.sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
-	if (ret < 0) {
+	env.sess = rte_cryptodev_sym_session_create(env.dev_id, &xform,
+			env.sess_mpool);
+	if (!env.sess) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
 		goto exit;
@@ -1236,9 +1222,10 @@ fips_run_test(void)
 	vec.status = env.op->status;
 
 exit:
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
-	env.sess = NULL;
+	if (env.sess) {
+		rte_cryptodev_sym_session_free(env.dev_id, env.sess);
+		env.sess = NULL;
+	}
 
 	return ret;
 }
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8a25b83535..ce4b4ba806 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1693,8 +1693,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = qp_desc_nb;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2523,12 +2521,8 @@ one_session_free(struct rte_ipsec_session *ips)
 		if (ips->crypto.ses == NULL)
 			return 0;
 
-		ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
-						      ips->crypto.ses);
-		if (ret)
-			return ret;
-
-		ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+		ret = rte_cryptodev_sym_session_free(ips->crypto.dev_id,
+				ips->crypto.ses);
 	} else {
 		/* Session has not been created */
 		if (ips->security.ctx == NULL || ips->security.ses == NULL)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 7b7bfff696..bb84dcec7e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -174,11 +174,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 
 		}
 		ips->crypto.dev_id = cdev_id;
-		ips->crypto.ses = rte_cryptodev_sym_session_create(
-				skt_ctx->session_pool);
-		rte_cryptodev_sym_session_init(cdev_id,
-				ips->crypto.ses, sa->xforms,
-				skt_ctx->session_priv_pool);
+		ips->crypto.ses = rte_cryptodev_sym_session_create(cdev_id,
+				sa->xforms, skt_ctx->session_pool);
 
 		rte_cryptodev_info_get(cdev_id, &cdev_info);
 	}
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bf4b862379..b555e63ff6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -228,7 +228,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -675,7 +674,6 @@ static struct rte_cryptodev_sym_session *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -697,17 +695,8 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		first_xform = &options->auth_xform;
 	}
 
-	session = rte_cryptodev_sym_session_create(
+	return rte_cryptodev_sym_session_create(cdev_id, first_xform,
 			session_pool_socket[socket_id].sess_mp);
-	if (session == NULL)
-		return NULL;
-
-	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
-		return NULL;
-
-	return session;
 }
 /* >8 End of creation of session. */
 
@@ -2380,13 +2369,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
-		/*
-		 * Two sessions objects are required for each session
-		 * (one for the header, one for the private data)
-		 */
 		if (!strcmp(dev_info.driver_name, "crypto_scheduler")) {
 #ifdef RTE_CRYPTO_SCHEDULER
-			uint32_t nb_workers =
+			/* scheduler session header + 1 session per worker */
+			uint32_t nb_workers = 1 +
 				rte_cryptodev_scheduler_workers_get(cdev_id,
 								NULL);
 
@@ -2395,41 +2381,15 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 				"sess_mp_%u", socket_id);
 
 			session_pool_socket[socket_id].sess_mp =
-					rte_cryptodev_sym_session_pool_create(
-							mp_name,
-							sessions_needed,
-							0, 0, 0, socket_id);
-
+				rte_cryptodev_sym_session_pool_create(
+					mp_name, sessions_needed, max_sess_sz,
+					0, 0, socket_id);
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
 					socket_id);
@@ -2580,8 +2540,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index 7d75623a5e..02987ebd76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+				info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 3dcc3cb7ed..f518a0f89b 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -311,8 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
+
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -337,6 +336,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
+
 /**
  * Clear asymmetric session private data.
  *
@@ -637,28 +637,6 @@ __rte_internal
 void *
 rte_cryptodev_session_event_mdata_get(struct rte_crypto_op *op);
 
-static inline void *
-get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id) {
-	if (unlikely(sess->nb_drivers <= driver_id))
-		return NULL;
-
-	return sess->sess_data[driver_id].data;
-}
-
-static inline void
-set_sym_session_private_data(struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id, void *private_data)
-{
-	if (unlikely(sess->nb_drivers <= driver_id)) {
-		CDEV_LOG_ERR("Set private data for driver %u not allowed\n",
-				driver_id);
-		return;
-	}
-
-	sess->sess_data[driver_id].data = private_data;
-}
-
 /**
  * @internal
  * Cryptodev asymmetric crypto session.
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index c5bfe08b79..019fc0c800 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -39,12 +39,6 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_free,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_session_free,
 	lib.cryptodev.asym.free)
 
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_init,
-	lib.cryptodev.sym.init)
-
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_clear,
-	lib.cryptodev.sym.clear)
-
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_enqueue_burst,
 	lib.cryptodev.enq.burst)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 42f3221052..63b8255a45 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -190,12 +190,9 @@ const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
-/**
- * The private data structure stored in the sym session mempool private data.
- */
 struct rte_cryptodev_sym_session_pool_private_data {
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint16_t sess_data_sz;
+	/**< driver session data size */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
 };
@@ -1202,6 +1199,24 @@ rte_cryptodev_get_qp_status(uint8_t dev_id, uint16_t queue_pair_id)
 	return 0;
 }
 
+static uint8_t
+rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp,
+	uint32_t sess_priv_size)
+{
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (!mp)
+		return 0;
+
+	pool_priv = rte_mempool_get_priv(mp);
+
+	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
+			pool_priv->sess_data_sz < sess_priv_size)
+		return 0;
+
+	return 1;
+}
+
 int
 rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		const struct rte_cryptodev_qp_conf *qp_conf, int socket_id)
@@ -1225,17 +1240,8 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
-		CDEV_LOG_ERR("Invalid mempools\n");
-		return -EINVAL;
-	}
-
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
-		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
 		if (!pool_priv || qp_conf->mp_session->private_data_size <
@@ -1244,13 +1250,9 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 			return -EINVAL;
 		}
 
-		s.nb_drivers = pool_priv->nb_drivers;
-		s.user_data_sz = pool_priv->user_data_sz;
-
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (!rte_cryptodev_sym_is_valid_session_pool(
+			qp_conf->mp_session,
+			rte_cryptodev_sym_get_private_session_size(dev_id))) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1710,53 +1712,6 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 	rte_spinlock_unlock(&rte_cryptodev_cb_lock);
 }
 
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
-{
-	struct rte_cryptodev *dev;
-	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
-			dev_id);
-	uint8_t index;
-	int ret;
-
-	if (!rte_cryptodev_is_valid_dev(dev_id)) {
-		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
-		return -EINVAL;
-	}
-
-	dev = rte_cryptodev_pmd_get_dev(dev_id);
-
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
-		return -EINVAL;
-
-	if (mp->elt_size < sess_priv_sz)
-		return -EINVAL;
-
-	index = dev->driver_id;
-	if (index >= sess->nb_drivers)
-		return -EINVAL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
-
-	if (sess->sess_data[index].refcnt == 0) {
-		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
-		if (ret < 0) {
-			CDEV_LOG_ERR(
-				"dev_id %d failed to configure session details",
-				dev_id);
-			return ret;
-		}
-	}
-
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
-	sess->sess_data[index].refcnt++;
-	return 0;
-}
-
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t user_data_size,
@@ -1766,16 +1721,13 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
 
-	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
-		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
+	obj_sz = sizeof(struct rte_cryptodev_sym_session) + elt_size +
+		user_data_size;
 
+	obj_sz =  RTE_ALIGN_CEIL(obj_sz, RTE_CACHE_LINE_SIZE);
 	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
-			(uint32_t)(sizeof(*pool_priv)),
-			NULL, NULL, NULL, NULL,
+			(uint32_t)(sizeof(*pool_priv)), NULL, NULL,
+			NULL, NULL,
 			socket_id, 0);
 	if (mp == NULL) {
 		CDEV_LOG_ERR("%s(name=%s) failed, rte_errno=%d\n",
@@ -1791,7 +1743,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 		return NULL;
 	}
 
-	pool_priv->nb_drivers = nb_drivers;
+	pool_priv->sess_data_sz = elt_size;
 	pool_priv->user_data_sz = user_data_size;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
@@ -1849,64 +1801,68 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	return mp;
 }
 
-static unsigned int
-rte_cryptodev_sym_session_data_size(struct rte_cryptodev_sym_session *sess)
-{
-	return (sizeof(sess->sess_data[0]) * sess->nb_drivers) +
-			sess->user_data_sz;
-}
-
-static uint8_t
-rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
-{
-	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-
-	if (!mp)
-		return 0;
-
-	pool_priv = rte_mempool_get_priv(mp);
-
-	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
-			pool_priv->nb_drivers != nb_drivers ||
-			mp->elt_size <
-				rte_cryptodev_sym_get_header_session_size()
-				+ pool_priv->user_data_sz)
-		return 0;
-
-	return 1;
-}
-
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mp)
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp)
 {
+	struct rte_cryptodev *dev;
 	struct rte_cryptodev_sym_session *sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
-	if (!rte_cryptodev_sym_is_valid_session_pool(mp)) {
+	uint32_t sess_priv_sz;
+	int ret;
+
+	if (!rte_cryptodev_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	if (xforms == NULL) {
+		CDEV_LOG_ERR("Invalid xform\n");
+		return NULL;
+	}
+
+	sess_priv_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
+	if (!rte_cryptodev_sym_is_valid_session_pool(mp, sess_priv_sz)) {
 		CDEV_LOG_ERR("Invalid mempool\n");
 		return NULL;
 	}
 
-	pool_priv = rte_mempool_get_priv(mp);
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	/* Allocate a session structure from the session pool */
 	if (rte_mempool_get(mp, (void **)&sess)) {
 		CDEV_LOG_ERR("couldn't get object from session mempool");
+		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	sess->nb_drivers = pool_priv->nb_drivers;
+	pool_priv = rte_mempool_get_priv(mp);
+	sess->driver_id = dev->driver_id;
+	sess->sess_data_sz = pool_priv->sess_data_sz;
 	sess->user_data_sz = pool_priv->user_data_sz;
-	sess->opaque_data = 0;
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_cryptodev_sym_session, driver_priv_data);
 
-	/* Clear device session pointer.
-	 * Include the flag indicating presence of user data
-	 */
-	memset(sess->sess_data, 0,
-			rte_cryptodev_sym_session_data_size(sess));
+	if (dev->dev_ops->sym_session_configure == NULL) {
+		rte_errno = ENOTSUP;
+		goto error_exit;
+	}
 
-	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	ret = dev->dev_ops->sym_session_configure(dev, xforms, sess);
+	if (ret < 0) {
+		rte_errno = -ret;
+		goto error_exit;
+	}
+	sess->driver_id = dev->driver_id;
+
+	rte_cryptodev_trace_sym_session_create(dev_id, sess, xforms, mp);
+
+	return (void *)sess;
+error_exit:
+	rte_mempool_put(mp, (void *)sess);
+	return NULL;
 }
 
 int
@@ -1985,11 +1941,15 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_cryptodev *dev;
-	uint8_t driver_id;
+	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (sess == NULL)
+		return -EINVAL;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
@@ -2001,37 +1961,24 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 	if (dev == NULL || sess == NULL)
 		return -EINVAL;
 
-	driver_id = dev->driver_id;
-	if (sess->sess_data[driver_id].refcnt == 0)
-		return 0;
-	if (--sess->sess_data[driver_id].refcnt != 0)
-		return -EBUSY;
+	sess_mp = rte_mempool_from_obj(sess);
+	if (!sess_mp)
+		return -EINVAL;
+	pool_priv = rte_mempool_get_priv(sess_mp);
+
+	if (sess->driver_id != dev->driver_id) {
+		CDEV_LOG_ERR("Session created by driver %u but freed by %u",
+			sess->driver_id, dev->driver_id);
+		return -EINVAL;
+	}
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
 	dev->dev_ops->sym_session_clear(dev, sess);
-
-	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
-	return 0;
-}
-
-int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t i;
-	struct rte_mempool *sess_mp;
-
-	if (sess == NULL)
-		return -EINVAL;
-
-	/* Check that all device private data has been freed */
-	for (i = 0; i < sess->nb_drivers; i++) {
-		if (sess->sess_data[i].refcnt != 0)
-			return -EBUSY;
-	}
+	memset(sess->driver_priv_data, 0, pool_priv->sess_data_sz +
+		pool_priv->user_data_sz);
 
 	/* Return session to mempool */
-	sess_mp = rte_mempool_from_obj(sess);
 	rte_mempool_put(sess_mp, sess);
 
 	rte_cryptodev_trace_sym_session_free(sess);
@@ -2068,33 +2015,6 @@ rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess)
 	return 0;
 }
 
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void)
-{
-	/*
-	 * Header contains pointers to the private data of all registered
-	 * drivers and all necessary information to ensure safely clear
-	 * or free al session.
-	 */
-	struct rte_cryptodev_sym_session s = {0};
-
-	s.nb_drivers = nb_drivers;
-
-	return (unsigned int)(sizeof(s) +
-			rte_cryptodev_sym_session_data_size(&s));
-}
-
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess)
-{
-	if (!sess)
-		return 0;
-	else
-		return (unsigned int)(sizeof(*sess) +
-				rte_cryptodev_sym_session_data_size(sess));
-}
-
 unsigned int
 rte_cryptodev_asym_get_header_session_size(void)
 {
@@ -2141,9 +2061,8 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 
 int
 rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
-					void *data,
-					uint16_t size)
+		struct rte_cryptodev_sym_session *sess, void *data,
+		uint16_t size)
 {
 	if (sess == NULL)
 		return -EINVAL;
@@ -2151,18 +2070,17 @@ rte_cryptodev_sym_session_set_user_data(
 	if (sess->user_data_sz < size)
 		return -ENOMEM;
 
-	rte_memcpy(sess->sess_data + sess->nb_drivers, data, size);
+	rte_memcpy(sess->driver_priv_data + sess->sess_data_sz, data, size);
 	return 0;
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
 {
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
-	return (void *)(sess->sess_data + sess->nb_drivers);
+	return (void *)(sess->driver_priv_data + sess->sess_data_sz);
 }
 
 int
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 56f459c6a0..0c65958f25 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -544,8 +544,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -909,17 +907,21 @@ rte_cryptodev_get_sec_ctx(uint8_t dev_id);
  * has a fixed algo, key, op-type, digest_len etc.
  */
 struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint8_t driver_id;
 	uint64_t opaque_data;
 	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
 	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[];
-	/**< Driver specific session material, variable size */
+	/**< session user data will be placed after sess data */
+	rte_iova_t driver_priv_data_iova;
+	/**< session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
 };
 
 /**
@@ -954,6 +956,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t priv_size,
 	int socket_id);
 
+
 /**
  * Create an asymmetric session mempool.
  *
@@ -980,17 +983,22 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t cache_size, uint16_t user_data_size, int socket_id);
 
 /**
- * Create symmetric crypto session header (generic with no private data)
+ * Create symmetric crypto session and fill out private data for the device id,
+ * based on its device type.
+ *
+ * @param   dev_id   ID of device that we want the session to be used on
+ * @param   xforms   Symmetric crypto transform operations to apply on flow
+ *                   processed with this session
+ * @param   mempool  Mempool where the private data is allocated.
  *
- * @param   mempool    Symmetric session mempool to allocate session
- *                     objects from
  * @return
- *  - On success return pointer to sym-session
- *  - On failure returns NULL
+ *  - On success return pointer to sym-session.
+ *  - On failure returns NULL.
  */
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
-
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp);
 /**
  * Create and initialise an asymmetric crypto session structure.
  * Calls the PMD to configure the private session data.
@@ -1015,19 +1023,20 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 		void **session);
 
 /**
- * Frees symmetric crypto session header, after checking that all
- * the device private data has been freed, returning it
- * to its original mempool.
+ * Frees session for the device id and returning it to its mempool.
+ * It is the application's responsibility to ensure that the session
+ * is not still in-flight operations using it.
  *
+ * @param   dev_id   ID of device that uses the session.
  * @param   sess     Session header to be freed.
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
- *  - -EBUSY if not all device private data has been freed.
+ *  - -EINVAL if session is NULL or the mismatched device ids.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1044,72 +1053,6 @@ __rte_experimental
 int
 rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess);
 
-/**
- * Fill out private data for the device id, based on its device type.
- *
- * @param   dev_id   ID of device that we want the session to be used on
- * @param   sess     Session where the private data will be attached to
- * @param   xforms   Symmetric crypto transform operations to apply on flow
- *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
- *
- * @return
- *  - On success, zero.
- *  - -EINVAL if input parameters are invalid.
- *  - -ENOTSUP if crypto device does not support the crypto transform or
- *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
- */
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
-
-/**
- * Frees private data for the device id, based on its device type,
- * returning it to its mempool. It is the application's responsibility
- * to ensure that private session data is not cleared while there are
- * still in-flight operations using it.
- *
- * @param   dev_id   ID of device that uses the session.
- * @param   sess     Session containing the reference to the private data
- *
- * @return
- *  - 0 if successful.
- *  - -EINVAL if device is invalid or session is NULL.
- *  - -ENOTSUP if crypto device does not support symmetric operations.
- */
-int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
-
-/**
- * Get the size of the header session, for all registered drivers excluding
- * the user data size.
- *
- * @return
- *   Size of the symmetric header session.
- */
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void);
-
-/**
- * Get the size of the header session from created session.
- *
- * @param sess
- *   The sym cryptodev session pointer
- *
- * @return
- *   - If sess is not NULL, return the size of the header session including
- *   the private data size defined within sess.
- *   - If sess is NULL, return 0.
- */
-__rte_experimental
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess);
-
 /**
  * Get the size of the asymmetric session header.
  *
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index a3f6048e7d..055c44fb22 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -74,13 +73,16 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
-	rte_trace_point_emit_ptr(mempool);
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
+		struct rte_cryptodev_sym_session *sess, void *xforms,
+		void *mempool),
+	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
+	rte_trace_point_emit_u8(sess->driver_id);
 	rte_trace_point_emit_u16(sess->user_data_sz);
+	rte_trace_point_emit_ptr(xforms);
+	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
@@ -117,27 +119,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_ptr(sess);
 )
 
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_init,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
-	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
-)
-
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_clear,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-)
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 5aee87c6f7..6fcf6ae985 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -38,12 +38,9 @@ DPDK_23 {
 	rte_cryptodev_sym_capability_check_auth;
 	rte_cryptodev_sym_capability_check_cipher;
 	rte_cryptodev_sym_capability_get;
-	rte_cryptodev_sym_get_header_session_size;
 	rte_cryptodev_sym_get_private_session_size;
-	rte_cryptodev_sym_session_clear;
 	rte_cryptodev_sym_session_create;
 	rte_cryptodev_sym_session_free;
-	rte_cryptodev_sym_session_init;
 
 	local: *;
 };
@@ -60,7 +57,6 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-	rte_cryptodev_sym_get_existing_header_session_size;
 	rte_cryptodev_sym_session_get_user_data;
 	rte_cryptodev_sym_session_pool_create;
 	rte_cryptodev_sym_session_set_user_data;
@@ -78,8 +74,6 @@ EXPERIMENTAL {
 	__rte_cryptodev_trace_asym_session_create;
 	__rte_cryptodev_trace_sym_session_free;
 	__rte_cryptodev_trace_asym_session_free;
-	__rte_cryptodev_trace_sym_session_init;
-	__rte_cryptodev_trace_sym_session_clear;
 	__rte_cryptodev_trace_dequeue_burst;
 	__rte_cryptodev_trace_enqueue_burst;
 
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index b1310be565..cb792bbe0d 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1898,17 +1898,11 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		}
 	}
 
-	session = rte_cryptodev_sym_session_create(cfg->mp_create);
+	session = rte_cryptodev_sym_session_create(cfg->cryptodev_id,
+			p->xform, cfg->mp_create);
 	if (!session)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
-	if (ret < 0) {
-		rte_cryptodev_sym_session_free(session);
-		return ret;
-	}
-
 	data->data_offset = (uint16_t)p->data_offset;
 	data->session = session;
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index b49e389579..2b01ecda08 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -54,8 +54,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -65,7 +63,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 54946f46d9..7321da21b7 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -197,7 +197,6 @@ struct vhost_crypto {
 	struct rte_hash *session_map;
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *wb_pool;
 
 	/** DPDK cryptodev ID */
@@ -376,31 +375,21 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	session = rte_cryptodev_sym_session_create(vcrypto->sess_pool);
+	session = rte_cryptodev_sym_session_create(vcrypto->cid, &xform1,
+			vcrypto->sess_pool);
 	if (!session) {
 		VC_LOG_ERR("Failed to create session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
-		VC_LOG_ERR("Failed to initialize session");
-		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
-		return;
-	}
-
 	/* insert hash to map */
 	if (rte_hash_add_key_data(vcrypto->session_map,
 			&vcrypto->last_session_id, session) < 0) {
 		VC_LOG_ERR("Failed to insert session to hash table");
 
-		if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0)
-			VC_LOG_ERR("Failed to clear session");
-		else {
-			if (rte_cryptodev_sym_session_free(session) < 0)
-				VC_LOG_ERR("Failed to free session");
-		}
+		if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0)
+			VC_LOG_ERR("Failed to free session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
@@ -427,12 +416,7 @@ vhost_crypto_close_sess(struct vhost_crypto *vcrypto, uint64_t session_id)
 		return -VIRTIO_CRYPTO_INVSESS;
 	}
 
-	if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0) {
-		VC_LOG_DBG("Failed to clear session");
-		return -VIRTIO_CRYPTO_ERR;
-	}
-
-	if (rte_cryptodev_sym_session_free(session) < 0) {
+	if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0) {
 		VC_LOG_DBG("Failed to free session");
 		return -VIRTIO_CRYPTO_ERR;
 	}
@@ -1393,7 +1377,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1415,7 +1398,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 2/6] crypto/scheduler: use unified session
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
  2022-09-21 15:02   ` [PATCH v2 1/6] cryptodev: rework session framework Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-22 14:04     ` Ji, Kai
  2022-09-21 15:02   ` [PATCH v2 3/6] cryptodev: hide sym session structure Akhil Goyal
                     ` (6 subsequent siblings)
  8 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Fan Zhang, Akhil Goyal

From: Fan Zhang <roy.fan.zhang@intel.com>

This patch updates the scheduler PMD to use unified session
data structure. Previously thanks to the private session
array in cryptodev sym session there are no necessary
change needed for scheduler PMD other than the way ops
are enqueued/dequeued. The patch inherits the same design
in the original session data structure to the scheduler PMD
so the cryptodev sym session can be as a linear buffer for
both session header and driver private data.

With the change there are inevitable extra cost on both memory
(64 bytes per session per driver type) and cycle count (set
the correct session for each cop based on the worker before
enqueue, and retrieve the original session after dequeue).

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/scheduler/scheduler_failover.c |  19 ++-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +++
 .../scheduler/scheduler_pkt_size_distr.c      |  84 +++++++++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  | 107 +++++++++++++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 +++++++++++++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 6 files changed, 318 insertions(+), 40 deletions(-)

diff --git a/drivers/crypto/scheduler/scheduler_failover.c b/drivers/crypto/scheduler/scheduler_failover.c
index 2a0e29fa72..7fadcf66d0 100644
--- a/drivers/crypto/scheduler/scheduler_failover.c
+++ b/drivers/crypto/scheduler/scheduler_failover.c
@@ -16,18 +16,19 @@
 struct fo_scheduler_qp_ctx {
 	struct scheduler_worker primary_worker;
 	struct scheduler_worker secondary_worker;
+	uint8_t primary_worker_index;
+	uint8_t secondary_worker_index;
 
 	uint8_t deq_idx;
 };
 
 static __rte_always_inline uint16_t
 failover_worker_enqueue(struct scheduler_worker *worker,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
+		struct rte_crypto_op **ops, uint16_t nb_ops, uint8_t index)
 {
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
+	scheduler_set_worker_session(ops, nb_ops, index);
 
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
@@ -47,13 +48,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		return 0;
 
 	enqueued_ops = failover_worker_enqueue(&qp_ctx->primary_worker,
-			ops, nb_ops);
+			ops, nb_ops, PRIMARY_WORKER_IDX);
 
 	if (enqueued_ops < nb_ops)
 		enqueued_ops += failover_worker_enqueue(
 				&qp_ctx->secondary_worker,
 				&ops[enqueued_ops],
-				nb_ops - enqueued_ops);
+				nb_ops - enqueued_ops,
+				SECONDARY_WORKER_IDX);
 
 	return enqueued_ops;
 }
@@ -94,7 +96,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	qp_ctx->deq_idx = (~qp_ctx->deq_idx) & WORKER_SWITCH_MASK;
 
 	if (nb_deq_ops == nb_ops)
-		return nb_deq_ops;
+		goto retrieve_session;
 
 	worker = workers[qp_ctx->deq_idx];
 
@@ -104,6 +106,9 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		worker->nb_inflight_cops -= nb_deq_ops2;
 	}
 
+retrieve_session:
+	scheduler_retrieve_session(ops, nb_deq_ops + nb_deq_ops2);
+
 	return nb_deq_ops + nb_deq_ops2;
 }
 
diff --git a/drivers/crypto/scheduler/scheduler_multicore.c b/drivers/crypto/scheduler/scheduler_multicore.c
index 900ab4049d..3dea850661 100644
--- a/drivers/crypto/scheduler/scheduler_multicore.c
+++ b/drivers/crypto/scheduler/scheduler_multicore.c
@@ -183,11 +183,19 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 
 	while (!mc_ctx->stop_signal) {
 		if (pending_enq_ops) {
+			scheduler_set_worker_session(
+				&enq_ops[pending_enq_ops_idx], pending_enq_ops,
+				worker_idx);
 			processed_ops =
 				rte_cryptodev_enqueue_burst(worker->dev_id,
 					worker->qp_id,
 					&enq_ops[pending_enq_ops_idx],
 					pending_enq_ops);
+			if (processed_ops < pending_deq_ops)
+				scheduler_retrieve_session(
+					&enq_ops[pending_enq_ops_idx +
+						processed_ops],
+					pending_deq_ops - processed_ops);
 			pending_enq_ops -= processed_ops;
 			pending_enq_ops_idx += processed_ops;
 			inflight_ops += processed_ops;
@@ -195,9 +203,16 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 			processed_ops = rte_ring_dequeue_burst(enq_ring, (void *)enq_ops,
 							MC_SCHED_BUFFER_SIZE, NULL);
 			if (processed_ops) {
+				scheduler_set_worker_session(enq_ops,
+					processed_ops, worker_idx);
 				pending_enq_ops_idx = rte_cryptodev_enqueue_burst(
 						worker->dev_id, worker->qp_id,
 						enq_ops, processed_ops);
+				if (pending_enq_ops_idx < processed_ops)
+					scheduler_retrieve_session(
+						enq_ops + pending_enq_ops_idx,
+						processed_ops -
+						pending_enq_ops_idx);
 				pending_enq_ops = processed_ops - pending_enq_ops_idx;
 				inflight_ops += pending_enq_ops_idx;
 			}
@@ -214,6 +229,8 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 					worker->dev_id, worker->qp_id, deq_ops,
 					MC_SCHED_BUFFER_SIZE);
 			if (processed_ops) {
+				scheduler_retrieve_session(deq_ops,
+					processed_ops);
 				inflight_ops -= processed_ops;
 				if (reordering_enabled) {
 					uint16_t j;
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 933a5c6978..9204f6f608 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -48,34 +48,54 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	};
 	struct psd_schedule_op *p_enq_op;
 	uint16_t i, processed_ops_pri = 0, processed_ops_sec = 0;
-	uint32_t job_len;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
 	for (i = 0; i < nb_ops && i < 4; i++) {
 		rte_prefetch0(ops[i]->sym);
-		rte_prefetch0(ops[i]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 	}
 
 	for (i = 0; (i < (nb_ops - 8)) && (nb_ops > 8); i += 4) {
+		struct scheduler_session_ctx *sess_ctx[4];
+		uint8_t target[4];
+		uint32_t job_len[4];
+
 		rte_prefetch0(ops[i + 4]->sym);
-		rte_prefetch0(ops[i + 4]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 4]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 5]->sym);
-		rte_prefetch0(ops[i + 5]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 5]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 6]->sym);
-		rte_prefetch0(ops[i + 6]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 6]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 7]->sym);
-		rte_prefetch0(ops[i + 7]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
+
+		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
+		sess_ctx[1] =
+			(void *)ops[i + 1]->sym->session->driver_priv_data;
+		sess_ctx[2] =
+			(void *)ops[i + 2]->sym->session->driver_priv_data;
+		sess_ctx[3] =
+			(void *)ops[i + 3]->sym->session->driver_priv_data;
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
 		 */
-		job_len = ops[i]->sym->cipher.data.length;
-		job_len += (ops[i]->sym->cipher.data.length == 0) *
+		job_len[0] = ops[i]->sym->cipher.data.length;
+		job_len[0] += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
 		/* decide the target op based on the job length */
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[0] = !(job_len[0] & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session =
+				sess_ctx[0]->worker_sess[target[0]];
+		p_enq_op = &enq_ops[target[0]];
 
 		/* stop schedule cops before the queue is full, this shall
 		 * prevent the failed enqueue
@@ -89,10 +109,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i];
 		p_enq_op->pos++;
 
-		job_len = ops[i+1]->sym->cipher.data.length;
-		job_len += (ops[i+1]->sym->cipher.data.length == 0) *
+		job_len[1] = ops[i + 1]->sym->cipher.data.length;
+		job_len[1] += (ops[i + 1]->sym->cipher.data.length == 0) *
 				ops[i+1]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[1] = !(job_len[1] & psd_qp_ctx->threshold);
+		if (ops[i + 1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 1]->sym->session =
+				sess_ctx[1]->worker_sess[target[1]];
+		p_enq_op = &enq_ops[target[1]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -103,10 +127,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+1];
 		p_enq_op->pos++;
 
-		job_len = ops[i+2]->sym->cipher.data.length;
-		job_len += (ops[i+2]->sym->cipher.data.length == 0) *
-				ops[i+2]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[2] = ops[i + 2]->sym->cipher.data.length;
+		job_len[2] += (ops[i + 2]->sym->cipher.data.length == 0) *
+				ops[i + 2]->sym->auth.data.length;
+		target[2] = !(job_len[2] & psd_qp_ctx->threshold);
+		if (ops[i + 2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 2]->sym->session =
+				sess_ctx[2]->worker_sess[target[2]];
+		p_enq_op = &enq_ops[target[2]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -117,10 +145,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+2];
 		p_enq_op->pos++;
 
-		job_len = ops[i+3]->sym->cipher.data.length;
-		job_len += (ops[i+3]->sym->cipher.data.length == 0) *
-				ops[i+3]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[3] = ops[i + 3]->sym->cipher.data.length;
+		job_len[3] += (ops[i + 3]->sym->cipher.data.length == 0) *
+				ops[i + 3]->sym->auth.data.length;
+		target[3] = !(job_len[3] & psd_qp_ctx->threshold);
+		if (ops[i + 3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 3]->sym->session =
+				sess_ctx[1]->worker_sess[target[3]];
+		p_enq_op = &enq_ops[target[3]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -133,10 +165,18 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	}
 
 	for (; i < nb_ops; i++) {
+		struct scheduler_session_ctx *sess_ctx =
+			(void *)ops[i]->sym->session->driver_priv_data;
+		uint32_t job_len;
+		uint8_t target;
+
 		job_len = ops[i]->sym->cipher.data.length;
 		job_len += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target = !(job_len & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session = sess_ctx->worker_sess[target];
+		p_enq_op = &enq_ops[target];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -199,6 +239,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	if (worker->nb_inflight_cops) {
 		nb_deq_ops_pri = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+		scheduler_retrieve_session(ops, nb_deq_ops_pri);
 		worker->nb_inflight_cops -= nb_deq_ops_pri;
 	}
 
@@ -213,6 +254,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		nb_deq_ops_sec = rte_cryptodev_dequeue_burst(worker->dev_id,
 				worker->qp_id, &ops[nb_deq_ops_pri],
 				nb_ops - nb_deq_ops_pri);
+		scheduler_retrieve_session(ops, nb_deq_ops_sec);
 		worker->nb_inflight_cops -= nb_deq_ops_sec;
 
 		if (!worker->nb_inflight_cops)
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index b93821783b..2bc3f5dd27 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -9,6 +9,7 @@
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
 #include <rte_reorder.h>
+#include <rte_errno.h>
 
 #include "scheduler_pmd_private.h"
 
@@ -467,19 +468,113 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 	return max_priv_sess_size;
 }
 
+struct scheduler_configured_sess_info {
+	uint8_t dev_id;
+	uint8_t driver_id;
+	struct rte_cryptodev_sym_session *sess;
+};
+
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
-	struct rte_crypto_sym_xform *xform __rte_unused,
-	struct rte_cryptodev_sym_session *sess __rte_unused)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
+	struct rte_crypto_sym_xform *xform,
+	struct rte_cryptodev_sym_session *sess)
 {
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct rte_mempool *mp = rte_mempool_from_obj(sess);
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info configured_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_configured_sess = 0;
+	int ret = 0;
+
+	if (mp == NULL)
+		return -EINVAL;
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		struct rte_cryptodev_sym_session *worker_sess;
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_configured_sess; j++) {
+			if (configured_sess[j].driver_id ==
+					worker->driver_id) {
+				sess_ctx->worker_sess[i] =
+					configured_sess[j].sess;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		if (rte_mempool_avail_count(mp) == 0) {
+			ret = -ENOMEM;
+			goto error_exit;
+		}
+
+		worker_sess = rte_cryptodev_sym_session_create(worker->dev_id,
+			xform, mp);
+		if (worker_sess == NULL) {
+			ret = -rte_errno;
+			goto error_exit;
+		}
+
+		worker_sess->opaque_data = (uint64_t)sess;
+		sess_ctx->worker_sess[i] = worker_sess;
+		configured_sess[n_configured_sess].driver_id =
+			worker->driver_id;
+		configured_sess[n_configured_sess].dev_id = worker->dev_id;
+		configured_sess[n_configured_sess].sess = worker_sess;
+		n_configured_sess++;
+	}
+
 	return 0;
+error_exit:
+	sess_ctx->ref_cnt = sched_ctx->ref_cnt;
+	for (i = 0; i < n_configured_sess; i++)
+		rte_cryptodev_sym_session_free(configured_sess[i].dev_id,
+			configured_sess[i].sess);
+	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
-		struct rte_cryptodev_sym_session *sess __rte_unused)
-{}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *sess)
+{
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info deleted_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_deleted_sess = 0;
+
+	if (sched_ctx->ref_cnt != sess_ctx->ref_cnt) {
+		CR_SCHED_LOG(WARNING,
+			"Worker updated between session creation/deletion. "
+			"The session may not be freed fully.");
+	}
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_deleted_sess; j++) {
+			if (deleted_sess[j].driver_id == worker->driver_id) {
+				sess_ctx->worker_sess[i] = NULL;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		rte_cryptodev_sym_session_free(worker->dev_id,
+			sess_ctx->worker_sess[i]);
+
+		deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
+		sess_ctx->worker_sess[i] = NULL;
+	}
+}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 4d33b9ab44..0e508727a4 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -22,7 +22,6 @@ struct scheduler_worker {
 	uint8_t dev_id;
 	uint16_t qp_id;
 	uint32_t nb_inflight_cops;
-
 	uint8_t driver_id;
 };
 
@@ -37,6 +36,8 @@ struct scheduler_ctx {
 
 	struct scheduler_worker workers[RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
 	uint32_t nb_workers;
+	/* reference count when the workers are incremented/decremented */
+	uint32_t ref_cnt;
 
 	enum rte_cryptodev_scheduler_mode mode;
 
@@ -61,6 +62,11 @@ struct scheduler_qp_ctx {
 	struct rte_ring *order_ring;
 } __rte_cache_aligned;
 
+struct scheduler_session_ctx {
+	uint32_t ref_cnt;
+	struct rte_cryptodev_sym_session *worker_sess[
+		RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
+};
 
 extern uint8_t cryptodev_scheduler_driver_id;
 
@@ -101,6 +107,118 @@ scheduler_order_drain(struct rte_ring *order_ring,
 	return nb_ops_to_deq;
 }
 
+static __rte_always_inline void
+scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
+		uint8_t worker_index)
+{
+	struct rte_crypto_op **op = ops;
+	uint16_t n = nb_ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[1]->sym->session->driver_priv_data;
+			op[1]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[2]->sym->session->driver_priv_data;
+			op[2]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[3]->sym->session->driver_priv_data;
+			op[3]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+			op++;
+		}
+	}
+}
+
+static __rte_always_inline void
+scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	uint16_t n = nb_ops;
+	struct rte_crypto_op **op = ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[1]->sym->session =
+				(void *)op[1]->sym->session->opaque_data;
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[2]->sym->session =
+				(void *)op[2]->sym->session->opaque_data;
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[3]->sym->session =
+				(void *)op[3]->sym->session->opaque_data;
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		op++;
+	}
+}
+
 /** device specific operations function pointer structure */
 extern struct rte_cryptodev_ops *rte_crypto_scheduler_pmd_ops;
 
diff --git a/drivers/crypto/scheduler/scheduler_roundrobin.c b/drivers/crypto/scheduler/scheduler_roundrobin.c
index ace2dec2ec..ad3f8b842a 100644
--- a/drivers/crypto/scheduler/scheduler_roundrobin.c
+++ b/drivers/crypto/scheduler/scheduler_roundrobin.c
@@ -23,16 +23,17 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 			((struct scheduler_qp_ctx *)qp)->private_qp_ctx;
 	uint32_t worker_idx = rr_qp_ctx->last_enq_worker_idx;
 	struct scheduler_worker *worker = &rr_qp_ctx->workers[worker_idx];
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
-
+	scheduler_set_worker_session(ops, nb_ops, worker_idx);
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+	if (processed_ops < nb_ops)
+		scheduler_retrieve_session(ops + processed_ops,
+			nb_ops - processed_ops);
 
 	worker->nb_inflight_cops += processed_ops;
 
@@ -86,7 +87,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	nb_deq_ops = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
-
+	scheduler_retrieve_session(ops, nb_deq_ops);
 	last_worker_idx += 1;
 	last_worker_idx %= rr_qp_ctx->nb_workers;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 3/6] cryptodev: hide sym session structure
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
  2022-09-21 15:02   ` [PATCH v2 1/6] cryptodev: rework session framework Akhil Goyal
  2022-09-21 15:02   ` [PATCH v2 2/6] crypto/scheduler: use unified session Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-22 13:49     ` Ji, Kai
  2022-09-21 15:02   ` [PATCH v2 4/6] security: remove priv mempool usage Akhil Goyal
                     ` (5 subsequent siblings)
  8 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal, Fan Zhang

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 app/test/test_ipsec_perf.c                    |  4 +-
 doc/guides/prog_guide/cryptodev_lib.rst       | 16 ++----
 doc/guides/rel_notes/deprecation.rst          |  9 +++
 doc/guides/rel_notes/release_22_11.rst        |  7 +++
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  5 +-
 drivers/crypto/caam_jr/caam_jr.c              | 10 ++--
 drivers/crypto/ccp/ccp_crypto.c               | 30 +++++-----
 drivers/crypto/ccp/ccp_pmd_ops.c              |  2 +-
 drivers/crypto/ccp/rte_ccp_pmd.c              |  4 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  8 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      | 10 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  4 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  2 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   | 11 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  9 ++-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  4 +-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  6 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  2 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |  2 +-
 drivers/crypto/mlx5/mlx5_crypto.c             |  7 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  6 +-
 drivers/crypto/null/null_crypto_pmd.c         |  3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  2 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c   | 10 ++--
 drivers/crypto/openssl/rte_openssl_pmd.c      |  4 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  3 +-
 drivers/crypto/qat/qat_sym_session.c          |  6 +-
 .../scheduler/scheduler_pkt_size_distr.c      | 13 ++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  4 +-
 .../crypto/scheduler/scheduler_pmd_private.h  | 30 +++++-----
 drivers/crypto/virtio/virtio_cryptodev.c      |  4 +-
 drivers/crypto/virtio/virtio_rxtx.c           |  2 +-
 examples/fips_validation/fips_dev_self_test.c | 10 ++--
 lib/cryptodev/cryptodev_pmd.h                 | 32 +++++++++++
 lib/cryptodev/rte_crypto.h                    |  3 +-
 lib/cryptodev/rte_crypto_sym.h                |  7 +--
 lib/cryptodev/rte_cryptodev.c                 | 16 ++++--
 lib/cryptodev/rte_cryptodev.h                 | 56 +++++++++----------
 lib/cryptodev/rte_cryptodev_trace.h           |  8 +--
 lib/ipsec/rte_ipsec_group.h                   |  5 +-
 lib/ipsec/ses.c                               |  3 +-
 47 files changed, 208 insertions(+), 189 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index b5d0c2e036..b221b7fc32 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -227,7 +227,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	void *dummy_ses = NULL;
 	size_t sz;
 	int rc;
 
@@ -247,7 +247,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 9e54683aa1..01aad842a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -125,13 +125,11 @@ Each queue pairs resources may be allocated on a specified socket.
         uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
         struct rte_mempool *mp_session;
         /**< The mempool for creating session in sessionless mode */
-        struct rte_mempool *mp_session_private;
-        /**< The mempool for creating sess private data in sessionless mode */
     };
 
 
-The fields ``mp_session`` and ``mp_session_private`` are used for creating
-temporary session to process the crypto operations in the session-less mode.
+The field ``mp_session`` is used for creating temporary session to process
+the crypto operations in the session-less mode.
 They can be the same other different mempools. Please note not all Cryptodev
 PMDs supports session-less mode.
 
@@ -595,7 +593,7 @@ chain.
         struct rte_mbuf *m_dst;
 
         union {
-            struct rte_cryptodev_sym_session *session;
+            void *session;
             /**< Handle for the initialised session context */
             struct rte_crypto_sym_xform *xform;
             /**< Session-less API Crypto operation parameters */
@@ -943,15 +941,11 @@ using one of the crypto PMDs available in DPDK.
 
     /* Create crypto session and initialize it for the crypto device. */
     struct rte_cryptodev_sym_session *session;
-    session = rte_cryptodev_sym_session_create(session_pool);
+    session = rte_cryptodev_sym_session_create(cdev_id, &cipher_xform,
+                    session_pool);
     if (session == NULL)
         rte_exit(EXIT_FAILURE, "Session could not be created\n");
 
-    if (rte_cryptodev_sym_session_init(cdev_id, session,
-                    &cipher_xform, session_priv_pool) < 0)
-        rte_exit(EXIT_FAILURE, "Session could not be initialized "
-                    "for the crypto device\n");
-
     /* Get a burst of crypto operations. */
     struct rte_crypto_op *crypto_ops[BURST_SIZE];
     if (rte_crypto_op_bulk_alloc(crypto_op_pool,
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index e7583cae4c..ba46b6930f 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -237,3 +237,12 @@ Deprecation Notices
   applications should be updated to use the ``dmadev`` library instead,
   with the underlying HW-functionality being provided by the ``ioat`` or
   ``idxd`` dma drivers
+
+* cryptodev: Hide structure ``rte_cryptodev_sym_session`` to remove unnecessary
+  indirection between session and the private data of session. An opaque pointer
+  can be exposed directly to application which can be attached to the
+  ``rte_crypto_op``.
+
+* cryptodev: The functions ``rte_cryptodev_sym_session_init`` and
+  ``rte_cryptodev_sym_session_clear`` are deprecated. The sym crypto session
+  opaque pointer can no longer be used by different crypto device drivers.
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 7fab9d6550..d6f199573f 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -89,6 +89,13 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* cryptodev: The structure ``rte_cryptodev_sym_session`` was moved to
+  cryptodev_pmd.h and was hidden from the application. The APIs to create/init and
+  destroy sym crypto session were updated to take a single mempool with element size
+  enough to hold session data and session private data. Inline APIs was created to
+  get and set the session data. All sample applications were updated to attach an
+  opaque pointer for the session to the ``rte_crypto_op`` while enqueuing.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index d3334dc920..40813d1fe5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -210,8 +210,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 		BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
-		sess = (struct bcmfs_sym_session *)
-			op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	if (sess == NULL)
@@ -233,7 +232,7 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a9c93dea13..c9c783d19a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1356,8 +1356,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
-		ses = (struct caam_jr_session *)
-			op->sym->session->driver_priv_data;
+		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1699,7 +1698,7 @@ caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
@@ -1716,12 +1715,11 @@ static void
 caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	struct caam_jr_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 	}
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index bd999abe61..b21b32e507 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,7 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1764,7 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1855,7 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1999,7 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2071,7 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2232,7 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2318,7 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2426,7 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2591,7 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2627,7 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2695,7 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2758,8 +2758,7 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)
-			op[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2835,7 +2834,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2909,8 +2908,7 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)
-			op_d[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op_d[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index e401793a76..52f320b02b 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -767,7 +767,7 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index 7502281ad9..c0b016ea36 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,7 +56,7 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
@@ -152,7 +152,7 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
 			struct ccp_session *sess =
-				(void *)ops[i]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 
 			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f96e132513..4648576ff8 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -110,7 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -293,9 +293,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)(
-				((struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -332,7 +330,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index a44f111ba6..5c344a6008 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -69,7 +69,7 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (ret)
 		goto sess_put;
 
-	priv = (void *)sess->driver_priv_data;
+	priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	sym_op->session = sess;
 
@@ -92,7 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -344,9 +344,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)((
-				(struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -383,7 +381,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 018d7fcee8..a5233a942a 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -624,7 +624,7 @@ sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
@@ -693,7 +693,7 @@ cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ca90567620..37a7322e0f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -5,7 +5,7 @@
 #ifndef _CNXK_CRYPTODEV_OPS_H_
 #define _CNXK_CRYPTODEV_OPS_H_
 
-#include <rte_cryptodev.h>
+#include <cryptodev_pmd.h>
 #include <rte_event_crypto_adapter.h>
 
 #include "roc_api.h"
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 5a38d53022..369fa9c81d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,7 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1677,7 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3756,7 +3756,7 @@ dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
@@ -3775,10 +3775,9 @@ dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	dpaa2_sec_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 795be3acc3..8c1e0abb95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,7 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0cc773fba6..ec2fe56d1e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,7 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1924,8 +1924,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (void *)
-					op->sym->session->driver_priv_data;
+				ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2673,7 +2672,7 @@ dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
@@ -2714,7 +2713,7 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	free_session_memory(dev, s);
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d2e4d9d787..93129e7614 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1018,7 +1018,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
-			session_ctx.crypto_sess->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 90ce5bc965..cedcaa2742 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -329,7 +329,7 @@ ipsec_mb_sym_session_configure(
 	}
 
 	ret = (*pmd_data->session_configure)(mb_mgr,
-			(void *)sess->driver_priv_data, xform);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index 14f962ef28..63e6fd58ee 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -434,7 +434,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		}
 
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			goto error_exit;
 		}
@@ -447,7 +447,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 error_exit:
 	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e4f274b608..8d40bd9169 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -468,7 +468,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				(void *)sess->driver_priv_data,
+				CRYPTODEV_GET_SYM_SESS_PRIV(sess),
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
@@ -479,7 +479,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 }
 
 static uint16_t
@@ -704,7 +704,7 @@ aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
+	struct aesni_gcm_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index f03235dfee..1ebfbe1edb 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1723,7 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -2024,7 +2024,7 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
+	struct aesni_mb_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
 	/* get per-thread MB MGR, create one if needed */
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index b2fb168154..705eed9758 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -282,7 +282,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct kasumi_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index f052d6d847..8ed069f428 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -413,7 +413,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct snow3g_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 46ea507cf5..c7d8fa311c 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -175,7 +175,7 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
 	struct mlx5_crypto_session *sess_private_data =
-		(void *)session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(session);
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
 
@@ -239,7 +239,7 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
+	struct mlx5_crypto_session *spriv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
@@ -355,8 +355,7 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess =
-		(void *)op->sym->session->driver_priv_data;
+	struct mlx5_crypto_session *sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 505024a810..dd8457aaa4 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -534,7 +534,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
 			      struct rte_cryptodev_sym_session *sess)
 {
-	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
+	struct nitrox_crypto_ctx *ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
@@ -577,7 +577,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 		goto err;
 	}
 
-	ctx->iova = sess->driver_priv_data_iova;
+	ctx->iova = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess);
 	return 0;
 err:
 	return ret;
@@ -593,7 +593,7 @@ get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return (void *)op->sym->session->driver_priv_data;
+			return CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 09aac3065e..27f750aaca 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -77,8 +77,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct null_crypto_session *)
-				sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	} else {
 		struct rte_cryptodev_sym_session *_sess = NULL;
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index fb43d3f7b5..f07e9c2ea0 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -265,7 +265,7 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index cd5ebc2af6..a5b595c05f 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -248,7 +248,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = sym_xform_verify(xform);
@@ -294,7 +294,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	misc->ctx_dma_addr = sess->driver_priv_data_iova +
+	misc->ctx_dma_addr = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess) +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -313,7 +313,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 static void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct cpt_sess_misc *misc;
 	struct cpt_ctx *ctx;
 
@@ -507,7 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
+	sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -844,7 +844,7 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+	void *sess_private_data_t = CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 
 	memset(sess_private_data_t, 0, cpt_get_session_size());
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 48e8ff107b..6434750147 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,8 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (void *)
-					op->sym->session->driver_priv_data;
+				sess = CRYPTODEV_GET_SYM_SESS_PRIV(
+					op->sym->session);
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2a3662ee5a..defed4429e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -795,7 +795,7 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -1319,7 +1319,7 @@ static void
 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	openssl_reset_session(sess_priv);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 408ae9e42b..d7696822a8 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,7 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = (void *)op->sym->session->driver_priv_data;
+		ctx = (void *)CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -386,7 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
+	ctx = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 2853ac5b88..653df0bf69 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -316,8 +316,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 	} else
 #endif
 	{
-		sess = (struct qat_sym_session *)
-			rx_op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 8dd2357702..c6976f2cdd 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -222,7 +222,7 @@ void
 qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	struct qat_sym_session *s = (void *)sess->driver_priv_data;
+	struct qat_sym_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (s->bpi_ctx)
 		bpi_cipher_ctx_free(s->bpi_ctx);
@@ -505,8 +505,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 #endif
 	ret = qat_sym_session_set_parameters(dev, xform,
-			(void *)sess->driver_priv_data,
-			sess->driver_priv_data_iova);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess),
+			CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 9204f6f608..396cc3723d 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -76,13 +76,10 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
 			sizeof(struct rte_cryptodev_sym_session));
 
-		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
-		sess_ctx[1] =
-			(void *)ops[i + 1]->sym->session->driver_priv_data;
-		sess_ctx[2] =
-			(void *)ops[i + 2]->sym->session->driver_priv_data;
-		sess_ctx[3] =
-			(void *)ops[i + 3]->sym->session->driver_priv_data;
+		sess_ctx[0] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
+		sess_ctx[1] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 1]->sym->session);
+		sess_ctx[2] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 2]->sym->session);
+		sess_ctx[3] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 3]->sym->session);
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
@@ -166,7 +163,7 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	for (; i < nb_ops; i++) {
 		struct scheduler_session_ctx *sess_ctx =
-			(void *)ops[i]->sym->session->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 		uint32_t job_len;
 		uint8_t target;
 
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 2bc3f5dd27..707bb7d8d1 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -481,7 +481,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	struct rte_mempool *mp = rte_mempool_from_obj(sess);
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info configured_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_configured_sess = 0;
@@ -543,7 +543,7 @@ scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info deleted_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_deleted_sess = 0;
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 0e508727a4..41be928dc3 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -131,28 +131,28 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[1]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[1]->sym->session);
 			op[1]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[2]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[2]->sym->session);
 			op[2]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[3]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[3]->sym->session);
 			op[3]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
@@ -164,7 +164,7 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
@@ -195,17 +195,17 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 		}
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[1]->sym->session =
-				(void *)op[1]->sym->session->opaque_data;
+			op[1]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[1]->sym->session);
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[2]->sym->session =
-				(void *)op[2]->sym->session->opaque_data;
+			op[2]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[2]->sym->session);
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[3]->sym->session =
-				(void *)op[3]->sym->session->opaque_data;
+			op[3]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[3]->sym->session);
 
 		op += 4;
 		n -= 4;
@@ -213,8 +213,8 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		op++;
 	}
 }
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 6b9e57ee66..f068283290 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -951,7 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1318,7 +1318,7 @@ virtio_crypto_sym_configure_session(
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index b7f492a7f2..48b5f4ebbb 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,7 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(void *)cop->sym->session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index bce903e007..b17f664a5e 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -980,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1172,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1211,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1250,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1462,7 +1462,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index f518a0f89b..262303f62f 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -132,6 +132,38 @@ struct cryptodev_driver {
 	uint8_t id;
 };
 
+/** Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
+	uint16_t user_data_sz;
+	/**< Session user data will be placed after sess data */
+	uint8_t driver_id;
+	/**< Driver id to get the session priv */
+	rte_iova_t driver_priv_data_iova;
+	/**< Session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< Second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
+};
+
+/**
+ * Helper macro to get driver private data
+ */
+#define CRYPTODEV_GET_SYM_SESS_PRIV(s) \
+	(void *)(((struct rte_cryptodev_sym_session *)s)->driver_priv_data)
+#define CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(s) \
+	(((struct rte_cryptodev_sym_session *)s)->driver_priv_data_iova)
+
+
 /**
  * Get the rte_cryptodev structure device pointer for the device. Assumes a
  * valid device index.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 6dfca2c169..f9644d29ec 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -430,8 +430,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  * @param	sess	cryptodev session
  */
 static inline int
-rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+rte_crypto_op_attach_sym_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..84deecac48 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -580,8 +580,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-struct rte_cryptodev_sym_session;
-
 /**
  * Symmetric Cryptographic Operation.
  *
@@ -618,7 +616,7 @@ struct rte_crypto_sym_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_cryptodev_sym_session *session;
+		void *session;
 		/**< Handle for the initialised session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
@@ -923,8 +921,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  * @param	sess	cryptodev session
  */
 static inline int
-__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 63b8255a45..88dbe71c51 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1941,11 +1941,11 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id, void *_sess)
 {
 	struct rte_cryptodev *dev;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = _sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
 	if (sess == NULL)
@@ -2060,10 +2060,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-		struct rte_cryptodev_sym_session *sess, void *data,
+rte_cryptodev_sym_session_set_user_data(void *_sess, void *data,
 		uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2075,8 +2076,10 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *_sess)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2120,10 +2123,11 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *_sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = _sess;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		sym_crypto_fill_status(vec, EINVAL);
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0c65958f25..8b6a7a5c1d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -902,28 +902,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	RTE_MARKER cacheline0;
-	uint8_t driver_id;
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint32_t sess_data_sz;
-	/**< Pointer to the user data stored after sess data */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess data */
-	rte_iova_t driver_priv_data_iova;
-	/**< session driver data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	/**< second cache line - start of the driver session data */
-	uint8_t driver_priv_data[0];
-	/**< Driver specific session data, variable size */
-};
-
 /**
  * Create a symmetric session mempool.
  *
@@ -1036,7 +1014,7 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
  */
 int
 rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess);
+	void *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1136,11 +1114,31 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Get user data stored in a session.
  *
@@ -1153,8 +1151,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Store user data in an asymmetric session.
@@ -1202,7 +1199,7 @@ rte_cryptodev_asym_session_get_user_data(void *sess);
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1244,8 +1241,7 @@ rte_cryptodev_session_event_mdata_set(uint8_t dev_id, void *sess,
  * Union of different crypto session types, including session-less xform
  * pointer.
  */
-union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+union rte_cryptodev_session_ctx {void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 055c44fb22..7b4ec5c389 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,14 +73,10 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess, void *xforms,
 		void *mempool),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u8(sess->driver_id);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 	rte_trace_point_emit_ptr(mempool);
 )
@@ -108,7 +104,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 62c2bd7217..a4e0e128f8 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -45,14 +45,15 @@ static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
 	const struct rte_security_session *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
 		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
-		return (struct rte_ipsec_session *)(uintptr_t)cs->opaque_data;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(cs);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..0d3c932302 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
+			(uintptr_t)ss);
 	else
 		ss->security.ses->opaque_data = (uintptr_t)ss;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 4/6] security: remove priv mempool usage
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (2 preceding siblings ...)
  2022-09-21 15:02   ` [PATCH v2 3/6] cryptodev: hide sym session structure Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-21 15:02   ` [PATCH v2 5/6] drivers/crypto: support security session get size op Akhil Goyal
                     ` (4 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   3 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   3 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   3 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   3 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |   3 -
 app/test/test_cryptodev.c                     |  44 +-----
 app/test/test_ipsec.c                         |   7 +-
 app/test/test_security.c                      | 146 ++----------------
 app/test/test_security_inline_proto.c         |  16 +-
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/caam_jr/caam_jr.c              |  31 +---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   7 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 ++----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   9 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 ++-----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  25 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  26 +---
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +--
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |  11 +-
 drivers/crypto/qat/qat_sym_session.c          |  27 +---
 drivers/crypto/qat/qat_sym_session.h          |   2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 ++---
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 ++--
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +--
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 ++--
 drivers/net/txgbe/txgbe_ipsec.c               |  32 ++--
 examples/ipsec-secgw/ipsec-secgw.c            |  34 ----
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 lib/cryptodev/rte_cryptodev.h                 |   2 +-
 lib/security/rte_security.c                   |  20 ++-
 lib/security/rte_security.h                   |  30 ++--
 lib/security/rte_security_driver.h            |  13 +-
 45 files changed, 193 insertions(+), 623 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c6f5735bb0..bd3c941fea 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -642,7 +642,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -753,13 +752,11 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 				rte_cryptodev_get_sec_ctx(dev_id);
 
 	/* Create security session */
-	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+	return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -859,12 +856,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -908,8 +904,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 #endif
 	/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1d2fbb4e30..a1e68fd226 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -13,7 +13,7 @@
 
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index afd8cb209b..4df08694d4 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -56,7 +56,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -81,7 +80,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 7efeecf848..988b79380d 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -87,7 +87,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -114,7 +113,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 24261a1d10..4d0505174b 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -60,7 +60,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -83,7 +82,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 54f7e8ba2f..7cd45b8633 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -48,7 +48,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -71,7 +70,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 55d7614d84..b13fc57b12 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -23,7 +23,6 @@
 
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 const char *cperf_test_type_strs[] = {
@@ -114,7 +113,6 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
-		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -659,7 +657,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e181b0aa3e..ad565983c8 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -649,12 +649,6 @@ testsuite_setup(void)
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
-			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
@@ -694,8 +688,6 @@ testsuite_teardown(void)
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -8609,8 +8601,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				NULL);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8889,8 +8880,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9485,8 +9475,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -10497,8 +10486,7 @@ test_docsis_proto_uplink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -10682,8 +10670,7 @@ test_docsis_proto_downlink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -14965,10 +14952,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
 
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
@@ -14992,23 +14975,6 @@ test_scheduler_attach_worker_op(void)
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 04d231468b..a6698bb021 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -159,13 +159,12 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	struct rte_security_session *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
+	RTE_SET_USED(sess);
 
-	sess->sess_private_data = NULL;
 	return 0;
 }
 
@@ -631,7 +630,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session, NULL);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 059731b65d..d6e0a9b737 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -266,24 +247,14 @@ static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		struct rte_security_session *sess)
 {
-	void *sess_priv;
-	int ret;
-
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
 	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
 		mock_session_create_exp.sess = sess;
 	}
 
@@ -392,13 +363,7 @@ static struct mock_session_destroy_data {
 static int
 mock_session_destroy(void *device, struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -536,7 +501,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -562,8 +526,9 @@ static struct security_unittest_params {
 #define SECURITY_TEST_MEMPOOL_NAME "SecurityTestMp"
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
-#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
 #define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session) + \
+					SECURITY_TEST_SESSION_PRIV_OBJ_SZ
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -583,21 +548,6 @@ testsuite_setup(void)
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +562,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -713,12 +659,10 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -760,13 +704,11 @@ test_session_create_inv_context(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -786,13 +728,11 @@ test_session_create_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -812,13 +752,11 @@ test_session_create_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -835,13 +773,11 @@ test_session_create_inv_configuration(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,13 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct rte_security_session *sess;
 
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -903,7 +813,6 @@ test_session_create_mempool_empty(void)
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
 	struct rte_security_session *sess;
 
 	/* Get all available objects from mempool. */
@@ -914,34 +823,23 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -960,17 +858,14 @@ test_session_create_ops_failure(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -989,12 +884,10 @@ test_session_create_success(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +896,6 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1281,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1288,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1304,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1312,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1328,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1336,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1350,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1357,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1376,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1384,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1401,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1409,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2375,6 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 5f26a04b06..50b8915e75 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -66,7 +66,6 @@ extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512;
 
 static struct rte_mempool *mbufpool;
 static struct rte_mempool *sess_pool;
-static struct rte_mempool *sess_priv_pool;
 /* ethernet addresses of ports */
 static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
 
@@ -311,8 +310,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 		setenv("ETH_SEC_IV_OVR", arr, 1);
 	}
 
-	*sess = rte_security_session_create(sec_ctx,
-				sess_conf, sess_pool, sess_priv_pool);
+	*sess = rte_security_session_create(sec_ctx, sess_conf, sess_pool);
 	if (*sess == NULL) {
 		printf("SEC Session init failed.\n");
 		return TEST_FAILED;
@@ -482,18 +480,6 @@ init_mempools(unsigned int nb_mbuf)
 		}
 		printf("Allocated sess pool\n");
 	}
-	if (sess_priv_pool == NULL) {
-		snprintf(s, sizeof(s), "sess_priv_pool");
-		sess_priv_pool = rte_mempool_create(s, nb_sess, sess_sz,
-				MEMPOOL_CACHE_SIZE, 0,
-				NULL, NULL, NULL, NULL,
-				SOCKET_ID_ANY, 0);
-		if (sess_priv_pool == NULL) {
-			printf("Cannot init sess_priv pool\n");
-			return TEST_FAILED;
-		}
-		printf("Allocated sess_priv pool\n");
-	}
 
 	return 0;
 }
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index f1be6a3401..db9b7e6937 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -1004,9 +1004,9 @@ roc_on_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa, uint8_t opcode,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = (rte_iova_t)sa;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = (rte_iova_t)sa;
 	inst.w7.s.egrp = egrp;
 
 	inst.w0.u64 = 0;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c9c783d19a..c83373a89a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,9 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1900,18 +1898,12 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = caam_jr_set_ipsec_session(cdev, conf,
@@ -1924,13 +1916,8 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
-		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -1940,18 +1927,12 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = GET_SECURITY_SESS_PRIV(sess);
 
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+		memset(s, 0, sizeof(struct caam_jr_session));
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 4648576ff8..b7dc13178b 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,8 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -286,7 +285,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = GET_SECURITY_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -323,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index d6ff1342ce..5389926b69 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -47,7 +47,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *out_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = GET_SECURITY_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -173,7 +173,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *in_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = GET_SECURITY_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -290,37 +290,16 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 struct rte_security_session *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
-
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	set_sec_session_private_data(sess, priv);
-
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
 					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -329,14 +308,13 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 	struct rte_cryptodev *crypto_dev = dev;
 	union roc_ot_ipsec_sa_word2 *w2;
 	struct cn10k_sec_session *sess;
-	struct rte_mempool *sess_mp;
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 	struct roc_cpt_lf *lf;
 	void *sa_dptr = NULL;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = GET_SECURITY_SESS_PRIV(sec_sess);
 	if (sess == NULL)
 		return 0;
 
@@ -390,11 +368,6 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 		roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
 	}
 
-	sess_mp = rte_mempool_from_obj(sess);
-
-	set_sec_session_private_data(sec_sess, NULL);
-	rte_mempool_put(sess_mp, sess);
-
 	return 0;
 }
 
@@ -416,7 +389,7 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sess);
+	priv = GET_SECURITY_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
@@ -457,7 +430,7 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
 	struct cnxk_cpt_vf *vf;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
+	priv = GET_SECURITY_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 5c344a6008..ed4c92b09f 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -337,7 +337,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = GET_SECURITY_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,8 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = get_sec_session_private_data(
-				sym_op->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 6d26b0cc01..f70928adf1 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -33,7 +33,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = GET_SECURITY_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -82,8 +82,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->out_sa, opcode,
-				   ctx_len, egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)GET_SECURITY_SESS_PRIV_IOVA(sec_sess),
+				   opcode, ctx_len, egrp);
 
 	if (ret)
 		return ret;
@@ -110,7 +110,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->out_sa);
+	w7.s.cptr = GET_SECURITY_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -137,7 +137,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = GET_SECURITY_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -174,8 +174,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->in_sa, opcode, ctx_len,
-				   egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)GET_SECURITY_SESS_PRIV_IOVA(sec_sess),
+				opcode, ctx_len, egrp);
 	if (ret)
 		return ret;
 
@@ -188,7 +188,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	w4.s.param2 = param2.u16;
 
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->in_sa);
+	w7.s.cptr = GET_SECURITY_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -293,40 +293,20 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			struct rte_security_session *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = GET_SECURITY_SESS_PRIV(sess);
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
 					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -335,11 +315,10 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = GET_SECURITY_SESS_PRIV(sess);
 	if (priv == NULL)
 		return 0;
 
@@ -351,13 +330,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 369fa9c81d..166e94ba96 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,8 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1583,8 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1680,8 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 #endif
 
 	if (sess == NULL)
@@ -3690,18 +3687,12 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
@@ -3718,13 +3709,9 @@ dpaa2_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -3734,19 +3721,15 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = GET_SECURITY_SESS_PRIV(sess);
 
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 8c1e0abb95..633edc73da 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1009,8 +1009,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = GET_SECURITY_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index ec2fe56d1e..5e9fa68455 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,9 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 #endif
 	if (sess == NULL) {
 		printf("session is NULL\n");
@@ -1928,9 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+				ses = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -3245,18 +3241,12 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa_sec_set_ipsec_session(cdev, conf,
@@ -3273,13 +3263,9 @@ dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -3295,12 +3281,11 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = GET_SECURITY_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index 93129e7614..9aa9261b06 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1014,8 +1014,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = GET_SECURITY_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
 			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 1ebfbe1edb..3a0a22476e 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,8 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = (struct aesni_mb_session *)
-		get_sec_session_private_data(op->sym->sec_session);
+	session = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1720,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
@@ -2106,10 +2105,9 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2119,24 +2117,14 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);
 
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -2145,14 +2133,10 @@ static int
 aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = GET_SECURITY_SESS_PRIV(sess);
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index bb86f671a4..c4a4797336 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -767,8 +767,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 214c0fcb08..cb27adaace 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -833,11 +833,10 @@ struct rte_cryptodev_ops *rte_mrvl_crypto_pmd_ops = &mrvl_crypto_pmd_ops;
 static int
 mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	int ret;
 
 	if (sess == NULL) {
@@ -845,11 +844,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		MRVL_LOG(ERR, "Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
@@ -863,8 +857,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		if (ret != 0) {
 			MRVL_LOG(ERR, "Failed to configure session parameters.");
 
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 
@@ -878,8 +870,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				&mrvl_sess->sam_sess);
 		if (ret < 0) {
 			MRVL_LOG(ERR, "PMD: failed to create IPSEC session.");
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 		break;
@@ -889,8 +879,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -899,13 +887,12 @@ static int
 mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = GET_SECURITY_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -916,8 +903,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
 		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index d7696822a8..c301fc32c6 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -9,6 +9,7 @@
 #include <rte_crypto_sym.h>
 #include <rte_bus_pci.h>
 #include <rte_byteorder.h>
+#include <rte_security_driver.h>
 
 #include "qat_sym.h"
 #include "qat_crypto.h"
@@ -100,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = get_sec_session_private_data(op->sym->sec_session);
+		ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 653df0bf69..adc173b802 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -12,6 +12,9 @@
 
 #ifdef BUILD_QAT_SYM
 #include <openssl/evp.h>
+#ifdef RTE_LIB_SECURITY
+#include <rte_security_driver.h>
+#endif
 
 #include "qat_common.h"
 #include "qat_sym_session.h"
@@ -274,9 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -309,9 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index c6976f2cdd..d77e963277 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -25,7 +25,7 @@
 #include <rte_malloc.h>
 #include <rte_crypto_sym.h>
 #ifdef RTE_LIB_SECURITY
-#include <rte_security.h>
+#include <rte_security_driver.h>
 #endif
 
 #include "qat_logs.h"
@@ -2541,7 +2541,8 @@ qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2560,7 +2561,6 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2590,10 +2590,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	struct qat_cryptodev_private *internals = cdev->data->dev_private;
 	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
@@ -2606,25 +2605,17 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, GET_SECURITY_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
 	sym_session = (struct qat_sym_session *)sess_private_data;
 	sym_session->dev_id = internals->dev_id;
 
@@ -2636,17 +2627,13 @@ int
 qat_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = GET_SECURITY_SESS_PRIV(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 9e4aab06a6..ac57e0b240 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -177,7 +177,7 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3795b0c78b..e6042b4ed9 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -583,15 +583,14 @@ cn10k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix,
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     struct rte_security_session *sess)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn10k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
+	struct cnxk_eth_sec_sess *eth_sec = GET_SECURITY_SESS_PRIV(sess);
 	struct roc_nix *nix = &dev->nix;
 	bool inbound, inl_dev;
 	rte_spinlock_t *lock;
@@ -626,11 +625,6 @@ cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
 	sess_priv.u64 = 0;
 
@@ -659,12 +653,12 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to create ingress sa, inline dev "
 				 "not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -675,7 +669,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
@@ -687,7 +681,7 @@ cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -724,7 +718,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_inb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		if (conf->ipsec.options.ip_reassembly_en) {
 			inb_priv->reass_dynfield_off = dev->reass_dynfield_off;
@@ -745,7 +739,7 @@ cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -760,7 +754,7 @@ cn10k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		if (conf->ipsec.options.iv_gen_disable == 1) {
@@ -776,7 +770,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to init outb sa misc params, rc=%d",
 				 rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -818,7 +812,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_outb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 	}
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
@@ -830,15 +824,14 @@ cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
 	rte_spinlock_unlock(lock);
 
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -850,7 +843,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 	void *sa_dptr;
 
@@ -896,10 +888,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 4dd0b6185e..9452a60a96 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_security_session *sess)
 {
+	struct cnxk_eth_sec_sess *eth_sec = GET_SECURITY_SESS_PRIV(sess);
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn9k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	struct roc_nix *nix = &dev->nix;
 	rte_spinlock_t *lock;
 	char tbuf[128] = {0};
@@ -172,11 +171,6 @@ cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	lock = inbound ? &dev->inb.lock : &dev->outb.lock;
 	rte_spinlock_lock(lock);
 
@@ -202,7 +196,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -211,7 +205,7 @@ cn9k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -221,7 +215,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -235,7 +229,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
@@ -264,7 +258,7 @@ cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -278,7 +272,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -321,12 +315,11 @@ cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	rte_spinlock_unlock(lock);
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -340,7 +333,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 
 	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
@@ -377,10 +369,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 75f05ee558..b8fed45815 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -640,14 +640,13 @@ set_session_parameter(struct iavf_security_ctx *iavf_sctx,
 static int
 iavf_ipsec_crypto_session_create(void *device,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *session,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *session)
 {
 	struct rte_eth_dev *ethdev = device;
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_session = NULL;
+	struct iavf_security_session *iavf_session = GET_SECURITY_SESS_PRIV(session);
 	int sa_idx;
 	int ret = 0;
 
@@ -656,12 +655,6 @@ iavf_ipsec_crypto_session_create(void *device,
 	if (ret)
 		return ret;
 
-	/* allocate session context */
-	if (rte_mempool_get(mempool, (void **)&iavf_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from sess mempool");
-		return -ENOMEM;
-	}
-
 	/* add SA to hardware database */
 	sa_idx = iavf_ipsec_crypto_security_association_add(adapter, conf);
 	if (sa_idx < 0) {
@@ -675,16 +668,12 @@ iavf_ipsec_crypto_session_create(void *device,
 				RTE_SECURITY_IPSEC_SA_DIR_INGRESS ?
 				"inbound" : "outbound");
 
-		rte_mempool_put(mempool, iavf_session);
 		return -EFAULT;
 	}
 
 	/* save data plane required session parameters */
 	set_session_parameter(iavf_sctx, iavf_session, conf, sa_idx);
 
-	/* save to security session private data */
-	set_sec_session_private_data(session, iavf_session);
-
 	return 0;
 }
 
@@ -702,7 +691,7 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
 {
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
-	struct iavf_security_session *sess = session->sess_private_data;
+	const struct iavf_security_session *sess = (const void *)session->driver_priv_data;
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(sess == NULL || sess->adapter != adapter))
@@ -880,7 +869,7 @@ iavf_ipsec_crypto_session_update(void *device,
 	int rc = 0;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = GET_SECURITY_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1045,7 +1034,7 @@ iavf_ipsec_crypto_session_destroy(void *device,
 	int ret;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = GET_SECURITY_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1140,7 +1129,7 @@ iavf_ipsec_crypto_pkt_metadata_set(void *device,
 	struct iavf_adapter *adapter =
 			IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_sess = session->sess_private_data;
+	struct iavf_security_session *iavf_sess = GET_SECURITY_SESS_PRIV(session);
 	struct iavf_ipsec_crypto_pkt_metadata *md;
 	struct rte_esp_tail *esp_tail;
 	uint64_t *sqn = params;
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index c353ae33b4..1878cf29ea 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -440,9 +428,7 @@ ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -480,8 +466,7 @@ ixgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +670,12 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct ixgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 3ca3d85ed5..c2c8579fde 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -420,9 +408,7 @@ txgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -460,8 +446,8 @@ txgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = GET_SECURITY_SESS_PRIV(session);
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +647,12 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct txgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index ce4b4ba806..7171db2cc3 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2110,38 +2110,6 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
-
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, int portid,
 	  uint32_t nb_mbuf)
@@ -3022,8 +2990,6 @@ main(int32_t argc, char **argv)
 			continue;
 
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index bb84dcec7e..ee1cf871ca 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -151,8 +151,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -278,8 +277,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -478,8 +476,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 2c37bb022d..538eb17d94 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -258,7 +258,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool[RTE_MAX_ETHPORTS];
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 8b6a7a5c1d..ece7157970 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -967,7 +967,7 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
+ * @param   mp       Mempool where the private data is allocated.
  *
  * @return
  *  - On success return pointer to sym-session.
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 4f5e4b4d49..2e2906a73c 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -42,21 +42,28 @@ rte_security_dynfield_register(void)
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	uint32_t sess_priv_size;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	sess_priv_size = instance->ops->session_get_size(instance->device);
+	if (mp->elt_size < (sizeof(struct rte_security_session) + sess_priv_size))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
-	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+	/* Clear session priv data */
+	memset(sess->driver_priv_data, 0, sess_priv_size);
+
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+			offsetof(struct rte_security_session, driver_priv_data);
+	if (instance->ops->session_create(instance->device, conf, sess)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
@@ -83,7 +90,8 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
 
-	return instance->ops->session_get_size(instance->device);
+	return (sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device));
 }
 
 int
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 675db940eb..bf4ff3c18c 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -519,10 +519,17 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
+	RTE_MARKER cacheline0;
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
 };
 
 /**
@@ -531,7 +538,6 @@ struct rte_security_session {
  * @param   instance	security instance
  * @param   conf	session configuration parameters
  * @param   mp		mempool to allocate session objects from
- * @param   priv_mp	mempool to allocate session private data objects from
  * @return
  *  - On success, pointer to session
  *  - On failure, NULL
@@ -539,8 +545,7 @@ struct rte_security_session {
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -656,7 +661,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess->fast_mdata);
 		return 0;
 	}
 
@@ -713,19 +718,6 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..43024e7d85 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,24 +19,29 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * Helper macro to get driver private data
+ */
+#define GET_SECURITY_SESS_PRIV(s) \
+	(void *)(((struct rte_security_session *)s)->driver_priv_data)
+#define GET_SECURITY_SESS_PRIV_IOVA(s) \
+	(((struct rte_security_session *)s)->driver_priv_data_iova)
+
 /**
  * Configure a security session on a device.
  *
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
  *  - Returns -EINVAL if input parameters are invalid.
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
- *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		struct rte_security_session *sess);
 
 /**
  * Free driver private session data.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 5/6] drivers/crypto: support security session get size op
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (3 preceding siblings ...)
  2022-09-21 15:02   ` [PATCH v2 4/6] security: remove priv mempool usage Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-22 13:52     ` Ji, Kai
  2022-09-21 15:02   ` [PATCH v2 6/6] security: hide session structure Akhil Goyal
                     ` (3 subsequent siblings)
  8 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal

Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/caam_jr/caam_jr.c            | 6 ++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 7 +++++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 8 ++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 7 +++++++
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c     | 7 +++++++
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c   | 1 +
 drivers/crypto/qat/qat_sym_session.c        | 6 ++++++
 drivers/crypto/qat/qat_sym_session.h        | 2 ++
 8 files changed, 44 insertions(+)

diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c83373a89a..c88483b735 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1937,6 +1937,11 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+caam_jr_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct caam_jr_session);
+}
 
 static int
 caam_jr_dev_configure(struct rte_cryptodev *dev,
@@ -2031,6 +2036,7 @@ static struct rte_cryptodev_ops caam_jr_ops = {
 static struct rte_security_ops caam_jr_security_ops = {
 	.session_create = caam_jr_security_session_create,
 	.session_update = NULL,
+	.session_get_size = caam_jr_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = caam_jr_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 166e94ba96..548497ed0e 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3733,6 +3733,12 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa2_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa2_sec_session);
+}
 #endif
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -4184,6 +4190,7 @@ dpaa2_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa2_sec_security_ops = {
 	.session_create = dpaa2_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa2_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa2_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 5e9fa68455..42a5e17746 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3289,6 +3289,13 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa_sec_session);
+}
+
 #endif
 static int
 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
@@ -3547,6 +3554,7 @@ dpaa_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa_sec_security_ops = {
 	.session_create = dpaa_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 3a0a22476e..e98c01d10a 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -2141,6 +2141,12 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+aesni_mb_pmd_sec_sess_get_size(void *device __rte_unused)
+{
+	return sizeof(struct aesni_mb_session);
+}
+
 /** Get security capabilities for aesni multi-buffer */
 static const struct rte_security_capability *
 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
@@ -2151,6 +2157,7 @@ aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
 		.session_create = aesni_mb_pmd_sec_sess_create,
 		.session_update = NULL,
+		.session_get_size = aesni_mb_pmd_sec_sess_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = aesni_mb_pmd_sec_sess_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index cb27adaace..88be9ad48b 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -907,6 +907,12 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+mrvl_crypto_pmd_security_session_create(void *device __rte_unused)
+{
+	return sizeof(struct mrvl_crypto_session);
+}
+
 static const
 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
@@ -971,6 +977,7 @@ mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
 struct rte_security_ops mrvl_sec_security_pmd_ops = {
 	.session_create = mrvl_crypto_pmd_security_session_create,
 	.session_update = NULL,
+	.session_get_size = mrvl_crypto_pmd_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = mrvl_crypto_pmd_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
index 99f5a22a06..462c1a722f 100644
--- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
@@ -428,6 +428,7 @@ qat_security_cap_get_gen1(void *dev __rte_unused)
 struct rte_security_ops security_qat_ops_gen1 = {
 		.session_create = qat_security_session_create,
 		.session_update = NULL,
+		.session_get_size = qat_security_session_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = qat_security_session_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index d77e963277..8c87f19496 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2641,4 +2641,10 @@ qat_security_session_destroy(void *dev __rte_unused,
 # endif
 	return 0;
 }
+
+unsigned int
+qat_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct qat_sym_session);
+}
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ac57e0b240..6322d7e3bc 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -180,6 +180,8 @@ qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
 		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+unsigned int
+qat_security_session_get_size(void *dev __rte_unused);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v2 6/6] security: hide session structure
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (4 preceding siblings ...)
  2022-09-21 15:02   ` [PATCH v2 5/6] drivers/crypto: support security session get size op Akhil Goyal
@ 2022-09-21 15:02   ` Akhil Goyal
  2022-09-21 15:11   ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (2 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:02 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, Akhil Goyal

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  6 +-
 .../cperf_test_pmd_cyclecount.c               |  2 +-
 app/test-crypto-perf/cperf_test_throughput.c  |  2 +-
 app/test/test_cryptodev.c                     |  2 +-
 app/test/test_cryptodev_security_ipsec.c      |  2 +-
 app/test/test_cryptodev_security_ipsec.h      |  2 +-
 app/test/test_security.c                      | 32 ++++----
 app/test/test_security_inline_proto.c         | 10 +--
 drivers/crypto/caam_jr/caam_jr.c              |  2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  4 +-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  4 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |  2 +-
 examples/ipsec-secgw/ipsec_worker.c           |  2 +-
 lib/cryptodev/rte_crypto_sym.h                |  4 +-
 lib/ipsec/rte_ipsec_group.h                   | 12 +--
 lib/ipsec/ses.c                               |  2 +-
 lib/security/rte_security.c                   | 13 ++-
 lib/security/rte_security.h                   | 80 ++++++++++++-------
 lib/security/rte_security_driver.h            | 18 +++++
 24 files changed, 131 insertions(+), 92 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index bd3c941fea..7ba4e13244 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+		void *sec_sess = (void *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
 		uint64_t *tsc_start)
 {
-	struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+	void *sec_sess = sess;
 	const uint32_t test_buffer_size = options->test_buffer_size;
 	const uint32_t headroom_sz = options->headroom_sz;
 	const uint32_t segment_sz = options->segment_sz;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 988b79380d..ae09fed6c2 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 4d0505174b..be586e4a0a 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -47,7 +47,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 					rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(
 				sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		}
 #endif
 		else
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index ad565983c8..b465e3900b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -84,7 +84,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3f691f0f56..cb77b39dbb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 
 int
 test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			struct rte_security_session *sess,
+			void *sess,
 			const struct ipsec_test_flags *flags,
 			enum rte_security_ipsec_sa_direction dir)
 {
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 02b08f9f95..6a119bee46 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -277,7 +277,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
 			    int pkt_num);
 
 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index d6e0a9b737..954a023470 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,7 +234,7 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
 	struct rte_mempool *priv_mp;
 
@@ -268,7 +268,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -322,7 +322,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -352,7 +352,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -513,7 +513,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -650,7 +650,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -701,7 +701,7 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
 			ts_params->session_mpool);
@@ -723,7 +723,7 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
@@ -747,7 +747,7 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
@@ -770,7 +770,7 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
 			ts_params->session_mpool);
@@ -791,7 +791,7 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
@@ -812,8 +812,8 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -853,7 +853,7 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
@@ -879,7 +879,7 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 50b8915e75..26d618b35d 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
 /* Create Inline IPsec session */
 static int
 create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
-		struct rte_security_session **sess, struct rte_security_ctx **ctx,
+		void **sess, struct rte_security_ctx **ctx,
 		uint32_t *ol_flags, const struct ipsec_test_flags *flags,
 		struct rte_security_session_conf *sess_conf)
 {
@@ -681,8 +681,8 @@ static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
 		const struct ipsec_test_flags *flags)
 {
-	struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
-	struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
 	struct rte_eth_ip_reassembly_params reass_capa = {0};
 	struct rte_security_session_conf sess_conf_out = {0};
 	struct rte_security_session_conf sess_conf_in = {0};
@@ -944,7 +944,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	struct rte_crypto_sym_xform cipher = {0};
 	struct rte_crypto_sym_xform auth = {0};
 	struct rte_crypto_sym_xform aead = {0};
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	int nb_rx = 0, nb_sent;
 	uint32_t ol_flags;
@@ -1177,7 +1177,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
 	struct rte_mbuf *rx_pkt = NULL;
 	struct rte_mbuf *tx_pkt = NULL;
 	int nb_rx, nb_sent;
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	uint32_t ol_flags;
 	int i, ret;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c88483b735..865f0ecdef 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+		ses = GET_SECURITY_SESS_PRIV(op->sym->session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index b7dc13178b..0f6ac6fe46 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,7 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
+			sec_sess = GET_SECURITY_SESS_PRIV(sym_op->session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -322,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index ed4c92b09f..de7a202666 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+	priv = GET_SECURITY_SESS_PRIV(op->sym->session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
+			priv = GET_SECURITY_SESS_PRIV(sym_op->session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 548497ed0e..94f3cf460f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+	sess_priv = GET_SECURITY_SESS_PRIV(op->sym->session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->session);
 #endif
 
 	if (sess == NULL)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 42a5e17746..8b7d1f2f9a 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+				ses = GET_SECURITY_SESS_PRIV(op->sym->session);
 				break;
 #endif
 			default:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e98c01d10a..73b79dc420 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+	session = GET_SECURITY_SESS_PRIV(op->sym->session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(op->sym->session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index c301fc32c6..f51948e2cd 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+		ctx = GET_SECURITY_SESS_PRIV(op->sym->session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
@@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				}
 			}
 
-			sess = (uintptr_t)op->sym->sec_session;
+			sess = (uintptr_t)op->sym->session;
 			build_request = ctx->build_request[proc_type];
 			opaque[0] = sess;
 			opaque[1] = (uintptr_t)build_request;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index adc173b802..9c2148c507 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+			ctx = GET_SECURITY_SESS_PRIV(op->sym->session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = GET_SECURITY_SESS_PRIV(rx_op->sym->sec_session);
+		sess = GET_SECURITY_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 8ea0f9540e..49f9202aca 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -5,7 +5,7 @@
 #ifndef _IAVF_IPSEC_CRYPTO_H_
 #define _IAVF_IPSEC_CRYPTO_H_
 
-#include <rte_security.h>
+#include <rte_security_driver.h>
 
 #include "iavf.h"
 
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 803157d8ee..ac576f2d7c 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -17,7 +17,7 @@
 #endif
 
 struct port_drv_mode_data {
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_ctx *ctx;
 };
 
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 84deecac48..b1650adcac 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -617,11 +617,9 @@ struct rte_crypto_sym_op {
 	RTE_STD_C11
 	union {
 		void *session;
-		/**< Handle for the initialised session context */
+		/**< Handle for the initialised crypto/security session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
-		struct rte_security_session *sec_session;
-		/**< Handle for the initialised security session context */
 	};
 
 	RTE_STD_C11
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index a4e0e128f8..c6458ef81e 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
-	void *cs;
+	void *ses;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ss = cop->sym[0].sec_session;
-		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
+		ses = cop->sym[0].session;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_security_session_opaque_data_get(ses);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-		cs = cop->sym[0].session;
+		ses = cop->sym[0].session;
 		return (struct rte_ipsec_session *)(uintptr_t)
-			rte_cryptodev_sym_session_opaque_data_get(cs);
+			rte_cryptodev_sym_session_opaque_data_get(ses);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 0d3c932302..d9ab1e6d2b 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
 			(uintptr_t)ss);
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 2e2906a73c..dfd05498e3 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,7 +39,7 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp)
@@ -69,12 +69,12 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return (void *)sess;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -96,7 +96,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
@@ -108,8 +108,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
 	int ret;
 
@@ -131,7 +130,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index bf4ff3c18c..2e717b7468 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -518,20 +518,6 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	RTE_MARKER cacheline0;
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	rte_iova_t driver_priv_data_iova;
-	/**< session private data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	uint8_t driver_priv_data[0];
-	/**< Private session material, variable size (depends on driver) */
-};
-
 /**
  * Create security session as specified by the session configuration
  *
@@ -542,7 +528,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -560,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -590,8 +576,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  *  - other negative values in case of freeing private data errors.
  */
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -634,10 +619,52 @@ static inline bool rte_security_dynfield_is_registered(void)
 	return rte_security_dynfield_offset >= 0;
 }
 
+#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF	0
+#define RTE_SECURITY_SESS_FAST_MDATA_OFF	1
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
+
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -655,13 +682,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->fast_mdata);
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)
+			rte_security_session_fast_mdata_get(sess);
 		return 0;
 	}
 
@@ -710,10 +737,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  * @param	sess	security session
  */
 static inline int
-__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
-	sym_op->sec_session = sess;
+	sym_op->session = sess;
 
 	return 0;
 }
@@ -729,7 +755,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+			    void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -791,7 +817,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 43024e7d85..10fd838b94 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,24 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
+};
+
 /**
  * Helper macro to get driver private data
  */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 0/6] crypto/security session framework rework
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (5 preceding siblings ...)
  2022-09-21 15:02   ` [PATCH v2 6/6] security: hide session structure Akhil Goyal
@ 2022-09-21 15:11   ` Akhil Goyal
  2022-09-23 13:00     ` Coyle, David
  2022-09-23  9:29   ` Gagandeep Singh
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
  8 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-21 15:11 UTC (permalink / raw)
  To: Akhil Goyal, dev, Fan Zhang
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, Nithin Kumar Dabilpuram

++ Fan Zhang
I think I missed adding one of the major contributor for this cleanup.

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 8:33 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; Igor Russkikh <irusskikh@marvell.com>; Jerin Jacob
> Kollanukkaran <jerinj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> maxime.coquelin@redhat.com; chandu@amd.com; ruifeng.wang@arm.com;
> ajit.khaparde@broadcom.com; Anoob Joseph <anoobj@marvell.com>;
> pablo.de.lara.guarch@intel.com; matan@nvidia.com; g.singh@nxp.com;
> qiming.yang@intel.com; wenjun1.wu@intel.com; jianwang@trustnetic.com;
> jingjing.wu@intel.com; beilei.xing@intel.com; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>; Akhil Goyal <gakhil@marvell.com>
> Subject: [PATCH v2 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session
> data structure to use a single virtual/physical contiguous buffer
> for symmetric crypto/security session and driver private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed
> by multiple device drivers. For the same reason
> rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and
> clear the driver specific data field.
> 
> The change was also submitted last year during DPDK 21.11
> timeframe also[1], but was not applied due to lack of feedback from
> community. Please help in getting this cleanup merged in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all
> the issues reported so far.
> This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
> with a few changes
> - Added security session rework also.
> - fixed issues in [2] reported on mailing list.
> - few other fixes.
> 
> Please review and provide feedback as soon as possible
> as this is intended to be merged in DPDK 22.11 RC1.
> 
> Currently the cnxk platform is tested with this change.
> Request everyone to review and test on their platform.
> 
> Special note to ixgbe and txgbe maintainers.
> There is a wrong implementation for flow creation. Please check.
> A hack is added to bypass it. Please fix it separately.
> 
> [1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-
> gakhil@marvell.com/
> [2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-
> roy.fan.zhang@intel.com/
> 
> Akhil Goyal (5):
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   security: remove priv mempool usage
>   drivers/crypto: support security session get size op
>   security: hide session structure
> 
> Fan Zhang (1):
>   crypto/scheduler: use unified session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  40 +--
>  app/test-crypto-perf/cperf_ops.h              |   2 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   9 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |  10 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   9 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  30 +-
>  app/test-eventdev/test_perf_common.c          |  35 +-
>  app/test-eventdev/test_perf_common.h          |   1 -
>  app/test/test_cryptodev.c                     | 336 +++++-------------
>  app/test/test_cryptodev_blockcipher.c         |  16 +-
>  app/test/test_cryptodev_security_ipsec.c      |   2 +-
>  app/test/test_cryptodev_security_ipsec.h      |   2 +-
>  app/test/test_event_crypto_adapter.c          |  35 +-
>  app/test/test_ipsec.c                         |  47 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 178 ++--------
>  app/test/test_security_inline_proto.c         |  26 +-
>  doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 +
>  doc/guides/rel_notes/release_22_11.rst        |   7 +
>  drivers/common/cnxk/roc_cpt.c                 |   4 +-
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  69 +---
>  drivers/crypto/ccp/ccp_crypto.c               |  56 +--
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  62 +---
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
>  drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
>  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
>  drivers/crypto/qat/qat_sym.c                  |  15 +-
>  drivers/crypto/qat/qat_sym.h                  |  16 +-
>  drivers/crypto/qat/qat_sym_session.c          |  73 ++--
>  drivers/crypto/qat/qat_sym_session.h          |  10 +-
>  drivers/crypto/scheduler/scheduler_failover.c |  19 +-
>  .../crypto/scheduler/scheduler_multicore.c    |  17 +
>  .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
>  .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
>  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
>  drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
>  drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
>  drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
>  examples/fips_validation/fips_dev_self_test.c |  40 +--
>  examples/fips_validation/main.c               |  35 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
>  examples/ipsec-secgw/ipsec.c                  |  16 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   2 +-
>  examples/l2fwd-crypto/main.c                  |  54 +--
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
>  lib/cryptodev/cryptodev_trace_points.c        |   6 -
>  lib/cryptodev/rte_crypto.h                    |   3 +-
>  lib/cryptodev/rte_crypto_sym.h                |  11 +-
>  lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
>  lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
>  lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
>  lib/cryptodev/version.map                     |   6 -
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   5 +-
>  lib/pipeline/rte_table_action.c               |  10 +-
>  lib/security/rte_security.c                   |  33 +-
>  lib/security/rte_security.h                   |  90 +++--
>  lib/security/rte_security_driver.h            |  31 +-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |  28 +-
>  109 files changed, 1255 insertions(+), 2413 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 3/6] cryptodev: hide sym session structure
  2022-09-21 15:02   ` [PATCH v2 3/6] cryptodev: hide sym session structure Akhil Goyal
@ 2022-09-22 13:49     ` Ji, Kai
  0 siblings, 0 replies; 47+ messages in thread
From: Ji, Kai @ 2022-09-22 13:49 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, De Lara Guarch, Pablo,
	matan, g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu,
	Jingjing, Xing, Beilei, ndabilpuram, Zhang, Roy Fan

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 4:03 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> ndabilpuram@marvell.com; Akhil Goyal <gakhil@marvell.com>; Zhang, Roy
> Fan <roy.fan.zhang@intel.com>
> Subject: [PATCH v2 3/6] cryptodev: hide sym session structure
> 
> Structure rte_cryptodev_sym_session is moved to internal
> headers which are not visible to applications.
> The only field which should be used by app is opaque_data.
> This field can now be accessed via set/get APIs added in this
> patch.
> Subsequent changes in app and lib are made to compile the code.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 5/6] drivers/crypto: support security session get size op
  2022-09-21 15:02   ` [PATCH v2 5/6] drivers/crypto: support security session get size op Akhil Goyal
@ 2022-09-22 13:52     ` Ji, Kai
  0 siblings, 0 replies; 47+ messages in thread
From: Ji, Kai @ 2022-09-22 13:52 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, De Lara Guarch, Pablo,
	matan, g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu,
	Jingjing, Xing, Beilei, ndabilpuram

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 4:03 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> ndabilpuram@marvell.com; Akhil Goyal <gakhil@marvell.com>
> Subject: [PATCH v2 5/6] drivers/crypto: support security session get size op
> 
> Added the support for rte_security_op.session_get_size()
> in all the PMDs which support rte_security sessions and the op was not
> supported.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 2/6] crypto/scheduler: use unified session
  2022-09-21 15:02   ` [PATCH v2 2/6] crypto/scheduler: use unified session Akhil Goyal
@ 2022-09-22 14:04     ` Ji, Kai
  0 siblings, 0 replies; 47+ messages in thread
From: Ji, Kai @ 2022-09-22 14:04 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, De Lara Guarch, Pablo,
	matan, g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu,
	Jingjing, Xing, Beilei, ndabilpuram, Zhang, Roy Fan

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 4:03 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> ndabilpuram@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> Akhil Goyal <gakhil@marvell.com>
> Subject: [PATCH v2 2/6] crypto/scheduler: use unified session
> 
> From: Fan Zhang <roy.fan.zhang@intel.com>
> 
> This patch updates the scheduler PMD to use unified session data structure.
> Previously thanks to the private session array in cryptodev sym session there
> are no necessary change needed for scheduler PMD other than the way ops
> are enqueued/dequeued. The patch inherits the same design in the original
> session data structure to the scheduler PMD so the cryptodev sym session
> can be as a linear buffer for both session header and driver private data.
> 
> With the change there are inevitable extra cost on both memory
> (64 bytes per session per driver type) and cycle count (set the correct session
> for each cop based on the worker before enqueue, and retrieve the original
> session after dequeue).
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 1/6] cryptodev: rework session framework
  2022-09-21 15:02   ` [PATCH v2 1/6] cryptodev: rework session framework Akhil Goyal
@ 2022-09-22 14:06     ` Ji, Kai
  0 siblings, 0 replies; 47+ messages in thread
From: Ji, Kai @ 2022-09-22 14:06 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, De Lara Guarch, Pablo,
	matan, g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu,
	Jingjing, Xing, Beilei, ndabilpuram, Zhang, Roy Fan

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 4:03 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> ndabilpuram@marvell.com; Akhil Goyal <gakhil@marvell.com>; Zhang, Roy
> Fan <roy.fan.zhang@intel.com>
> Subject: [PATCH v2 1/6] cryptodev: rework session framework
> 
> As per current design, rte_cryptodev_sym_session_create() and
> rte_cryptodev_sym_session_init() use separate mempool objects
> for a single session.
> And structure rte_cryptodev_sym_session is not directly used
> by the application, it may cause ABI breakage if the structure
> is modified in future.
> 
> To address these two issues, the rte_cryptodev_sym_session_create
> will take one mempool object that the session and session private
> data are virtually/physically contiguous, and initializes both
> fields. The API rte_cryptodev_sym_session_init is removed.
> 
> rte_cryptodev_sym_session_create will now return an opaque session
> pointer which will be used by the app and other APIs.
> 
> In data path, opaque session pointer is attached to rte_crypto_op
> and the PMD can call an internal library API to get the session
> private data pointer based on the driver id.
> 
> Note: currently single session may be used by different device
> drivers, given it is initialized by them. After the change the
> session created by one device driver cannot be used or
> reinitialized by another driver.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 0/6] crypto/security session framework rework
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (6 preceding siblings ...)
  2022-09-21 15:11   ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
@ 2022-09-23  9:29   ` Gagandeep Singh
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
  8 siblings, 0 replies; 47+ messages in thread
From: Gagandeep Singh @ 2022-09-23  9:29 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, Hemant Agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	qiming.yang, wenjun1.wu, jianwang, jingjing.wu, beilei.xing,
	ndabilpuram

Hi Akhil,

We have verified this patch series on DPAA1 and DPAA2 platforms using test and ipsec-secgw applications.

Series Tested-by: Gagandeep Singh <g.singh@nxp.com>

Regards,
Gagan

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 8:33 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com; Hemant Agrawal
> <hemant.agrawal@nxp.com>; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; pablo.de.lara.guarch@intel.com; matan@nvidia.com;
> Gagandeep Singh <G.Singh@nxp.com>; qiming.yang@intel.com;
> wenjun1.wu@intel.com; jianwang@trustnetic.com; jingjing.wu@intel.com;
> beilei.xing@intel.com; ndabilpuram@marvell.com; Akhil Goyal
> <gakhil@marvell.com>
> Subject: [PATCH v2 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session data
> structure to use a single virtual/physical contiguous buffer for symmetric
> crypto/security session and driver private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed by
> multiple device drivers. For the same reason
> rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and clear the driver
> specific data field.
> 
> The change was also submitted last year during DPDK 21.11 timeframe
> also[1], but was not applied due to lack of feedback from community. Please
> help in getting this cleanup merged in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all the issues reported so
> far.
> This patchset is a v2 for the patch that was sent by Fan Zhang(Intel) with a
> few changes
> - Added security session rework also.
> - fixed issues in [2] reported on mailing list.
> - few other fixes.
> 
> Please review and provide feedback as soon as possible as this is intended to
> be merged in DPDK 22.11 RC1.
> 
> Currently the cnxk platform is tested with this change.
> Request everyone to review and test on their platform.
> 
> Special note to ixgbe and txgbe maintainers.
> There is a wrong implementation for flow creation. Please check.
> A hack is added to bypass it. Please fix it separately.
> 
> [1]
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch
> es.dpdk.org%2Fproject%2Fdpdk%2Fcover%2F20211018213452.2734720-1-
> gakhil%40marvell.com%2F&amp;data=05%7C01%7Cg.singh%40nxp.com%7
> C4654103c909a4dd3031208da9be279f0%7C686ea1d3bc2b4c6fa92cd99c5c3
> 01635%7C0%7C0%7C637993694272898803%7CUnknown%7CTWFpbGZsb3d
> 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
> 3D%7C3000%7C%7C%7C&amp;sdata=NkLq49IFdRzKdHwZ5mvLJhLKi5pxsV15
> t5ZsC8lK1Xc%3D&amp;reserved=0
> [2]
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch
> es.dpdk.org%2Fproject%2Fdpdk%2Fcover%2F20220829160645.378406-1-
> roy.fan.zhang%40intel.com%2F&amp;data=05%7C01%7Cg.singh%40nxp.co
> m%7C4654103c909a4dd3031208da9be279f0%7C686ea1d3bc2b4c6fa92cd99
> c5c301635%7C0%7C0%7C637993694272898803%7CUnknown%7CTWFpbGZ
> sb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6
> Mn0%3D%7C3000%7C%7C%7C&amp;sdata=WLJbXuU%2FLDeV9QlEUhqfNF
> 7XAG8itcI%2BMdHgecv%2BaN4%3D&amp;reserved=0
> 
> Akhil Goyal (5):
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   security: remove priv mempool usage
>   drivers/crypto: support security session get size op
>   security: hide session structure
> 
> Fan Zhang (1):
>   crypto/scheduler: use unified session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  40 +--
>  app/test-crypto-perf/cperf_ops.h              |   2 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   9 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |  10 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   9 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  30 +-
>  app/test-eventdev/test_perf_common.c          |  35 +-
>  app/test-eventdev/test_perf_common.h          |   1 -
>  app/test/test_cryptodev.c                     | 336 +++++-------------
>  app/test/test_cryptodev_blockcipher.c         |  16 +-
>  app/test/test_cryptodev_security_ipsec.c      |   2 +-
>  app/test/test_cryptodev_security_ipsec.h      |   2 +-
>  app/test/test_event_crypto_adapter.c          |  35 +-
>  app/test/test_ipsec.c                         |  47 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 178 ++--------
>  app/test/test_security_inline_proto.c         |  26 +-
>  doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 +
>  doc/guides/rel_notes/release_22_11.rst        |   7 +
>  drivers/common/cnxk/roc_cpt.c                 |   4 +-
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  69 +---
>  drivers/crypto/ccp/ccp_crypto.c               |  56 +--
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  62 +---
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
>  drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
>  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
>  drivers/crypto/qat/qat_sym.c                  |  15 +-
>  drivers/crypto/qat/qat_sym.h                  |  16 +-
>  drivers/crypto/qat/qat_sym_session.c          |  73 ++--
>  drivers/crypto/qat/qat_sym_session.h          |  10 +-
>  drivers/crypto/scheduler/scheduler_failover.c |  19 +-
>  .../crypto/scheduler/scheduler_multicore.c    |  17 +
>  .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
>   .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
>  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
>  drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
>  drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
>  drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
>  examples/fips_validation/fips_dev_self_test.c |  40 +--
>  examples/fips_validation/main.c               |  35 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
>  examples/ipsec-secgw/ipsec.c                  |  16 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   2 +-
>  examples/l2fwd-crypto/main.c                  |  54 +--
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
>  lib/cryptodev/cryptodev_trace_points.c        |   6 -
>  lib/cryptodev/rte_crypto.h                    |   3 +-
>  lib/cryptodev/rte_crypto_sym.h                |  11 +-
>  lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
>  lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
>  lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
>  lib/cryptodev/version.map                     |   6 -
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   5 +-
>  lib/pipeline/rte_table_action.c               |  10 +-
>  lib/security/rte_security.c                   |  33 +-
>  lib/security/rte_security.h                   |  90 +++--
>  lib/security/rte_security_driver.h            |  31 +-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |  28 +-
>  109 files changed, 1255 insertions(+), 2413 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v2 0/6] crypto/security session framework rework
  2022-09-21 15:11   ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
@ 2022-09-23 13:00     ` Coyle, David
  0 siblings, 0 replies; 47+ messages in thread
From: Coyle, David @ 2022-09-23 13:00 UTC (permalink / raw)
  To: Akhil Goyal, dev, Zhang, Roy Fan
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, De Lara Guarch, Pablo, matan,
	g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu, Jingjing, Xing,
	Beilei, Nithin Kumar Dabilpuram

Hi Akhil/Fan

Patchset verified for QAT and AESNI_MB sessions, with particular focus on Security Cipher-CRC

For the series,
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

Regards,
David

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 21, 2022 4:11 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Vamsi Krishna Attunuru
> <vattunuru@marvell.com>; ferruh.yigit@xilinx.com;
> andrew.rybchenko@oktetlabs.ru; konstantin.v.ananyev@yandex.ru;
> jiawenwu@trustnetic.com; yisen.zhuang@huawei.com; Igor Russkikh
> <irusskikh@marvell.com>; Jerin Jacob Kollanukkaran <jerinj@marvell.com>;
> Ankur Dwivedi <adwivedi@marvell.com>; maxime.coquelin@redhat.com;
> chandu@amd.com; ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> Anoob Joseph <anoobj@marvell.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>; Nithin Kumar
> Dabilpuram <ndabilpuram@marvell.com>
> Subject: RE: [PATCH v2 0/6] crypto/security session framework rework
> 
> ++ Fan Zhang
> I think I missed adding one of the major contributor for this cleanup.
> 
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Wednesday, September 21, 2022 8:33 PM
> > To: dev@dpdk.org
> > Cc: thomas@monjalon.net; david.marchand@redhat.com;
> > hemant.agrawal@nxp.com; Vamsi Krishna Attunuru
> > <vattunuru@marvell.com>; ferruh.yigit@xilinx.com;
> > andrew.rybchenko@oktetlabs.ru; konstantin.v.ananyev@yandex.ru;
> > jiawenwu@trustnetic.com; yisen.zhuang@huawei.com; Igor Russkikh
> > <irusskikh@marvell.com>; Jerin Jacob Kollanukkaran
> > <jerinj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> > maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com;
> > ajit.khaparde@broadcom.com; Anoob Joseph <anoobj@marvell.com>;
> > pablo.de.lara.guarch@intel.com; matan@nvidia.com; g.singh@nxp.com;
> > qiming.yang@intel.com; wenjun1.wu@intel.com;
> jianwang@trustnetic.com;
> > jingjing.wu@intel.com; beilei.xing@intel.com; Nithin Kumar Dabilpuram
> > <ndabilpuram@marvell.com>; Akhil Goyal <gakhil@marvell.com>
> > Subject: [PATCH v2 0/6] crypto/security session framework rework
> >
> > This patchset reworks the symmetric crypto and security session data
> > structure to use a single virtual/physical contiguous buffer for
> > symmetric crypto/security session and driver private data.
> > In addition the session data structure is now private.
> > The session is represented as an opaque pointer in the application.
> >
> > With the change the session is no longer supported to be accessed by
> > multiple device drivers. For the same reason
> > rte_cryptodev_sym_session_init/clear APIs are deprecated as
> > rte_cryptodev_sym_session_create/free will initialize and clear the
> > driver specific data field.
> >
> > The change was also submitted last year during DPDK 21.11 timeframe
> > also[1], but was not applied due to lack of feedback from community.
> > Please help in getting this cleanup merged in this cycle.
> >
> > Now the similar work was already done for asymmetric crypto.
> > This patchset is rebased over current tree and fixes all the issues
> > reported so far.
> > This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
> > with a few changes
> > - Added security session rework also.
> > - fixed issues in [2] reported on mailing list.
> > - few other fixes.
> >
> > Please review and provide feedback as soon as possible as this is
> > intended to be merged in DPDK 22.11 RC1.
> >
> > Currently the cnxk platform is tested with this change.
> > Request everyone to review and test on their platform.
> >
> > Special note to ixgbe and txgbe maintainers.
> > There is a wrong implementation for flow creation. Please check.
> > A hack is added to bypass it. Please fix it separately.
> >
> > [1]
> > https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-
> > gakhil@marvell.com/
> > [2]
> > https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-
> > roy.fan.zhang@intel.com/
> >
> > Akhil Goyal (5):
> >   cryptodev: rework session framework
> >   cryptodev: hide sym session structure
> >   security: remove priv mempool usage
> >   drivers/crypto: support security session get size op
> >   security: hide session structure
> >
> > Fan Zhang (1):
> >   crypto/scheduler: use unified session
> >
> >  app/test-crypto-perf/cperf.h                  |   1 -
> >  app/test-crypto-perf/cperf_ops.c              |  40 +--
> >  app/test-crypto-perf/cperf_ops.h              |   2 +-
> >  app/test-crypto-perf/cperf_test_latency.c     |   9 +-
> >  app/test-crypto-perf/cperf_test_latency.h     |   1 -
> >  .../cperf_test_pmd_cyclecount.c               |  10 +-
> >  .../cperf_test_pmd_cyclecount.h               |   1 -
> >  app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
> >  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
> >  app/test-crypto-perf/cperf_test_verify.c      |   9 +-
> >  app/test-crypto-perf/cperf_test_verify.h      |   1 -
> >  app/test-crypto-perf/main.c                   |  30 +-
> >  app/test-eventdev/test_perf_common.c          |  35 +-
> >  app/test-eventdev/test_perf_common.h          |   1 -
> >  app/test/test_cryptodev.c                     | 336 +++++-------------
> >  app/test/test_cryptodev_blockcipher.c         |  16 +-
> >  app/test/test_cryptodev_security_ipsec.c      |   2 +-
> >  app/test/test_cryptodev_security_ipsec.h      |   2 +-
> >  app/test/test_event_crypto_adapter.c          |  35 +-
> >  app/test/test_ipsec.c                         |  47 +--
> >  app/test/test_ipsec_perf.c                    |   4 +-
> >  app/test/test_security.c                      | 178 ++--------
> >  app/test/test_security_inline_proto.c         |  26 +-
> >  doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
> >  doc/guides/rel_notes/deprecation.rst          |   9 +
> >  doc/guides/rel_notes/release_22_11.rst        |   7 +
> >  drivers/common/cnxk/roc_cpt.c                 |   4 +-
> >  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
> >  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
> >  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
> >  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
> >  drivers/crypto/caam_jr/caam_jr.c              |  69 +---
> >  drivers/crypto/ccp/ccp_crypto.c               |  56 +--
> >  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
> >  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
> >  drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
> >  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
> >  drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
> >  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
> >  drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
> >  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
> >  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
> >  drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
> >  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
> >  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
> >  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
> >  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
> >  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  62 +---
> >  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
> >  drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
> >  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
> >  drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
> >  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
> >  drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
> >  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
> >  drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
> >  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
> >  drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
> >  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
> >  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
> >  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
> >  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
> >  drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
> >  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
> >  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
> >  drivers/crypto/qat/qat_sym.c                  |  15 +-
> >  drivers/crypto/qat/qat_sym.h                  |  16 +-
> >  drivers/crypto/qat/qat_sym_session.c          |  73 ++--
> >  drivers/crypto/qat/qat_sym_session.h          |  10 +-
> >  drivers/crypto/scheduler/scheduler_failover.c |  19 +-
> >  .../crypto/scheduler/scheduler_multicore.c    |  17 +
> >  .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
> >  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
> > .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
> >  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
> >  drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
> >  drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
> >  drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
> >  drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
> >  drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
> >  drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
> >  drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
> >  drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
> >  examples/fips_validation/fips_dev_self_test.c |  40 +--
> >  examples/fips_validation/main.c               |  35 +-
> >  examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
> >  examples/ipsec-secgw/ipsec.c                  |  16 +-
> >  examples/ipsec-secgw/ipsec.h                  |   1 -
> >  examples/ipsec-secgw/ipsec_worker.c           |   2 +-
> >  examples/l2fwd-crypto/main.c                  |  54 +--
> >  examples/vhost_crypto/main.c                  |  16 +-
> >  lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
> >  lib/cryptodev/cryptodev_trace_points.c        |   6 -
> >  lib/cryptodev/rte_crypto.h                    |   3 +-
> >  lib/cryptodev/rte_crypto_sym.h                |  11 +-
> >  lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
> >  lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
> >  lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
> >  lib/cryptodev/version.map                     |   6 -
> >  lib/ipsec/rte_ipsec_group.h                   |  13 +-
> >  lib/ipsec/ses.c                               |   5 +-
> >  lib/pipeline/rte_table_action.c               |  10 +-
> >  lib/security/rte_security.c                   |  33 +-
> >  lib/security/rte_security.h                   |  90 +++--
> >  lib/security/rte_security_driver.h            |  31 +-
> >  lib/vhost/rte_vhost_crypto.h                  |   3 -
> >  lib/vhost/vhost_crypto.c                      |  28 +-
> >  109 files changed, 1255 insertions(+), 2413 deletions(-)
> >
> > --
> > 2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 0/6] crypto/security session framework rework
  2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
                     ` (7 preceding siblings ...)
  2022-09-23  9:29   ` Gagandeep Singh
@ 2022-09-24 16:35   ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 1/6] cryptodev: rework session framework Akhil Goyal
                       ` (8 more replies)
  8 siblings, 9 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal

This patchset reworks the symmetric crypto and security session
data structure to use a single virtual/physical contiguous buffer
for symmetric crypto/security session and driver private data.
In addition the session data structure is now private.
The session is represented as an opaque pointer in the application.

With the change the session is no longer supported to be accessed
by multiple device drivers. For the same reason
rte_cryptodev_sym_session_init/clear APIs are deprecated as
rte_cryptodev_sym_session_create/free will initialize and
clear the driver specific data field.

The change was also submitted last year during DPDK 21.11
timeframe also[1], but was not applied due to lack of feedback from
community. Please help in getting this cleanup merged in this cycle.

Now the similar work was already done for asymmetric crypto.
This patchset is rebased over current tree and fixes all
the issues reported so far.

Changes in v3:
- Updated release notes
- fixed checkpatch issues
- renamed macro to get sess priv data to align with crypto macro
- added acked-by/tested-by

Changes in v2:
This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
with a few changes
- Added security session rework also.
- fixed issues in [2] reported on mailing list.
- few other fixes.

Please review and provide feedback as soon as possible
as this is intended to be merged in DPDK 22.11 RC1.

Currently the cnxk platform is tested with this change.
Request everyone to review and test on their platform.

Special note to ixgbe and txgbe maintainers.
There is a wrong implementation for flow creation. Please check.
A hack is added to bypass it. Please fix it separately.

[1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-gakhil@marvell.com/
[2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-roy.fan.zhang@intel.com/



Akhil Goyal (5):
  cryptodev: rework session framework
  cryptodev: hide sym session structure
  security: remove priv mempool usage
  drivers/crypto: support security session get size op
  security: hide session structure

Fan Zhang (1):
  crypto/scheduler: use unified session

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  40 +--
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   9 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |  10 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   9 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  30 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 336 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_cryptodev_security_ipsec.c      |   2 +-
 app/test/test_cryptodev_security_ipsec.h      |   2 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  47 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 app/test/test_security.c                      | 178 ++--------
 app/test/test_security_inline_proto.c         |  26 +-
 doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
 doc/guides/rel_notes/deprecation.rst          |   9 -
 doc/guides/rel_notes/release_22_11.rst        |  14 +
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  69 +---
 drivers/crypto/ccp/ccp_crypto.c               |  56 +--
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  69 +---
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
 drivers/crypto/null/null_crypto_pmd.c         |  20 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
 drivers/crypto/qat/qat_sym.c                  |  15 +-
 drivers/crypto/qat/qat_sym.h                  |  16 +-
 drivers/crypto/qat/qat_sym_session.c          |  73 ++--
 drivers/crypto/qat/qat_sym_session.h          |  10 +-
 drivers/crypto/scheduler/scheduler_failover.c |  19 +-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +
 .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
 examples/fips_validation/fips_dev_self_test.c |  40 +--
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
 examples/ipsec-secgw/ipsec.c                  |  16 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   2 +-
 examples/l2fwd-crypto/main.c                  |  54 +--
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_crypto.h                    |   3 +-
 lib/cryptodev/rte_crypto_sym.h                |  11 +-
 lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
 lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
 lib/cryptodev/version.map                     |   6 -
 lib/ipsec/rte_ipsec_group.h                   |  13 +-
 lib/ipsec/ses.c                               |   5 +-
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/security/rte_security.c                   |  33 +-
 lib/security/rte_security.h                   |  90 +++--
 lib/security/rte_security_driver.h            |  31 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 109 files changed, 1251 insertions(+), 2431 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 1/6] cryptodev: rework session framework
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 2/6] crypto/scheduler: use unified session Akhil Goyal
                       ` (7 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.

rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf_ops.c              |  21 +-
 app/test-crypto-perf/cperf_test_latency.c     |   6 +-
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 app/test-crypto-perf/cperf_test_throughput.c  |   6 +-
 app/test-crypto-perf/cperf_test_verify.c      |   6 +-
 app/test-crypto-perf/main.c                   |  29 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 302 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  42 +--
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  38 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  28 +-
 drivers/crypto/ccp/ccp_crypto.c               |  58 +---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  36 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  31 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  31 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  37 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   4 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 ++-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  36 +--
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  26 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   8 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +-
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +--
 drivers/crypto/null/null_crypto_pmd.c         |  19 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/qat_sym.c                  |  10 +-
 drivers/crypto/qat/qat_sym.h                  |   4 +-
 drivers/crypto/qat/qat_sym_session.c          |  40 +--
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  38 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  30 +-
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  10 +-
 examples/ipsec-secgw/ipsec.c                  |   7 +-
 examples/l2fwd-crypto/main.c                  |  54 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  28 +-
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_cryptodev.c                 | 276 ++++++----------
 lib/cryptodev/rte_cryptodev.h                 | 123 ++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  33 +-
 lib/cryptodev/version.map                     |   6 -
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 71 files changed, 551 insertions(+), 1670 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index d746d51082..c6f5735bb0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -912,7 +912,6 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					&sess_conf, sess_mp, priv_mp);
 	}
 #endif
-	sess = rte_cryptodev_sym_session_create(sess_mp);
 	/*
 	 * cipher only
 	 */
@@ -937,8 +936,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &cipher_xform,
+				sess_mp);
 	/*
 	 *  auth only
 	 */
@@ -965,8 +964,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &auth_xform,
+				sess_mp);
 	/*
 	 * cipher and auth
 	 */
@@ -1024,13 +1023,13 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&cipher_xform, sess_mp);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform, sess_mp);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1050,8 +1049,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					options->aead_aad_sz;
 
 		/* Create crypto session */
-		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform,
+				sess_mp);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 6f972cea49..afd8cb209b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -44,10 +44,8 @@ static void
 cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 3f2da13d3a..edd2730b73 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -74,10 +74,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		} else
 #endif
-		{
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 
 	rte_mempool_free(ctx->pool);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index fba66bbde9..fa13915dc3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -52,10 +52,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		}
 #endif
-		else {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 	rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index b691595675..c1465db243 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -39,10 +39,8 @@ static void
 cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 27acd619bc..3469b836e1 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -97,35 +97,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size, 0, 0,
+					socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -136,6 +115,7 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
+		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -323,12 +303,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c
index 81420be73a..30cefcb6dd 100644
--- a/app/test-eventdev/test_perf_common.c
+++ b/app/test-eventdev/test_perf_common.c
@@ -864,18 +864,13 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t)
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	cipher_xform.next = NULL;
 
-	sess = rte_cryptodev_sym_session_create(t->ca_sess_pool);
+	sess = rte_cryptodev_sym_session_create(p->ca.cdev_id, &cipher_xform,
+			t->ca_sess_pool);
 	if (sess == NULL) {
 		evt_err("Failed to create sym session");
 		return NULL;
 	}
 
-	if (rte_cryptodev_sym_session_init(p->ca.cdev_id, sess, &cipher_xform,
-					   t->ca_sess_priv_pool)) {
-		evt_err("Failed to init session");
-		return NULL;
-	}
-
 	return sess;
 }
 
@@ -1382,15 +1377,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 		goto err;
 	}
 
-	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
-		"ca_sess_pool", nb_sessions, 0, 0,
-		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
-	if (t->ca_sess_pool == NULL) {
-		evt_err("Failed to create sym session pool");
-		ret = -ENOMEM;
-		goto err;
-	}
-
 	max_session_size = 0;
 	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		unsigned int session_size;
@@ -1401,12 +1387,11 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 			max_session_size = session_size;
 	}
 
-	max_session_size += sizeof(union rte_event_crypto_metadata);
-	t->ca_sess_priv_pool = rte_mempool_create(
-		"ca_sess_priv_pool", nb_sessions, max_session_size, 0, 0, NULL,
-		NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-	if (t->ca_sess_priv_pool == NULL) {
-		evt_err("failed to create sym session private pool");
+	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
+		"ca_sess_pool", nb_sessions, max_session_size, 0,
+		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
+	if (t->ca_sess_pool == NULL) {
+		evt_err("Failed to create sym session pool");
 		ret = -ENOMEM;
 		goto err;
 	}
@@ -1446,7 +1431,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 		qp_conf.nb_descriptors = NB_CRYPTODEV_DESCRIPTORS;
 		qp_conf.mp_session = t->ca_sess_pool;
-		qp_conf.mp_session_private = t->ca_sess_priv_pool;
 
 		for (qp_id = 0; qp_id < conf.nb_queue_pairs; qp_id++) {
 			ret = rte_cryptodev_queue_pair_setup(
@@ -1467,7 +1451,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 
 	return ret;
@@ -1492,8 +1475,7 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 		for (flow_id = 0; flow_id < t->nb_flows; flow_id++) {
 			sess = p->ca.crypto_sess[flow_id];
 			cdev_id = p->ca.cdev_id;
-			rte_cryptodev_sym_session_clear(cdev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
+			rte_cryptodev_sym_session_free(cdev_id, sess);
 		}
 
 		rte_event_crypto_adapter_queue_pair_del(
@@ -1509,7 +1491,6 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 }
 
diff --git a/app/test-eventdev/test_perf_common.h b/app/test-eventdev/test_perf_common.h
index 8cbd06fe42..d06d52cdf8 100644
--- a/app/test-eventdev/test_perf_common.h
+++ b/app/test-eventdev/test_perf_common.h
@@ -70,7 +70,6 @@ struct test_perf {
 		RTE_EVENT_TIMER_ADAPTER_NUM_MAX] __rte_cache_aligned;
 	struct rte_mempool *ca_op_pool;
 	struct rte_mempool *ca_sess_pool;
-	struct rte_mempool *ca_sess_priv_pool;
 	struct rte_mempool *ca_asym_sess_pool;
 } __rte_cache_aligned;
 
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0c39b16b71..f5fef10696 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -13,6 +13,7 @@
 #include <rte_pause.h>
 #include <rte_bus_vdev.h>
 #include <rte_ether.h>
+#include <rte_errno.h>
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
@@ -644,23 +645,17 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-
 	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
+			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
+			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
+
 	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
 			"session mempool allocation failed");
 
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -668,7 +663,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -697,15 +691,11 @@ testsuite_teardown(void)
 		rte_mempool_avail_count(ts_params->op_mpool));
 	}
 
-	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
+		rte_mempool_free(ts_params->session_priv_mpool);
+		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -1392,7 +1382,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1452,10 +1441,8 @@ ut_teardown(void)
 #endif
 	{
 		if (ut_params->sess) {
-			rte_cryptodev_sym_session_clear(
-					ts_params->valid_devs[0],
+			rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 					ut_params->sess);
-			rte_cryptodev_sym_session_free(ut_params->sess);
 			ut_params->sess = NULL;
 		}
 	}
@@ -1610,7 +1597,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2155,8 +2141,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
-
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
 	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2201,18 +2185,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	/* Create crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	if (rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2441,7 +2418,6 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	enum rte_crypto_auth_algorithm algo)
 {
 	uint8_t hash_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2461,16 +2437,11 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.digest_length = auth_len;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
 	ut_params->auth_xform.auth.iv.length = iv_len;
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2483,7 +2454,6 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2503,16 +2473,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session */
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2590,7 +2556,6 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 
 {
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2625,17 +2590,12 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
 
@@ -2649,7 +2609,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 {
 	const uint8_t key_len = tdata->key.len;
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2689,16 +2648,11 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2724,7 +2678,6 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2755,26 +2708,19 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	if (cipher_op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 	} else
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
 
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	return 0;
 }
@@ -8205,7 +8151,6 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 		uint8_t iv_len)
 {
 	uint8_t aead_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8227,15 +8172,12 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -8679,7 +8621,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
 				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				NULL);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -12029,7 +11971,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 				   const struct HMAC_MD5_vector *test_case)
 {
 	uint8_t key[64];
-	int status;
 
 	memcpy(key, test_case->key.data, test_case->key.len);
 
@@ -12044,16 +11985,11 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.key.data = key;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+		ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-	if (ut_params->sess == NULL)
-		return TEST_FAILED;
-
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
@@ -12261,12 +12197,9 @@ test_multi_session(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-
 	struct rte_cryptodev_info dev_info;
 	struct rte_cryptodev_sym_session **sessions;
-
 	uint16_t i;
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12293,20 +12226,15 @@ test_multi_session(void)
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-
 		sessions[i] = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
+			return TEST_SKIPPED;
+
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
-
-		status = rte_cryptodev_sym_session_init(
-				ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-		if (status == -ENOTSUP)
-			return TEST_SKIPPED;
-
 		/* Attempt to send a request on each session */
 		TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
 			sessions[i],
@@ -12336,18 +12264,9 @@ test_multi_session(void)
 		}
 	}
 
-	sessions[i] = NULL;
-	/* Next session create should fail */
-	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT_NULL(sessions[i],
-			"Session creation succeeded unexpectedly!");
-
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12398,7 +12317,6 @@ test_multi_session_random_usage(void)
 		},
 
 	};
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12420,11 +12338,6 @@ test_multi_session_random_usage(void)
 					* MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		sessions[i] = rte_cryptodev_sym_session_create(
-				ts_params->session_mpool);
-		TEST_ASSERT_NOT_NULL(sessions[i],
-				"Session creation failed at session number %u",
-				i);
 
 		rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
 				sizeof(struct crypto_unittest_params));
@@ -12434,16 +12347,16 @@ test_multi_session_random_usage(void)
 				ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
 
 		/* Create multiple crypto sessions*/
-		status = rte_cryptodev_sym_session_init(
+		sessions[i] = rte_cryptodev_sym_session_create(
 				ts_params->valid_devs[0],
-				sessions[i],
 				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
-
-		if (status == -ENOTSUP)
+				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
 			return TEST_SKIPPED;
 
-		TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+		TEST_ASSERT_NOT_NULL(sessions[i],
+				"Session creation failed at session number %u",
+				i);
 	}
 
 	srand(time(NULL));
@@ -12481,9 +12394,8 @@ test_multi_session_random_usage(void)
 	}
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12501,7 +12413,6 @@ test_null_invalid_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int ret;
 
 	/* This test is for NULL PMD only */
 	if (gbl_driver_id != rte_cryptodev_driver_id_get(
@@ -12515,17 +12426,13 @@ test_null_invalid_operation(void)
 	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
-
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -12533,14 +12440,11 @@ test_null_invalid_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
 	return TEST_SUCCESS;
@@ -12554,7 +12458,6 @@ test_null_burst_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
 
 	unsigned i, burst_len = NULL_BURST_LENGTH;
 
@@ -12580,19 +12483,14 @@ test_null_burst_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_NULL;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	/* Create Crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(
+				ts_params->valid_devs[0],
+				&ut_params->auth_xform,
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -12703,7 +12601,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12803,7 +12700,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12990,7 +12886,6 @@ static int create_gmac_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t auth_key[tdata->key.len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -13009,15 +12904,13 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -13646,7 +13539,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
 
@@ -13660,15 +13552,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -13681,7 +13571,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(cipher_key, reference->cipher_key.data,
 			reference->cipher_key.len);
@@ -13713,15 +13602,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	}
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -14179,7 +14066,6 @@ test_authenticated_encrypt_with_esn(
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
 	struct rte_cryptodev_info dev_info;
-	int status;
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 	uint64_t feat_flags = dev_info.feature_flags;
@@ -14230,19 +14116,12 @@ test_authenticated_encrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
-		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
-
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
 			"Failed to allocate input buffer in mempool");
@@ -14366,18 +14245,11 @@ test_authenticated_decrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-
-	if (retval == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -15125,8 +14997,8 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
-						SOCKET_ID_ANY);
+						MAX_NB_SESSIONS, session_size,
+						0, 0, SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
@@ -15149,8 +15021,6 @@ test_scheduler_attach_worker_op(void)
 		}
 
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index b5813b956f..4fcdd55660 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -514,11 +513,9 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	 */
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) &&
 			nb_iterates == 0) {
-		sess = rte_cryptodev_sym_session_create(sess_mpool);
-
-		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
-		if (status == -ENOTSUP) {
+		sess = rte_cryptodev_sym_session_create(dev_id, init_xform,
+				sess_mpool);
+		if (sess == NULL) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
 			goto error_exit;
@@ -801,10 +798,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 error_exit:
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
-		if (sess) {
-			rte_cryptodev_sym_session_clear(dev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
-		}
+		if (sess)
+			rte_cryptodev_sym_session_free(dev_id, sess);
 		rte_free(cipher_xform);
 		rte_free(auth_xform);
 	}
@@ -829,7 +824,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 2ecc7e2cea..c6cf9c5401 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -157,7 +157,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *asym_op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_mempool *asym_sess_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
@@ -307,15 +306,10 @@ test_op_forward_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
-		/* Create Crypto session*/
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
-
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
 							&cap);
 		TEST_ASSERT_SUCCESS(ret, "Failed to get adapter capabilities\n");
@@ -683,8 +677,8 @@ test_op_new_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -699,9 +693,6 @@ test_op_new_mode(uint8_t session_less)
 					RTE_CRYPTO_OP_WITH_SESSION,
 					&m_data, sizeof(m_data));
 		}
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
 	} else {
@@ -994,22 +985,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 
 	while ((capability = &info.capabilities[i++])->op !=
@@ -1048,7 +1029,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -1410,11 +1390,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
 
 	/* Free asym session mempool */
 	if (params.asym_sess_mpool != NULL) {
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index aa533483fd..04d231468b 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -370,20 +370,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -428,11 +417,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -647,8 +631,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session, NULL);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
@@ -662,25 +645,15 @@ static int
 create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
-	int32_t rc;
 	struct rte_cryptodev_sym_session *s;
 
-	s = rte_cryptodev_sym_session_create(qp->mp_session);
+	s = rte_cryptodev_sym_session_create(dev_id, ut->crypto_xforms,
+			qp->mp_session);
 	if (s == NULL)
 		return -ENOMEM;
 
-	/* initialize SA crypto session for device */
-	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
-	if (rc == 0) {
-		ut->ss[j].crypto.ses = s;
-		return 0;
-	} else {
-		/* failure, do cleanup */
-		rte_cryptodev_sym_session_clear(dev_id, s);
-		rte_cryptodev_sym_session_free(s);
-		return rc;
-	}
+	ut->ss[j].crypto.ses = s;
+	return 0;
 }
 
 static int
@@ -1196,8 +1169,7 @@ static void
 destroy_crypto_session(struct ipsec_unitest_params *ut,
 	uint8_t crypto_dev, uint32_t j)
 {
-	rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
-	rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
+	rte_cryptodev_sym_session_free(crypto_dev, ut->ss[j].crypto.ses);
 	memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 32127a874c..75a95e3689 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -521,34 +521,23 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL)) {
-			sess = (struct armv8_crypto_session *)
-					get_sym_session_private_data(
-					op->sym->session,
-					cryptodev_driver_id);
+			sess = op->sym->session->data;
 		}
 	} else {
 		/* provide internal session */
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct armv8_crypto_session *)_sess_private_data;
+		sess = (struct armv8_crypto_session *)_sess->data;
 
 		if (unlikely(armv8_crypto_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -674,10 +663,6 @@ process_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index c07ac0489e..176bb9e6a0 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -267,8 +267,7 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -278,43 +277,22 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = sess->data;
 
 	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
 		.dev_configure		= armv8_crypto_pmd_config,
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..d3334dc920 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -211,8 +211,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
 		sess = (struct bcmfs_sym_session *)
-			  get_sym_session_private_data(op->sym->session,
-						       cryptodev_bcmfs_driver_id);
+			op->sym->session->driver_priv_data;
 	}
 
 	if (sess == NULL)
@@ -222,10 +221,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 }
 
 int
-bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -235,45 +233,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+bcmfs_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+			struct rte_cryptodev_sym_session  *sess __rte_unused)
+{}
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..4a0a012ae7 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,8 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    struct rte_cryptodev_sym_session *sess);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8e9cfe73d8..a9c93dea13 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1357,8 +1357,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		ses = (struct caam_jr_session *)
-		get_sym_session_private_data(op->sym->session,
-					cryptodev_driver_id);
+			op->sym->session->driver_priv_data;
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1692,54 +1691,39 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 }
 
 static int
-caam_jr_sym_session_configure(struct rte_cryptodev *dev,
+caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
+	sess_private_data = (void *)sess->driver_priv_data;
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
+caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
 
 	PMD_INIT_FUNC_TRACE();
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index 4bab18323b..bd999abe61 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,9 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1766,9 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1859,9 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2005,9 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2079,9 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2242,9 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2330,9 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2440,9 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2607,9 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2645,9 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2715,9 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2780,9 +2758,8 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op[i]->sym->session,
-						 ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2858,9 +2835,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2934,9 +2909,8 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op_d[i]->sym->session,
-						ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op_d[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 1b600e81ad..e401793a76 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -757,8 +756,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
 	void *sess_private_data;
@@ -769,40 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
+
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
-}
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		      struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops ccp_ops = {
 		.dev_configure		= ccp_pmd_config,
diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h
index 1c4118ee3c..6704e39ab8 100644
--- a/drivers/crypto/ccp/ccp_pmd_private.h
+++ b/drivers/crypto/ccp/ccp_pmd_private.h
@@ -78,8 +78,6 @@ struct ccp_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_mempool *batch_mp;
 	/**< Session Mempool for batch info */
 	struct rte_cryptodev_stats qp_stats;
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index a35a8cd775..7502281ad9 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,33 +56,23 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (struct ccp_session *)
-			get_sym_session_private_data(
-				op->sym->session,
-				ccp_cryptodev_driver_id);
+		sess = (void *)op->sym->session->driver_priv_data;
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
 
-		if (rte_mempool_get(qp->sess_mp, &_sess))
-			return NULL;
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		sess = (struct ccp_session *)_sess_private_data;
+		sess = (void *)_sess->driver_priv_data;
 
 		internals = (struct ccp_private *)qp->dev->data->dev_private;
 		if (unlikely(ccp_set_session_parameters(sess, op->sym->xform,
 							internals) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-					 ccp_cryptodev_driver_id,
-					 _sess_private_data);
+		op->sym->session = _sess;
 	}
 
 	return sess;
@@ -161,13 +151,10 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	for (i = 0; i < nb_dequeued; i++)
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
-			struct ccp_session *sess = (struct ccp_session *)
-					get_sym_session_private_data(
-						ops[i]->sym->session,
-						ccp_cryptodev_driver_id);
+			struct ccp_session *sess =
+				(void *)ops[i]->sym->session->driver_priv_data;
 
-			rte_mempool_put(qp->sess_mp_priv,
-					sess);
+			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
 					ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 586941cd70..f96e132513 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -22,24 +22,23 @@
 static inline struct cnxk_se_sess *
 cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn10k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
-	if (ret)
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+				    sess);
+	if (ret) {
+		rte_mempool_put(qp->sess_mp, (void *)sess);
 		goto sess_put;
+	}
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
+	priv = (void *)sess->driver_priv_data;
 	sym_op->session = sess;
 
 	return priv;
@@ -111,8 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = get_sym_session_private_data(
-				sym_op->session, cn10k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -128,8 +126,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 				return 0;
 			}
@@ -296,8 +293,9 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn10k_cryptodev_driver_id);
+			priv = (void *)(
+				((struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -334,8 +332,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn10k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
@@ -543,7 +540,6 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 {
 	const uint8_t uc_compcode = res->uc_compcode;
 	const uint8_t compcode = res->compcode;
-	unsigned int sz;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
@@ -620,11 +616,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b753c1cb4b..a44f111ba6 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,23 +56,20 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 static inline struct cnxk_se_sess *
 cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn9k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
+	priv = (void *)sess->driver_priv_data;
 
 	sym_op->session = sess;
 
@@ -95,8 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = get_sym_session_private_data(
-				sym_op->session, cn9k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -110,8 +106,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -349,8 +344,9 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn9k_cryptodev_driver_id);
+			priv = (void *)((
+				(struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -387,8 +383,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn9k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
@@ -583,8 +578,6 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 			      struct cpt_inflight_req *infl_req,
 			      struct cpt_cn9k_res_s *res)
 {
-	unsigned int sz;
-
 	if (likely(res->compcode == CPT_COMP_GOOD)) {
 		if (unlikely(res->uc_compcode)) {
 			if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
@@ -645,11 +638,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cf91b92c2c..018d7fcee8 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -406,7 +406,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -620,25 +619,15 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv;
-	void *priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
-
+	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
 	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
 	if (ret)
 		goto priv_put;
@@ -684,61 +673,39 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
-
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
 
 priv_put:
-	rte_mempool_put(pool, priv);
-
 	return ret;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       struct rte_cryptodev_sym_session *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
-
-	if (priv == NULL)
-		return;
-
-	sess_priv = priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 			   struct rte_cryptodev_sym_session *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ffe4ae19aa..ca90567620 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -78,8 +78,6 @@ struct cnxk_cpt_qp {
 	/**< Crypto adapter related info */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 };
 
 int cnxk_cpt_dev_config(struct rte_cryptodev *dev,
@@ -104,18 +102,16 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   struct rte_cryptodev_sym_session *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  struct rte_cryptodev_sym_session *sess);
 
 void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+		struct rte_cryptodev_sym_session *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(struct rte_cryptodev_sym_session *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8444f1a795..5a38d53022 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,8 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-				op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1678,8 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3754,51 +3752,36 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 }
 #endif
 static int
-dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index e68a4875dd..795be3acc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,8 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, cryptodev_driver_id);
+		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 05415dbf3b..0cc773fba6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,10 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sym_session_private_data(
-					op->sym->session,
-					dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1927,10 +1924,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sym_session_private_data(
-						op->sym->session,
-						dpaa_cryptodev_driver_id);
+				ses = (void *)
+					op->sym->session->driver_priv_data;
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2676,31 +2671,19 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -2714,7 +2697,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2724,7 +2706,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -2733,14 +2714,10 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
-	if (sess_priv) {
-		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	free_session_memory(dev, s);
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d081953e26..d2e4d9d787 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1017,8 +1017,8 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)
+			session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 7e8396b4a3..90ce5bc965 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -264,7 +264,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->pmd_type = internals->pmd_type;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	qp->ingress_queue = ipsec_mb_qp_create_processed_ops_ring(qp,
 		qp_conf->nb_descriptors, socket_id);
@@ -312,9 +311,8 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess, struct rte_mempool *mempool)
+	struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
 		&ipsec_mb_pmds[internals->pmd_type];
@@ -330,42 +328,22 @@ ipsec_mb_sym_session_configure(
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		free_mb_mgr(mb_mgr);
-		return -ENOMEM;
-	}
-
-	ret = (*pmd_data->session_configure)(mb_mgr, sess_private_data, xform);
+	ret = (*pmd_data->session_configure)(mb_mgr,
+			(void *)sess->driver_priv_data, xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		free_mb_mgr(mb_mgr);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	free_mb_mgr(mb_mgr);
 	return 0;
 }
 
 /** Clear the session memory */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-			       struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, ipsec_mb_sym_session_get_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index d074b33133..14f962ef28 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -136,8 +136,6 @@ struct ipsec_mb_qp {
 	struct rte_ring *ingress_queue;
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
-	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
 	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
@@ -399,8 +397,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool);
+	struct rte_cryptodev_sym_session *sess);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
@@ -411,50 +408,50 @@ ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
 static __rte_always_inline void *
 ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 {
-	void *sess = NULL;
+	struct rte_cryptodev_sym_session *sess = NULL;
 	uint32_t driver_id = ipsec_mb_get_driver_id(qp->pmd_type);
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	uint8_t sess_type = op->sess_type;
 	void *_sess;
-	void *_sess_private_data = NULL;
 	struct ipsec_mb_internals *pmd_data = &ipsec_mb_pmds[qp->pmd_type];
 
 	switch (sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		if (likely(sym_op->session != NULL))
-			sess = get_sym_session_private_data(sym_op->session,
-							    driver_id);
+			sess = sym_op->session;
+		else
+			goto error_exit;
 	break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
 		if (!qp->sess_mp ||
 		    rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (!qp->sess_mp_priv ||
-		    rte_mempool_get(qp->sess_mp_priv,
-					(void **)&_sess_private_data))
-			return NULL;
+		sess = _sess;
+		if (sess->sess_data_sz < pmd_data->session_priv_size) {
+			rte_mempool_put(qp->sess_mp, _sess);
+			goto error_exit;
+		}
 
-		sess = _sess_private_data;
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-				sess, sym_op->xform) != 0)) {
+			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
-			sess = NULL;
+			goto error_exit;
 		}
 
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sess->driver_id = driver_id;
+		sym_op->session = sess;
+
 	break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	if (unlikely(sess == NULL))
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return (void *)sess->driver_priv_data;
 
-	return sess;
+error_exit:
+	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return NULL;
 }
 
 #endif /* _IPSEC_MB_PRIVATE_H_ */
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 2c033c6f28..e4f274b608 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -241,10 +241,6 @@ handle_completed_gcm_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_gcm_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -455,44 +451,35 @@ static inline struct aesni_gcm_session *
 aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	     struct rte_crypto_op *op)
 {
-	struct aesni_gcm_session *sess = NULL;
-	uint32_t driver_id =
-	    ipsec_mb_get_driver_id(IPSEC_MB_PMD_TYPE_AESNI_GCM);
+	struct rte_cryptodev_sym_session *sess = NULL;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct aesni_gcm_session *)
-			    get_sym_session_private_data(sym_op->session,
-							 driver_id);
+			sess = sym_op->session;
 	} else {
-		void *_sess;
-		void *_sess_private_data = NULL;
-
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (rte_mempool_get(qp->sess_mp, (void **)&sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
+		if (unlikely(sess->sess_data_sz <
+				sizeof(struct aesni_gcm_session))) {
+			rte_mempool_put(qp->sess_mp, sess);
 			return NULL;
-
-		sess = (struct aesni_gcm_session *)_sess_private_data;
+		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				 _sess_private_data, sym_op->xform) != 0)) {
-			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
+				(void *)sess->driver_priv_data,
+				sym_op->xform) != 0)) {
+			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sym_op->session = sess;
 	}
 
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return sess;
+	return (void *)sess->driver_priv_data;
 }
 
 static uint16_t
@@ -712,22 +699,15 @@ aesni_gmac_sgl_verify(struct aesni_gcm_session *s,
 
 /** Process CPU crypto bulk operations */
 static uint32_t
-aesni_gcm_process_bulk(struct rte_cryptodev *dev,
+aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			struct rte_cryptodev_sym_session *sess,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s;
+	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
-	s = (struct aesni_gcm_session *) get_sym_session_private_data(sess,
-		dev->driver_id);
-	if (unlikely(s == NULL)) {
-		aesni_gcm_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 6d5d3ce8eb..f3565b04b5 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1710,8 +1710,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 {
 	struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data;
 	struct aesni_mb_session *sess = NULL;
-	uint32_t driver_id = ipsec_mb_get_driver_id(
-						IPSEC_MB_PMD_TYPE_AESNI_MB);
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
 	uint8_t is_docsis_sec = 0;
@@ -1725,15 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-	{
-		sess = get_sym_session_private_data(op->sym->session,
-						driver_id);
-	}
-
-	if (unlikely(sess == NULL)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
-		return op;
-	}
+		sess = (void *)op->sym->session->driver_priv_data;
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -1771,10 +1761,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_mb_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -1962,16 +1948,6 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	return processed_jobs;
 }
 
-
-static inline void
-ipsec_mb_fill_error_code(struct rte_crypto_sym_vec *vec, int32_t err)
-{
-	uint32_t i;
-
-	for (i = 0; i != vec->num; ++i)
-		vec->status[i] = err;
-}
-
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
@@ -2028,7 +2004,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
 }
 
 static uint32_t
-aesni_mb_process_bulk(struct rte_cryptodev *dev,
+aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
 	struct rte_crypto_sym_vec *vec)
 {
@@ -2037,15 +2013,9 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s;
+	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
-	s = get_sym_session_private_data(sess, dev->driver_id);
-	if (s == NULL) {
-		ipsec_mb_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
index d953d6e5f5..97e7cef233 100644
--- a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
+++ b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
@@ -290,10 +290,6 @@ handle_completed_chacha20_poly1305_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct chacha20_poly1305_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index c9d4f9d0ae..b2fb168154 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -231,11 +231,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct kasumi_session));
-			memset(
-			    ops[i]->sym->session, 0,
-			    rte_cryptodev_sym_get_existing_header_session_size(
-				ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -287,8 +282,9 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct kasumi_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct kasumi_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 	return processed_op;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 9a85f46721..f052d6d847 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -362,10 +362,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct snow3g_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -417,8 +413,9 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct snow3g_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct snow3g_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index e36c7092d6..92fd9d1808 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -239,10 +239,6 @@ process_ops(struct rte_crypto_op **ops, enum ipsec_mb_operation op_type,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(sessions[i], 0, sizeof(struct zuc_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index eb7616257e..46ea507cf5 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -171,14 +171,13 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  struct rte_cryptodev_sym_session *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data =
+		(void *)session->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -189,17 +188,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -239,8 +230,6 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
@@ -250,16 +239,13 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
@@ -369,8 +355,8 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess = get_sym_session_private_data
-				(op->sym->session, mlx5_crypto_driver_id);
+	struct mlx5_crypto_session *sess =
+		(void *)op->sym->session->driver_priv_data;
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..bb86f671a4 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -597,13 +597,7 @@ mrvl_request_prepare_crp(struct sam_cio_op_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sym_session_private_data(
-					     op->sym->session,
-					     cryptodev_driver_id);
-	if (unlikely(sess == NULL)) {
-		MRVL_LOG(ERR, "Session was not created for this device!");
-		return -EINVAL;
-	}
+	sess = (struct mrvl_crypto_session *)op->sym->session->data;
 
 	request->sa = sess->sam_sess;
 	request->cookie = op;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index f828dc9db5..214c0fcb08 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -736,8 +736,7 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	void *sess_private_data;
@@ -748,23 +747,15 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
+	sess_private_data = sess->data;
 	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
 
 	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
 	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
@@ -791,8 +782,7 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = sess->data;
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
@@ -803,11 +793,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
 			MRVL_LOG(ERR, "Error while destroying session!");
 		}
-
-		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index cb5393d2f1..505024a810 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -530,24 +530,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 }
 
 static int
-nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
+nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
-	void *mp_obj;
-	struct nitrox_crypto_ctx *ctx;
+	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -585,38 +577,23 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
+	ctx->iova = sess->driver_priv_data_iova;
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
-{
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
-}
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev __rte_unused,
+			  struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct nitrox_crypto_ctx *
 get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return get_sym_session_private_data(op->sym->session,
-							   nitrox_sym_drv_id);
+			return (void *)op->sym->session->driver_priv_data;
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 9ecb434fd0..09aac3065e 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -58,7 +58,7 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(op->sym->session, 0,
 				sizeof(struct null_crypto_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
@@ -78,30 +78,21 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
 			sess = (struct null_crypto_session *)
-					get_sym_session_private_data(
-					sym_op->session, cryptodev_driver_id);
+				sym_op->session->driver_priv_data;
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct null_crypto_session *)_sess_private_data;
+		sess = (struct null_crypto_session *)_sess->driver_priv_data;
 
 		if (unlikely(null_crypto_set_session_parameters(sess,
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+		sym_op->session = _sess;
 	}
 
 	return sess;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 90a675dfff..fb43d3f7b5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -233,7 +233,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -256,8 +255,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -267,43 +265,22 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops pmd_ops = {
 		.dev_configure		= null_crypto_pmd_config,
diff --git a/drivers/crypto/null/null_crypto_pmd_private.h b/drivers/crypto/null/null_crypto_pmd_private.h
index 89c4345b6f..ae34ce6671 100644
--- a/drivers/crypto/null/null_crypto_pmd_private.h
+++ b/drivers/crypto/null/null_crypto_pmd_private.h
@@ -31,8 +31,6 @@ struct null_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 } __rte_cache_aligned;
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 7aee67ab09..cd5ebc2af6 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,25 +242,19 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
+	void *priv = (void *)sess->driver_priv_data;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
@@ -301,9 +294,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
+	misc->ctx_dma_addr = sess->driver_priv_data_iova +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -316,17 +307,14 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
+	void *priv = (void *)sess->driver_priv_data;
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
 	if (priv == NULL)
@@ -336,35 +324,26 @@ sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
 	ctx = SESS_PRIV(misc);
 
 	rte_free(ctx->auth_key);
-
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
 }
 
 static int
-otx_cpt_session_cfg(struct rte_cryptodev *dev,
+otx_cpt_session_cfg(struct rte_cryptodev *dev __rte_unused,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
+otx_cpt_session_clear(struct rte_cryptodev *dev __rte_unused,
 		  struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -528,10 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)
-			get_sym_session_private_data(sym_op->session,
-						     otx_cryptodev_driver_id);
-
+	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -560,21 +536,18 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(instance->sess_mp);
-	if (sess == NULL) {
+	if (rte_mempool_get(instance->sess_mp, (void **)&sess) < 0) {
 		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	ret = sym_session_configure(sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
@@ -583,12 +556,10 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	/* Enqueue op with the tmp session set */
 	req = otx_cpt_enq_single_sym(instance, op);
 	if (unlikely(req == NULL))
-		goto priv_put;
+		goto sess_put;
 
 	return req;
 
-priv_put:
-	sym_session_clear(driver_id, sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -873,13 +844,9 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = get_sym_session_private_data(
-		cop->sym->session, otx_cryptodev_driver_id);
+	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+
 	memset(sess_private_data_t, 0, cpt_get_session_size());
-	memset(cop->sym->session, 0,
-	       rte_cryptodev_sym_get_existing_header_session_size(
-		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index c34fd9a546..ed6841e460 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -70,8 +70,6 @@ struct openssl_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index a078038651..0bb536c9e3 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,10 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (struct openssl_session *)
-						get_sym_session_private_data(
-						op->sym->session,
-						cryptodev_driver_id);
+				sess = (void *)
+					op->sym->session->driver_priv_data;
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
@@ -901,32 +899,26 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 			return asym_sess;
 		}
 	} else {
+		struct rte_cryptodev_sym_session *_sess;
 		/* sessionless asymmetric not supported */
 		if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
 			return NULL;
 
 		/* provide internal session */
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		rte_mempool_get(qp->sess_mp, (void **)&_sess);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct openssl_session *)_sess_private_data;
+		sess = (struct openssl_session *)_sess->driver_priv_data;
 
 		if (unlikely(openssl_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+
 	}
 
 	if (sess == NULL)
@@ -2900,10 +2892,6 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index f7ddbf9c73..2a3662ee5a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -764,7 +764,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -794,10 +793,9 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -805,24 +803,14 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = openssl_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1328,20 +1316,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	openssl_reset_session(sess_priv);
 }
 
 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index db6316fbe9..408ae9e42b 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,12 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = get_sym_session_private_data(op->sym->session,
-				qat_sym_driver_id);
-		if (unlikely(!ctx)) {
-			QAT_DP_LOG(ERR, "No session for this device");
-			return -EINVAL;
-		}
+		ctx = (void *)op->sym->session->driver_priv_data;
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -391,8 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (struct qat_sym_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, qat_sym_driver_id);
+	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 074612c11b..2853ac5b88 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -317,9 +317,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 #endif
 	{
 		sess = (struct qat_sym_session *)
-				get_sym_session_private_data(
-				rx_op->sym->session,
-				qat_sym_driver_id);
+			rx_op->sym->session->driver_priv_data;
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 52b3455cf0..8dd2357702 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -219,22 +219,13 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
+qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (void *)sess->driver_priv_data;
 
-	if (sess_priv) {
-		if (s->bpi_ctx)
-			bpi_cipher_ctx_free(s->bpi_ctx);
-		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (s->bpi_ctx)
+		bpi_cipher_ctx_free(s->bpi_ctx);
 }
 
 static int
@@ -505,35 +496,24 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform,
+			(void *)sess->driver_priv_data,
+			sess->driver_priv_data_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
 
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	ossl_legacy_provider_unload();
 # endif
@@ -542,7 +522,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_cryptodev_private *internals = dev->data->dev_private;
@@ -551,7 +532,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int qat_cmd_id;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 01908abd9e..9e4aab06a6 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -123,12 +123,12 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		struct rte_cryptodev_sym_session *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_private_iova);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index f3a1bd626c..b93821783b 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -468,44 +468,18 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 }
 
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+	struct rte_crypto_sym_xform *xform __rte_unused,
+	struct rte_cryptodev_sym_session *sess __rte_unused)
 {
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-	int ret;
-
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
-		if (ret < 0) {
-			CR_SCHED_LOG(ERR, "unable to config sym session");
-			return ret;
-		}
-	}
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-
-	/* Clear private data of workers */
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		rte_cryptodev_sym_session_clear(worker->dev_id, sess);
-	}
-}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index ed64866758..6b9e57ee66 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,8 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -952,12 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)get_sym_session_private_data(
-		sess, cryptodev_virtio_driver_id);
-	if (session == NULL) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid session parameter");
-		return;
-	}
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1070,10 +1064,6 @@ virtio_crypto_sym_clear_session(
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("Close session %"PRIu64" successfully ",
 			session->session_id);
 
-	memset(session, 0, sizeof(struct virtio_crypto_session));
-	struct rte_mempool *sess_mp = rte_mempool_from_obj(session);
-	set_sym_session_private_data(sess, cryptodev_virtio_driver_id, NULL);
-	rte_mempool_put(sess_mp, session);
 	rte_free(malloc_virt_addr);
 }
 
@@ -1292,11 +1282,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1311,12 +1299,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1328,19 +1313,12 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1402,10 +1380,6 @@ virtio_crypto_sym_configure_session(
 			"Unsupported operation chain order parameter");
 		goto error_out;
 	}
-
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 08359b3a39..b7f492a7f2 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,8 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(struct virtio_crypto_session *)get_sym_session_private_data(
-		cop->sym->session, cryptodev_virtio_driver_id);
+		(void *)cop->sym->session->driver_priv_data;
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index 19af134bbe..bce903e007 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -1479,13 +1478,8 @@ run_single_test(uint8_t dev_id,
 		return ret;
 	}
 
-	sess = rte_cryptodev_sym_session_create(env->sess_pool);
-	if (!sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
-	if (ret < 0) {
+	sess = rte_cryptodev_sym_session_create(dev_id, &xform, env->sess_pool);
+	if (!sess) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
 	}
@@ -1508,8 +1502,7 @@ run_single_test(uint8_t dev_id,
 				1);
 	} while (n_deqd == 0);
 
-	rte_cryptodev_sym_session_clear(dev_id, sess);
-	rte_cryptodev_sym_session_free(sess);
+	rte_cryptodev_sym_session_free(dev_id, sess);
 
 	if (env->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
 		return -1;
@@ -1527,7 +1520,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 	rte_mempool_free(env->mpool);
 	rte_mempool_free(env->op_pool);
 	rte_mempool_free(env->sess_pool);
-	rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1535,7 +1527,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1579,25 +1571,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index e6c0b6a3a1..e73e6b09c3 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -55,7 +55,6 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
@@ -70,7 +69,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -110,16 +109,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -134,7 +128,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -151,7 +144,6 @@ cryptodev_fips_validate_app_int(void)
 
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 
 	return ret;
@@ -162,11 +154,9 @@ cryptodev_fips_validate_app_uninit(void)
 {
 	rte_pktmbuf_free(env.mbuf);
 	rte_crypto_op_free(env.op);
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
+	rte_cryptodev_sym_session_free(env.dev_id, env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1202,13 +1192,9 @@ fips_run_test(void)
 	if (ret < 0)
 		return ret;
 
-	env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
-	if (!env.sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
-	if (ret < 0) {
+	env.sess = rte_cryptodev_sym_session_create(env.dev_id, &xform,
+			env.sess_mpool);
+	if (!env.sess) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
 		goto exit;
@@ -1237,9 +1223,10 @@ fips_run_test(void)
 	vec.status = env.op->status;
 
 exit:
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
-	env.sess = NULL;
+	if (env.sess) {
+		rte_cryptodev_sym_session_free(env.dev_id, env.sess);
+		env.sess = NULL;
+	}
 
 	return ret;
 }
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8a25b83535..ce4b4ba806 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1693,8 +1693,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = qp_desc_nb;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2523,12 +2521,8 @@ one_session_free(struct rte_ipsec_session *ips)
 		if (ips->crypto.ses == NULL)
 			return 0;
 
-		ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
-						      ips->crypto.ses);
-		if (ret)
-			return ret;
-
-		ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+		ret = rte_cryptodev_sym_session_free(ips->crypto.dev_id,
+				ips->crypto.ses);
 	} else {
 		/* Session has not been created */
 		if (ips->security.ctx == NULL || ips->security.ses == NULL)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 7b7bfff696..bb84dcec7e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -174,11 +174,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 
 		}
 		ips->crypto.dev_id = cdev_id;
-		ips->crypto.ses = rte_cryptodev_sym_session_create(
-				skt_ctx->session_pool);
-		rte_cryptodev_sym_session_init(cdev_id,
-				ips->crypto.ses, sa->xforms,
-				skt_ctx->session_priv_pool);
+		ips->crypto.ses = rte_cryptodev_sym_session_create(cdev_id,
+				sa->xforms, skt_ctx->session_pool);
 
 		rte_cryptodev_info_get(cdev_id, &cdev_info);
 	}
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bf4b862379..b555e63ff6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -228,7 +228,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -675,7 +674,6 @@ static struct rte_cryptodev_sym_session *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -697,17 +695,8 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		first_xform = &options->auth_xform;
 	}
 
-	session = rte_cryptodev_sym_session_create(
+	return rte_cryptodev_sym_session_create(cdev_id, first_xform,
 			session_pool_socket[socket_id].sess_mp);
-	if (session == NULL)
-		return NULL;
-
-	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
-		return NULL;
-
-	return session;
 }
 /* >8 End of creation of session. */
 
@@ -2380,13 +2369,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
-		/*
-		 * Two sessions objects are required for each session
-		 * (one for the header, one for the private data)
-		 */
 		if (!strcmp(dev_info.driver_name, "crypto_scheduler")) {
 #ifdef RTE_CRYPTO_SCHEDULER
-			uint32_t nb_workers =
+			/* scheduler session header + 1 session per worker */
+			uint32_t nb_workers = 1 +
 				rte_cryptodev_scheduler_workers_get(cdev_id,
 								NULL);
 
@@ -2395,41 +2381,15 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 				"sess_mp_%u", socket_id);
 
 			session_pool_socket[socket_id].sess_mp =
-					rte_cryptodev_sym_session_pool_create(
-							mp_name,
-							sessions_needed,
-							0, 0, 0, socket_id);
-
+				rte_cryptodev_sym_session_pool_create(
+					mp_name, sessions_needed, max_sess_sz,
+					0, 0, socket_id);
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
 					socket_id);
@@ -2580,8 +2540,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index 7d75623a5e..02987ebd76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+				info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 3dcc3cb7ed..f518a0f89b 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -311,8 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
+
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -337,6 +336,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
+
 /**
  * Clear asymmetric session private data.
  *
@@ -637,28 +637,6 @@ __rte_internal
 void *
 rte_cryptodev_session_event_mdata_get(struct rte_crypto_op *op);
 
-static inline void *
-get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id) {
-	if (unlikely(sess->nb_drivers <= driver_id))
-		return NULL;
-
-	return sess->sess_data[driver_id].data;
-}
-
-static inline void
-set_sym_session_private_data(struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id, void *private_data)
-{
-	if (unlikely(sess->nb_drivers <= driver_id)) {
-		CDEV_LOG_ERR("Set private data for driver %u not allowed\n",
-				driver_id);
-		return;
-	}
-
-	sess->sess_data[driver_id].data = private_data;
-}
-
 /**
  * @internal
  * Cryptodev asymmetric crypto session.
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index c5bfe08b79..019fc0c800 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -39,12 +39,6 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_free,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_session_free,
 	lib.cryptodev.asym.free)
 
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_init,
-	lib.cryptodev.sym.init)
-
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_clear,
-	lib.cryptodev.sym.clear)
-
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_enqueue_burst,
 	lib.cryptodev.enq.burst)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 35661f5347..a326eb0e17 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -199,12 +199,9 @@ const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
-/**
- * The private data structure stored in the sym session mempool private data.
- */
 struct rte_cryptodev_sym_session_pool_private_data {
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint16_t sess_data_sz;
+	/**< driver session data size */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
 };
@@ -1211,6 +1208,24 @@ rte_cryptodev_get_qp_status(uint8_t dev_id, uint16_t queue_pair_id)
 	return 0;
 }
 
+static uint8_t
+rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp,
+	uint32_t sess_priv_size)
+{
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (!mp)
+		return 0;
+
+	pool_priv = rte_mempool_get_priv(mp);
+
+	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
+			pool_priv->sess_data_sz < sess_priv_size)
+		return 0;
+
+	return 1;
+}
+
 int
 rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		const struct rte_cryptodev_qp_conf *qp_conf, int socket_id)
@@ -1234,17 +1249,8 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
-		CDEV_LOG_ERR("Invalid mempools\n");
-		return -EINVAL;
-	}
-
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
-		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
 		if (!pool_priv || qp_conf->mp_session->private_data_size <
@@ -1253,13 +1259,9 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 			return -EINVAL;
 		}
 
-		s.nb_drivers = pool_priv->nb_drivers;
-		s.user_data_sz = pool_priv->user_data_sz;
-
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (!rte_cryptodev_sym_is_valid_session_pool(
+			qp_conf->mp_session,
+			rte_cryptodev_sym_get_private_session_size(dev_id))) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1719,53 +1721,6 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 	rte_spinlock_unlock(&rte_cryptodev_cb_lock);
 }
 
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
-{
-	struct rte_cryptodev *dev;
-	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
-			dev_id);
-	uint8_t index;
-	int ret;
-
-	if (!rte_cryptodev_is_valid_dev(dev_id)) {
-		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
-		return -EINVAL;
-	}
-
-	dev = rte_cryptodev_pmd_get_dev(dev_id);
-
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
-		return -EINVAL;
-
-	if (mp->elt_size < sess_priv_sz)
-		return -EINVAL;
-
-	index = dev->driver_id;
-	if (index >= sess->nb_drivers)
-		return -EINVAL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
-
-	if (sess->sess_data[index].refcnt == 0) {
-		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
-		if (ret < 0) {
-			CDEV_LOG_ERR(
-				"dev_id %d failed to configure session details",
-				dev_id);
-			return ret;
-		}
-	}
-
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
-	sess->sess_data[index].refcnt++;
-	return 0;
-}
-
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t user_data_size,
@@ -1775,16 +1730,13 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
 
-	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
-		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
+	obj_sz = sizeof(struct rte_cryptodev_sym_session) + elt_size +
+		user_data_size;
 
+	obj_sz =  RTE_ALIGN_CEIL(obj_sz, RTE_CACHE_LINE_SIZE);
 	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
-			(uint32_t)(sizeof(*pool_priv)),
-			NULL, NULL, NULL, NULL,
+			(uint32_t)(sizeof(*pool_priv)), NULL, NULL,
+			NULL, NULL,
 			socket_id, 0);
 	if (mp == NULL) {
 		CDEV_LOG_ERR("%s(name=%s) failed, rte_errno=%d\n",
@@ -1800,7 +1752,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 		return NULL;
 	}
 
-	pool_priv->nb_drivers = nb_drivers;
+	pool_priv->sess_data_sz = elt_size;
 	pool_priv->user_data_sz = user_data_size;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
@@ -1858,64 +1810,68 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	return mp;
 }
 
-static unsigned int
-rte_cryptodev_sym_session_data_size(struct rte_cryptodev_sym_session *sess)
-{
-	return (sizeof(sess->sess_data[0]) * sess->nb_drivers) +
-			sess->user_data_sz;
-}
-
-static uint8_t
-rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
-{
-	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-
-	if (!mp)
-		return 0;
-
-	pool_priv = rte_mempool_get_priv(mp);
-
-	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
-			pool_priv->nb_drivers != nb_drivers ||
-			mp->elt_size <
-				rte_cryptodev_sym_get_header_session_size()
-				+ pool_priv->user_data_sz)
-		return 0;
-
-	return 1;
-}
-
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mp)
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp)
 {
+	struct rte_cryptodev *dev;
 	struct rte_cryptodev_sym_session *sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
-	if (!rte_cryptodev_sym_is_valid_session_pool(mp)) {
+	uint32_t sess_priv_sz;
+	int ret;
+
+	if (!rte_cryptodev_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	if (xforms == NULL) {
+		CDEV_LOG_ERR("Invalid xform\n");
+		return NULL;
+	}
+
+	sess_priv_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
+	if (!rte_cryptodev_sym_is_valid_session_pool(mp, sess_priv_sz)) {
 		CDEV_LOG_ERR("Invalid mempool\n");
 		return NULL;
 	}
 
-	pool_priv = rte_mempool_get_priv(mp);
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	/* Allocate a session structure from the session pool */
 	if (rte_mempool_get(mp, (void **)&sess)) {
 		CDEV_LOG_ERR("couldn't get object from session mempool");
+		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	sess->nb_drivers = pool_priv->nb_drivers;
+	pool_priv = rte_mempool_get_priv(mp);
+	sess->driver_id = dev->driver_id;
+	sess->sess_data_sz = pool_priv->sess_data_sz;
 	sess->user_data_sz = pool_priv->user_data_sz;
-	sess->opaque_data = 0;
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_cryptodev_sym_session, driver_priv_data);
 
-	/* Clear device session pointer.
-	 * Include the flag indicating presence of user data
-	 */
-	memset(sess->sess_data, 0,
-			rte_cryptodev_sym_session_data_size(sess));
+	if (dev->dev_ops->sym_session_configure == NULL) {
+		rte_errno = ENOTSUP;
+		goto error_exit;
+	}
 
-	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	ret = dev->dev_ops->sym_session_configure(dev, xforms, sess);
+	if (ret < 0) {
+		rte_errno = -ret;
+		goto error_exit;
+	}
+	sess->driver_id = dev->driver_id;
+
+	rte_cryptodev_trace_sym_session_create(dev_id, sess, xforms, mp);
+
+	return (void *)sess;
+error_exit:
+	rte_mempool_put(mp, (void *)sess);
+	return NULL;
 }
 
 int
@@ -1994,11 +1950,15 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_cryptodev *dev;
-	uint8_t driver_id;
+	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (sess == NULL)
+		return -EINVAL;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
@@ -2010,37 +1970,24 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 	if (dev == NULL || sess == NULL)
 		return -EINVAL;
 
-	driver_id = dev->driver_id;
-	if (sess->sess_data[driver_id].refcnt == 0)
-		return 0;
-	if (--sess->sess_data[driver_id].refcnt != 0)
-		return -EBUSY;
+	sess_mp = rte_mempool_from_obj(sess);
+	if (!sess_mp)
+		return -EINVAL;
+	pool_priv = rte_mempool_get_priv(sess_mp);
+
+	if (sess->driver_id != dev->driver_id) {
+		CDEV_LOG_ERR("Session created by driver %u but freed by %u",
+			sess->driver_id, dev->driver_id);
+		return -EINVAL;
+	}
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
 	dev->dev_ops->sym_session_clear(dev, sess);
-
-	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
-	return 0;
-}
-
-int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t i;
-	struct rte_mempool *sess_mp;
-
-	if (sess == NULL)
-		return -EINVAL;
-
-	/* Check that all device private data has been freed */
-	for (i = 0; i < sess->nb_drivers; i++) {
-		if (sess->sess_data[i].refcnt != 0)
-			return -EBUSY;
-	}
+	memset(sess->driver_priv_data, 0, pool_priv->sess_data_sz +
+		pool_priv->user_data_sz);
 
 	/* Return session to mempool */
-	sess_mp = rte_mempool_from_obj(sess);
 	rte_mempool_put(sess_mp, sess);
 
 	rte_cryptodev_trace_sym_session_free(sess);
@@ -2077,33 +2024,6 @@ rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess)
 	return 0;
 }
 
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void)
-{
-	/*
-	 * Header contains pointers to the private data of all registered
-	 * drivers and all necessary information to ensure safely clear
-	 * or free al session.
-	 */
-	struct rte_cryptodev_sym_session s = {0};
-
-	s.nb_drivers = nb_drivers;
-
-	return (unsigned int)(sizeof(s) +
-			rte_cryptodev_sym_session_data_size(&s));
-}
-
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess)
-{
-	if (!sess)
-		return 0;
-	else
-		return (unsigned int)(sizeof(*sess) +
-				rte_cryptodev_sym_session_data_size(sess));
-}
-
 unsigned int
 rte_cryptodev_asym_get_header_session_size(void)
 {
@@ -2150,9 +2070,8 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 
 int
 rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
-					void *data,
-					uint16_t size)
+		struct rte_cryptodev_sym_session *sess, void *data,
+		uint16_t size)
 {
 	if (sess == NULL)
 		return -EINVAL;
@@ -2160,18 +2079,17 @@ rte_cryptodev_sym_session_set_user_data(
 	if (sess->user_data_sz < size)
 		return -ENOMEM;
 
-	rte_memcpy(sess->sess_data + sess->nb_drivers, data, size);
+	rte_memcpy(sess->driver_priv_data + sess->sess_data_sz, data, size);
 	return 0;
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
 {
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
-	return (void *)(sess->sess_data + sess->nb_drivers);
+	return (void *)(sess->driver_priv_data + sess->sess_data_sz);
 }
 
 int
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 56f459c6a0..0c65958f25 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -544,8 +544,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -909,17 +907,21 @@ rte_cryptodev_get_sec_ctx(uint8_t dev_id);
  * has a fixed algo, key, op-type, digest_len etc.
  */
 struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint8_t driver_id;
 	uint64_t opaque_data;
 	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
 	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[];
-	/**< Driver specific session material, variable size */
+	/**< session user data will be placed after sess data */
+	rte_iova_t driver_priv_data_iova;
+	/**< session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
 };
 
 /**
@@ -954,6 +956,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t priv_size,
 	int socket_id);
 
+
 /**
  * Create an asymmetric session mempool.
  *
@@ -980,17 +983,22 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t cache_size, uint16_t user_data_size, int socket_id);
 
 /**
- * Create symmetric crypto session header (generic with no private data)
+ * Create symmetric crypto session and fill out private data for the device id,
+ * based on its device type.
+ *
+ * @param   dev_id   ID of device that we want the session to be used on
+ * @param   xforms   Symmetric crypto transform operations to apply on flow
+ *                   processed with this session
+ * @param   mempool  Mempool where the private data is allocated.
  *
- * @param   mempool    Symmetric session mempool to allocate session
- *                     objects from
  * @return
- *  - On success return pointer to sym-session
- *  - On failure returns NULL
+ *  - On success return pointer to sym-session.
+ *  - On failure returns NULL.
  */
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
-
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp);
 /**
  * Create and initialise an asymmetric crypto session structure.
  * Calls the PMD to configure the private session data.
@@ -1015,19 +1023,20 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 		void **session);
 
 /**
- * Frees symmetric crypto session header, after checking that all
- * the device private data has been freed, returning it
- * to its original mempool.
+ * Frees session for the device id and returning it to its mempool.
+ * It is the application's responsibility to ensure that the session
+ * is not still in-flight operations using it.
  *
+ * @param   dev_id   ID of device that uses the session.
  * @param   sess     Session header to be freed.
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
- *  - -EBUSY if not all device private data has been freed.
+ *  - -EINVAL if session is NULL or the mismatched device ids.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1044,72 +1053,6 @@ __rte_experimental
 int
 rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess);
 
-/**
- * Fill out private data for the device id, based on its device type.
- *
- * @param   dev_id   ID of device that we want the session to be used on
- * @param   sess     Session where the private data will be attached to
- * @param   xforms   Symmetric crypto transform operations to apply on flow
- *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
- *
- * @return
- *  - On success, zero.
- *  - -EINVAL if input parameters are invalid.
- *  - -ENOTSUP if crypto device does not support the crypto transform or
- *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
- */
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
-
-/**
- * Frees private data for the device id, based on its device type,
- * returning it to its mempool. It is the application's responsibility
- * to ensure that private session data is not cleared while there are
- * still in-flight operations using it.
- *
- * @param   dev_id   ID of device that uses the session.
- * @param   sess     Session containing the reference to the private data
- *
- * @return
- *  - 0 if successful.
- *  - -EINVAL if device is invalid or session is NULL.
- *  - -ENOTSUP if crypto device does not support symmetric operations.
- */
-int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
-
-/**
- * Get the size of the header session, for all registered drivers excluding
- * the user data size.
- *
- * @return
- *   Size of the symmetric header session.
- */
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void);
-
-/**
- * Get the size of the header session from created session.
- *
- * @param sess
- *   The sym cryptodev session pointer
- *
- * @return
- *   - If sess is not NULL, return the size of the header session including
- *   the private data size defined within sess.
- *   - If sess is NULL, return 0.
- */
-__rte_experimental
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess);
-
 /**
  * Get the size of the asymmetric session header.
  *
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index a3f6048e7d..055c44fb22 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -74,13 +73,16 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
-	rte_trace_point_emit_ptr(mempool);
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
+		struct rte_cryptodev_sym_session *sess, void *xforms,
+		void *mempool),
+	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
+	rte_trace_point_emit_u8(sess->driver_id);
 	rte_trace_point_emit_u16(sess->user_data_sz);
+	rte_trace_point_emit_ptr(xforms);
+	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
@@ -117,27 +119,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_ptr(sess);
 )
 
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_init,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
-	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
-)
-
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_clear,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-)
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 5aee87c6f7..6fcf6ae985 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -38,12 +38,9 @@ DPDK_23 {
 	rte_cryptodev_sym_capability_check_auth;
 	rte_cryptodev_sym_capability_check_cipher;
 	rte_cryptodev_sym_capability_get;
-	rte_cryptodev_sym_get_header_session_size;
 	rte_cryptodev_sym_get_private_session_size;
-	rte_cryptodev_sym_session_clear;
 	rte_cryptodev_sym_session_create;
 	rte_cryptodev_sym_session_free;
-	rte_cryptodev_sym_session_init;
 
 	local: *;
 };
@@ -60,7 +57,6 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-	rte_cryptodev_sym_get_existing_header_session_size;
 	rte_cryptodev_sym_session_get_user_data;
 	rte_cryptodev_sym_session_pool_create;
 	rte_cryptodev_sym_session_set_user_data;
@@ -78,8 +74,6 @@ EXPERIMENTAL {
 	__rte_cryptodev_trace_asym_session_create;
 	__rte_cryptodev_trace_sym_session_free;
 	__rte_cryptodev_trace_asym_session_free;
-	__rte_cryptodev_trace_sym_session_init;
-	__rte_cryptodev_trace_sym_session_clear;
 	__rte_cryptodev_trace_dequeue_burst;
 	__rte_cryptodev_trace_enqueue_burst;
 
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index b1310be565..cb792bbe0d 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1898,17 +1898,11 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		}
 	}
 
-	session = rte_cryptodev_sym_session_create(cfg->mp_create);
+	session = rte_cryptodev_sym_session_create(cfg->cryptodev_id,
+			p->xform, cfg->mp_create);
 	if (!session)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
-	if (ret < 0) {
-		rte_cryptodev_sym_session_free(session);
-		return ret;
-	}
-
 	data->data_offset = (uint16_t)p->data_offset;
 	data->session = session;
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index b49e389579..2b01ecda08 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -54,8 +54,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -65,7 +63,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 54946f46d9..7321da21b7 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -197,7 +197,6 @@ struct vhost_crypto {
 	struct rte_hash *session_map;
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *wb_pool;
 
 	/** DPDK cryptodev ID */
@@ -376,31 +375,21 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	session = rte_cryptodev_sym_session_create(vcrypto->sess_pool);
+	session = rte_cryptodev_sym_session_create(vcrypto->cid, &xform1,
+			vcrypto->sess_pool);
 	if (!session) {
 		VC_LOG_ERR("Failed to create session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
-		VC_LOG_ERR("Failed to initialize session");
-		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
-		return;
-	}
-
 	/* insert hash to map */
 	if (rte_hash_add_key_data(vcrypto->session_map,
 			&vcrypto->last_session_id, session) < 0) {
 		VC_LOG_ERR("Failed to insert session to hash table");
 
-		if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0)
-			VC_LOG_ERR("Failed to clear session");
-		else {
-			if (rte_cryptodev_sym_session_free(session) < 0)
-				VC_LOG_ERR("Failed to free session");
-		}
+		if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0)
+			VC_LOG_ERR("Failed to free session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
@@ -427,12 +416,7 @@ vhost_crypto_close_sess(struct vhost_crypto *vcrypto, uint64_t session_id)
 		return -VIRTIO_CRYPTO_INVSESS;
 	}
 
-	if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0) {
-		VC_LOG_DBG("Failed to clear session");
-		return -VIRTIO_CRYPTO_ERR;
-	}
-
-	if (rte_cryptodev_sym_session_free(session) < 0) {
+	if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0) {
 		VC_LOG_DBG("Failed to free session");
 		return -VIRTIO_CRYPTO_ERR;
 	}
@@ -1393,7 +1377,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1415,7 +1398,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 2/6] crypto/scheduler: use unified session
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 1/6] cryptodev: rework session framework Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 3/6] cryptodev: hide sym session structure Akhil Goyal
                       ` (6 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

From: Fan Zhang <roy.fan.zhang@intel.com>

This patch updates the scheduler PMD to use unified session
data structure. Previously thanks to the private session
array in cryptodev sym session there are no necessary
change needed for scheduler PMD other than the way ops
are enqueued/dequeued. The patch inherits the same design
in the original session data structure to the scheduler PMD
so the cryptodev sym session can be as a linear buffer for
both session header and driver private data.

With the change there are inevitable extra cost on both memory
(64 bytes per session per driver type) and cycle count (set
the correct session for each cop based on the worker before
enqueue, and retrieve the original session after dequeue).

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 drivers/crypto/scheduler/scheduler_failover.c |  19 ++-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +++
 .../scheduler/scheduler_pkt_size_distr.c      |  84 +++++++++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  | 107 +++++++++++++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 +++++++++++++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 6 files changed, 318 insertions(+), 40 deletions(-)

diff --git a/drivers/crypto/scheduler/scheduler_failover.c b/drivers/crypto/scheduler/scheduler_failover.c
index 2a0e29fa72..7fadcf66d0 100644
--- a/drivers/crypto/scheduler/scheduler_failover.c
+++ b/drivers/crypto/scheduler/scheduler_failover.c
@@ -16,18 +16,19 @@
 struct fo_scheduler_qp_ctx {
 	struct scheduler_worker primary_worker;
 	struct scheduler_worker secondary_worker;
+	uint8_t primary_worker_index;
+	uint8_t secondary_worker_index;
 
 	uint8_t deq_idx;
 };
 
 static __rte_always_inline uint16_t
 failover_worker_enqueue(struct scheduler_worker *worker,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
+		struct rte_crypto_op **ops, uint16_t nb_ops, uint8_t index)
 {
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
+	scheduler_set_worker_session(ops, nb_ops, index);
 
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
@@ -47,13 +48,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		return 0;
 
 	enqueued_ops = failover_worker_enqueue(&qp_ctx->primary_worker,
-			ops, nb_ops);
+			ops, nb_ops, PRIMARY_WORKER_IDX);
 
 	if (enqueued_ops < nb_ops)
 		enqueued_ops += failover_worker_enqueue(
 				&qp_ctx->secondary_worker,
 				&ops[enqueued_ops],
-				nb_ops - enqueued_ops);
+				nb_ops - enqueued_ops,
+				SECONDARY_WORKER_IDX);
 
 	return enqueued_ops;
 }
@@ -94,7 +96,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	qp_ctx->deq_idx = (~qp_ctx->deq_idx) & WORKER_SWITCH_MASK;
 
 	if (nb_deq_ops == nb_ops)
-		return nb_deq_ops;
+		goto retrieve_session;
 
 	worker = workers[qp_ctx->deq_idx];
 
@@ -104,6 +106,9 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		worker->nb_inflight_cops -= nb_deq_ops2;
 	}
 
+retrieve_session:
+	scheduler_retrieve_session(ops, nb_deq_ops + nb_deq_ops2);
+
 	return nb_deq_ops + nb_deq_ops2;
 }
 
diff --git a/drivers/crypto/scheduler/scheduler_multicore.c b/drivers/crypto/scheduler/scheduler_multicore.c
index 900ab4049d..3dea850661 100644
--- a/drivers/crypto/scheduler/scheduler_multicore.c
+++ b/drivers/crypto/scheduler/scheduler_multicore.c
@@ -183,11 +183,19 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 
 	while (!mc_ctx->stop_signal) {
 		if (pending_enq_ops) {
+			scheduler_set_worker_session(
+				&enq_ops[pending_enq_ops_idx], pending_enq_ops,
+				worker_idx);
 			processed_ops =
 				rte_cryptodev_enqueue_burst(worker->dev_id,
 					worker->qp_id,
 					&enq_ops[pending_enq_ops_idx],
 					pending_enq_ops);
+			if (processed_ops < pending_deq_ops)
+				scheduler_retrieve_session(
+					&enq_ops[pending_enq_ops_idx +
+						processed_ops],
+					pending_deq_ops - processed_ops);
 			pending_enq_ops -= processed_ops;
 			pending_enq_ops_idx += processed_ops;
 			inflight_ops += processed_ops;
@@ -195,9 +203,16 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 			processed_ops = rte_ring_dequeue_burst(enq_ring, (void *)enq_ops,
 							MC_SCHED_BUFFER_SIZE, NULL);
 			if (processed_ops) {
+				scheduler_set_worker_session(enq_ops,
+					processed_ops, worker_idx);
 				pending_enq_ops_idx = rte_cryptodev_enqueue_burst(
 						worker->dev_id, worker->qp_id,
 						enq_ops, processed_ops);
+				if (pending_enq_ops_idx < processed_ops)
+					scheduler_retrieve_session(
+						enq_ops + pending_enq_ops_idx,
+						processed_ops -
+						pending_enq_ops_idx);
 				pending_enq_ops = processed_ops - pending_enq_ops_idx;
 				inflight_ops += pending_enq_ops_idx;
 			}
@@ -214,6 +229,8 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 					worker->dev_id, worker->qp_id, deq_ops,
 					MC_SCHED_BUFFER_SIZE);
 			if (processed_ops) {
+				scheduler_retrieve_session(deq_ops,
+					processed_ops);
 				inflight_ops -= processed_ops;
 				if (reordering_enabled) {
 					uint16_t j;
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 933a5c6978..9204f6f608 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -48,34 +48,54 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	};
 	struct psd_schedule_op *p_enq_op;
 	uint16_t i, processed_ops_pri = 0, processed_ops_sec = 0;
-	uint32_t job_len;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
 	for (i = 0; i < nb_ops && i < 4; i++) {
 		rte_prefetch0(ops[i]->sym);
-		rte_prefetch0(ops[i]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 	}
 
 	for (i = 0; (i < (nb_ops - 8)) && (nb_ops > 8); i += 4) {
+		struct scheduler_session_ctx *sess_ctx[4];
+		uint8_t target[4];
+		uint32_t job_len[4];
+
 		rte_prefetch0(ops[i + 4]->sym);
-		rte_prefetch0(ops[i + 4]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 4]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 5]->sym);
-		rte_prefetch0(ops[i + 5]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 5]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 6]->sym);
-		rte_prefetch0(ops[i + 6]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 6]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 7]->sym);
-		rte_prefetch0(ops[i + 7]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
+
+		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
+		sess_ctx[1] =
+			(void *)ops[i + 1]->sym->session->driver_priv_data;
+		sess_ctx[2] =
+			(void *)ops[i + 2]->sym->session->driver_priv_data;
+		sess_ctx[3] =
+			(void *)ops[i + 3]->sym->session->driver_priv_data;
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
 		 */
-		job_len = ops[i]->sym->cipher.data.length;
-		job_len += (ops[i]->sym->cipher.data.length == 0) *
+		job_len[0] = ops[i]->sym->cipher.data.length;
+		job_len[0] += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
 		/* decide the target op based on the job length */
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[0] = !(job_len[0] & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session =
+				sess_ctx[0]->worker_sess[target[0]];
+		p_enq_op = &enq_ops[target[0]];
 
 		/* stop schedule cops before the queue is full, this shall
 		 * prevent the failed enqueue
@@ -89,10 +109,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i];
 		p_enq_op->pos++;
 
-		job_len = ops[i+1]->sym->cipher.data.length;
-		job_len += (ops[i+1]->sym->cipher.data.length == 0) *
+		job_len[1] = ops[i + 1]->sym->cipher.data.length;
+		job_len[1] += (ops[i + 1]->sym->cipher.data.length == 0) *
 				ops[i+1]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[1] = !(job_len[1] & psd_qp_ctx->threshold);
+		if (ops[i + 1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 1]->sym->session =
+				sess_ctx[1]->worker_sess[target[1]];
+		p_enq_op = &enq_ops[target[1]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -103,10 +127,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+1];
 		p_enq_op->pos++;
 
-		job_len = ops[i+2]->sym->cipher.data.length;
-		job_len += (ops[i+2]->sym->cipher.data.length == 0) *
-				ops[i+2]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[2] = ops[i + 2]->sym->cipher.data.length;
+		job_len[2] += (ops[i + 2]->sym->cipher.data.length == 0) *
+				ops[i + 2]->sym->auth.data.length;
+		target[2] = !(job_len[2] & psd_qp_ctx->threshold);
+		if (ops[i + 2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 2]->sym->session =
+				sess_ctx[2]->worker_sess[target[2]];
+		p_enq_op = &enq_ops[target[2]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -117,10 +145,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+2];
 		p_enq_op->pos++;
 
-		job_len = ops[i+3]->sym->cipher.data.length;
-		job_len += (ops[i+3]->sym->cipher.data.length == 0) *
-				ops[i+3]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[3] = ops[i + 3]->sym->cipher.data.length;
+		job_len[3] += (ops[i + 3]->sym->cipher.data.length == 0) *
+				ops[i + 3]->sym->auth.data.length;
+		target[3] = !(job_len[3] & psd_qp_ctx->threshold);
+		if (ops[i + 3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 3]->sym->session =
+				sess_ctx[1]->worker_sess[target[3]];
+		p_enq_op = &enq_ops[target[3]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -133,10 +165,18 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	}
 
 	for (; i < nb_ops; i++) {
+		struct scheduler_session_ctx *sess_ctx =
+			(void *)ops[i]->sym->session->driver_priv_data;
+		uint32_t job_len;
+		uint8_t target;
+
 		job_len = ops[i]->sym->cipher.data.length;
 		job_len += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target = !(job_len & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session = sess_ctx->worker_sess[target];
+		p_enq_op = &enq_ops[target];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -199,6 +239,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	if (worker->nb_inflight_cops) {
 		nb_deq_ops_pri = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+		scheduler_retrieve_session(ops, nb_deq_ops_pri);
 		worker->nb_inflight_cops -= nb_deq_ops_pri;
 	}
 
@@ -213,6 +254,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		nb_deq_ops_sec = rte_cryptodev_dequeue_burst(worker->dev_id,
 				worker->qp_id, &ops[nb_deq_ops_pri],
 				nb_ops - nb_deq_ops_pri);
+		scheduler_retrieve_session(ops, nb_deq_ops_sec);
 		worker->nb_inflight_cops -= nb_deq_ops_sec;
 
 		if (!worker->nb_inflight_cops)
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index b93821783b..2bc3f5dd27 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -9,6 +9,7 @@
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
 #include <rte_reorder.h>
+#include <rte_errno.h>
 
 #include "scheduler_pmd_private.h"
 
@@ -467,19 +468,113 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 	return max_priv_sess_size;
 }
 
+struct scheduler_configured_sess_info {
+	uint8_t dev_id;
+	uint8_t driver_id;
+	struct rte_cryptodev_sym_session *sess;
+};
+
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
-	struct rte_crypto_sym_xform *xform __rte_unused,
-	struct rte_cryptodev_sym_session *sess __rte_unused)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
+	struct rte_crypto_sym_xform *xform,
+	struct rte_cryptodev_sym_session *sess)
 {
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct rte_mempool *mp = rte_mempool_from_obj(sess);
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info configured_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_configured_sess = 0;
+	int ret = 0;
+
+	if (mp == NULL)
+		return -EINVAL;
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		struct rte_cryptodev_sym_session *worker_sess;
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_configured_sess; j++) {
+			if (configured_sess[j].driver_id ==
+					worker->driver_id) {
+				sess_ctx->worker_sess[i] =
+					configured_sess[j].sess;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		if (rte_mempool_avail_count(mp) == 0) {
+			ret = -ENOMEM;
+			goto error_exit;
+		}
+
+		worker_sess = rte_cryptodev_sym_session_create(worker->dev_id,
+			xform, mp);
+		if (worker_sess == NULL) {
+			ret = -rte_errno;
+			goto error_exit;
+		}
+
+		worker_sess->opaque_data = (uint64_t)sess;
+		sess_ctx->worker_sess[i] = worker_sess;
+		configured_sess[n_configured_sess].driver_id =
+			worker->driver_id;
+		configured_sess[n_configured_sess].dev_id = worker->dev_id;
+		configured_sess[n_configured_sess].sess = worker_sess;
+		n_configured_sess++;
+	}
+
 	return 0;
+error_exit:
+	sess_ctx->ref_cnt = sched_ctx->ref_cnt;
+	for (i = 0; i < n_configured_sess; i++)
+		rte_cryptodev_sym_session_free(configured_sess[i].dev_id,
+			configured_sess[i].sess);
+	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
-		struct rte_cryptodev_sym_session *sess __rte_unused)
-{}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *sess)
+{
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info deleted_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_deleted_sess = 0;
+
+	if (sched_ctx->ref_cnt != sess_ctx->ref_cnt) {
+		CR_SCHED_LOG(WARNING,
+			"Worker updated between session creation/deletion. "
+			"The session may not be freed fully.");
+	}
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_deleted_sess; j++) {
+			if (deleted_sess[j].driver_id == worker->driver_id) {
+				sess_ctx->worker_sess[i] = NULL;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		rte_cryptodev_sym_session_free(worker->dev_id,
+			sess_ctx->worker_sess[i]);
+
+		deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
+		sess_ctx->worker_sess[i] = NULL;
+	}
+}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 4d33b9ab44..0e508727a4 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -22,7 +22,6 @@ struct scheduler_worker {
 	uint8_t dev_id;
 	uint16_t qp_id;
 	uint32_t nb_inflight_cops;
-
 	uint8_t driver_id;
 };
 
@@ -37,6 +36,8 @@ struct scheduler_ctx {
 
 	struct scheduler_worker workers[RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
 	uint32_t nb_workers;
+	/* reference count when the workers are incremented/decremented */
+	uint32_t ref_cnt;
 
 	enum rte_cryptodev_scheduler_mode mode;
 
@@ -61,6 +62,11 @@ struct scheduler_qp_ctx {
 	struct rte_ring *order_ring;
 } __rte_cache_aligned;
 
+struct scheduler_session_ctx {
+	uint32_t ref_cnt;
+	struct rte_cryptodev_sym_session *worker_sess[
+		RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
+};
 
 extern uint8_t cryptodev_scheduler_driver_id;
 
@@ -101,6 +107,118 @@ scheduler_order_drain(struct rte_ring *order_ring,
 	return nb_ops_to_deq;
 }
 
+static __rte_always_inline void
+scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
+		uint8_t worker_index)
+{
+	struct rte_crypto_op **op = ops;
+	uint16_t n = nb_ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[1]->sym->session->driver_priv_data;
+			op[1]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[2]->sym->session->driver_priv_data;
+			op[2]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[3]->sym->session->driver_priv_data;
+			op[3]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+			op++;
+		}
+	}
+}
+
+static __rte_always_inline void
+scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	uint16_t n = nb_ops;
+	struct rte_crypto_op **op = ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[1]->sym->session =
+				(void *)op[1]->sym->session->opaque_data;
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[2]->sym->session =
+				(void *)op[2]->sym->session->opaque_data;
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[3]->sym->session =
+				(void *)op[3]->sym->session->opaque_data;
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		op++;
+	}
+}
+
 /** device specific operations function pointer structure */
 extern struct rte_cryptodev_ops *rte_crypto_scheduler_pmd_ops;
 
diff --git a/drivers/crypto/scheduler/scheduler_roundrobin.c b/drivers/crypto/scheduler/scheduler_roundrobin.c
index ace2dec2ec..ad3f8b842a 100644
--- a/drivers/crypto/scheduler/scheduler_roundrobin.c
+++ b/drivers/crypto/scheduler/scheduler_roundrobin.c
@@ -23,16 +23,17 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 			((struct scheduler_qp_ctx *)qp)->private_qp_ctx;
 	uint32_t worker_idx = rr_qp_ctx->last_enq_worker_idx;
 	struct scheduler_worker *worker = &rr_qp_ctx->workers[worker_idx];
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
-
+	scheduler_set_worker_session(ops, nb_ops, worker_idx);
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+	if (processed_ops < nb_ops)
+		scheduler_retrieve_session(ops + processed_ops,
+			nb_ops - processed_ops);
 
 	worker->nb_inflight_cops += processed_ops;
 
@@ -86,7 +87,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	nb_deq_ops = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
-
+	scheduler_retrieve_session(ops, nb_deq_ops);
 	last_worker_idx += 1;
 	last_worker_idx %= rr_qp_ctx->nb_workers;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 3/6] cryptodev: hide sym session structure
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 1/6] cryptodev: rework session framework Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 2/6] crypto/scheduler: use unified session Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 4/6] security: remove priv mempool usage Akhil Goyal
                       ` (5 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test/test_ipsec_perf.c                    |  4 +-
 doc/guides/prog_guide/cryptodev_lib.rst       | 16 ++----
 doc/guides/rel_notes/deprecation.rst          |  5 --
 doc/guides/rel_notes/release_22_11.rst        |  9 +++
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  5 +-
 drivers/crypto/caam_jr/caam_jr.c              | 10 ++--
 drivers/crypto/ccp/ccp_crypto.c               | 30 +++++-----
 drivers/crypto/ccp/ccp_pmd_ops.c              |  2 +-
 drivers/crypto/ccp/rte_ccp_pmd.c              |  4 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  8 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      | 10 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  4 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  2 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   | 11 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  9 ++-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  4 +-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  6 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  2 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |  2 +-
 drivers/crypto/mlx5/mlx5_crypto.c             |  7 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  6 +-
 drivers/crypto/null/null_crypto_pmd.c         |  3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  2 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c   | 10 ++--
 drivers/crypto/openssl/rte_openssl_pmd.c      |  4 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  3 +-
 drivers/crypto/qat/qat_sym_session.c          |  6 +-
 .../scheduler/scheduler_pkt_size_distr.c      | 13 ++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  4 +-
 .../crypto/scheduler/scheduler_pmd_private.h  | 30 +++++-----
 drivers/crypto/virtio/virtio_cryptodev.c      |  4 +-
 drivers/crypto/virtio/virtio_rxtx.c           |  2 +-
 examples/fips_validation/fips_dev_self_test.c | 10 ++--
 lib/cryptodev/cryptodev_pmd.h                 | 32 +++++++++++
 lib/cryptodev/rte_crypto.h                    |  3 +-
 lib/cryptodev/rte_crypto_sym.h                |  7 +--
 lib/cryptodev/rte_cryptodev.c                 | 16 ++++--
 lib/cryptodev/rte_cryptodev.h                 | 56 +++++++++----------
 lib/cryptodev/rte_cryptodev_trace.h           |  8 +--
 lib/ipsec/rte_ipsec_group.h                   |  5 +-
 lib/ipsec/ses.c                               |  3 +-
 47 files changed, 201 insertions(+), 194 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index b5d0c2e036..b221b7fc32 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -227,7 +227,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	void *dummy_ses = NULL;
 	size_t sz;
 	int rc;
 
@@ -247,7 +247,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 9e54683aa1..01aad842a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -125,13 +125,11 @@ Each queue pairs resources may be allocated on a specified socket.
         uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
         struct rte_mempool *mp_session;
         /**< The mempool for creating session in sessionless mode */
-        struct rte_mempool *mp_session_private;
-        /**< The mempool for creating sess private data in sessionless mode */
     };
 
 
-The fields ``mp_session`` and ``mp_session_private`` are used for creating
-temporary session to process the crypto operations in the session-less mode.
+The field ``mp_session`` is used for creating temporary session to process
+the crypto operations in the session-less mode.
 They can be the same other different mempools. Please note not all Cryptodev
 PMDs supports session-less mode.
 
@@ -595,7 +593,7 @@ chain.
         struct rte_mbuf *m_dst;
 
         union {
-            struct rte_cryptodev_sym_session *session;
+            void *session;
             /**< Handle for the initialised session context */
             struct rte_crypto_sym_xform *xform;
             /**< Session-less API Crypto operation parameters */
@@ -943,15 +941,11 @@ using one of the crypto PMDs available in DPDK.
 
     /* Create crypto session and initialize it for the crypto device. */
     struct rte_cryptodev_sym_session *session;
-    session = rte_cryptodev_sym_session_create(session_pool);
+    session = rte_cryptodev_sym_session_create(cdev_id, &cipher_xform,
+                    session_pool);
     if (session == NULL)
         rte_exit(EXIT_FAILURE, "Session could not be created\n");
 
-    if (rte_cryptodev_sym_session_init(cdev_id, session,
-                    &cipher_xform, session_priv_pool) < 0)
-        rte_exit(EXIT_FAILURE, "Session could not be initialized "
-                    "for the crypto device\n");
-
     /* Get a burst of crypto operations. */
     struct rte_crypto_op *crypto_ops[BURST_SIZE];
     if (rte_crypto_op_bulk_alloc(crypto_op_pool,
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index e7583cae4c..9785a0f3ce 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -161,11 +161,6 @@ Deprecation Notices
   this `RFC <https://patches.dpdk.org/project/dpdk/list/?series=23367>`__.
   This should be updated in DPDK 22.11.
 
-* cryptodev: Hide structures ``rte_cryptodev_sym_session`` and
-  ``rte_cryptodev_asym_session`` to remove unnecessary indirection between
-  session and the private data of session. An opaque pointer can be exposed
-  directly to application which can be attached to the ``rte_crypto_op``.
-
 * cryptodev: The function ``rte_cryptodev_cb_fn`` will be updated
   to have another parameter ``qp_id`` to return the queue pair ID
   which got error interrupt to the application,
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 7fab9d6550..4b8b34d8ba 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -89,6 +89,15 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* cryptodev: The structure ``rte_cryptodev_sym_session`` was made internal.
+  The API ``rte_cryptodev_sym_session_init`` and ``rte_cryptodev_sym_session_clear``
+  were removed and user would only need to call ``rte_cryptodev_sym_session_create``
+  and ``rte_cryptodev_sym_session_free`` to create/destroy sessions.
+  The API ``rte_cryptodev_sym_session_create`` was updated to take a single mempool
+  with element size big enough to hold session data and session private data.
+  All sample applications were updated to attach an opaque pointer for the session
+  to the ``rte_crypto_op`` while enqueuing.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index d3334dc920..40813d1fe5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -210,8 +210,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 		BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
-		sess = (struct bcmfs_sym_session *)
-			op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	if (sess == NULL)
@@ -233,7 +232,7 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a9c93dea13..c9c783d19a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1356,8 +1356,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
-		ses = (struct caam_jr_session *)
-			op->sym->session->driver_priv_data;
+		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1699,7 +1698,7 @@ caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
@@ -1716,12 +1715,11 @@ static void
 caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	struct caam_jr_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 	}
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index bd999abe61..b21b32e507 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,7 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1764,7 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1855,7 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1999,7 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2071,7 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2232,7 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2318,7 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2426,7 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2591,7 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2627,7 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2695,7 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2758,8 +2758,7 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)
-			op[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2835,7 +2834,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2909,8 +2908,7 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)
-			op_d[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op_d[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index e401793a76..52f320b02b 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -767,7 +767,7 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index 7502281ad9..c0b016ea36 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,7 +56,7 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
@@ -152,7 +152,7 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
 			struct ccp_session *sess =
-				(void *)ops[i]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 
 			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f96e132513..4648576ff8 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -110,7 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -293,9 +293,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)(
-				((struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -332,7 +330,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index a44f111ba6..5c344a6008 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -69,7 +69,7 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (ret)
 		goto sess_put;
 
-	priv = (void *)sess->driver_priv_data;
+	priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	sym_op->session = sess;
 
@@ -92,7 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -344,9 +344,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)((
-				(struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -383,7 +381,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 018d7fcee8..a5233a942a 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -624,7 +624,7 @@ sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
@@ -693,7 +693,7 @@ cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ca90567620..37a7322e0f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -5,7 +5,7 @@
 #ifndef _CNXK_CRYPTODEV_OPS_H_
 #define _CNXK_CRYPTODEV_OPS_H_
 
-#include <rte_cryptodev.h>
+#include <cryptodev_pmd.h>
 #include <rte_event_crypto_adapter.h>
 
 #include "roc_api.h"
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 5a38d53022..369fa9c81d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,7 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1677,7 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3756,7 +3756,7 @@ dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
@@ -3775,10 +3775,9 @@ dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	dpaa2_sec_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 795be3acc3..8c1e0abb95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,7 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0cc773fba6..ec2fe56d1e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,7 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1924,8 +1924,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (void *)
-					op->sym->session->driver_priv_data;
+				ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2673,7 +2672,7 @@ dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
@@ -2714,7 +2713,7 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	free_session_memory(dev, s);
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d2e4d9d787..93129e7614 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1018,7 +1018,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
-			session_ctx.crypto_sess->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 90ce5bc965..cedcaa2742 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -329,7 +329,7 @@ ipsec_mb_sym_session_configure(
 	}
 
 	ret = (*pmd_data->session_configure)(mb_mgr,
-			(void *)sess->driver_priv_data, xform);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index 14f962ef28..63e6fd58ee 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -434,7 +434,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		}
 
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			goto error_exit;
 		}
@@ -447,7 +447,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 error_exit:
 	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e4f274b608..8d40bd9169 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -468,7 +468,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				(void *)sess->driver_priv_data,
+				CRYPTODEV_GET_SYM_SESS_PRIV(sess),
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
@@ -479,7 +479,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 }
 
 static uint16_t
@@ -704,7 +704,7 @@ aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
+	struct aesni_gcm_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index f3565b04b5..7d2f3b0e4b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1723,7 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -2013,7 +2013,7 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
+	struct aesni_mb_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
 	/* get per-thread MB MGR, create one if needed */
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index b2fb168154..705eed9758 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -282,7 +282,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct kasumi_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index f052d6d847..8ed069f428 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -413,7 +413,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct snow3g_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 46ea507cf5..c7d8fa311c 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -175,7 +175,7 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
 	struct mlx5_crypto_session *sess_private_data =
-		(void *)session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(session);
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
 
@@ -239,7 +239,7 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
+	struct mlx5_crypto_session *spriv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
@@ -355,8 +355,7 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess =
-		(void *)op->sym->session->driver_priv_data;
+	struct mlx5_crypto_session *sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 505024a810..dd8457aaa4 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -534,7 +534,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
 			      struct rte_cryptodev_sym_session *sess)
 {
-	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
+	struct nitrox_crypto_ctx *ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
@@ -577,7 +577,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 		goto err;
 	}
 
-	ctx->iova = sess->driver_priv_data_iova;
+	ctx->iova = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess);
 	return 0;
 err:
 	return ret;
@@ -593,7 +593,7 @@ get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return (void *)op->sym->session->driver_priv_data;
+			return CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 09aac3065e..27f750aaca 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -77,8 +77,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct null_crypto_session *)
-				sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	} else {
 		struct rte_cryptodev_sym_session *_sess = NULL;
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index fb43d3f7b5..f07e9c2ea0 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -265,7 +265,7 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index cd5ebc2af6..a5b595c05f 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -248,7 +248,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = sym_xform_verify(xform);
@@ -294,7 +294,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	misc->ctx_dma_addr = sess->driver_priv_data_iova +
+	misc->ctx_dma_addr = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess) +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -313,7 +313,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 static void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct cpt_sess_misc *misc;
 	struct cpt_ctx *ctx;
 
@@ -507,7 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
+	sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -844,7 +844,7 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+	void *sess_private_data_t = CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 
 	memset(sess_private_data_t, 0, cpt_get_session_size());
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bb536c9e3..cc8328cd5f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,8 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (void *)
-					op->sym->session->driver_priv_data;
+				sess = CRYPTODEV_GET_SYM_SESS_PRIV(
+					op->sym->session);
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2a3662ee5a..defed4429e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -795,7 +795,7 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -1319,7 +1319,7 @@ static void
 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	openssl_reset_session(sess_priv);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 408ae9e42b..d7696822a8 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,7 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = (void *)op->sym->session->driver_priv_data;
+		ctx = (void *)CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -386,7 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
+	ctx = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 2853ac5b88..653df0bf69 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -316,8 +316,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 	} else
 #endif
 	{
-		sess = (struct qat_sym_session *)
-			rx_op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 8dd2357702..c6976f2cdd 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -222,7 +222,7 @@ void
 qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	struct qat_sym_session *s = (void *)sess->driver_priv_data;
+	struct qat_sym_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (s->bpi_ctx)
 		bpi_cipher_ctx_free(s->bpi_ctx);
@@ -505,8 +505,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 #endif
 	ret = qat_sym_session_set_parameters(dev, xform,
-			(void *)sess->driver_priv_data,
-			sess->driver_priv_data_iova);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess),
+			CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 9204f6f608..396cc3723d 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -76,13 +76,10 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
 			sizeof(struct rte_cryptodev_sym_session));
 
-		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
-		sess_ctx[1] =
-			(void *)ops[i + 1]->sym->session->driver_priv_data;
-		sess_ctx[2] =
-			(void *)ops[i + 2]->sym->session->driver_priv_data;
-		sess_ctx[3] =
-			(void *)ops[i + 3]->sym->session->driver_priv_data;
+		sess_ctx[0] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
+		sess_ctx[1] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 1]->sym->session);
+		sess_ctx[2] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 2]->sym->session);
+		sess_ctx[3] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 3]->sym->session);
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
@@ -166,7 +163,7 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	for (; i < nb_ops; i++) {
 		struct scheduler_session_ctx *sess_ctx =
-			(void *)ops[i]->sym->session->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 		uint32_t job_len;
 		uint8_t target;
 
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 2bc3f5dd27..707bb7d8d1 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -481,7 +481,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	struct rte_mempool *mp = rte_mempool_from_obj(sess);
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info configured_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_configured_sess = 0;
@@ -543,7 +543,7 @@ scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info deleted_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_deleted_sess = 0;
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 0e508727a4..41be928dc3 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -131,28 +131,28 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[1]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[1]->sym->session);
 			op[1]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[2]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[2]->sym->session);
 			op[2]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[3]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[3]->sym->session);
 			op[3]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
@@ -164,7 +164,7 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
@@ -195,17 +195,17 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 		}
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[1]->sym->session =
-				(void *)op[1]->sym->session->opaque_data;
+			op[1]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[1]->sym->session);
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[2]->sym->session =
-				(void *)op[2]->sym->session->opaque_data;
+			op[2]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[2]->sym->session);
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[3]->sym->session =
-				(void *)op[3]->sym->session->opaque_data;
+			op[3]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[3]->sym->session);
 
 		op += 4;
 		n -= 4;
@@ -213,8 +213,8 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		op++;
 	}
 }
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 6b9e57ee66..f068283290 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -951,7 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1318,7 +1318,7 @@ virtio_crypto_sym_configure_session(
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index b7f492a7f2..48b5f4ebbb 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,7 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(void *)cop->sym->session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index bce903e007..b17f664a5e 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -980,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1172,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1211,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1250,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1462,7 +1462,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index f518a0f89b..bf10364b66 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -132,6 +132,38 @@ struct cryptodev_driver {
 	uint8_t id;
 };
 
+/** Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
+	uint16_t user_data_sz;
+	/**< Session user data will be placed after sess data */
+	uint8_t driver_id;
+	/**< Driver id to get the session priv */
+	rte_iova_t driver_priv_data_iova;
+	/**< Session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< Second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
+};
+
+/**
+ * Helper macro to get driver private data
+ */
+#define CRYPTODEV_GET_SYM_SESS_PRIV(s) \
+	((void *)(((struct rte_cryptodev_sym_session *)s)->driver_priv_data))
+#define CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(s) \
+	(((struct rte_cryptodev_sym_session *)s)->driver_priv_data_iova)
+
+
 /**
  * Get the rte_cryptodev structure device pointer for the device. Assumes a
  * valid device index.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 6dfca2c169..f9644d29ec 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -430,8 +430,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  * @param	sess	cryptodev session
  */
 static inline int
-rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+rte_crypto_op_attach_sym_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..84deecac48 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -580,8 +580,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-struct rte_cryptodev_sym_session;
-
 /**
  * Symmetric Cryptographic Operation.
  *
@@ -618,7 +616,7 @@ struct rte_crypto_sym_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_cryptodev_sym_session *session;
+		void *session;
 		/**< Handle for the initialised session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
@@ -923,8 +921,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  * @param	sess	cryptodev session
  */
 static inline int
-__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a326eb0e17..9ec015df8a 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1950,11 +1950,11 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id, void *_sess)
 {
 	struct rte_cryptodev *dev;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = _sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
 	if (sess == NULL)
@@ -2069,10 +2069,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-		struct rte_cryptodev_sym_session *sess, void *data,
+rte_cryptodev_sym_session_set_user_data(void *_sess, void *data,
 		uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2084,8 +2085,10 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *_sess)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2129,10 +2132,11 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *_sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = _sess;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		sym_crypto_fill_status(vec, EINVAL);
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0c65958f25..8b6a7a5c1d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -902,28 +902,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	RTE_MARKER cacheline0;
-	uint8_t driver_id;
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint32_t sess_data_sz;
-	/**< Pointer to the user data stored after sess data */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess data */
-	rte_iova_t driver_priv_data_iova;
-	/**< session driver data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	/**< second cache line - start of the driver session data */
-	uint8_t driver_priv_data[0];
-	/**< Driver specific session data, variable size */
-};
-
 /**
  * Create a symmetric session mempool.
  *
@@ -1036,7 +1014,7 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
  */
 int
 rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess);
+	void *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1136,11 +1114,31 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Get user data stored in a session.
  *
@@ -1153,8 +1151,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Store user data in an asymmetric session.
@@ -1202,7 +1199,7 @@ rte_cryptodev_asym_session_get_user_data(void *sess);
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1244,8 +1241,7 @@ rte_cryptodev_session_event_mdata_set(uint8_t dev_id, void *sess,
  * Union of different crypto session types, including session-less xform
  * pointer.
  */
-union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+union rte_cryptodev_session_ctx {void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 055c44fb22..7b4ec5c389 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,14 +73,10 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess, void *xforms,
 		void *mempool),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u8(sess->driver_id);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 	rte_trace_point_emit_ptr(mempool);
 )
@@ -108,7 +104,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 62c2bd7217..a4e0e128f8 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -45,14 +45,15 @@ static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
 	const struct rte_security_session *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
 		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
-		return (struct rte_ipsec_session *)(uintptr_t)cs->opaque_data;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(cs);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..0d3c932302 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
+			(uintptr_t)ss);
 	else
 		ss->security.ses->opaque_data = (uintptr_t)ss;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 4/6] security: remove priv mempool usage
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (2 preceding siblings ...)
  2022-09-24 16:35     ` [PATCH v3 3/6] cryptodev: hide sym session structure Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 5/6] drivers/crypto: support security session get size op Akhil Goyal
                       ` (4 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal,
	David Coyle, Kevin O'Sullivan

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   3 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   3 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   3 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   3 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |   3 -
 app/test/test_cryptodev.c                     |  44 +-----
 app/test/test_ipsec.c                         |   7 +-
 app/test/test_security.c                      | 146 ++----------------
 app/test/test_security_inline_proto.c         |  16 +-
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/caam_jr/caam_jr.c              |  31 +---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   7 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 ++----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   9 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 ++-----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  25 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  26 +---
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +--
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |  11 +-
 drivers/crypto/qat/qat_sym_session.c          |  27 +---
 drivers/crypto/qat/qat_sym_session.h          |   2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 ++---
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 ++--
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +--
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 ++--
 drivers/net/txgbe/txgbe_ipsec.c               |  32 ++--
 examples/ipsec-secgw/ipsec-secgw.c            |  34 ----
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 lib/cryptodev/rte_cryptodev.h                 |   2 +-
 lib/security/rte_security.c                   |  20 ++-
 lib/security/rte_security.h                   |  30 ++--
 lib/security/rte_security_driver.h            |  13 +-
 45 files changed, 193 insertions(+), 623 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c6f5735bb0..bd3c941fea 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -642,7 +642,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -753,13 +752,11 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 				rte_cryptodev_get_sec_ctx(dev_id);
 
 	/* Create security session */
-	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+	return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -859,12 +856,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -908,8 +904,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 #endif
 	/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1d2fbb4e30..a1e68fd226 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -13,7 +13,7 @@
 
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index afd8cb209b..4df08694d4 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -56,7 +56,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -81,7 +80,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index edd2730b73..f0ca78af4f 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -88,7 +88,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -115,7 +114,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index fa13915dc3..c924459958 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -62,7 +62,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -85,7 +84,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index c1465db243..d744b6e58e 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -50,7 +50,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -73,7 +72,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 3469b836e1..420acc3c6d 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -24,7 +24,6 @@
 
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 const char *cperf_test_type_strs[] = {
@@ -115,7 +114,6 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
-		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -660,7 +658,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f5fef10696..abd2882fd6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -649,12 +649,6 @@ testsuite_setup(void)
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
-			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
@@ -694,8 +688,6 @@ testsuite_teardown(void)
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -8620,8 +8612,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				NULL);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8900,8 +8891,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9496,8 +9486,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -10508,8 +10497,7 @@ test_docsis_proto_uplink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -10693,8 +10681,7 @@ test_docsis_proto_downlink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -14976,10 +14963,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
 
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
@@ -15003,23 +14986,6 @@ test_scheduler_attach_worker_op(void)
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 04d231468b..a6698bb021 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -159,13 +159,12 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	struct rte_security_session *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
+	RTE_SET_USED(sess);
 
-	sess->sess_private_data = NULL;
 	return 0;
 }
 
@@ -631,7 +630,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session, NULL);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 059731b65d..bb3b3835fa 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -266,24 +247,14 @@ static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		struct rte_security_session *sess)
 {
-	void *sess_priv;
-	int ret;
-
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
 	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
 		mock_session_create_exp.sess = sess;
 	}
 
@@ -392,13 +363,7 @@ static struct mock_session_destroy_data {
 static int
 mock_session_destroy(void *device, struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -536,7 +501,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -562,8 +526,9 @@ static struct security_unittest_params {
 #define SECURITY_TEST_MEMPOOL_NAME "SecurityTestMp"
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
-#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
 #define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_OBJ_SZ (sizeof(struct rte_security_session) + \
+					SECURITY_TEST_SESSION_PRIV_OBJ_SZ)
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -583,21 +548,6 @@ testsuite_setup(void)
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +562,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -713,12 +659,10 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -760,13 +704,11 @@ test_session_create_inv_context(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -786,13 +728,11 @@ test_session_create_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -812,13 +752,11 @@ test_session_create_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -835,13 +773,11 @@ test_session_create_inv_configuration(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,13 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct rte_security_session *sess;
 
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -903,7 +813,6 @@ test_session_create_mempool_empty(void)
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
 	struct rte_security_session *sess;
 
 	/* Get all available objects from mempool. */
@@ -914,34 +823,23 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -960,17 +858,14 @@ test_session_create_ops_failure(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -989,12 +884,10 @@ test_session_create_success(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +896,6 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1281,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1288,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1304,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1312,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1328,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1336,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1350,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1357,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1376,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1384,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1401,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1409,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2375,6 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index b282e7dbc9..9c6a09676e 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -66,7 +66,6 @@ extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512;
 
 static struct rte_mempool *mbufpool;
 static struct rte_mempool *sess_pool;
-static struct rte_mempool *sess_priv_pool;
 /* ethernet addresses of ports */
 static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
 
@@ -311,8 +310,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 		setenv("ETH_SEC_IV_OVR", arr, 1);
 	}
 
-	*sess = rte_security_session_create(sec_ctx,
-				sess_conf, sess_pool, sess_priv_pool);
+	*sess = rte_security_session_create(sec_ctx, sess_conf, sess_pool);
 	if (*sess == NULL) {
 		printf("SEC Session init failed.\n");
 		return TEST_FAILED;
@@ -496,18 +494,6 @@ init_mempools(unsigned int nb_mbuf)
 		}
 		printf("Allocated sess pool\n");
 	}
-	if (sess_priv_pool == NULL) {
-		snprintf(s, sizeof(s), "sess_priv_pool");
-		sess_priv_pool = rte_mempool_create(s, nb_sess, sess_sz,
-				MEMPOOL_CACHE_SIZE, 0,
-				NULL, NULL, NULL, NULL,
-				SOCKET_ID_ANY, 0);
-		if (sess_priv_pool == NULL) {
-			printf("Cannot init sess_priv pool\n");
-			return TEST_FAILED;
-		}
-		printf("Allocated sess_priv pool\n");
-	}
 
 	return 0;
 }
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index f1be6a3401..db9b7e6937 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -1004,9 +1004,9 @@ roc_on_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa, uint8_t opcode,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = (rte_iova_t)sa;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = (rte_iova_t)sa;
 	inst.w7.s.egrp = egrp;
 
 	inst.w0.u64 = 0;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c9c783d19a..7891254d78 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,9 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1900,18 +1898,12 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = caam_jr_set_ipsec_session(cdev, conf,
@@ -1924,13 +1916,8 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
-		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -1940,18 +1927,12 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = SECURITY_GET_SESS_PRIV(sess);
 
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+		memset(s, 0, sizeof(struct caam_jr_session));
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 4648576ff8..f127c84fd3 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,8 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -286,7 +285,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = SECURITY_GET_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -323,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index d6ff1342ce..1ebdf7793a 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -47,7 +47,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *out_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -173,7 +173,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *in_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -290,37 +290,16 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 struct rte_security_session *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
-
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	set_sec_session_private_data(sess, priv);
-
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
 					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -329,14 +308,13 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 	struct rte_cryptodev *crypto_dev = dev;
 	union roc_ot_ipsec_sa_word2 *w2;
 	struct cn10k_sec_session *sess;
-	struct rte_mempool *sess_mp;
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 	struct roc_cpt_lf *lf;
 	void *sa_dptr = NULL;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	if (sess == NULL)
 		return 0;
 
@@ -390,11 +368,6 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 		roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
 	}
 
-	sess_mp = rte_mempool_from_obj(sess);
-
-	set_sec_session_private_data(sec_sess, NULL);
-	rte_mempool_put(sess_mp, sess);
-
 	return 0;
 }
 
@@ -416,7 +389,7 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
@@ -457,7 +430,7 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
 	struct cnxk_cpt_vf *vf;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 5c344a6008..b395f830b1 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -337,7 +337,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = SECURITY_GET_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,8 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = get_sec_session_private_data(
-				sym_op->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 6d26b0cc01..1923b92134 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -33,7 +33,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -82,8 +82,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->out_sa, opcode,
-				   ctx_len, egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)SECURITY_GET_SESS_PRIV_IOVA(sec_sess),
+				   opcode, ctx_len, egrp);
 
 	if (ret)
 		return ret;
@@ -110,7 +110,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->out_sa);
+	w7.s.cptr = SECURITY_GET_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -137,7 +137,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -174,8 +174,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->in_sa, opcode, ctx_len,
-				   egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)SECURITY_GET_SESS_PRIV_IOVA(sec_sess),
+				opcode, ctx_len, egrp);
 	if (ret)
 		return ret;
 
@@ -188,7 +188,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	w4.s.param2 = param2.u16;
 
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->in_sa);
+	w7.s.cptr = SECURITY_GET_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -293,40 +293,20 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			struct rte_security_session *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = SECURITY_GET_SESS_PRIV(sess);
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
 					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -335,11 +315,10 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return 0;
 
@@ -351,13 +330,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 369fa9c81d..563ba79418 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,8 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1583,8 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1680,8 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 
 	if (sess == NULL)
@@ -3690,18 +3687,12 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
@@ -3718,13 +3709,9 @@ dpaa2_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -3734,19 +3721,15 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 8c1e0abb95..0aa76c890d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1009,8 +1009,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = SECURITY_GET_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index ec2fe56d1e..c2216987ca 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,9 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 	if (sess == NULL) {
 		printf("session is NULL\n");
@@ -1928,9 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+				ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -3245,18 +3241,12 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa_sec_set_ipsec_session(cdev, conf,
@@ -3273,13 +3263,9 @@ dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -3295,12 +3281,11 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index 93129e7614..b8114a3391 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1014,8 +1014,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = SECURITY_GET_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
 			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 7d2f3b0e4b..76cb1c543a 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,8 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = (struct aesni_mb_session *)
-		get_sec_session_private_data(op->sym->sec_session);
+	session = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1720,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
@@ -2095,10 +2094,9 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2108,24 +2106,14 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);
 
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -2134,14 +2122,10 @@ static int
 aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index bb86f671a4..f4b9f1d2fe 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -767,8 +767,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 214c0fcb08..98a5d7ee2f 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -833,11 +833,10 @@ struct rte_cryptodev_ops *rte_mrvl_crypto_pmd_ops = &mrvl_crypto_pmd_ops;
 static int
 mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	int ret;
 
 	if (sess == NULL) {
@@ -845,11 +844,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		MRVL_LOG(ERR, "Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
@@ -863,8 +857,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		if (ret != 0) {
 			MRVL_LOG(ERR, "Failed to configure session parameters.");
 
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 
@@ -878,8 +870,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				&mrvl_sess->sam_sess);
 		if (ret < 0) {
 			MRVL_LOG(ERR, "PMD: failed to create IPSEC session.");
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 		break;
@@ -889,8 +879,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -899,13 +887,12 @@ static int
 mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -916,8 +903,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
 		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index d7696822a8..f8ec8b7233 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -9,6 +9,7 @@
 #include <rte_crypto_sym.h>
 #include <rte_bus_pci.h>
 #include <rte_byteorder.h>
+#include <rte_security_driver.h>
 
 #include "qat_sym.h"
 #include "qat_crypto.h"
@@ -100,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = get_sec_session_private_data(op->sym->sec_session);
+		ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 653df0bf69..033ec0de85 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -12,6 +12,9 @@
 
 #ifdef BUILD_QAT_SYM
 #include <openssl/evp.h>
+#ifdef RTE_LIB_SECURITY
+#include <rte_security_driver.h>
+#endif
 
 #include "qat_common.h"
 #include "qat_sym_session.h"
@@ -274,9 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -309,9 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index c6976f2cdd..7ff3aff4d3 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -25,7 +25,7 @@
 #include <rte_malloc.h>
 #include <rte_crypto_sym.h>
 #ifdef RTE_LIB_SECURITY
-#include <rte_security.h>
+#include <rte_security_driver.h>
 #endif
 
 #include "qat_logs.h"
@@ -2541,7 +2541,8 @@ qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2560,7 +2561,6 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2590,10 +2590,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	struct qat_cryptodev_private *internals = cdev->data->dev_private;
 	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
@@ -2606,25 +2605,17 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, SECURITY_GET_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
 	sym_session = (struct qat_sym_session *)sess_private_data;
 	sym_session->dev_id = internals->dev_id;
 
@@ -2636,17 +2627,13 @@ int
 qat_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 9e4aab06a6..ac57e0b240 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -177,7 +177,7 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3795b0c78b..6de4a284da 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -583,15 +583,14 @@ cn10k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix,
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     struct rte_security_session *sess)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn10k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
+	struct cnxk_eth_sec_sess *eth_sec = SECURITY_GET_SESS_PRIV(sess);
 	struct roc_nix *nix = &dev->nix;
 	bool inbound, inl_dev;
 	rte_spinlock_t *lock;
@@ -626,11 +625,6 @@ cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
 	sess_priv.u64 = 0;
 
@@ -659,12 +653,12 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to create ingress sa, inline dev "
 				 "not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -675,7 +669,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
@@ -687,7 +681,7 @@ cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -724,7 +718,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_inb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		if (conf->ipsec.options.ip_reassembly_en) {
 			inb_priv->reass_dynfield_off = dev->reass_dynfield_off;
@@ -745,7 +739,7 @@ cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -760,7 +754,7 @@ cn10k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		if (conf->ipsec.options.iv_gen_disable == 1) {
@@ -776,7 +770,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to init outb sa misc params, rc=%d",
 				 rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -818,7 +812,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_outb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 	}
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
@@ -830,15 +824,14 @@ cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
 	rte_spinlock_unlock(lock);
 
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -850,7 +843,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 	void *sa_dptr;
 
@@ -896,10 +888,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 4dd0b6185e..8467564d91 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_security_session *sess)
 {
+	struct cnxk_eth_sec_sess *eth_sec = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn9k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	struct roc_nix *nix = &dev->nix;
 	rte_spinlock_t *lock;
 	char tbuf[128] = {0};
@@ -172,11 +171,6 @@ cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	lock = inbound ? &dev->inb.lock : &dev->outb.lock;
 	rte_spinlock_lock(lock);
 
@@ -202,7 +196,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -211,7 +205,7 @@ cn9k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -221,7 +215,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -235,7 +229,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
@@ -264,7 +258,7 @@ cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -278,7 +272,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -321,12 +315,11 @@ cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	rte_spinlock_unlock(lock);
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -340,7 +333,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 
 	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
@@ -377,10 +369,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 75f05ee558..9bb3580690 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -640,14 +640,13 @@ set_session_parameter(struct iavf_security_ctx *iavf_sctx,
 static int
 iavf_ipsec_crypto_session_create(void *device,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *session,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *session)
 {
 	struct rte_eth_dev *ethdev = device;
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_session = NULL;
+	struct iavf_security_session *iavf_session = SECURITY_GET_SESS_PRIV(session);
 	int sa_idx;
 	int ret = 0;
 
@@ -656,12 +655,6 @@ iavf_ipsec_crypto_session_create(void *device,
 	if (ret)
 		return ret;
 
-	/* allocate session context */
-	if (rte_mempool_get(mempool, (void **)&iavf_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from sess mempool");
-		return -ENOMEM;
-	}
-
 	/* add SA to hardware database */
 	sa_idx = iavf_ipsec_crypto_security_association_add(adapter, conf);
 	if (sa_idx < 0) {
@@ -675,16 +668,12 @@ iavf_ipsec_crypto_session_create(void *device,
 				RTE_SECURITY_IPSEC_SA_DIR_INGRESS ?
 				"inbound" : "outbound");
 
-		rte_mempool_put(mempool, iavf_session);
 		return -EFAULT;
 	}
 
 	/* save data plane required session parameters */
 	set_session_parameter(iavf_sctx, iavf_session, conf, sa_idx);
 
-	/* save to security session private data */
-	set_sec_session_private_data(session, iavf_session);
-
 	return 0;
 }
 
@@ -702,7 +691,7 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
 {
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
-	struct iavf_security_session *sess = session->sess_private_data;
+	const struct iavf_security_session *sess = (const void *)session->driver_priv_data;
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(sess == NULL || sess->adapter != adapter))
@@ -880,7 +869,7 @@ iavf_ipsec_crypto_session_update(void *device,
 	int rc = 0;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = SECURITY_GET_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1045,7 +1034,7 @@ iavf_ipsec_crypto_session_destroy(void *device,
 	int ret;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = SECURITY_GET_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1140,7 +1129,7 @@ iavf_ipsec_crypto_pkt_metadata_set(void *device,
 	struct iavf_adapter *adapter =
 			IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_sess = session->sess_private_data;
+	struct iavf_security_session *iavf_sess = SECURITY_GET_SESS_PRIV(session);
 	struct iavf_ipsec_crypto_pkt_metadata *md;
 	struct rte_esp_tail *esp_tail;
 	uint64_t *sqn = params;
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index c353ae33b4..210071b7d6 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -440,9 +428,7 @@ ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -480,8 +466,7 @@ ixgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +670,12 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct ixgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 3ca3d85ed5..f75cfe33a4 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -420,9 +408,7 @@ txgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -460,8 +446,8 @@ txgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +647,12 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct txgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index ce4b4ba806..7171db2cc3 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2110,38 +2110,6 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
-
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, int portid,
 	  uint32_t nb_mbuf)
@@ -3022,8 +2990,6 @@ main(int32_t argc, char **argv)
 			continue;
 
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index bb84dcec7e..ee1cf871ca 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -151,8 +151,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -278,8 +277,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -478,8 +476,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 2c37bb022d..538eb17d94 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -258,7 +258,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool[RTE_MAX_ETHPORTS];
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 8b6a7a5c1d..ece7157970 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -967,7 +967,7 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
+ * @param   mp       Mempool where the private data is allocated.
  *
  * @return
  *  - On success return pointer to sym-session.
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index b5e9b0d34a..87a21a6e33 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -45,21 +45,28 @@ rte_security_dynfield_register(void)
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	uint32_t sess_priv_size;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	sess_priv_size = instance->ops->session_get_size(instance->device);
+	if (mp->elt_size < (sizeof(struct rte_security_session) + sess_priv_size))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
-	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+	/* Clear session priv data */
+	memset(sess->driver_priv_data, 0, sess_priv_size);
+
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+			offsetof(struct rte_security_session, driver_priv_data);
+	if (instance->ops->session_create(instance->device, conf, sess)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
@@ -86,7 +93,8 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
 
-	return instance->ops->session_get_size(instance->device);
+	return (sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device));
 }
 
 int
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 675db940eb..bf4ff3c18c 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -519,10 +519,17 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
+	RTE_MARKER cacheline0;
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
 };
 
 /**
@@ -531,7 +538,6 @@ struct rte_security_session {
  * @param   instance	security instance
  * @param   conf	session configuration parameters
  * @param   mp		mempool to allocate session objects from
- * @param   priv_mp	mempool to allocate session private data objects from
  * @return
  *  - On success, pointer to session
  *  - On failure, NULL
@@ -539,8 +545,7 @@ struct rte_security_session {
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -656,7 +661,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess->fast_mdata);
 		return 0;
 	}
 
@@ -713,19 +718,6 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..c8119a8a50 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,24 +19,29 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * Helper macro to get driver private data
+ */
+#define SECURITY_GET_SESS_PRIV(s) \
+	((void *)(((struct rte_security_session *)s)->driver_priv_data))
+#define SECURITY_GET_SESS_PRIV_IOVA(s) \
+	(((struct rte_security_session *)s)->driver_priv_data_iova)
+
 /**
  * Configure a security session on a device.
  *
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
  *  - Returns -EINVAL if input parameters are invalid.
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
- *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		struct rte_security_session *sess);
 
 /**
  * Free driver private session data.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 5/6] drivers/crypto: support security session get size op
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (3 preceding siblings ...)
  2022-09-24 16:35     ` [PATCH v3 4/6] security: remove priv mempool usage Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:35     ` [PATCH v3 6/6] security: hide session structure Akhil Goyal
                       ` (3 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 drivers/crypto/caam_jr/caam_jr.c            | 6 ++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 7 +++++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 8 ++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 7 +++++++
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c     | 7 +++++++
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c   | 1 +
 drivers/crypto/qat/qat_sym_session.c        | 6 ++++++
 drivers/crypto/qat/qat_sym_session.h        | 2 ++
 8 files changed, 44 insertions(+)

diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 7891254d78..a6d3a494e6 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1937,6 +1937,11 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+caam_jr_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct caam_jr_session);
+}
 
 static int
 caam_jr_dev_configure(struct rte_cryptodev *dev,
@@ -2031,6 +2036,7 @@ static struct rte_cryptodev_ops caam_jr_ops = {
 static struct rte_security_ops caam_jr_security_ops = {
 	.session_create = caam_jr_security_session_create,
 	.session_update = NULL,
+	.session_get_size = caam_jr_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = caam_jr_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 563ba79418..3c51913dd8 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3733,6 +3733,12 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa2_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa2_sec_session);
+}
 #endif
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -4184,6 +4190,7 @@ dpaa2_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa2_sec_security_ops = {
 	.session_create = dpaa2_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa2_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa2_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c2216987ca..72b848fd49 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3289,6 +3289,13 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa_sec_session);
+}
+
 #endif
 static int
 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
@@ -3547,6 +3554,7 @@ dpaa_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa_sec_security_ops = {
 	.session_create = dpaa_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 76cb1c543a..fc9ee01124 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -2130,6 +2130,12 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+aesni_mb_pmd_sec_sess_get_size(void *device __rte_unused)
+{
+	return sizeof(struct aesni_mb_session);
+}
+
 /** Get security capabilities for aesni multi-buffer */
 static const struct rte_security_capability *
 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
@@ -2140,6 +2146,7 @@ aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
 		.session_create = aesni_mb_pmd_sec_sess_create,
 		.session_update = NULL,
+		.session_get_size = aesni_mb_pmd_sec_sess_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = aesni_mb_pmd_sec_sess_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 98a5d7ee2f..c6e9ab03fe 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -907,6 +907,12 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+mrvl_crypto_pmd_security_session_create(void *device __rte_unused)
+{
+	return sizeof(struct mrvl_crypto_session);
+}
+
 static const
 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
@@ -971,6 +977,7 @@ mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
 struct rte_security_ops mrvl_sec_security_pmd_ops = {
 	.session_create = mrvl_crypto_pmd_security_session_create,
 	.session_update = NULL,
+	.session_get_size = mrvl_crypto_pmd_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = mrvl_crypto_pmd_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
index 99f5a22a06..462c1a722f 100644
--- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
@@ -428,6 +428,7 @@ qat_security_cap_get_gen1(void *dev __rte_unused)
 struct rte_security_ops security_qat_ops_gen1 = {
 		.session_create = qat_security_session_create,
 		.session_update = NULL,
+		.session_get_size = qat_security_session_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = qat_security_session_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 7ff3aff4d3..dce185d424 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2641,4 +2641,10 @@ qat_security_session_destroy(void *dev __rte_unused,
 # endif
 	return 0;
 }
+
+unsigned int
+qat_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct qat_sym_session);
+}
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ac57e0b240..6322d7e3bc 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -180,6 +180,8 @@ qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
 		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+unsigned int
+qat_security_session_get_size(void *dev __rte_unused);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v3 6/6] security: hide session structure
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (4 preceding siblings ...)
  2022-09-24 16:35     ` [PATCH v3 5/6] drivers/crypto: support security session get size op Akhil Goyal
@ 2022-09-24 16:35     ` Akhil Goyal
  2022-09-24 16:39     ` [PATCH v3 0/6] crypto/security session framework rework Akhil Goyal
                       ` (2 subsequent siblings)
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:35 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal,
	David Coyle, Kevin O'Sullivan

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf_ops.c              |  6 +-
 .../cperf_test_pmd_cyclecount.c               |  2 +-
 app/test-crypto-perf/cperf_test_throughput.c  |  2 +-
 app/test/test_cryptodev.c                     |  2 +-
 app/test/test_cryptodev_security_ipsec.c      |  2 +-
 app/test/test_cryptodev_security_ipsec.h      |  2 +-
 app/test/test_security.c                      | 32 ++++----
 app/test/test_security_inline_proto.c         | 10 +--
 doc/guides/rel_notes/deprecation.rst          |  4 -
 doc/guides/rel_notes/release_22_11.rst        |  5 ++
 drivers/crypto/caam_jr/caam_jr.c              |  2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  4 +-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  4 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  4 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |  2 +-
 examples/ipsec-secgw/ipsec_worker.c           |  2 +-
 lib/cryptodev/rte_crypto_sym.h                |  4 +-
 lib/ipsec/rte_ipsec_group.h                   | 12 +--
 lib/ipsec/ses.c                               |  2 +-
 lib/security/rte_security.c                   | 13 ++-
 lib/security/rte_security.h                   | 80 ++++++++++++-------
 lib/security/rte_security_driver.h            | 18 +++++
 26 files changed, 137 insertions(+), 97 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index bd3c941fea..7ba4e13244 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+		void *sec_sess = (void *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
 		uint64_t *tsc_start)
 {
-	struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+	void *sec_sess = sess;
 	const uint32_t test_buffer_size = options->test_buffer_size;
 	const uint32_t headroom_sz = options->headroom_sz;
 	const uint32_t segment_sz = options->segment_sz;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index f0ca78af4f..045fd1c29a 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -71,7 +71,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index c924459958..38340dae08 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -49,7 +49,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 					rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(
 				sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		}
 #endif
 		else
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index abd2882fd6..b77e14cb06 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -84,7 +84,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3f691f0f56..cb77b39dbb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 
 int
 test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			struct rte_security_session *sess,
+			void *sess,
 			const struct ipsec_test_flags *flags,
 			enum rte_security_ipsec_sa_direction dir)
 {
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 02b08f9f95..6a119bee46 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -277,7 +277,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
 			    int pkt_num);
 
 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index bb3b3835fa..f336479b2e 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,7 +234,7 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
 	struct rte_mempool *priv_mp;
 
@@ -268,7 +268,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -322,7 +322,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -352,7 +352,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -513,7 +513,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -650,7 +650,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -701,7 +701,7 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
 			ts_params->session_mpool);
@@ -723,7 +723,7 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
@@ -747,7 +747,7 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
@@ -770,7 +770,7 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
 			ts_params->session_mpool);
@@ -791,7 +791,7 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
@@ -812,8 +812,8 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -853,7 +853,7 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
@@ -879,7 +879,7 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 9c6a09676e..3f520840ac 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
 /* Create Inline IPsec session */
 static int
 create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
-		struct rte_security_session **sess, struct rte_security_ctx **ctx,
+		void **sess, struct rte_security_ctx **ctx,
 		uint32_t *ol_flags, const struct ipsec_test_flags *flags,
 		struct rte_security_session_conf *sess_conf)
 {
@@ -695,8 +695,8 @@ static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
 		const struct ipsec_test_flags *flags)
 {
-	struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
-	struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
 	struct rte_eth_ip_reassembly_params reass_capa = {0};
 	struct rte_security_session_conf sess_conf_out = {0};
 	struct rte_security_session_conf sess_conf_in = {0};
@@ -963,7 +963,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	struct rte_crypto_sym_xform cipher = {0};
 	struct rte_crypto_sym_xform auth = {0};
 	struct rte_crypto_sym_xform aead = {0};
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	int nb_rx = 0, nb_sent;
 	uint32_t ol_flags;
@@ -1199,7 +1199,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
 	struct rte_mbuf *rx_pkt = NULL;
 	struct rte_mbuf *tx_pkt = NULL;
 	int nb_rx, nb_sent;
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	uint32_t ol_flags;
 	bool outer_ipv4;
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 9785a0f3ce..701d32b818 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -166,10 +166,6 @@ Deprecation Notices
   which got error interrupt to the application,
   so that application can reset that particular queue pair.
 
-* security: Hide structure ``rte_security_session`` and expose an opaque
-  pointer for the private data to the application which can be attached
-  to the packet while enqueuing.
-
 * security: MACsec support is planned to be added in DPDK 22.11,
   which would result in updates to structures ``rte_security_macsec_xform``,
   ``rte_security_macsec_stats`` and security capability structure
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 4b8b34d8ba..6a6d1649cc 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -98,6 +98,11 @@ API Changes
   All sample applications were updated to attach an opaque pointer for the session
   to the ``rte_crypto_op`` while enqueuing.
 
+* security: The structure ``rte_security_session`` was made internal and corresponding
+  APIs were updated to take/return an opaque session pointer. The API
+  ``rte_security_session_create`` was updated to take only one mempool which has enough
+  space to hold session and driver private data.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a6d3a494e6..3b06522d06 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		ses = SECURITY_GET_SESS_PRIV(op->sym->session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f127c84fd3..0dc2dc4baa 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,7 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -322,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b395f830b1..2ed298e01f 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(sym_op->session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3c51913dd8..afa9bd0a62 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 
 	if (sess == NULL)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 72b848fd49..331e23e628 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,7 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 	if (sess == NULL) {
 		printf("session is NULL\n");
@@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+				ses = SECURITY_GET_SESS_PRIV(op->sym->session);
 				break;
 #endif
 			default:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index fc9ee01124..8ec2364aa7 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	session = SECURITY_GET_SESS_PRIV(op->sym->session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index f8ec8b7233..69f5add637 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
@@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				}
 			}
 
-			sess = (uintptr_t)op->sym->sec_session;
+			sess = (uintptr_t)op->sym->session;
 			build_request = ctx->build_request[proc_type];
 			opaque[0] = sess;
 			opaque[1] = (uintptr_t)build_request;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 033ec0de85..9a4251e08b 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 8ea0f9540e..49f9202aca 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -5,7 +5,7 @@
 #ifndef _IAVF_IPSEC_CRYPTO_H_
 #define _IAVF_IPSEC_CRYPTO_H_
 
-#include <rte_security.h>
+#include <rte_security_driver.h>
 
 #include "iavf.h"
 
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 5e69450d27..49b1b951f1 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -17,7 +17,7 @@
 #endif
 
 struct port_drv_mode_data {
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_ctx *ctx;
 };
 
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 84deecac48..b1650adcac 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -617,11 +617,9 @@ struct rte_crypto_sym_op {
 	RTE_STD_C11
 	union {
 		void *session;
-		/**< Handle for the initialised session context */
+		/**< Handle for the initialised crypto/security session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
-		struct rte_security_session *sec_session;
-		/**< Handle for the initialised security session context */
 	};
 
 	RTE_STD_C11
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index a4e0e128f8..c6458ef81e 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
-	void *cs;
+	void *ses;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ss = cop->sym[0].sec_session;
-		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
+		ses = cop->sym[0].session;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_security_session_opaque_data_get(ses);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-		cs = cop->sym[0].session;
+		ses = cop->sym[0].session;
 		return (struct rte_ipsec_session *)(uintptr_t)
-			rte_cryptodev_sym_session_opaque_data_get(cs);
+			rte_cryptodev_sym_session_opaque_data_get(ses);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 0d3c932302..d9ab1e6d2b 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
 			(uintptr_t)ss);
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 87a21a6e33..59bb141cac 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -42,7 +42,7 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp)
@@ -72,12 +72,12 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return (void *)sess;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -99,7 +99,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
@@ -111,8 +111,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
 	int ret;
 
@@ -134,7 +133,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index bf4ff3c18c..2e717b7468 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -518,20 +518,6 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	RTE_MARKER cacheline0;
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	rte_iova_t driver_priv_data_iova;
-	/**< session private data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	uint8_t driver_priv_data[0];
-	/**< Private session material, variable size (depends on driver) */
-};
-
 /**
  * Create security session as specified by the session configuration
  *
@@ -542,7 +528,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -560,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -590,8 +576,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  *  - other negative values in case of freeing private data errors.
  */
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -634,10 +619,52 @@ static inline bool rte_security_dynfield_is_registered(void)
 	return rte_security_dynfield_offset >= 0;
 }
 
+#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF	0
+#define RTE_SECURITY_SESS_FAST_MDATA_OFF	1
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
+
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -655,13 +682,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->fast_mdata);
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)
+			rte_security_session_fast_mdata_get(sess);
 		return 0;
 	}
 
@@ -710,10 +737,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  * @param	sess	security session
  */
 static inline int
-__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
-	sym_op->sec_session = sess;
+	sym_op->session = sess;
 
 	return 0;
 }
@@ -729,7 +755,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+			    void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -791,7 +817,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index c8119a8a50..37be87b9f7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,24 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
+};
+
 /**
  * Helper macro to get driver private data
  */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v3 0/6] crypto/security session framework rework
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (5 preceding siblings ...)
  2022-09-24 16:35     ` [PATCH v3 6/6] security: hide session structure Akhil Goyal
@ 2022-09-24 16:39     ` Akhil Goyal
  2022-09-26 10:09     ` Ruifeng Wang
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
  8 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-24 16:39 UTC (permalink / raw)
  To: Akhil Goyal, dev, qiming.yang, wenjun1.wu, jianwang, jiawenwu
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, pablo.de.lara.guarch, matan,
	g.singh, jingjing.wu, beilei.xing, Nithin Kumar Dabilpuram,
	roy.fan.zhang

Hi ixgbe/txgbe maintainers,

Please have a look at these patches. These introduce a FIXME into your code.
Please test these patches and provide a proper fix.

Regards,
Akhil

> Subject: [PATCH v3 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session
> data structure to use a single virtual/physical contiguous buffer
> for symmetric crypto/security session and driver private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed
> by multiple device drivers. For the same reason
> rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and
> clear the driver specific data field.
> 
> The change was also submitted last year during DPDK 21.11
> timeframe also[1], but was not applied due to lack of feedback from
> community. Please help in getting this cleanup merged in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all
> the issues reported so far.
> 
> Changes in v3:
> - Updated release notes
> - fixed checkpatch issues
> - renamed macro to get sess priv data to align with crypto macro
> - added acked-by/tested-by
> 
> Changes in v2:
> This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
> with a few changes
> - Added security session rework also.
> - fixed issues in [2] reported on mailing list.
> - few other fixes.
> 
> Please review and provide feedback as soon as possible
> as this is intended to be merged in DPDK 22.11 RC1.
> 
> Currently the cnxk platform is tested with this change.
> Request everyone to review and test on their platform.
> 
> Special note to ixgbe and txgbe maintainers.
> There is a wrong implementation for flow creation. Please check.
> A hack is added to bypass it. Please fix it separately.
> 
> [1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-
> gakhil@marvell.com/
> [2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-
> roy.fan.zhang@intel.com/
> 
> 
> 
> Akhil Goyal (5):
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   security: remove priv mempool usage
>   drivers/crypto: support security session get size op
>   security: hide session structure
> 
> Fan Zhang (1):
>   crypto/scheduler: use unified session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  40 +--
>  app/test-crypto-perf/cperf_ops.h              |   2 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   9 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |  10 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   9 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  30 +-
>  app/test-eventdev/test_perf_common.c          |  35 +-
>  app/test-eventdev/test_perf_common.h          |   1 -
>  app/test/test_cryptodev.c                     | 336 +++++-------------
>  app/test/test_cryptodev_blockcipher.c         |  16 +-
>  app/test/test_cryptodev_security_ipsec.c      |   2 +-
>  app/test/test_cryptodev_security_ipsec.h      |   2 +-
>  app/test/test_event_crypto_adapter.c          |  35 +-
>  app/test/test_ipsec.c                         |  47 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 178 ++--------
>  app/test/test_security_inline_proto.c         |  26 +-
>  doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 -
>  doc/guides/rel_notes/release_22_11.rst        |  14 +
>  drivers/common/cnxk/roc_cpt.c                 |   4 +-
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  32 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  69 +---
>  drivers/crypto/ccp/ccp_crypto.c               |  56 +--
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  69 +---
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
>  drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
>  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
>  drivers/crypto/qat/qat_sym.c                  |  15 +-
>  drivers/crypto/qat/qat_sym.h                  |  16 +-
>  drivers/crypto/qat/qat_sym_session.c          |  73 ++--
>  drivers/crypto/qat/qat_sym_session.h          |  10 +-
>  drivers/crypto/scheduler/scheduler_failover.c |  19 +-
>  .../crypto/scheduler/scheduler_multicore.c    |  17 +
>  .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
>  .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
>  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
>  drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
>  drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
>  drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
>  examples/fips_validation/fips_dev_self_test.c |  40 +--
>  examples/fips_validation/main.c               |  35 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
>  examples/ipsec-secgw/ipsec.c                  |  16 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   2 +-
>  examples/l2fwd-crypto/main.c                  |  54 +--
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
>  lib/cryptodev/cryptodev_trace_points.c        |   6 -
>  lib/cryptodev/rte_crypto.h                    |   3 +-
>  lib/cryptodev/rte_crypto_sym.h                |  11 +-
>  lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
>  lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
>  lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
>  lib/cryptodev/version.map                     |   6 -
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   5 +-
>  lib/pipeline/rte_table_action.c               |  10 +-
>  lib/security/rte_security.c                   |  33 +-
>  lib/security/rte_security.h                   |  90 +++--
>  lib/security/rte_security_driver.h            |  31 +-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |  28 +-
>  109 files changed, 1251 insertions(+), 2431 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v3 0/6] crypto/security session framework rework
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (6 preceding siblings ...)
  2022-09-24 16:39     ` [PATCH v3 0/6] crypto/security session framework rework Akhil Goyal
@ 2022-09-26 10:09     ` Ruifeng Wang
  2022-09-26 10:12       ` Akhil Goyal
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
  8 siblings, 1 reply; 47+ messages in thread
From: Ruifeng Wang @ 2022-09-26 10:09 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	Ajit Khaparde (ajit.khaparde@broadcom.com),
	anoobj, pablo.de.lara.guarch, matan, g.singh, qiming.yang,
	wenjun1.wu, jianwang, jingjing.wu, beilei.xing, ndabilpuram,
	roy.fan.zhang, nd

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Sunday, September 25, 2022 12:36 AM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com; hemant.agrawal@nxp.com;
> vattunuru@marvell.com; ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com; yisen.zhuang@huawei.com;
> irusskikh@marvell.com; jerinj@marvell.com; adwivedi@marvell.com;
> maxime.coquelin@redhat.com; chandu@amd.com; Ruifeng Wang <Ruifeng.Wang@arm.com>; Ajit
> Khaparde (ajit.khaparde@broadcom.com) <ajit.khaparde@broadcom.com>; anoobj@marvell.com;
> pablo.de.lara.guarch@intel.com; matan@nvidia.com; g.singh@nxp.com; qiming.yang@intel.com;
> wenjun1.wu@intel.com; jianwang@trustnetic.com; jingjing.wu@intel.com;
> beilei.xing@intel.com; ndabilpuram@marvell.com; roy.fan.zhang@intel.com; Akhil Goyal
> <gakhil@marvell.com>
> Subject: [PATCH v3 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session data structure to use a
> single virtual/physical contiguous buffer for symmetric crypto/security session and driver
> private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed by multiple device
> drivers. For the same reason rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and clear the driver specific data
> field.
> 
> The change was also submitted last year during DPDK 21.11 timeframe also[1], but was not
> applied due to lack of feedback from community. Please help in getting this cleanup merged
> in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all the issues reported so far.
> 
> Changes in v3:
> - Updated release notes
> - fixed checkpatch issues
> - renamed macro to get sess priv data to align with crypto macro
> - added acked-by/tested-by
> 

Hi Akhil,

Thanks for the changes.
Armv8 crypo PMD has build issue with this series.
I updated code based on your series to fix the build. And an issue found
in unit test is also fixed.
http://patches.dpdk.org/project/dpdk/cover/20220926100120.3980185-1-ruifeng.wang@arm.com/

Could you merge my changes into your series?

Thanks.


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v3 0/6] crypto/security session framework rework
  2022-09-26 10:09     ` Ruifeng Wang
@ 2022-09-26 10:12       ` Akhil Goyal
  0 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 10:12 UTC (permalink / raw)
  To: Ruifeng Wang, dev
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu,
	Ajit Khaparde (ajit.khaparde@broadcom.com),
	Anoob Joseph, pablo.de.lara.guarch, matan, g.singh, qiming.yang,
	wenjun1.wu, jianwang, jingjing.wu, beilei.xing,
	Nithin Kumar Dabilpuram, roy.fan.zhang, nd

> > Subject: [PATCH v3 0/6] crypto/security session framework rework
> >
> > This patchset reworks the symmetric crypto and security session data structure
> to use a
> > single virtual/physical contiguous buffer for symmetric crypto/security session
> and driver
> > private data.
> > In addition the session data structure is now private.
> > The session is represented as an opaque pointer in the application.
> >
> > With the change the session is no longer supported to be accessed by multiple
> device
> > drivers. For the same reason rte_cryptodev_sym_session_init/clear APIs are
> deprecated as
> > rte_cryptodev_sym_session_create/free will initialize and clear the driver
> specific data
> > field.
> >
> > The change was also submitted last year during DPDK 21.11 timeframe also[1],
> but was not
> > applied due to lack of feedback from community. Please help in getting this
> cleanup merged
> > in this cycle.
> >
> > Now the similar work was already done for asymmetric crypto.
> > This patchset is rebased over current tree and fixes all the issues reported so
> far.
> >
> > Changes in v3:
> > - Updated release notes
> > - fixed checkpatch issues
> > - renamed macro to get sess priv data to align with crypto macro
> > - added acked-by/tested-by
> >
> 
> Hi Akhil,
> 
> Thanks for the changes.
> Armv8 crypo PMD has build issue with this series.
> I updated code based on your series to fix the build. And an issue found
> in unit test is also fixed.
> http://patches.dpdk.org/project/dpdk/cover/20220926100120.3980185-1-ruifeng.wang@arm.com/> 
> Could you merge my changes into your series?
> 
Sure I will. Thanks for bringing this into my notice. Armv8 is by default not enabled on my build machine. So it got skipped.

^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 0/6] crypto/security session framework rework
  2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
                       ` (7 preceding siblings ...)
  2022-09-26 10:09     ` Ruifeng Wang
@ 2022-09-26 19:14     ` Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 1/6] cryptodev: rework session framework Akhil Goyal
                         ` (7 more replies)
  8 siblings, 8 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal

This patchset reworks the symmetric crypto and security session
data structure to use a single virtual/physical contiguous buffer
for symmetric crypto/security session and driver private data.
In addition the session data structure is now private.
The session is represented as an opaque pointer in the application.

With the change the session is no longer supported to be accessed
by multiple device drivers. For the same reason
rte_cryptodev_sym_session_init/clear APIs are deprecated as
rte_cryptodev_sym_session_create/free will initialize and
clear the driver specific data field.

The change was also submitted last year during DPDK 21.11
timeframe also[1], but was not applied due to lack of feedback from
community. Please help in getting this cleanup merged in this cycle.

Now the similar work was already done for asymmetric crypto.
This patchset is rebased over current tree and fixes all
the issues reported so far.

Changes in v4:
- squashed armv8_crypto fixes.
http://patches.dpdk.org/project/dpdk/cover/20220926100120.3980185-1-ruifeng.wang@arm.com/

Changes in v3:
- Updated release notes
- fixed checkpatch issues
- renamed macro to get sess priv data to align with crypto macro
- added acked-by/tested-by

Changes in v2:
This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
with a few changes
- Added security session rework also.
- fixed issues in [2] reported on mailing list.
- few other fixes.

Please review and provide feedback as soon as possible
as this is intended to be merged in DPDK 22.11 RC1.

Currently the cnxk platform is tested with this change.
Request everyone to review and test on their platform.

Special note to ixgbe and txgbe maintainers.
There is a wrong implementation for flow creation. Please check.
A hack is added to bypass it. Please fix it separately.

[1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-gakhil@marvell.com/
[2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-roy.fan.zhang@intel.com/



Akhil Goyal (5):
  cryptodev: rework session framework
  cryptodev: hide sym session structure
  security: remove priv mempool usage
  drivers/crypto: support security session get size op
  security: hide session structure

Fan Zhang (1):
  crypto/scheduler: use unified session

 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  40 +--
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   9 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |  10 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   9 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |  30 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 337 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_cryptodev_security_ipsec.c      |   2 +-
 app/test/test_cryptodev_security_ipsec.h      |   2 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  47 +--
 app/test/test_ipsec_perf.c                    |   4 +-
 app/test/test_security.c                      | 178 ++-------
 app/test/test_security_inline_proto.c         |  26 +-
 doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
 doc/guides/rel_notes/deprecation.rst          |   9 -
 doc/guides/rel_notes/release_22_11.rst        |  14 +
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  35 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  69 +---
 drivers/crypto/ccp/ccp_crypto.c               |  56 +--
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  69 +---
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
 drivers/crypto/null/null_crypto_pmd.c         |  20 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
 drivers/crypto/qat/qat_sym.c                  |  15 +-
 drivers/crypto/qat/qat_sym.h                  |  16 +-
 drivers/crypto/qat/qat_sym_session.c          |  73 ++--
 drivers/crypto/qat/qat_sym_session.h          |  10 +-
 drivers/crypto/scheduler/scheduler_failover.c |  19 +-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +
 .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
 examples/fips_validation/fips_dev_self_test.c |  40 +--
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
 examples/ipsec-secgw/ipsec.c                  |  16 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 examples/ipsec-secgw/ipsec_worker.c           |   2 +-
 examples/l2fwd-crypto/main.c                  |  54 +--
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_crypto.h                    |   3 +-
 lib/cryptodev/rte_crypto_sym.h                |  11 +-
 lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
 lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
 lib/cryptodev/version.map                     |   6 -
 lib/ipsec/rte_ipsec_group.h                   |  13 +-
 lib/ipsec/ses.c                               |   5 +-
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/security/rte_security.c                   |  33 +-
 lib/security/rte_security.h                   |  90 +++--
 lib/security/rte_security_driver.h            |  31 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 110 files changed, 1253 insertions(+), 2435 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 1/6] cryptodev: rework session framework
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 2/6] crypto/scheduler: use unified session Akhil Goyal
                         ` (6 subsequent siblings)
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal,
	Ruifeng Wang, Kai Ji, David Coyle, Kevin O'Sullivan

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.

rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ruifeng Wang <Ruifeng.Wang@arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf_ops.c              |  21 +-
 app/test-crypto-perf/cperf_test_latency.c     |   6 +-
 .../cperf_test_pmd_cyclecount.c               |   5 +-
 app/test-crypto-perf/cperf_test_throughput.c  |   6 +-
 app/test-crypto-perf/cperf_test_verify.c      |   6 +-
 app/test-crypto-perf/main.c                   |  29 +-
 app/test-eventdev/test_perf_common.c          |  35 +-
 app/test-eventdev/test_perf_common.h          |   1 -
 app/test/test_cryptodev.c                     | 303 +++++-------------
 app/test/test_cryptodev_blockcipher.c         |  16 +-
 app/test/test_event_crypto_adapter.c          |  35 +-
 app/test/test_ipsec.c                         |  42 +--
 drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
 drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  35 +-
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  38 +--
 drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
 drivers/crypto/caam_jr/caam_jr.c              |  28 +-
 drivers/crypto/ccp/ccp_crypto.c               |  58 +---
 drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
 drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
 drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  36 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  31 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  14 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  31 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  37 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   4 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 ++-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  36 +--
 drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
 drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
 drivers/crypto/mlx5/mlx5_crypto.c             |  26 +-
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   8 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +-
 drivers/crypto/nitrox/nitrox_sym.c            |  39 +--
 drivers/crypto/null/null_crypto_pmd.c         |  19 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
 drivers/crypto/null/null_crypto_pmd_private.h |   2 -
 .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
 drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
 drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
 drivers/crypto/qat/qat_sym.c                  |  10 +-
 drivers/crypto/qat/qat_sym.h                  |   4 +-
 drivers/crypto/qat/qat_sym_session.c          |  40 +--
 drivers/crypto/qat/qat_sym_session.h          |   6 +-
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  38 +--
 drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
 drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
 examples/fips_validation/fips_dev_self_test.c |  30 +-
 examples/fips_validation/main.c               |  35 +-
 examples/ipsec-secgw/ipsec-secgw.c            |  10 +-
 examples/ipsec-secgw/ipsec.c                  |   7 +-
 examples/l2fwd-crypto/main.c                  |  54 +---
 examples/vhost_crypto/main.c                  |  16 +-
 lib/cryptodev/cryptodev_pmd.h                 |  28 +-
 lib/cryptodev/cryptodev_trace_points.c        |   6 -
 lib/cryptodev/rte_cryptodev.c                 | 276 ++++++----------
 lib/cryptodev/rte_cryptodev.h                 | 123 ++-----
 lib/cryptodev/rte_cryptodev_trace.h           |  33 +-
 lib/cryptodev/version.map                     |   6 -
 lib/pipeline/rte_table_action.c               |  10 +-
 lib/vhost/rte_vhost_crypto.h                  |   3 -
 lib/vhost/vhost_crypto.c                      |  28 +-
 72 files changed, 553 insertions(+), 1674 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index d746d51082..c6f5735bb0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -912,7 +912,6 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					&sess_conf, sess_mp, priv_mp);
 	}
 #endif
-	sess = rte_cryptodev_sym_session_create(sess_mp);
 	/*
 	 * cipher only
 	 */
@@ -937,8 +936,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &cipher_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &cipher_xform,
+				sess_mp);
 	/*
 	 *  auth only
 	 */
@@ -965,8 +964,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
-		rte_cryptodev_sym_session_init(dev_id, sess, &auth_xform,
-				priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &auth_xform,
+				sess_mp);
 	/*
 	 * cipher and auth
 	 */
@@ -1024,13 +1023,13 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
 			cipher_xform.next = &auth_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &cipher_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&cipher_xform, sess_mp);
 		} else { /* auth then cipher */
 			auth_xform.next = &cipher_xform;
 			/* create crypto session */
-			rte_cryptodev_sym_session_init(dev_id,
-					sess, &auth_xform, priv_mp);
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform, sess_mp);
 		}
 	} else { /* options->op_type == CPERF_AEAD */
 		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1050,8 +1049,8 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					options->aead_aad_sz;
 
 		/* Create crypto session */
-		rte_cryptodev_sym_session_init(dev_id,
-					sess, &aead_xform, priv_mp);
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform,
+				sess_mp);
 	}
 
 	return sess;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 6f972cea49..afd8cb209b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -44,10 +44,8 @@ static void
 cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 3f2da13d3a..edd2730b73 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -74,10 +74,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		} else
 #endif
-		{
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 
 	rte_mempool_free(ctx->pool);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index fba66bbde9..fa13915dc3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -52,10 +52,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 				(struct rte_security_session *)ctx->sess);
 		}
 #endif
-		else {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
 	rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index b691595675..c1465db243 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -39,10 +39,8 @@ static void
 cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 {
 	if (ctx) {
-		if (ctx->sess) {
-			rte_cryptodev_sym_session_clear(ctx->dev_id, ctx->sess);
-			rte_cryptodev_sym_session_free(ctx->sess);
-		}
+		if (ctx->sess)
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 
 		rte_mempool_free(ctx->pool);
 
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 27acd619bc..3469b836e1 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -97,35 +97,14 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
 
-	if (session_pool_socket[socket_id].priv_mp == NULL) {
-		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"priv_sess_mp_%u", socket_id);
-
-		sess_mp = rte_mempool_create(mp_name,
-					nb_sessions,
-					session_priv_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, socket_id,
-					0);
-
-		if (sess_mp == NULL) {
-			printf("Cannot create pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-			return -ENOMEM;
-		}
-
-		printf("Allocated pool \"%s\" on socket %d\n",
-			mp_name, socket_id);
-		session_pool_socket[socket_id].priv_mp = sess_mp;
-	}
-
 	if (session_pool_socket[socket_id].sess_mp == NULL) {
 
 		snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 
 		sess_mp = rte_cryptodev_sym_session_pool_create(mp_name,
-					nb_sessions, 0, 0, 0, socket_id);
+					nb_sessions, session_priv_size, 0, 0,
+					socket_id);
 
 		if (sess_mp == NULL) {
 			printf("Cannot create pool \"%s\" on socket %d\n",
@@ -136,6 +115,7 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
+		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -323,12 +303,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
 			return ret;
 
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		if (opts->op_type == CPERF_ASYM_MODEX) {
 			qp_conf.mp_session = NULL;
-			qp_conf.mp_session_private = NULL;
 		}
 
 		ret = rte_cryptodev_configure(cdev_id, &conf);
diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c
index 81420be73a..30cefcb6dd 100644
--- a/app/test-eventdev/test_perf_common.c
+++ b/app/test-eventdev/test_perf_common.c
@@ -864,18 +864,13 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t)
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	cipher_xform.next = NULL;
 
-	sess = rte_cryptodev_sym_session_create(t->ca_sess_pool);
+	sess = rte_cryptodev_sym_session_create(p->ca.cdev_id, &cipher_xform,
+			t->ca_sess_pool);
 	if (sess == NULL) {
 		evt_err("Failed to create sym session");
 		return NULL;
 	}
 
-	if (rte_cryptodev_sym_session_init(p->ca.cdev_id, sess, &cipher_xform,
-					   t->ca_sess_priv_pool)) {
-		evt_err("Failed to init session");
-		return NULL;
-	}
-
 	return sess;
 }
 
@@ -1382,15 +1377,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 		goto err;
 	}
 
-	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
-		"ca_sess_pool", nb_sessions, 0, 0,
-		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
-	if (t->ca_sess_pool == NULL) {
-		evt_err("Failed to create sym session pool");
-		ret = -ENOMEM;
-		goto err;
-	}
-
 	max_session_size = 0;
 	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		unsigned int session_size;
@@ -1401,12 +1387,11 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 			max_session_size = session_size;
 	}
 
-	max_session_size += sizeof(union rte_event_crypto_metadata);
-	t->ca_sess_priv_pool = rte_mempool_create(
-		"ca_sess_priv_pool", nb_sessions, max_session_size, 0, 0, NULL,
-		NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-	if (t->ca_sess_priv_pool == NULL) {
-		evt_err("failed to create sym session private pool");
+	t->ca_sess_pool = rte_cryptodev_sym_session_pool_create(
+		"ca_sess_pool", nb_sessions, max_session_size, 0,
+		sizeof(union rte_event_crypto_metadata), SOCKET_ID_ANY);
+	if (t->ca_sess_pool == NULL) {
+		evt_err("Failed to create sym session pool");
 		ret = -ENOMEM;
 		goto err;
 	}
@@ -1446,7 +1431,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 		qp_conf.nb_descriptors = NB_CRYPTODEV_DESCRIPTORS;
 		qp_conf.mp_session = t->ca_sess_pool;
-		qp_conf.mp_session_private = t->ca_sess_priv_pool;
 
 		for (qp_id = 0; qp_id < conf.nb_queue_pairs; qp_id++) {
 			ret = rte_cryptodev_queue_pair_setup(
@@ -1467,7 +1451,6 @@ perf_cryptodev_setup(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 
 	return ret;
@@ -1492,8 +1475,7 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 		for (flow_id = 0; flow_id < t->nb_flows; flow_id++) {
 			sess = p->ca.crypto_sess[flow_id];
 			cdev_id = p->ca.cdev_id;
-			rte_cryptodev_sym_session_clear(cdev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
+			rte_cryptodev_sym_session_free(cdev_id, sess);
 		}
 
 		rte_event_crypto_adapter_queue_pair_del(
@@ -1509,7 +1491,6 @@ perf_cryptodev_destroy(struct evt_test *test, struct evt_options *opt)
 
 	rte_mempool_free(t->ca_op_pool);
 	rte_mempool_free(t->ca_sess_pool);
-	rte_mempool_free(t->ca_sess_priv_pool);
 	rte_mempool_free(t->ca_asym_sess_pool);
 }
 
diff --git a/app/test-eventdev/test_perf_common.h b/app/test-eventdev/test_perf_common.h
index 8cbd06fe42..d06d52cdf8 100644
--- a/app/test-eventdev/test_perf_common.h
+++ b/app/test-eventdev/test_perf_common.h
@@ -70,7 +70,6 @@ struct test_perf {
 		RTE_EVENT_TIMER_ADAPTER_NUM_MAX] __rte_cache_aligned;
 	struct rte_mempool *ca_op_pool;
 	struct rte_mempool *ca_sess_pool;
-	struct rte_mempool *ca_sess_priv_pool;
 	struct rte_mempool *ca_asym_sess_pool;
 } __rte_cache_aligned;
 
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0c39b16b71..ae2b102ecb 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -13,6 +13,7 @@
 #include <rte_pause.h>
 #include <rte_bus_vdev.h>
 #include <rte_ether.h>
+#include <rte_errno.h>
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
@@ -644,23 +645,17 @@ testsuite_setup(void)
 	}
 
 	ts_params->session_mpool = rte_cryptodev_sym_session_pool_create(
-			"test_sess_mp", MAX_NB_SESSIONS, 0, 0, 0,
+			"test_sess_mp", MAX_NB_SESSIONS, session_size, 0, 0,
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-
 	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv",
-			MAX_NB_SESSIONS,
-			session_size,
-			0, 0, NULL, NULL, NULL,
-			NULL, SOCKET_ID_ANY,
-			0);
+			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
+			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
+
 	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
 			"session mempool allocation failed");
 
-
-
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
 			"Failed to configure cryptodev %u with %u qps",
@@ -668,7 +663,6 @@ testsuite_setup(void)
 
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -697,15 +691,11 @@ testsuite_teardown(void)
 		rte_mempool_avail_count(ts_params->op_mpool));
 	}
 
-	/* Free session mempools */
-	if (ts_params->session_priv_mpool != NULL) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
-
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
+		rte_mempool_free(ts_params->session_priv_mpool);
+		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -1392,7 +1382,6 @@ dev_configure_and_start(uint64_t ff_disable)
 	ts_params->conf.ff_disable = ff_disable;
 	ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	ts_params->qp_conf.mp_session = ts_params->session_mpool;
-	ts_params->qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
 			&ts_params->conf),
@@ -1452,10 +1441,8 @@ ut_teardown(void)
 #endif
 	{
 		if (ut_params->sess) {
-			rte_cryptodev_sym_session_clear(
-					ts_params->valid_devs[0],
+			rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 					ut_params->sess);
-			rte_cryptodev_sym_session_free(ut_params->sess);
 			ut_params->sess = NULL;
 		}
 	}
@@ -1610,7 +1597,6 @@ test_queue_pair_descriptor_setup(void)
 	 */
 	qp_conf.nb_descriptors = MIN_NUM_OPS_INFLIGHT; /* min size*/
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
 		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
@@ -2155,8 +2141,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
-
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
 	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2200,19 +2184,13 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->auth_xform.auth.key.data = hmac_sha1_key;
 	ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
 
+	rte_errno = 0;
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	/* Create crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	if (rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	/* Generate crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2441,7 +2419,6 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	enum rte_crypto_auth_algorithm algo)
 {
 	uint8_t hash_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2461,16 +2438,11 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.digest_length = auth_len;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
 	ut_params->auth_xform.auth.iv.length = iv_len;
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2483,7 +2455,6 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2503,16 +2474,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session */
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2590,7 +2557,6 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 
 {
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2625,17 +2591,12 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
 
@@ -2649,7 +2610,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 {
 	const uint8_t key_len = tdata->key.len;
 	uint8_t cipher_auth_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2689,16 +2649,11 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 	return 0;
 }
@@ -2724,7 +2679,6 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
-	int status;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
@@ -2755,26 +2709,19 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	if (cipher_op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		ut_params->auth_xform.next = NULL;
 		ut_params->cipher_xform.next = &ut_params->auth_xform;
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->cipher_xform, ts_params->session_mpool);
 	} else
-		status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
 
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
 
-	TEST_ASSERT_EQUAL(status, 0, "session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	return 0;
 }
@@ -8205,7 +8152,6 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 		uint8_t iv_len)
 {
 	uint8_t aead_key[key_len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8227,15 +8173,12 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
 	debug_hexdump(stdout, "key:", key, key_len);
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->aead_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -8679,7 +8622,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
 				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				NULL);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -12029,7 +11972,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 				   const struct HMAC_MD5_vector *test_case)
 {
 	uint8_t key[64];
-	int status;
 
 	memcpy(key, test_case->key.data, test_case->key.len);
 
@@ -12044,16 +11986,11 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.key.data = key;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(
+		ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-	if (ut_params->sess == NULL)
-		return TEST_FAILED;
-
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	if (status == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
@@ -12261,12 +12198,9 @@ test_multi_session(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-
 	struct rte_cryptodev_info dev_info;
 	struct rte_cryptodev_sym_session **sessions;
-
 	uint16_t i;
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12293,20 +12227,15 @@ test_multi_session(void)
 
 	/* Create multiple crypto sessions*/
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-
 		sessions[i] = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
+			return TEST_SKIPPED;
+
 		TEST_ASSERT_NOT_NULL(sessions[i],
 				"Session creation failed at session number %u",
 				i);
-
-		status = rte_cryptodev_sym_session_init(
-				ts_params->valid_devs[0],
-				sessions[i], &ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-		if (status == -ENOTSUP)
-			return TEST_SKIPPED;
-
 		/* Attempt to send a request on each session */
 		TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
 			sessions[i],
@@ -12336,18 +12265,9 @@ test_multi_session(void)
 		}
 	}
 
-	sessions[i] = NULL;
-	/* Next session create should fail */
-	rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			sessions[i], &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT_NULL(sessions[i],
-			"Session creation succeeded unexpectedly!");
-
 	for (i = 0; i < MAX_NB_SESSIONS; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12398,7 +12318,6 @@ test_multi_session_random_usage(void)
 		},
 
 	};
-	int status;
 
 	/* Verify the capabilities */
 	struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -12420,11 +12339,6 @@ test_multi_session_random_usage(void)
 					* MAX_NB_SESSIONS) + 1, 0);
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		sessions[i] = rte_cryptodev_sym_session_create(
-				ts_params->session_mpool);
-		TEST_ASSERT_NOT_NULL(sessions[i],
-				"Session creation failed at session number %u",
-				i);
 
 		rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
 				sizeof(struct crypto_unittest_params));
@@ -12434,16 +12348,16 @@ test_multi_session_random_usage(void)
 				ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
 
 		/* Create multiple crypto sessions*/
-		status = rte_cryptodev_sym_session_init(
+		sessions[i] = rte_cryptodev_sym_session_create(
 				ts_params->valid_devs[0],
-				sessions[i],
 				&ut_paramz[i].ut_params.auth_xform,
-				ts_params->session_priv_mpool);
-
-		if (status == -ENOTSUP)
+				ts_params->session_mpool);
+		if (sessions[i] == NULL && rte_errno == ENOTSUP)
 			return TEST_SKIPPED;
 
-		TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+		TEST_ASSERT_NOT_NULL(sessions[i],
+				"Session creation failed at session number %u",
+				i);
 	}
 
 	srand(time(NULL));
@@ -12481,9 +12395,8 @@ test_multi_session_random_usage(void)
 	}
 
 	for (i = 0; i < MB_SESSION_NUMBER; i++) {
-		rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
+		rte_cryptodev_sym_session_free(ts_params->valid_devs[0],
 				sessions[i]);
-		rte_cryptodev_sym_session_free(sessions[i]);
 	}
 
 	rte_free(sessions);
@@ -12501,7 +12414,6 @@ test_null_invalid_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int ret;
 
 	/* This test is for NULL PMD only */
 	if (gbl_driver_id != rte_cryptodev_driver_id_get(
@@ -12515,17 +12427,13 @@ test_null_invalid_operation(void)
 	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
-
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -12533,14 +12441,11 @@ test_null_invalid_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
+	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-
-	/* Create Crypto session*/
-	ret = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-	TEST_ASSERT(ret < 0,
+	TEST_ASSERT(ut_params->sess == NULL,
 			"Session creation succeeded unexpectedly");
 
 	return TEST_SUCCESS;
@@ -12554,7 +12459,6 @@ test_null_burst_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	int status;
 
 	unsigned i, burst_len = NULL_BURST_LENGTH;
 
@@ -12580,19 +12484,14 @@ test_null_burst_operation(void)
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_NULL;
 	ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
 	/* Create Crypto session*/
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-			ut_params->sess, &ut_params->cipher_xform,
-			ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
+	ut_params->sess = rte_cryptodev_sym_session_create(
+				ts_params->valid_devs[0],
+				&ut_params->auth_xform,
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -12703,7 +12602,6 @@ test_enq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12803,7 +12701,6 @@ test_deq_callback_setup(void)
 
 	qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = ts_params->session_mpool;
-	qp_conf.mp_session_private = ts_params->session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			ts_params->valid_devs[0], qp_id, &qp_conf,
@@ -12990,7 +12887,6 @@ static int create_gmac_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t auth_key[tdata->key.len];
-	int status;
 
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -13009,15 +12905,13 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
 
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->auth_xform, ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
-			&ut_params->auth_xform,
-			ts_params->session_priv_mpool);
-
-	return status;
+	return 0;
 }
 
 static int
@@ -13646,7 +13540,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
 
@@ -13660,15 +13553,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -13681,7 +13572,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
-	int status;
 
 	memcpy(cipher_key, reference->cipher_key.data,
 			reference->cipher_key.len);
@@ -13713,15 +13603,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	}
 
 	/* Create Crypto session*/
-	ut_params->sess = rte_cryptodev_sym_session_create(
-			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
+				ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 
-	return status;
+	return 0;
 }
 
 static int
@@ -14179,7 +14067,6 @@ test_authenticated_encrypt_with_esn(
 	uint8_t cipher_key[reference->cipher_key.len + 1];
 	uint8_t auth_key[reference->auth_key.len + 1];
 	struct rte_cryptodev_info dev_info;
-	int status;
 
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 	uint64_t feat_flags = dev_info.feature_flags;
@@ -14230,19 +14117,12 @@ test_authenticated_encrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->cipher_xform,
 			ts_params->session_mpool);
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
+		return TEST_SKIPPED;
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-	status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->cipher_xform,
-				ts_params->session_priv_mpool);
-
-	if (status == -ENOTSUP)
-		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(status, 0, "Session init failed");
-
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
 			"Failed to allocate input buffer in mempool");
@@ -14366,18 +14246,11 @@ test_authenticated_decrypt_with_esn(
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(
+			ts_params->valid_devs[0], &ut_params->auth_xform,
 			ts_params->session_mpool);
-	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-	retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-				ut_params->sess,
-				&ut_params->auth_xform,
-				ts_params->session_priv_mpool);
-
-	if (retval == -ENOTSUP)
+	if (ut_params->sess == NULL && rte_errno == ENOTSUP)
 		return TEST_SKIPPED;
-
-	TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
+	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -15125,8 +14998,8 @@ test_scheduler_attach_worker_op(void)
 			ts_params->session_mpool =
 				rte_cryptodev_sym_session_pool_create(
 						"test_sess_mp",
-						MAX_NB_SESSIONS, 0, 0, 0,
-						SOCKET_ID_ANY);
+						MAX_NB_SESSIONS, session_size,
+						0, 0, SOCKET_ID_ANY);
 			TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 					"session mempool allocation failed");
 		}
@@ -15149,8 +15022,6 @@ test_scheduler_attach_worker_op(void)
 		}
 
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
-		ts_params->qp_conf.mp_session_private =
-				ts_params->session_priv_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
 				(uint8_t)i);
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index b5813b956f..4fcdd55660 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -68,7 +68,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	struct rte_mempool *mbuf_pool,
 	struct rte_mempool *op_mpool,
 	struct rte_mempool *sess_mpool,
-	struct rte_mempool *sess_priv_mpool,
 	uint8_t dev_id,
 	char *test_msg)
 {
@@ -514,11 +513,9 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	 */
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) &&
 			nb_iterates == 0) {
-		sess = rte_cryptodev_sym_session_create(sess_mpool);
-
-		status = rte_cryptodev_sym_session_init(dev_id, sess,
-				init_xform, sess_priv_mpool);
-		if (status == -ENOTSUP) {
+		sess = rte_cryptodev_sym_session_create(dev_id, init_xform,
+				sess_mpool);
+		if (sess == NULL) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
 			status = TEST_SKIPPED;
 			goto error_exit;
@@ -801,10 +798,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 error_exit:
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
-		if (sess) {
-			rte_cryptodev_sym_session_clear(dev_id, sess);
-			rte_cryptodev_sym_session_free(sess);
-		}
+		if (sess)
+			rte_cryptodev_sym_session_free(dev_id, sess);
 		rte_free(cipher_xform);
 		rte_free(auth_xform);
 	}
@@ -829,7 +824,6 @@ blockcipher_test_case_run(const void *data)
 			p_testsuite_params->mbuf_pool,
 			p_testsuite_params->op_mpool,
 			p_testsuite_params->session_mpool,
-			p_testsuite_params->session_priv_mpool,
 			p_testsuite_params->valid_devs[0],
 			test_msg);
 	return status;
diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c
index 2ecc7e2cea..c6cf9c5401 100644
--- a/app/test/test_event_crypto_adapter.c
+++ b/app/test/test_event_crypto_adapter.c
@@ -157,7 +157,6 @@ struct event_crypto_adapter_test_params {
 	struct rte_mempool *op_mpool;
 	struct rte_mempool *asym_op_mpool;
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 	struct rte_mempool *asym_sess_mpool;
 	struct rte_cryptodev_config *config;
 	uint8_t crypto_event_port_id;
@@ -307,15 +306,10 @@ test_op_forward_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
-		/* Create Crypto session*/
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
-
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
 							&cap);
 		TEST_ASSERT_SUCCESS(ret, "Failed to get adapter capabilities\n");
@@ -683,8 +677,8 @@ test_op_new_mode(uint8_t session_less)
 	sym_op = op->sym;
 
 	if (!session_less) {
-		sess = rte_cryptodev_sym_session_create(
-				params.session_mpool);
+		sess = rte_cryptodev_sym_session_create(TEST_CDEV_ID,
+				&cipher_xform, params.session_mpool);
 		TEST_ASSERT_NOT_NULL(sess, "Session creation failed\n");
 
 		ret = rte_event_crypto_adapter_caps_get(evdev, TEST_CDEV_ID,
@@ -699,9 +693,6 @@ test_op_new_mode(uint8_t session_less)
 					RTE_CRYPTO_OP_WITH_SESSION,
 					&m_data, sizeof(m_data));
 		}
-		ret = rte_cryptodev_sym_session_init(TEST_CDEV_ID, sess,
-				&cipher_xform, params.session_priv_mpool);
-		TEST_ASSERT_SUCCESS(ret, "Failed to init session\n");
 
 		rte_crypto_op_attach_sym_session(op, sess);
 	} else {
@@ -994,22 +985,12 @@ configure_cryptodev(void)
 
 	params.session_mpool = rte_cryptodev_sym_session_pool_create(
 			"CRYPTO_ADAPTER_SESSION_MP",
-			MAX_NB_SESSIONS, 0, 0,
+			MAX_NB_SESSIONS, session_size, 0,
 			sizeof(union rte_event_crypto_metadata),
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(params.session_mpool,
 			"session mempool allocation failed\n");
 
-	params.session_priv_mpool = rte_mempool_create(
-				"CRYPTO_AD_SESS_MP_PRIV",
-				MAX_NB_SESSIONS,
-				session_size,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-	TEST_ASSERT_NOT_NULL(params.session_priv_mpool,
-			"session mempool allocation failed\n");
-
 	rte_cryptodev_info_get(TEST_CDEV_ID, &info);
 
 	while ((capability = &info.capabilities[i++])->op !=
@@ -1048,7 +1029,6 @@ configure_cryptodev(void)
 
 	qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
 	qp_conf.mp_session = params.session_mpool;
-	qp_conf.mp_session_private = params.session_priv_mpool;
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
 			TEST_CDEV_ID, TEST_CDEV_QP_ID, &qp_conf,
@@ -1410,11 +1390,6 @@ crypto_teardown(void)
 		rte_mempool_free(params.session_mpool);
 		params.session_mpool = NULL;
 	}
-	if (params.session_priv_mpool != NULL) {
-		rte_mempool_avail_count(params.session_priv_mpool);
-		rte_mempool_free(params.session_priv_mpool);
-		params.session_priv_mpool = NULL;
-	}
 
 	/* Free asym session mempool */
 	if (params.asym_sess_mpool != NULL) {
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index aa533483fd..04d231468b 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -370,20 +370,9 @@ testsuite_setup(void)
 		return TEST_FAILED;
 	}
 
-	ts_params->qp_conf.mp_session_private = rte_mempool_create(
-				"test_priv_sess_mp",
-				MAX_NB_SESSIONS,
-				sess_sz,
-				0, 0, NULL, NULL, NULL,
-				NULL, SOCKET_ID_ANY,
-				0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
-			"private session mempool allocation failed");
-
 	ts_params->qp_conf.mp_session =
 		rte_cryptodev_sym_session_pool_create("test_sess_mp",
-			MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
+			MAX_NB_SESSIONS, sess_sz, 0, 0, SOCKET_ID_ANY);
 
 	TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
 			"session mempool allocation failed");
@@ -428,11 +417,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->qp_conf.mp_session);
 		ts_params->qp_conf.mp_session = NULL;
 	}
-
-	if (ts_params->qp_conf.mp_session_private != NULL) {
-		rte_mempool_free(ts_params->qp_conf.mp_session_private);
-		ts_params->qp_conf.mp_session_private = NULL;
-	}
 }
 
 static int
@@ -647,8 +631,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session, NULL);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
@@ -662,25 +645,15 @@ static int
 create_crypto_session(struct ipsec_unitest_params *ut,
 	struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
 {
-	int32_t rc;
 	struct rte_cryptodev_sym_session *s;
 
-	s = rte_cryptodev_sym_session_create(qp->mp_session);
+	s = rte_cryptodev_sym_session_create(dev_id, ut->crypto_xforms,
+			qp->mp_session);
 	if (s == NULL)
 		return -ENOMEM;
 
-	/* initialize SA crypto session for device */
-	rc = rte_cryptodev_sym_session_init(dev_id, s,
-			ut->crypto_xforms, qp->mp_session_private);
-	if (rc == 0) {
-		ut->ss[j].crypto.ses = s;
-		return 0;
-	} else {
-		/* failure, do cleanup */
-		rte_cryptodev_sym_session_clear(dev_id, s);
-		rte_cryptodev_sym_session_free(s);
-		return rc;
-	}
+	ut->ss[j].crypto.ses = s;
+	return 0;
 }
 
 static int
@@ -1196,8 +1169,7 @@ static void
 destroy_crypto_session(struct ipsec_unitest_params *ut,
 	uint8_t crypto_dev, uint32_t j)
 {
-	rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
-	rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
+	rte_cryptodev_sym_session_free(crypto_dev, ut->ss[j].crypto.ses);
 	memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
 }
 
diff --git a/drivers/crypto/armv8/armv8_pmd_private.h b/drivers/crypto/armv8/armv8_pmd_private.h
index 75ddba79c1..41292d8851 100644
--- a/drivers/crypto/armv8/armv8_pmd_private.h
+++ b/drivers/crypto/armv8/armv8_pmd_private.h
@@ -106,8 +106,6 @@ struct armv8_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-       /**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 32127a874c..ebca5c09ee 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -521,34 +521,23 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL)) {
-			sess = (struct armv8_crypto_session *)
-					get_sym_session_private_data(
-					op->sym->session,
-					cryptodev_driver_id);
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		}
 	} else {
 		/* provide internal session */
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct armv8_crypto_session *)_sess_private_data;
+		sess = (struct armv8_crypto_session *)_sess->driver_priv_data;
 
 		if (unlikely(armv8_crypto_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
 	}
 
 	if (unlikely(sess == NULL))
@@ -674,10 +663,6 @@ process_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index c07ac0489e..c4964bc112 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -244,7 +244,6 @@ armv8_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -265,10 +264,9 @@ armv8_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure the session from a crypto xform chain */
 static int
-armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
+armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -278,43 +276,22 @@ armv8_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = sess->driver_priv_data;
 
 	ret = armv8_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		ARMV8_CRYPTO_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct armv8_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+armv8_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops armv8_crypto_pmd_ops = {
 		.dev_configure		= armv8_crypto_pmd_config,
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index 675ed0ad55..d3334dc920 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -211,8 +211,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
 		sess = (struct bcmfs_sym_session *)
-			  get_sym_session_private_data(op->sym->session,
-						       cryptodev_bcmfs_driver_id);
+			op->sym->session->driver_priv_data;
 	}
 
 	if (sess == NULL)
@@ -222,10 +221,9 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 }
 
 int
-bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -235,45 +233,23 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		BCMFS_DP_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
 	if (ret != 0) {
 		BCMFS_DP_LOG(ERR, "Failed configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-				     sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 void
-bcmfs_sym_session_clear(struct rte_cryptodev *dev,
-			struct rte_cryptodev_sym_session  *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp;
-
-		memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
-		sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+bcmfs_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+			struct rte_cryptodev_sym_session  *sess __rte_unused)
+{}
 
 unsigned int
 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h
index d40595b4bd..4a0a012ae7 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.h
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -93,8 +93,7 @@ bcmfs_process_crypto_op(struct rte_crypto_op *op,
 int
 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
 			    struct rte_crypto_sym_xform *xform,
-			    struct rte_cryptodev_sym_session *sess,
-			    struct rte_mempool *mempool);
+			    struct rte_cryptodev_sym_session *sess);
 
 void
 bcmfs_sym_session_clear(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 8e9cfe73d8..a9c93dea13 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1357,8 +1357,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		ses = (struct caam_jr_session *)
-		get_sym_session_private_data(op->sym->session,
-					cryptodev_driver_id);
+			op->sym->session->driver_priv_data;
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1692,54 +1691,39 @@ caam_jr_set_session_parameters(struct rte_cryptodev *dev,
 }
 
 static int
-caam_jr_sym_session_configure(struct rte_cryptodev *dev,
+caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
+	sess_private_data = (void *)sess->driver_priv_data;
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	return 0;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static void
-caam_jr_sym_session_clear(struct rte_cryptodev *dev,
+caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
 
 	PMD_INIT_FUNC_TRACE();
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(struct caam_jr_session));
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index 4bab18323b..bd999abe61 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,9 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1766,9 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1859,9 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2005,9 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2079,9 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2242,9 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2330,9 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2440,9 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2607,9 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					 ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2645,9 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2715,9 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2780,9 +2758,8 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op[i]->sym->session,
-						 ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2858,9 +2835,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)get_sym_session_private_data(
-					 op->sym->session,
-					ccp_cryptodev_driver_id);
+	session = (struct ccp_session *)op->sym->session->driver_priv_data;
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2934,9 +2909,8 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)get_sym_session_private_data(
-						 op_d[i]->sym->session,
-						ccp_cryptodev_driver_id);
+		session = (struct ccp_session *)
+			op_d[i]->sym->session->driver_priv_data;
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index 1b600e81ad..e401793a76 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -727,7 +727,6 @@ ccp_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	/* mempool for batch info */
 	qp->batch_mp = rte_mempool_create(
@@ -757,8 +756,7 @@ ccp_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *mempool)
+			  struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
 	void *sess_private_data;
@@ -769,40 +767,22 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CCP_LOG_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
+
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
 	if (ret != 0) {
 		CCP_LOG_ERR("failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
-	set_sym_session_private_data(sess, dev->driver_id,
-				 sess_private_data);
 
 	return 0;
 }
 
 static void
-ccp_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		      struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		rte_mempool_put(sess_mp, sess_priv);
-		memset(sess_priv, 0, sizeof(struct ccp_session));
-		set_sym_session_private_data(sess, index, NULL);
-	}
-}
+ccp_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		      struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 struct rte_cryptodev_ops ccp_ops = {
 		.dev_configure		= ccp_pmd_config,
diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h
index 1c4118ee3c..6704e39ab8 100644
--- a/drivers/crypto/ccp/ccp_pmd_private.h
+++ b/drivers/crypto/ccp/ccp_pmd_private.h
@@ -78,8 +78,6 @@ struct ccp_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_mempool *batch_mp;
 	/**< Session Mempool for batch info */
 	struct rte_cryptodev_stats qp_stats;
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index a35a8cd775..7502281ad9 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,33 +56,23 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (struct ccp_session *)
-			get_sym_session_private_data(
-				op->sym->session,
-				ccp_cryptodev_driver_id);
+		sess = (void *)op->sym->session->driver_priv_data;
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		void *_sess;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
 
-		if (rte_mempool_get(qp->sess_mp, &_sess))
-			return NULL;
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		sess = (struct ccp_session *)_sess_private_data;
+		sess = (void *)_sess->driver_priv_data;
 
 		internals = (struct ccp_private *)qp->dev->data->dev_private;
 		if (unlikely(ccp_set_session_parameters(sess, op->sym->xform,
 							internals) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-					 ccp_cryptodev_driver_id,
-					 _sess_private_data);
+		op->sym->session = _sess;
 	}
 
 	return sess;
@@ -161,13 +151,10 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	for (i = 0; i < nb_dequeued; i++)
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
-			struct ccp_session *sess = (struct ccp_session *)
-					get_sym_session_private_data(
-						ops[i]->sym->session,
-						ccp_cryptodev_driver_id);
+			struct ccp_session *sess =
+				(void *)ops[i]->sym->session->driver_priv_data;
 
-			rte_mempool_put(qp->sess_mp_priv,
-					sess);
+			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
 					ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 586941cd70..f96e132513 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -22,24 +22,23 @@
 static inline struct cnxk_se_sess *
 cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn10k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
-	if (ret)
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform,
+				    sess);
+	if (ret) {
+		rte_mempool_put(qp->sess_mp, (void *)sess);
 		goto sess_put;
+	}
 
-	priv = get_sym_session_private_data(sess, driver_id);
-
+	priv = (void *)sess->driver_priv_data;
 	sym_op->session = sess;
 
 	return priv;
@@ -111,8 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = get_sym_session_private_data(
-				sym_op->session, cn10k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -128,8 +126,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret)) {
-				sym_session_clear(cn10k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 				return 0;
 			}
@@ -296,8 +293,9 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn10k_cryptodev_driver_id);
+			priv = (void *)(
+				((struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -334,8 +332,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn10k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
@@ -543,7 +540,6 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 {
 	const uint8_t uc_compcode = res->uc_compcode;
 	const uint8_t compcode = res->compcode;
-	unsigned int sz;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
@@ -620,11 +616,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn10k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b753c1cb4b..a44f111ba6 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,23 +56,20 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 static inline struct cnxk_se_sess *
 cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
-	const int driver_id = cn9k_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	struct cnxk_se_sess *priv;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-	if (sess == NULL)
+	if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
 		return NULL;
 
-	ret = sym_session_configure(qp->lf.roc_cpt, driver_id, sym_op->xform,
-				    sess, qp->sess_mp_priv);
+	ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
-	priv = get_sym_session_private_data(sess, driver_id);
+	priv = (void *)sess->driver_priv_data;
 
 	sym_op->session = sess;
 
@@ -95,8 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = get_sym_session_private_data(
-				sym_op->session, cn9k_cryptodev_driver_id);
+			sess = (void *)sym_op->session->driver_priv_data;
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -110,8 +106,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			if (unlikely(ret)) {
-				sym_session_clear(cn9k_cryptodev_driver_id,
-						  op->sym->session);
+				sym_session_clear(op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
 			inst->w7.u64 = sess->cpt_inst_w7;
@@ -349,8 +344,9 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				sess, cn9k_cryptodev_driver_id);
+			priv = (void *)((
+				(struct rte_cryptodev_sym_session *)sess)->
+				driver_priv_data);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -387,8 +383,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = get_sym_session_private_data(
-				op->sym->session, cn9k_cryptodev_driver_id);
+			priv = (void *)op->sym->session->driver_priv_data;
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
@@ -583,8 +578,6 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 			      struct cpt_inflight_req *infl_req,
 			      struct cpt_cn9k_res_s *res)
 {
-	unsigned int sz;
-
 	if (likely(res->compcode == CPT_COMP_GOOD)) {
 		if (unlikely(res->uc_compcode)) {
 			if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
@@ -645,11 +638,7 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 temp_sess_free:
 	if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			sym_session_clear(cn9k_cryptodev_driver_id,
-					  cop->sym->session);
-			sz = rte_cryptodev_sym_get_existing_header_session_size(
-				cop->sym->session);
-			memset(cop->sym->session, 0, sz);
+			sym_session_clear(cop->sym->session);
 			rte_mempool_put(qp->sess_mp, cop->sym->session);
 			cop->sym->session = NULL;
 		}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cf91b92c2c..018d7fcee8 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -406,7 +406,6 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = conf->mp_session;
-	qp->sess_mp_priv = conf->mp_session_private;
 	dev->data->queue_pairs[qp_id] = qp;
 
 	return 0;
@@ -620,25 +619,15 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
 }
 
 int
-sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv;
-	void *priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		plt_dp_err("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
-	memset(priv, 0, sizeof(struct cnxk_se_sess));
-
-	sess_priv = priv;
-
+	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
 	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
 	if (ret)
 		goto priv_put;
@@ -684,61 +673,39 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	}
 
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
-
-	set_sym_session_private_data(sess, driver_id, sess_priv);
-
 	return 0;
 
 priv_put:
-	rte_mempool_put(pool, priv);
-
 	return ret;
 }
 
 int
 cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 			       struct rte_crypto_sym_xform *xform,
-			       struct rte_cryptodev_sym_session *sess,
-			       struct rte_mempool *pool)
+			       struct rte_cryptodev_sym_session *sess)
 {
 	struct cnxk_cpt_vf *vf = dev->data->dev_private;
 	struct roc_cpt *roc_cpt = &vf->cpt;
-	uint8_t driver_id;
 
-	driver_id = dev->driver_id;
-
-	return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+	return sym_session_configure(roc_cpt, xform, sess);
 }
 
 void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
-	struct cnxk_se_sess *sess_priv;
-	struct rte_mempool *pool;
-
-	if (priv == NULL)
-		return;
-
-	sess_priv = priv;
+	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
 
-	memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
+	memset(sess_priv, 0, cnxk_cpt_sym_session_get_size(NULL));
 }
 
 void
-cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 			   struct rte_cryptodev_sym_session *sess)
 {
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 unsigned int
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ffe4ae19aa..ca90567620 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -78,8 +78,6 @@ struct cnxk_cpt_qp {
 	/**< Crypto adapter related info */
 	struct rte_mempool *sess_mp;
 	/**< Session mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session private data mempool */
 };
 
 int cnxk_cpt_dev_config(struct rte_cryptodev *dev,
@@ -104,18 +102,16 @@ unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
 
 int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 				   struct rte_crypto_sym_xform *xform,
-				   struct rte_cryptodev_sym_session *sess,
-				   struct rte_mempool *pool);
+				   struct rte_cryptodev_sym_session *sess);
 
-int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+int sym_session_configure(struct roc_cpt *roc_cpt,
 			  struct rte_crypto_sym_xform *xform,
-			  struct rte_cryptodev_sym_session *sess,
-			  struct rte_mempool *pool);
+			  struct rte_cryptodev_sym_session *sess);
 
 void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
-				struct rte_cryptodev_sym_session *sess);
+		struct rte_cryptodev_sym_session *sess);
 
-void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+void sym_session_clear(struct rte_cryptodev_sym_session *sess);
 
 unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused);
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8444f1a795..5a38d53022 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,8 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-				op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1678,8 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			op->sym->session, cryptodev_driver_id);
+		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3754,51 +3752,36 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 }
 #endif
 static int
-dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev,
+dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(s, 0, sizeof(dpaa2_sec_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index e68a4875dd..795be3acc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,8 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, cryptodev_driver_id);
+		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 05415dbf3b..0cc773fba6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,10 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sym_session_private_data(
-					op->sym->session,
-					dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1927,10 +1924,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sym_session_private_data(
-						op->sym->session,
-						dpaa_cryptodev_driver_id);
+				ses = (void *)
+					op->sym->session->driver_priv_data;
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2676,31 +2671,19 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 static int
 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -2714,7 +2697,6 @@ static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2724,7 +2706,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -2733,14 +2714,10 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
-	if (sess_priv) {
-		free_session_memory(dev, s);
-		set_sym_session_private_data(sess, index, NULL);
-	}
+	free_session_memory(dev, s);
 }
 
 #ifdef RTE_LIB_SECURITY
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d081953e26..d2e4d9d787 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1017,8 +1017,8 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, dpaa_cryptodev_driver_id);
+		sess = (dpaa_sec_session *)
+			session_ctx.crypto_sess->driver_priv_data;
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 7e8396b4a3..90ce5bc965 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -264,7 +264,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	qp->pmd_type = internals->pmd_type;
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	qp->ingress_queue = ipsec_mb_qp_create_processed_ops_ring(qp,
 		qp_conf->nb_descriptors, socket_id);
@@ -312,9 +311,8 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev)
 int
 ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess, struct rte_mempool *mempool)
+	struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	struct ipsec_mb_dev_private *internals = dev->data->dev_private;
 	struct ipsec_mb_internals *pmd_data =
 		&ipsec_mb_pmds[internals->pmd_type];
@@ -330,42 +328,22 @@ ipsec_mb_sym_session_configure(
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		free_mb_mgr(mb_mgr);
-		return -ENOMEM;
-	}
-
-	ret = (*pmd_data->session_configure)(mb_mgr, sess_private_data, xform);
+	ret = (*pmd_data->session_configure)(mb_mgr,
+			(void *)sess->driver_priv_data, xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		free_mb_mgr(mb_mgr);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
-
 	free_mb_mgr(mb_mgr);
 	return 0;
 }
 
 /** Clear the session memory */
 void
-ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
-			       struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, ipsec_mb_sym_session_get_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+ipsec_mb_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index d074b33133..14f962ef28 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -136,8 +136,6 @@ struct ipsec_mb_qp {
 	struct rte_ring *ingress_queue;
 	/**< Ring for placing operations ready for processing */
 	struct rte_mempool *sess_mp;
-	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
 	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
@@ -399,8 +397,7 @@ ipsec_mb_sym_session_get_size(struct rte_cryptodev *dev);
 int ipsec_mb_sym_session_configure(
 	struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool);
+	struct rte_cryptodev_sym_session *sess);
 
 /** Clear the memory of session so it does not leave key material behind */
 void
@@ -411,50 +408,50 @@ ipsec_mb_sym_session_clear(struct rte_cryptodev *dev,
 static __rte_always_inline void *
 ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 {
-	void *sess = NULL;
+	struct rte_cryptodev_sym_session *sess = NULL;
 	uint32_t driver_id = ipsec_mb_get_driver_id(qp->pmd_type);
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	uint8_t sess_type = op->sess_type;
 	void *_sess;
-	void *_sess_private_data = NULL;
 	struct ipsec_mb_internals *pmd_data = &ipsec_mb_pmds[qp->pmd_type];
 
 	switch (sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
 		if (likely(sym_op->session != NULL))
-			sess = get_sym_session_private_data(sym_op->session,
-							    driver_id);
+			sess = sym_op->session;
+		else
+			goto error_exit;
 	break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
 		if (!qp->sess_mp ||
 		    rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (!qp->sess_mp_priv ||
-		    rte_mempool_get(qp->sess_mp_priv,
-					(void **)&_sess_private_data))
-			return NULL;
+		sess = _sess;
+		if (sess->sess_data_sz < pmd_data->session_priv_size) {
+			rte_mempool_put(qp->sess_mp, _sess);
+			goto error_exit;
+		}
 
-		sess = _sess_private_data;
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-				sess, sym_op->xform) != 0)) {
+			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
-			sess = NULL;
+			goto error_exit;
 		}
 
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sess->driver_id = driver_id;
+		sym_op->session = sess;
+
 	break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	if (unlikely(sess == NULL))
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return (void *)sess->driver_priv_data;
 
-	return sess;
+error_exit:
+	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+	return NULL;
 }
 
 #endif /* _IPSEC_MB_PRIVATE_H_ */
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 2c033c6f28..e4f274b608 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -241,10 +241,6 @@ handle_completed_gcm_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_gcm_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -455,44 +451,35 @@ static inline struct aesni_gcm_session *
 aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	     struct rte_crypto_op *op)
 {
-	struct aesni_gcm_session *sess = NULL;
-	uint32_t driver_id =
-	    ipsec_mb_get_driver_id(IPSEC_MB_PMD_TYPE_AESNI_GCM);
+	struct rte_cryptodev_sym_session *sess = NULL;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct aesni_gcm_session *)
-			    get_sym_session_private_data(sym_op->session,
-							 driver_id);
+			sess = sym_op->session;
 	} else {
-		void *_sess;
-		void *_sess_private_data = NULL;
-
-		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+		if (rte_mempool_get(qp->sess_mp, (void **)&sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
+		if (unlikely(sess->sess_data_sz <
+				sizeof(struct aesni_gcm_session))) {
+			rte_mempool_put(qp->sess_mp, sess);
 			return NULL;
-
-		sess = (struct aesni_gcm_session *)_sess_private_data;
+		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				 _sess_private_data, sym_op->xform) != 0)) {
-			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
+				(void *)sess->driver_priv_data,
+				sym_op->xform) != 0)) {
+			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(sym_op->session, driver_id,
-					     _sess_private_data);
+		sym_op->session = sess;
 	}
 
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return sess;
+	return (void *)sess->driver_priv_data;
 }
 
 static uint16_t
@@ -712,22 +699,15 @@ aesni_gmac_sgl_verify(struct aesni_gcm_session *s,
 
 /** Process CPU crypto bulk operations */
 static uint32_t
-aesni_gcm_process_bulk(struct rte_cryptodev *dev,
+aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			struct rte_cryptodev_sym_session *sess,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s;
+	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
-	s = (struct aesni_gcm_session *) get_sym_session_private_data(sess,
-		dev->driver_id);
-	if (unlikely(s == NULL)) {
-		aesni_gcm_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 6d5d3ce8eb..f3565b04b5 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1710,8 +1710,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 {
 	struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data;
 	struct aesni_mb_session *sess = NULL;
-	uint32_t driver_id = ipsec_mb_get_driver_id(
-						IPSEC_MB_PMD_TYPE_AESNI_MB);
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
 	uint8_t is_docsis_sec = 0;
@@ -1725,15 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-	{
-		sess = get_sym_session_private_data(op->sym->session,
-						driver_id);
-	}
-
-	if (unlikely(sess == NULL)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
-		return op;
-	}
+		sess = (void *)op->sym->session->driver_priv_data;
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -1771,10 +1761,6 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct aesni_mb_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -1962,16 +1948,6 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	return processed_jobs;
 }
 
-
-static inline void
-ipsec_mb_fill_error_code(struct rte_crypto_sym_vec *vec, int32_t err)
-{
-	uint32_t i;
-
-	for (i = 0; i != vec->num; ++i)
-		vec->status[i] = err;
-}
-
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
@@ -2028,7 +2004,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
 }
 
 static uint32_t
-aesni_mb_process_bulk(struct rte_cryptodev *dev,
+aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
 	struct rte_crypto_sym_vec *vec)
 {
@@ -2037,15 +2013,9 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s;
+	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
-	s = get_sym_session_private_data(sess, dev->driver_id);
-	if (s == NULL) {
-		ipsec_mb_fill_error_code(vec, EINVAL);
-		return 0;
-	}
-
 	/* get per-thread MB MGR, create one if needed */
 	mb_mgr = get_per_thread_mb_mgr();
 	if (unlikely(mb_mgr == NULL))
diff --git a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
index d953d6e5f5..97e7cef233 100644
--- a/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
+++ b/drivers/crypto/ipsec_mb/pmd_chacha_poly.c
@@ -290,10 +290,6 @@ handle_completed_chacha20_poly1305_crypto_op(struct ipsec_mb_qp *qp,
 	/* Free session if a session-less crypto op */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct chacha20_poly1305_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index c9d4f9d0ae..b2fb168154 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -231,11 +231,6 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct kasumi_session));
-			memset(
-			    ops[i]->sym->session, 0,
-			    rte_cryptodev_sym_get_existing_header_session_size(
-				ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -287,8 +282,9 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct kasumi_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct kasumi_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 	return processed_op;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 9a85f46721..f052d6d847 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -362,10 +362,6 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(session, 0, sizeof(struct snow3g_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, session);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -417,8 +413,9 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session, 0, sizeof(struct snow3g_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		memset(op->sym->session->driver_priv_data, 0,
+			sizeof(struct snow3g_session));
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index e36c7092d6..92fd9d1808 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -239,10 +239,6 @@ process_ops(struct rte_crypto_op **ops, enum ipsec_mb_operation op_type,
 		/* Free session if a session-less crypto op. */
 		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			memset(sessions[i], 0, sizeof(struct zuc_session));
-			memset(ops[i]->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-					ops[i]->sym->session));
-			rte_mempool_put(qp->sess_mp_priv, sessions[i]);
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index eb7616257e..46ea507cf5 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -171,14 +171,13 @@ mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 				  struct rte_crypto_sym_xform *xform,
-				  struct rte_cryptodev_sym_session *session,
-				  struct rte_mempool *mp)
+				  struct rte_cryptodev_sym_session *session)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *sess_private_data;
+	struct mlx5_crypto_session *sess_private_data =
+		(void *)session->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
-	int ret;
 
 	if (unlikely(xform->next != NULL)) {
 		DRV_LOG(ERR, "Xform next is not supported.");
@@ -189,17 +188,9 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 		DRV_LOG(ERR, "Only AES-XTS algorithm is supported.");
 		return -ENOTSUP;
 	}
-	ret = rte_mempool_get(mp, (void *)&sess_private_data);
-	if (ret != 0) {
-		DRV_LOG(ERR,
-			"Failed to get session %p private data from mempool.",
-			sess_private_data);
-		return -ENOMEM;
-	}
 	cipher = &xform->cipher;
 	sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
 	if (sess_private_data->dek == NULL) {
-		rte_mempool_put(mp, sess_private_data);
 		DRV_LOG(ERR, "Failed to prepare dek.");
 		return -ENOMEM;
 	}
@@ -239,8 +230,6 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 	sess_private_data->dek_id =
 			rte_cpu_to_be_32(sess_private_data->dek->obj->id &
 					 0xffffff);
-	set_sym_session_private_data(session, dev->driver_id,
-				     sess_private_data);
 	DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data);
 	return 0;
 }
@@ -250,16 +239,13 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess,
-								dev->driver_id);
+	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
 		return;
 	}
 	mlx5_crypto_dek_destroy(priv, spriv->dek);
-	set_sym_session_private_data(sess, dev->driver_id, NULL);
-	rte_mempool_put(rte_mempool_from_obj(spriv), spriv);
 	DRV_LOG(DEBUG, "Session %p was cleared.", spriv);
 }
 
@@ -369,8 +355,8 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess = get_sym_session_private_data
-				(op->sym->session, mlx5_crypto_driver_id);
+	struct mlx5_crypto_session *sess =
+		(void *)op->sym->session->driver_priv_data;
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 04efd9aaa8..0fede43817 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -597,13 +597,7 @@ mrvl_request_prepare_crp(struct sam_cio_op_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sym_session_private_data(
-					     op->sym->session,
-					     cryptodev_driver_id);
-	if (unlikely(sess == NULL)) {
-		MRVL_LOG(ERR, "Session was not created for this device!");
-		return -EINVAL;
-	}
+	sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	request->sa = sess->sam_sess;
 	request->cookie = op;
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index f828dc9db5..0066236561 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -736,8 +736,7 @@ mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
 static int
 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
 	void *sess_private_data;
@@ -748,23 +747,15 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		CDEV_LOG_ERR("Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
+	sess_private_data = sess->driver_priv_data;
 	memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
 
 	ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		MRVL_LOG(ERR, "Failed to configure session parameters!");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
 
 	mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
 	if (sam_session_create(&mrvl_sess->sam_sess_params,
@@ -791,8 +782,7 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = sess->data;
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
@@ -803,11 +793,6 @@ mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
 			MRVL_LOG(ERR, "Error while destroying session!");
 		}
-
-		memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 }
 
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index cb5393d2f1..505024a810 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -530,24 +530,16 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
 }
 
 static int
-nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
+nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
-			      struct rte_cryptodev_sym_session *sess,
-			      struct rte_mempool *mempool)
+			      struct rte_cryptodev_sym_session *sess)
 {
-	void *mp_obj;
-	struct nitrox_crypto_ctx *ctx;
+	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
 	int ret = -EINVAL;
 
-	if (rte_mempool_get(mempool, &mp_obj)) {
-		NITROX_LOG(ERR, "Couldn't allocate context\n");
-		return -ENOMEM;
-	}
-
-	ctx = mp_obj;
 	ctx->nitrox_chain = get_crypto_chain_order(xform);
 	switch (ctx->nitrox_chain) {
 	case NITROX_CHAIN_CIPHER_ONLY:
@@ -585,38 +577,23 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
 		goto err;
 	}
 
-	ctx->iova = rte_mempool_virt2iova(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, ctx);
+	ctx->iova = sess->driver_priv_data_iova;
 	return 0;
 err:
-	rte_mempool_put(mempool, mp_obj);
 	return ret;
 }
 
 static void
-nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
-			  struct rte_cryptodev_sym_session *sess)
-{
-	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
-							cdev->driver_id);
-	struct rte_mempool *sess_mp;
-
-	if (!ctx)
-		return;
-
-	memset(ctx, 0, sizeof(*ctx));
-	sess_mp = rte_mempool_from_obj(ctx);
-	set_sym_session_private_data(sess, cdev->driver_id, NULL);
-	rte_mempool_put(sess_mp, ctx);
-}
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev __rte_unused,
+			  struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct nitrox_crypto_ctx *
 get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return get_sym_session_private_data(op->sym->session,
-							   nitrox_sym_drv_id);
+			return (void *)op->sym->session->driver_priv_data;
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 9ecb434fd0..09aac3065e 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -58,7 +58,7 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(op->sym->session, 0,
 				sizeof(struct null_crypto_session));
-		rte_cryptodev_sym_session_free(op->sym->session);
+		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
 	}
 
@@ -78,30 +78,21 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
 			sess = (struct null_crypto_session *)
-					get_sym_session_private_data(
-					sym_op->session, cryptodev_driver_id);
+				sym_op->session->driver_priv_data;
 	} else {
-		void *_sess = NULL;
-		void *_sess_private_data = NULL;
+		struct rte_cryptodev_sym_session *_sess = NULL;
 
 		if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct null_crypto_session *)_sess_private_data;
+		sess = (struct null_crypto_session *)_sess->driver_priv_data;
 
 		if (unlikely(null_crypto_set_session_parameters(sess,
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
-		sym_op->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+		sym_op->session = _sess;
 	}
 
 	return sess;
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 90a675dfff..fb43d3f7b5 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -233,7 +233,6 @@ null_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
 
@@ -256,8 +255,7 @@ null_crypto_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mp)
+		struct rte_cryptodev_sym_session *sess)
 {
 	void *sess_private_data;
 	int ret;
@@ -267,43 +265,22 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mp, &sess_private_data)) {
-		NULL_LOG(ERR,
-				"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
+	sess_private_data = (void *)sess->driver_priv_data;
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		NULL_LOG(ERR, "failed configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mp, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-
-	/* Zero out the whole structure */
-	if (sess_priv) {
-		memset(sess_priv, 0, sizeof(struct null_crypto_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
+null_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops pmd_ops = {
 		.dev_configure		= null_crypto_pmd_config,
diff --git a/drivers/crypto/null/null_crypto_pmd_private.h b/drivers/crypto/null/null_crypto_pmd_private.h
index 89c4345b6f..ae34ce6671 100644
--- a/drivers/crypto/null/null_crypto_pmd_private.h
+++ b/drivers/crypto/null/null_crypto_pmd_private.h
@@ -31,8 +31,6 @@ struct null_crypto_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Mempool */
 	struct rte_cryptodev_stats qp_stats;
 	/**< Queue pair statistics */
 } __rte_cache_aligned;
diff --git a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
index e48805fb09..4647d568de 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx/otx_cryptodev_hw_access.h
@@ -49,7 +49,6 @@ struct cpt_instance {
 	uint32_t queue_id;
 	uintptr_t rsvd;
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *sess_mp_priv;
 	struct cpt_qp_meta_info meta_info;
 	uint8_t ca_enabled;
 };
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 7aee67ab09..cd5ebc2af6 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -171,7 +171,6 @@ otx_cpt_que_pair_setup(struct rte_cryptodev *dev,
 
 	instance->queue_id = que_pair_id;
 	instance->sess_mp = qp_conf->mp_session;
-	instance->sess_mp_priv = qp_conf->mp_session_private;
 	dev->data->queue_pairs[que_pair_id] = instance;
 
 	return 0;
@@ -243,25 +242,19 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 }
 
 static int
-sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
-		      struct rte_cryptodev_sym_session *sess,
-		      struct rte_mempool *pool)
+sym_session_configure(struct rte_crypto_sym_xform *xform,
+		      struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv;
+	void *priv = (void *)sess->driver_priv_data;
 	int ret;
 
 	ret = sym_xform_verify(xform);
 	if (unlikely(ret))
 		return ret;
 
-	if (unlikely(rte_mempool_get(pool, &priv))) {
-		CPT_LOG_ERR("Could not allocate session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(struct cpt_sess_misc) +
 			offsetof(struct cpt_ctx, mc_ctx));
 
@@ -301,9 +294,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	set_sym_session_private_data(sess, driver_id, priv);
-
-	misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
+	misc->ctx_dma_addr = sess->driver_priv_data_iova +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -316,17 +307,14 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 	return 0;
 
 priv_put:
-	if (priv)
-		rte_mempool_put(pool, priv);
 	return -ENOTSUP;
 }
 
 static void
-sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = get_sym_session_private_data(sess, driver_id);
+	void *priv = (void *)sess->driver_priv_data;
 	struct cpt_sess_misc *misc;
-	struct rte_mempool *pool;
 	struct cpt_ctx *ctx;
 
 	if (priv == NULL)
@@ -336,35 +324,26 @@ sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
 	ctx = SESS_PRIV(misc);
 
 	rte_free(ctx->auth_key);
-
-	memset(priv, 0, cpt_get_session_size());
-
-	pool = rte_mempool_from_obj(priv);
-
-	set_sym_session_private_data(sess, driver_id, NULL);
-
-	rte_mempool_put(pool, priv);
 }
 
 static int
-otx_cpt_session_cfg(struct rte_cryptodev *dev,
+otx_cpt_session_cfg(struct rte_cryptodev *dev __rte_unused,
 		    struct rte_crypto_sym_xform *xform,
-		    struct rte_cryptodev_sym_session *sess,
-		    struct rte_mempool *pool)
+		    struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_configure(dev->driver_id, xform, sess, pool);
+	return sym_session_configure(xform, sess);
 }
 
 
 static void
-otx_cpt_session_clear(struct rte_cryptodev *dev,
+otx_cpt_session_clear(struct rte_cryptodev *dev __rte_unused,
 		  struct rte_cryptodev_sym_session *sess)
 {
 	CPT_PMD_INIT_FUNC_TRACE();
 
-	return sym_session_clear(dev->driver_id, sess);
+	return sym_session_clear(sess);
 }
 
 static unsigned int
@@ -528,10 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)
-			get_sym_session_private_data(sym_op->session,
-						     otx_cryptodev_driver_id);
-
+	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -560,21 +536,18 @@ static __rte_always_inline void * __rte_hot
 otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 				struct rte_crypto_op *op)
 {
-	const int driver_id = otx_cryptodev_driver_id;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_cryptodev_sym_session *sess;
 	void *req;
 	int ret;
 
 	/* Create temporary session */
-	sess = rte_cryptodev_sym_session_create(instance->sess_mp);
-	if (sess == NULL) {
+	if (rte_mempool_get(instance->sess_mp, (void **)&sess) < 0) {
 		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	ret = sym_session_configure(driver_id, sym_op->xform, sess,
-				    instance->sess_mp_priv);
+	ret = sym_session_configure(sym_op->xform, sess);
 	if (ret)
 		goto sess_put;
 
@@ -583,12 +556,10 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	/* Enqueue op with the tmp session set */
 	req = otx_cpt_enq_single_sym(instance, op);
 	if (unlikely(req == NULL))
-		goto priv_put;
+		goto sess_put;
 
 	return req;
 
-priv_put:
-	sym_session_clear(driver_id, sess);
 sess_put:
 	rte_mempool_put(instance->sess_mp, sess);
 	return NULL;
@@ -873,13 +844,9 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = get_sym_session_private_data(
-		cop->sym->session, otx_cryptodev_driver_id);
+	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+
 	memset(sess_private_data_t, 0, cpt_get_session_size());
-	memset(cop->sym->session, 0,
-	       rte_cryptodev_sym_get_existing_header_session_size(
-		       cop->sym->session));
-	rte_mempool_put(instance->sess_mp_priv, sess_private_data_t);
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
 	cop->sym->session = NULL;
 }
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index c34fd9a546..ed6841e460 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -70,8 +70,6 @@ struct openssl_qp {
 	/**< Ring for placing process packets */
 	struct rte_mempool *sess_mp;
 	/**< Session Mempool */
-	struct rte_mempool *sess_mp_priv;
-	/**< Session Private Data Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index a078038651..0bb536c9e3 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,10 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (struct openssl_session *)
-						get_sym_session_private_data(
-						op->sym->session,
-						cryptodev_driver_id);
+				sess = (void *)
+					op->sym->session->driver_priv_data;
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
@@ -901,32 +899,26 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 			return asym_sess;
 		}
 	} else {
+		struct rte_cryptodev_sym_session *_sess;
 		/* sessionless asymmetric not supported */
 		if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
 			return NULL;
 
 		/* provide internal session */
-		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
-		void *_sess_private_data = NULL;
+		rte_mempool_get(qp->sess_mp, (void **)&_sess);
 
 		if (_sess == NULL)
 			return NULL;
 
-		if (rte_mempool_get(qp->sess_mp_priv,
-				(void **)&_sess_private_data))
-			return NULL;
-
-		sess = (struct openssl_session *)_sess_private_data;
+		sess = (struct openssl_session *)_sess->driver_priv_data;
 
 		if (unlikely(openssl_set_session_parameters(sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
-			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
 			sess = NULL;
 		}
 		op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
-		set_sym_session_private_data(op->sym->session,
-				cryptodev_driver_id, _sess_private_data);
+
 	}
 
 	if (sess == NULL)
@@ -2900,10 +2892,6 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
-		memset(op->sym->session, 0,
-			rte_cryptodev_sym_get_existing_header_session_size(
-				op->sym->session));
-		rte_mempool_put(qp->sess_mp_priv, sess);
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index f7ddbf9c73..2a3662ee5a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -764,7 +764,6 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		goto qp_setup_cleanup;
 
 	qp->sess_mp = qp_conf->mp_session;
-	qp->sess_mp_priv = qp_conf->mp_session_private;
 
 	memset(&qp->stats, 0, sizeof(qp->stats));
 
@@ -794,10 +793,9 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 static int
 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = (void *)sess->driver_priv_data;
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -805,24 +803,14 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		OPENSSL_LOG(ERR,
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = openssl_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
 		OPENSSL_LOG(ERR, "failed configure session parameters");
 
 		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-			sess_private_data);
-
 	return 0;
 }
 
@@ -1328,20 +1316,13 @@ openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
+openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
+	void *sess_priv = (void *)sess->driver_priv_data;
 
 	/* Zero out the whole structure */
-	if (sess_priv) {
-		openssl_reset_session(sess_priv);
-		memset(sess_priv, 0, sizeof(struct openssl_session));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	openssl_reset_session(sess_priv);
 }
 
 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index db6316fbe9..408ae9e42b 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,12 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = get_sym_session_private_data(op->sym->session,
-				qat_sym_driver_id);
-		if (unlikely(!ctx)) {
-			QAT_DP_LOG(ERR, "No session for this device");
-			return -EINVAL;
-		}
+		ctx = (void *)op->sym->session->driver_priv_data;
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -391,8 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (struct qat_sym_session *)get_sym_session_private_data(
-			session_ctx.crypto_sess, qat_sym_driver_id);
+	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 074612c11b..2853ac5b88 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -317,9 +317,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 #endif
 	{
 		sess = (struct qat_sym_session *)
-				get_sym_session_private_data(
-				rx_op->sym->session,
-				qat_sym_driver_id);
+			rx_op->sym->session->driver_priv_data;
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 52b3455cf0..8dd2357702 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -219,22 +219,13 @@ qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
 }
 
 void
-qat_sym_session_clear(struct rte_cryptodev *dev,
+qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_sym_session_private_data(sess, index);
-	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
+	struct qat_sym_session *s = (void *)sess->driver_priv_data;
 
-	if (sess_priv) {
-		if (s->bpi_ctx)
-			bpi_cipher_ctx_free(s->bpi_ctx);
-		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sym_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
+	if (s->bpi_ctx)
+		bpi_cipher_ctx_free(s->bpi_ctx);
 }
 
 static int
@@ -505,35 +496,24 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
-	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
+	ret = qat_sym_session_set_parameters(dev, xform,
+			(void *)sess->driver_priv_data,
+			sess->driver_priv_data_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
 
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sym_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	ossl_legacy_provider_unload();
 # endif
@@ -542,7 +522,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_paddr)
 {
 	struct qat_sym_session *session = session_private;
 	struct qat_cryptodev_private *internals = dev->data->dev_private;
@@ -551,7 +532,6 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	int qat_cmd_id;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 01908abd9e..9e4aab06a6 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -123,12 +123,12 @@ struct qat_sym_session {
 int
 qat_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
+		struct rte_cryptodev_sym_session *sess);
 
 int
 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
+		struct rte_crypto_sym_xform *xform, void *session_private,
+		rte_iova_t session_private_iova);
 
 int
 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index f3a1bd626c..b93821783b 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -468,44 +468,18 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 }
 
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
-	struct rte_crypto_sym_xform *xform,
-	struct rte_cryptodev_sym_session *sess,
-	struct rte_mempool *mempool)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+	struct rte_crypto_sym_xform *xform __rte_unused,
+	struct rte_cryptodev_sym_session *sess __rte_unused)
 {
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-	int ret;
-
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		ret = rte_cryptodev_sym_session_init(worker->dev_id, sess,
-					xform, mempool);
-		if (ret < 0) {
-			CR_SCHED_LOG(ERR, "unable to config sym session");
-			return ret;
-		}
-	}
-
 	return 0;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	uint32_t i;
-
-	/* Clear private data of workers */
-	for (i = 0; i < sched_ctx->nb_workers; i++) {
-		struct scheduler_worker *worker = &sched_ctx->workers[i];
-
-		rte_cryptodev_sym_session_clear(worker->dev_id, sess);
-	}
-}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
+		struct rte_cryptodev_sym_session *sess __rte_unused)
+{}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index ed64866758..6b9e57ee66 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -40,8 +40,7 @@ static void virtio_crypto_sym_clear_session(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
 static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
 
 /*
  * The set of PCI devices this driver supports
@@ -952,12 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)get_sym_session_private_data(
-		sess, cryptodev_virtio_driver_id);
-	if (session == NULL) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid session parameter");
-		return;
-	}
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1070,10 +1064,6 @@ virtio_crypto_sym_clear_session(
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("Close session %"PRIu64" successfully ",
 			session->session_id);
 
-	memset(session, 0, sizeof(struct virtio_crypto_session));
-	struct rte_mempool *sess_mp = rte_mempool_from_obj(session);
-	set_sym_session_private_data(sess, cryptodev_virtio_driver_id, NULL);
-	rte_mempool_put(sess_mp, session);
 	rte_free(malloc_virt_addr);
 }
 
@@ -1292,11 +1282,9 @@ static int
 virtio_crypto_check_sym_configure_session_paras(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sym_sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sym_sess)
 {
-	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL) ||
-		unlikely(mempool == NULL)) {
+	if (unlikely(xform == NULL) || unlikely(sym_sess == NULL)) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("NULL pointer");
 		return -1;
 	}
@@ -1311,12 +1299,9 @@ static int
 virtio_crypto_sym_configure_session(
 		struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_cryptodev_sym_session *sess)
 {
 	int ret;
-	struct virtio_crypto_session crypto_sess;
-	void *session_private = &crypto_sess;
 	struct virtio_crypto_session *session;
 	struct virtio_crypto_op_ctrl_req *ctrl_req;
 	enum virtio_crypto_cmd_id cmd_id;
@@ -1328,19 +1313,12 @@ virtio_crypto_sym_configure_session(
 	PMD_INIT_FUNC_TRACE();
 
 	ret = virtio_crypto_check_sym_configure_session_paras(dev, xform,
-			sess, mempool);
+			sess);
 	if (ret < 0) {
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-
-	if (rte_mempool_get(mempool, &session_private)) {
-		VIRTIO_CRYPTO_SESSION_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	session = (struct virtio_crypto_session *)session_private;
+	session = (struct virtio_crypto_session *)sess->driver_priv_data;
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
@@ -1402,10 +1380,6 @@ virtio_crypto_sym_configure_session(
 			"Unsupported operation chain order parameter");
 		goto error_out;
 	}
-
-	set_sym_session_private_data(sess, dev->driver_id,
-		session_private);
-
 	return 0;
 
 error_out:
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 08359b3a39..b7f492a7f2 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,8 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(struct virtio_crypto_session *)get_sym_session_private_data(
-		cop->sym->session, cryptodev_virtio_driver_id);
+		(void *)cop->sym->session->driver_priv_data;
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index 19af134bbe..bce903e007 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -969,7 +969,6 @@ struct fips_dev_auto_test_env {
 	struct rte_mempool *mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 };
@@ -1479,13 +1478,8 @@ run_single_test(uint8_t dev_id,
 		return ret;
 	}
 
-	sess = rte_cryptodev_sym_session_create(env->sess_pool);
-	if (!sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(dev_id,
-			sess, &xform, env->sess_priv_pool);
-	if (ret < 0) {
+	sess = rte_cryptodev_sym_session_create(dev_id, &xform, env->sess_pool);
+	if (!sess) {
 		RTE_LOG(ERR, PMD, "Error %i: Init session\n", ret);
 		return ret;
 	}
@@ -1508,8 +1502,7 @@ run_single_test(uint8_t dev_id,
 				1);
 	} while (n_deqd == 0);
 
-	rte_cryptodev_sym_session_clear(dev_id, sess);
-	rte_cryptodev_sym_session_free(sess);
+	rte_cryptodev_sym_session_free(dev_id, sess);
 
 	if (env->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
 		return -1;
@@ -1527,7 +1520,6 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 	rte_mempool_free(env->mpool);
 	rte_mempool_free(env->op_pool);
 	rte_mempool_free(env->sess_pool);
-	rte_mempool_free(env->sess_priv_pool);
 
 	rte_cryptodev_stop(dev_id);
 }
@@ -1535,7 +1527,7 @@ fips_dev_auto_test_uninit(uint8_t dev_id,
 static int
 fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 {
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
 	struct rte_cryptodev_config conf;
 	char name[128];
@@ -1579,25 +1571,13 @@ fips_dev_auto_test_init(uint8_t dev_id, struct fips_dev_auto_test_env *env)
 	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_POOL", dev_id);
 
 	env->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-			128, 0, 0, 0, rte_cryptodev_socket_id(dev_id));
+			128, sess_sz, 0, 0, rte_cryptodev_socket_id(dev_id));
 	if (!env->sess_pool) {
 		ret = -ENOMEM;
 		goto error_exit;
 	}
 
-	memset(name, 0, 128);
-	snprintf(name, 128, "%s%u", "SELF_TEST_SESS_PRIV_POOL", dev_id);
-
-	env->sess_priv_pool = rte_mempool_create(name,
-			128, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_cryptodev_socket_id(dev_id), 0);
-	if (!env->sess_priv_pool) {
-		ret = -ENOMEM;
-		goto error_exit;
-	}
-
 	qp_conf.mp_session = env->sess_pool;
-	qp_conf.mp_session_private = env->sess_priv_pool;
 
 	ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf,
 			rte_cryptodev_socket_id(dev_id));
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index e6c0b6a3a1..e73e6b09c3 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -55,7 +55,6 @@ struct cryptodev_fips_validate_env {
 	uint16_t mbuf_data_room;
 	struct rte_mempool *mpool;
 	struct rte_mempool *sess_mpool;
-	struct rte_mempool *sess_priv_mpool;
 	struct rte_mempool *op_pool;
 	struct rte_mbuf *mbuf;
 	uint8_t *digest;
@@ -70,7 +69,7 @@ static int
 cryptodev_fips_validate_app_int(void)
 {
 	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
-	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+	struct rte_cryptodev_qp_conf qp_conf = {128, NULL};
 	struct rte_cryptodev_info dev_info;
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
@@ -110,16 +109,11 @@ cryptodev_fips_validate_app_int(void)
 	ret = -ENOMEM;
 
 	env.sess_mpool = rte_cryptodev_sym_session_pool_create(
-			"FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+			"FIPS_SESS_MEMPOOL", 16, sess_sz, 0, 0,
+			rte_socket_id());
 	if (!env.sess_mpool)
 		goto error_exit;
 
-	env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
-			16, sess_sz, 0, 0, NULL, NULL, NULL,
-			NULL, rte_socket_id(), 0);
-	if (!env.sess_priv_mpool)
-		goto error_exit;
-
 	env.op_pool = rte_crypto_op_pool_create(
 			"FIPS_OP_POOL",
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -134,7 +128,6 @@ cryptodev_fips_validate_app_int(void)
 		goto error_exit;
 
 	qp_conf.mp_session = env.sess_mpool;
-	qp_conf.mp_session_private = env.sess_priv_mpool;
 
 	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
 			rte_socket_id());
@@ -151,7 +144,6 @@ cryptodev_fips_validate_app_int(void)
 
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 
 	return ret;
@@ -162,11 +154,9 @@ cryptodev_fips_validate_app_uninit(void)
 {
 	rte_pktmbuf_free(env.mbuf);
 	rte_crypto_op_free(env.op);
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
+	rte_cryptodev_sym_session_free(env.dev_id, env.sess);
 	rte_mempool_free(env.mpool);
 	rte_mempool_free(env.sess_mpool);
-	rte_mempool_free(env.sess_priv_mpool);
 	rte_mempool_free(env.op_pool);
 }
 
@@ -1202,13 +1192,9 @@ fips_run_test(void)
 	if (ret < 0)
 		return ret;
 
-	env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
-	if (!env.sess)
-		return -ENOMEM;
-
-	ret = rte_cryptodev_sym_session_init(env.dev_id,
-			env.sess, &xform, env.sess_priv_mpool);
-	if (ret < 0) {
+	env.sess = rte_cryptodev_sym_session_create(env.dev_id, &xform,
+			env.sess_mpool);
+	if (!env.sess) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
 		goto exit;
@@ -1237,9 +1223,10 @@ fips_run_test(void)
 	vec.status = env.op->status;
 
 exit:
-	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
-	rte_cryptodev_sym_session_free(env.sess);
-	env.sess = NULL;
+	if (env.sess) {
+		rte_cryptodev_sym_session_free(env.dev_id, env.sess);
+		env.sess = NULL;
+	}
 
 	return ret;
 }
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 8a25b83535..ce4b4ba806 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1693,8 +1693,6 @@ cryptodevs_init(uint16_t req_queue_num)
 		qp_conf.nb_descriptors = qp_desc_nb;
 		qp_conf.mp_session =
 			socket_ctx[dev_conf.socket_id].session_pool;
-		qp_conf.mp_session_private =
-			socket_ctx[dev_conf.socket_id].session_priv_pool;
 		for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
 			if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
 					&qp_conf, dev_conf.socket_id))
@@ -2523,12 +2521,8 @@ one_session_free(struct rte_ipsec_session *ips)
 		if (ips->crypto.ses == NULL)
 			return 0;
 
-		ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
-						      ips->crypto.ses);
-		if (ret)
-			return ret;
-
-		ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+		ret = rte_cryptodev_sym_session_free(ips->crypto.dev_id,
+				ips->crypto.ses);
 	} else {
 		/* Session has not been created */
 		if (ips->security.ctx == NULL || ips->security.ses == NULL)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 7b7bfff696..bb84dcec7e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -174,11 +174,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 
 		}
 		ips->crypto.dev_id = cdev_id;
-		ips->crypto.ses = rte_cryptodev_sym_session_create(
-				skt_ctx->session_pool);
-		rte_cryptodev_sym_session_init(cdev_id,
-				ips->crypto.ses, sa->xforms,
-				skt_ctx->session_priv_pool);
+		ips->crypto.ses = rte_cryptodev_sym_session_create(cdev_id,
+				sa->xforms, skt_ctx->session_pool);
 
 		rte_cryptodev_info_get(cdev_id, &cdev_info);
 	}
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bf4b862379..b555e63ff6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -228,7 +228,6 @@ struct rte_mempool *l2fwd_pktmbuf_pool;
 struct rte_mempool *l2fwd_crypto_op_pool;
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 /* Per-port statistics struct */
@@ -675,7 +674,6 @@ static struct rte_cryptodev_sym_session *
 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
 	struct rte_crypto_sym_xform *first_xform;
-	struct rte_cryptodev_sym_session *session;
 	int retval = rte_cryptodev_socket_id(cdev_id);
 
 	if (retval < 0)
@@ -697,17 +695,8 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 		first_xform = &options->auth_xform;
 	}
 
-	session = rte_cryptodev_sym_session_create(
+	return rte_cryptodev_sym_session_create(cdev_id, first_xform,
 			session_pool_socket[socket_id].sess_mp);
-	if (session == NULL)
-		return NULL;
-
-	if (rte_cryptodev_sym_session_init(cdev_id, session,
-				first_xform,
-				session_pool_socket[socket_id].priv_mp) < 0)
-		return NULL;
-
-	return session;
 }
 /* >8 End of creation of session. */
 
@@ -2380,13 +2369,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
-		/*
-		 * Two sessions objects are required for each session
-		 * (one for the header, one for the private data)
-		 */
 		if (!strcmp(dev_info.driver_name, "crypto_scheduler")) {
 #ifdef RTE_CRYPTO_SCHEDULER
-			uint32_t nb_workers =
+			/* scheduler session header + 1 session per worker */
+			uint32_t nb_workers = 1 +
 				rte_cryptodev_scheduler_workers_get(cdev_id,
 								NULL);
 
@@ -2395,41 +2381,15 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		} else
 			sessions_needed = enabled_cdev_count;
 
-		if (session_pool_socket[socket_id].priv_mp == NULL) {
-			char mp_name[RTE_MEMPOOL_NAMESIZE];
-
-			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-				"priv_sess_mp_%u", socket_id);
-
-			session_pool_socket[socket_id].priv_mp =
-					rte_mempool_create(mp_name,
-						sessions_needed,
-						max_sess_sz,
-						0, 0, NULL, NULL, NULL,
-						NULL, socket_id,
-						0);
-
-			if (session_pool_socket[socket_id].priv_mp == NULL) {
-				printf("Cannot create pool on socket %d\n",
-					socket_id);
-				return -ENOMEM;
-			}
-
-			printf("Allocated pool \"%s\" on socket %d\n",
-				mp_name, socket_id);
-		}
-
 		if (session_pool_socket[socket_id].sess_mp == NULL) {
 			char mp_name[RTE_MEMPOOL_NAMESIZE];
 			snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 				"sess_mp_%u", socket_id);
 
 			session_pool_socket[socket_id].sess_mp =
-					rte_cryptodev_sym_session_pool_create(
-							mp_name,
-							sessions_needed,
-							0, 0, 0, socket_id);
-
+				rte_cryptodev_sym_session_pool_create(
+					mp_name, sessions_needed, max_sess_sz,
+					0, 0, socket_id);
 			if (session_pool_socket[socket_id].sess_mp == NULL) {
 				printf("Cannot create pool on socket %d\n",
 					socket_id);
@@ -2580,8 +2540,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		qp_conf.nb_descriptors = 2048;
 		qp_conf.mp_session = session_pool_socket[socket_id].sess_mp;
-		qp_conf.mp_session_private =
-				session_pool_socket[socket_id].priv_mp;
 
 		retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
 				socket_id);
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index 7d75623a5e..02987ebd76 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -46,7 +46,6 @@ struct vhost_crypto_info {
 	int vids[MAX_NB_SOCKETS];
 	uint32_t nb_vids;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *cop_pool;
 	uint8_t cid;
 	uint32_t qid;
@@ -304,7 +303,6 @@ new_device(int vid)
 	}
 
 	ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
-			info->sess_priv_pool,
 			rte_lcore_to_socket_id(options.los[i].lcore_id));
 	if (ret) {
 		RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -458,7 +456,6 @@ free_resource(void)
 
 		rte_mempool_free(info->cop_pool);
 		rte_mempool_free(info->sess_pool);
-		rte_mempool_free(info->sess_priv_pool);
 
 		for (j = 0; j < lo->nb_sockets; j++) {
 			rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -544,16 +541,12 @@ main(int argc, char *argv[])
 
 		snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
 		info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
-				SESSION_MAP_ENTRIES, 0, 0, 0,
-				rte_lcore_to_socket_id(lo->lcore_id));
-
-		snprintf(name, 127, "SESS_POOL_PRIV_%u", lo->lcore_id);
-		info->sess_priv_pool = rte_mempool_create(name,
 				SESSION_MAP_ENTRIES,
 				rte_cryptodev_sym_get_private_session_size(
-				info->cid), 64, 0, NULL, NULL, NULL, NULL,
-				rte_lcore_to_socket_id(lo->lcore_id), 0);
-		if (!info->sess_priv_pool || !info->sess_pool) {
+				info->cid), 0, 0,
+				rte_lcore_to_socket_id(lo->lcore_id));
+
+		if (!info->sess_pool) {
 			RTE_LOG(ERR, USER1, "Failed to create mempool");
 			goto error_exit;
 		}
@@ -574,7 +567,6 @@ main(int argc, char *argv[])
 
 		qp_conf.nb_descriptors = NB_CRYPTO_DESCRIPTORS;
 		qp_conf.mp_session = info->sess_pool;
-		qp_conf.mp_session_private = info->sess_priv_pool;
 
 		for (j = 0; j < dev_info.max_nb_queue_pairs; j++) {
 			ret = rte_cryptodev_queue_pair_setup(info->cid, j,
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 3dcc3cb7ed..f518a0f89b 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -301,7 +301,6 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  * @param	dev		Crypto device pointer
  * @param	xform		Single or chain of crypto xforms
  * @param	session		Pointer to cryptodev's private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -311,8 +310,8 @@ typedef unsigned int (*cryptodev_asym_get_session_private_size_t)(
  */
 typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *session,
-		struct rte_mempool *mp);
+		struct rte_cryptodev_sym_session *session);
+
 /**
  * Configure a Crypto asymmetric session on a device.
  *
@@ -337,6 +336,7 @@ typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
  */
 typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess);
+
 /**
  * Clear asymmetric session private data.
  *
@@ -637,28 +637,6 @@ __rte_internal
 void *
 rte_cryptodev_session_event_mdata_get(struct rte_crypto_op *op);
 
-static inline void *
-get_sym_session_private_data(const struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id) {
-	if (unlikely(sess->nb_drivers <= driver_id))
-		return NULL;
-
-	return sess->sess_data[driver_id].data;
-}
-
-static inline void
-set_sym_session_private_data(struct rte_cryptodev_sym_session *sess,
-		uint8_t driver_id, void *private_data)
-{
-	if (unlikely(sess->nb_drivers <= driver_id)) {
-		CDEV_LOG_ERR("Set private data for driver %u not allowed\n",
-				driver_id);
-		return;
-	}
-
-	sess->sess_data[driver_id].data = private_data;
-}
-
 /**
  * @internal
  * Cryptodev asymmetric crypto session.
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index c5bfe08b79..019fc0c800 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -39,12 +39,6 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_free,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_session_free,
 	lib.cryptodev.asym.free)
 
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_init,
-	lib.cryptodev.sym.init)
-
-RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_session_clear,
-	lib.cryptodev.sym.clear)
-
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_enqueue_burst,
 	lib.cryptodev.enq.burst)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 35661f5347..a326eb0e17 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -199,12 +199,9 @@ const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
-/**
- * The private data structure stored in the sym session mempool private data.
- */
 struct rte_cryptodev_sym_session_pool_private_data {
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint16_t sess_data_sz;
+	/**< driver session data size */
 	uint16_t user_data_sz;
 	/**< session user data will be placed after sess_data */
 };
@@ -1211,6 +1208,24 @@ rte_cryptodev_get_qp_status(uint8_t dev_id, uint16_t queue_pair_id)
 	return 0;
 }
 
+static uint8_t
+rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp,
+	uint32_t sess_priv_size)
+{
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (!mp)
+		return 0;
+
+	pool_priv = rte_mempool_get_priv(mp);
+
+	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
+			pool_priv->sess_data_sz < sess_priv_size)
+		return 0;
+
+	return 1;
+}
+
 int
 rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		const struct rte_cryptodev_qp_conf *qp_conf, int socket_id)
@@ -1234,17 +1249,8 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 		return -EINVAL;
 	}
 
-	if ((qp_conf->mp_session && !qp_conf->mp_session_private) ||
-			(!qp_conf->mp_session && qp_conf->mp_session_private)) {
-		CDEV_LOG_ERR("Invalid mempools\n");
-		return -EINVAL;
-	}
-
 	if (qp_conf->mp_session) {
 		struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-		uint32_t obj_size = qp_conf->mp_session->elt_size;
-		uint32_t obj_priv_size = qp_conf->mp_session_private->elt_size;
-		struct rte_cryptodev_sym_session s = {0};
 
 		pool_priv = rte_mempool_get_priv(qp_conf->mp_session);
 		if (!pool_priv || qp_conf->mp_session->private_data_size <
@@ -1253,13 +1259,9 @@ rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
 			return -EINVAL;
 		}
 
-		s.nb_drivers = pool_priv->nb_drivers;
-		s.user_data_sz = pool_priv->user_data_sz;
-
-		if ((rte_cryptodev_sym_get_existing_header_session_size(&s) >
-			obj_size) || (s.nb_drivers <= dev->driver_id) ||
-			rte_cryptodev_sym_get_private_session_size(dev_id) >
-				obj_priv_size) {
+		if (!rte_cryptodev_sym_is_valid_session_pool(
+			qp_conf->mp_session,
+			rte_cryptodev_sym_get_private_session_size(dev_id))) {
 			CDEV_LOG_ERR("Invalid mempool\n");
 			return -EINVAL;
 		}
@@ -1719,53 +1721,6 @@ rte_cryptodev_pmd_callback_process(struct rte_cryptodev *dev,
 	rte_spinlock_unlock(&rte_cryptodev_cb_lock);
 }
 
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_crypto_sym_xform *xforms,
-		struct rte_mempool *mp)
-{
-	struct rte_cryptodev *dev;
-	uint32_t sess_priv_sz = rte_cryptodev_sym_get_private_session_size(
-			dev_id);
-	uint8_t index;
-	int ret;
-
-	if (!rte_cryptodev_is_valid_dev(dev_id)) {
-		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
-		return -EINVAL;
-	}
-
-	dev = rte_cryptodev_pmd_get_dev(dev_id);
-
-	if (sess == NULL || xforms == NULL || dev == NULL || mp == NULL)
-		return -EINVAL;
-
-	if (mp->elt_size < sess_priv_sz)
-		return -EINVAL;
-
-	index = dev->driver_id;
-	if (index >= sess->nb_drivers)
-		return -EINVAL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
-
-	if (sess->sess_data[index].refcnt == 0) {
-		ret = dev->dev_ops->sym_session_configure(dev, xforms,
-							sess, mp);
-		if (ret < 0) {
-			CDEV_LOG_ERR(
-				"dev_id %d failed to configure session details",
-				dev_id);
-			return ret;
-		}
-	}
-
-	rte_cryptodev_trace_sym_session_init(dev_id, sess, xforms, mp);
-	sess->sess_data[index].refcnt++;
-	return 0;
-}
-
 struct rte_mempool *
 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t user_data_size,
@@ -1775,16 +1730,13 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 	uint32_t obj_sz;
 
-	obj_sz = rte_cryptodev_sym_get_header_session_size() + user_data_size;
-	if (obj_sz > elt_size)
-		CDEV_LOG_INFO("elt_size %u is expanded to %u\n", elt_size,
-				obj_sz);
-	else
-		obj_sz = elt_size;
+	obj_sz = sizeof(struct rte_cryptodev_sym_session) + elt_size +
+		user_data_size;
 
+	obj_sz =  RTE_ALIGN_CEIL(obj_sz, RTE_CACHE_LINE_SIZE);
 	mp = rte_mempool_create(name, nb_elts, obj_sz, cache_size,
-			(uint32_t)(sizeof(*pool_priv)),
-			NULL, NULL, NULL, NULL,
+			(uint32_t)(sizeof(*pool_priv)), NULL, NULL,
+			NULL, NULL,
 			socket_id, 0);
 	if (mp == NULL) {
 		CDEV_LOG_ERR("%s(name=%s) failed, rte_errno=%d\n",
@@ -1800,7 +1752,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 		return NULL;
 	}
 
-	pool_priv->nb_drivers = nb_drivers;
+	pool_priv->sess_data_sz = elt_size;
 	pool_priv->user_data_sz = user_data_size;
 
 	rte_cryptodev_trace_sym_session_pool_create(name, nb_elts,
@@ -1858,64 +1810,68 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	return mp;
 }
 
-static unsigned int
-rte_cryptodev_sym_session_data_size(struct rte_cryptodev_sym_session *sess)
-{
-	return (sizeof(sess->sess_data[0]) * sess->nb_drivers) +
-			sess->user_data_sz;
-}
-
-static uint8_t
-rte_cryptodev_sym_is_valid_session_pool(struct rte_mempool *mp)
-{
-	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
-
-	if (!mp)
-		return 0;
-
-	pool_priv = rte_mempool_get_priv(mp);
-
-	if (!pool_priv || mp->private_data_size < sizeof(*pool_priv) ||
-			pool_priv->nb_drivers != nb_drivers ||
-			mp->elt_size <
-				rte_cryptodev_sym_get_header_session_size()
-				+ pool_priv->user_data_sz)
-		return 0;
-
-	return 1;
-}
-
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mp)
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp)
 {
+	struct rte_cryptodev *dev;
 	struct rte_cryptodev_sym_session *sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
-	if (!rte_cryptodev_sym_is_valid_session_pool(mp)) {
+	uint32_t sess_priv_sz;
+	int ret;
+
+	if (!rte_cryptodev_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	if (xforms == NULL) {
+		CDEV_LOG_ERR("Invalid xform\n");
+		return NULL;
+	}
+
+	sess_priv_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
+	if (!rte_cryptodev_sym_is_valid_session_pool(mp, sess_priv_sz)) {
 		CDEV_LOG_ERR("Invalid mempool\n");
 		return NULL;
 	}
 
-	pool_priv = rte_mempool_get_priv(mp);
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	/* Allocate a session structure from the session pool */
 	if (rte_mempool_get(mp, (void **)&sess)) {
 		CDEV_LOG_ERR("couldn't get object from session mempool");
+		rte_errno = ENOMEM;
 		return NULL;
 	}
 
-	sess->nb_drivers = pool_priv->nb_drivers;
+	pool_priv = rte_mempool_get_priv(mp);
+	sess->driver_id = dev->driver_id;
+	sess->sess_data_sz = pool_priv->sess_data_sz;
 	sess->user_data_sz = pool_priv->user_data_sz;
-	sess->opaque_data = 0;
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_cryptodev_sym_session, driver_priv_data);
 
-	/* Clear device session pointer.
-	 * Include the flag indicating presence of user data
-	 */
-	memset(sess->sess_data, 0,
-			rte_cryptodev_sym_session_data_size(sess));
+	if (dev->dev_ops->sym_session_configure == NULL) {
+		rte_errno = ENOTSUP;
+		goto error_exit;
+	}
 
-	rte_cryptodev_trace_sym_session_create(mp, sess);
-	return sess;
+	ret = dev->dev_ops->sym_session_configure(dev, xforms, sess);
+	if (ret < 0) {
+		rte_errno = -ret;
+		goto error_exit;
+	}
+	sess->driver_id = dev->driver_id;
+
+	rte_cryptodev_trace_sym_session_create(dev_id, sess, xforms, mp);
+
+	return (void *)sess;
+error_exit:
+	rte_mempool_put(mp, (void *)sess);
+	return NULL;
 }
 
 int
@@ -1994,11 +1950,15 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess)
 {
 	struct rte_cryptodev *dev;
-	uint8_t driver_id;
+	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
+
+	if (sess == NULL)
+		return -EINVAL;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
@@ -2010,37 +1970,24 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 	if (dev == NULL || sess == NULL)
 		return -EINVAL;
 
-	driver_id = dev->driver_id;
-	if (sess->sess_data[driver_id].refcnt == 0)
-		return 0;
-	if (--sess->sess_data[driver_id].refcnt != 0)
-		return -EBUSY;
+	sess_mp = rte_mempool_from_obj(sess);
+	if (!sess_mp)
+		return -EINVAL;
+	pool_priv = rte_mempool_get_priv(sess_mp);
+
+	if (sess->driver_id != dev->driver_id) {
+		CDEV_LOG_ERR("Session created by driver %u but freed by %u",
+			sess->driver_id, dev->driver_id);
+		return -EINVAL;
+	}
 
 	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
 
 	dev->dev_ops->sym_session_clear(dev, sess);
-
-	rte_cryptodev_trace_sym_session_clear(dev_id, sess);
-	return 0;
-}
-
-int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
-{
-	uint8_t i;
-	struct rte_mempool *sess_mp;
-
-	if (sess == NULL)
-		return -EINVAL;
-
-	/* Check that all device private data has been freed */
-	for (i = 0; i < sess->nb_drivers; i++) {
-		if (sess->sess_data[i].refcnt != 0)
-			return -EBUSY;
-	}
+	memset(sess->driver_priv_data, 0, pool_priv->sess_data_sz +
+		pool_priv->user_data_sz);
 
 	/* Return session to mempool */
-	sess_mp = rte_mempool_from_obj(sess);
 	rte_mempool_put(sess_mp, sess);
 
 	rte_cryptodev_trace_sym_session_free(sess);
@@ -2077,33 +2024,6 @@ rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess)
 	return 0;
 }
 
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void)
-{
-	/*
-	 * Header contains pointers to the private data of all registered
-	 * drivers and all necessary information to ensure safely clear
-	 * or free al session.
-	 */
-	struct rte_cryptodev_sym_session s = {0};
-
-	s.nb_drivers = nb_drivers;
-
-	return (unsigned int)(sizeof(s) +
-			rte_cryptodev_sym_session_data_size(&s));
-}
-
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess)
-{
-	if (!sess)
-		return 0;
-	else
-		return (unsigned int)(sizeof(*sess) +
-				rte_cryptodev_sym_session_data_size(sess));
-}
-
 unsigned int
 rte_cryptodev_asym_get_header_session_size(void)
 {
@@ -2150,9 +2070,8 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 
 int
 rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
-					void *data,
-					uint16_t size)
+		struct rte_cryptodev_sym_session *sess, void *data,
+		uint16_t size)
 {
 	if (sess == NULL)
 		return -EINVAL;
@@ -2160,18 +2079,17 @@ rte_cryptodev_sym_session_set_user_data(
 	if (sess->user_data_sz < size)
 		return -ENOMEM;
 
-	rte_memcpy(sess->sess_data + sess->nb_drivers, data, size);
+	rte_memcpy(sess->driver_priv_data + sess->sess_data_sz, data, size);
 	return 0;
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
 {
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
-	return (void *)(sess->sess_data + sess->nb_drivers);
+	return (void *)(sess->driver_priv_data + sess->sess_data_sz);
 }
 
 int
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 56f459c6a0..0c65958f25 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -544,8 +544,6 @@ struct rte_cryptodev_qp_conf {
 	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
 	struct rte_mempool *mp_session;
 	/**< The mempool for creating session in sessionless mode */
-	struct rte_mempool *mp_session_private;
-	/**< The mempool for creating sess private data in sessionless mode */
 };
 
 /**
@@ -909,17 +907,21 @@ rte_cryptodev_get_sec_ctx(uint8_t dev_id);
  * has a fixed algo, key, op-type, digest_len etc.
  */
 struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint8_t driver_id;
 	uint64_t opaque_data;
 	/**< Can be used for external metadata */
-	uint16_t nb_drivers;
-	/**< number of elements in sess_data array */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
 	uint16_t user_data_sz;
-	/**< session user data will be placed after sess_data */
-	__extension__ struct {
-		void *data;
-		uint16_t refcnt;
-	} sess_data[];
-	/**< Driver specific session material, variable size */
+	/**< session user data will be placed after sess data */
+	rte_iova_t driver_priv_data_iova;
+	/**< session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
 };
 
 /**
@@ -954,6 +956,7 @@ rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t elt_size, uint32_t cache_size, uint16_t priv_size,
 	int socket_id);
 
+
 /**
  * Create an asymmetric session mempool.
  *
@@ -980,17 +983,22 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
 	uint32_t cache_size, uint16_t user_data_size, int socket_id);
 
 /**
- * Create symmetric crypto session header (generic with no private data)
+ * Create symmetric crypto session and fill out private data for the device id,
+ * based on its device type.
+ *
+ * @param   dev_id   ID of device that we want the session to be used on
+ * @param   xforms   Symmetric crypto transform operations to apply on flow
+ *                   processed with this session
+ * @param   mempool  Mempool where the private data is allocated.
  *
- * @param   mempool    Symmetric session mempool to allocate session
- *                     objects from
  * @return
- *  - On success return pointer to sym-session
- *  - On failure returns NULL
+ *  - On success return pointer to sym-session.
+ *  - On failure returns NULL.
  */
-struct rte_cryptodev_sym_session *
-rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
-
+void *
+rte_cryptodev_sym_session_create(uint8_t dev_id,
+		struct rte_crypto_sym_xform *xforms,
+		struct rte_mempool *mp);
 /**
  * Create and initialise an asymmetric crypto session structure.
  * Calls the PMD to configure the private session data.
@@ -1015,19 +1023,20 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 		void **session);
 
 /**
- * Frees symmetric crypto session header, after checking that all
- * the device private data has been freed, returning it
- * to its original mempool.
+ * Frees session for the device id and returning it to its mempool.
+ * It is the application's responsibility to ensure that the session
+ * is not still in-flight operations using it.
  *
+ * @param   dev_id   ID of device that uses the session.
  * @param   sess     Session header to be freed.
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
- *  - -EBUSY if not all device private data has been freed.
+ *  - -EINVAL if session is NULL or the mismatched device ids.
  */
 int
-rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_free(uint8_t dev_id,
+	struct rte_cryptodev_sym_session *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1044,72 +1053,6 @@ __rte_experimental
 int
 rte_cryptodev_asym_session_free(uint8_t dev_id, void *sess);
 
-/**
- * Fill out private data for the device id, based on its device type.
- *
- * @param   dev_id   ID of device that we want the session to be used on
- * @param   sess     Session where the private data will be attached to
- * @param   xforms   Symmetric crypto transform operations to apply on flow
- *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
- *
- * @return
- *  - On success, zero.
- *  - -EINVAL if input parameters are invalid.
- *  - -ENOTSUP if crypto device does not support the crypto transform or
- *    does not support symmetric operations.
- *  - -ENOMEM if the private session could not be allocated.
- */
-int
-rte_cryptodev_sym_session_init(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess,
-			struct rte_crypto_sym_xform *xforms,
-			struct rte_mempool *mempool);
-
-/**
- * Frees private data for the device id, based on its device type,
- * returning it to its mempool. It is the application's responsibility
- * to ensure that private session data is not cleared while there are
- * still in-flight operations using it.
- *
- * @param   dev_id   ID of device that uses the session.
- * @param   sess     Session containing the reference to the private data
- *
- * @return
- *  - 0 if successful.
- *  - -EINVAL if device is invalid or session is NULL.
- *  - -ENOTSUP if crypto device does not support symmetric operations.
- */
-int
-rte_cryptodev_sym_session_clear(uint8_t dev_id,
-			struct rte_cryptodev_sym_session *sess);
-
-/**
- * Get the size of the header session, for all registered drivers excluding
- * the user data size.
- *
- * @return
- *   Size of the symmetric header session.
- */
-unsigned int
-rte_cryptodev_sym_get_header_session_size(void);
-
-/**
- * Get the size of the header session from created session.
- *
- * @param sess
- *   The sym cryptodev session pointer
- *
- * @return
- *   - If sess is not NULL, return the size of the header session including
- *   the private data size defined within sess.
- *   - If sess is NULL, return 0.
- */
-__rte_experimental
-unsigned int
-rte_cryptodev_sym_get_existing_header_session_size(
-		struct rte_cryptodev_sym_session *sess);
-
 /**
  * Get the size of the asymmetric session header.
  *
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index a3f6048e7d..055c44fb22 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -56,7 +56,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_u16(queue_pair_id);
 	rte_trace_point_emit_u32(conf->nb_descriptors);
 	rte_trace_point_emit_ptr(conf->mp_session);
-	rte_trace_point_emit_ptr(conf->mp_session_private);
 )
 
 RTE_TRACE_POINT(
@@ -74,13 +73,16 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(void *mempool,
-		struct rte_cryptodev_sym_session *sess),
-	rte_trace_point_emit_ptr(mempool);
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
+		struct rte_cryptodev_sym_session *sess, void *xforms,
+		void *mempool),
+	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
 	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
+	rte_trace_point_emit_u8(sess->driver_id);
 	rte_trace_point_emit_u16(sess->user_data_sz);
+	rte_trace_point_emit_ptr(xforms);
+	rte_trace_point_emit_ptr(mempool);
 )
 
 RTE_TRACE_POINT(
@@ -117,27 +119,6 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_ptr(sess);
 )
 
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_init,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
-		void *mempool),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u16(sess->nb_drivers);
-	rte_trace_point_emit_u16(sess->user_data_sz);
-	rte_trace_point_emit_ptr(xforms);
-	rte_trace_point_emit_ptr(mempool);
-)
-
-RTE_TRACE_POINT(
-	rte_cryptodev_trace_sym_session_clear,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess),
-	rte_trace_point_emit_u8(dev_id);
-	rte_trace_point_emit_ptr(sess);
-)
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 5aee87c6f7..6fcf6ae985 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -38,12 +38,9 @@ DPDK_23 {
 	rte_cryptodev_sym_capability_check_auth;
 	rte_cryptodev_sym_capability_check_cipher;
 	rte_cryptodev_sym_capability_get;
-	rte_cryptodev_sym_get_header_session_size;
 	rte_cryptodev_sym_get_private_session_size;
-	rte_cryptodev_sym_session_clear;
 	rte_cryptodev_sym_session_create;
 	rte_cryptodev_sym_session_free;
-	rte_cryptodev_sym_session_init;
 
 	local: *;
 };
@@ -60,7 +57,6 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-	rte_cryptodev_sym_get_existing_header_session_size;
 	rte_cryptodev_sym_session_get_user_data;
 	rte_cryptodev_sym_session_pool_create;
 	rte_cryptodev_sym_session_set_user_data;
@@ -78,8 +74,6 @@ EXPERIMENTAL {
 	__rte_cryptodev_trace_asym_session_create;
 	__rte_cryptodev_trace_sym_session_free;
 	__rte_cryptodev_trace_asym_session_free;
-	__rte_cryptodev_trace_sym_session_init;
-	__rte_cryptodev_trace_sym_session_clear;
 	__rte_cryptodev_trace_dequeue_burst;
 	__rte_cryptodev_trace_enqueue_burst;
 
diff --git a/lib/pipeline/rte_table_action.c b/lib/pipeline/rte_table_action.c
index b1310be565..cb792bbe0d 100644
--- a/lib/pipeline/rte_table_action.c
+++ b/lib/pipeline/rte_table_action.c
@@ -1898,17 +1898,11 @@ sym_crypto_apply(struct sym_crypto_data *data,
 		}
 	}
 
-	session = rte_cryptodev_sym_session_create(cfg->mp_create);
+	session = rte_cryptodev_sym_session_create(cfg->cryptodev_id,
+			p->xform, cfg->mp_create);
 	if (!session)
 		return -ENOMEM;
 
-	ret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,
-			p->xform, cfg->mp_init);
-	if (ret < 0) {
-		rte_cryptodev_sym_session_free(session);
-		return ret;
-	}
-
 	data->data_offset = (uint16_t)p->data_offset;
 	data->session = session;
 
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index b49e389579..2b01ecda08 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -54,8 +54,6 @@ rte_vhost_crypto_driver_start(const char *path);
  *  multiple Vhost-crypto devices.
  * @param sess_pool
  *  The pointer to the created cryptodev session pool.
- * @param sess_priv_pool
- *  The pointer to the created cryptodev session private data mempool.
  * @param socket_id
  *  NUMA Socket ID to allocate resources on. *
  * @return
@@ -65,7 +63,6 @@ rte_vhost_crypto_driver_start(const char *path);
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id);
 
 /**
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index 54946f46d9..7321da21b7 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -197,7 +197,6 @@ struct vhost_crypto {
 	struct rte_hash *session_map;
 	struct rte_mempool *mbuf_pool;
 	struct rte_mempool *sess_pool;
-	struct rte_mempool *sess_priv_pool;
 	struct rte_mempool *wb_pool;
 
 	/** DPDK cryptodev ID */
@@ -376,31 +375,21 @@ vhost_crypto_create_sess(struct vhost_crypto *vcrypto,
 		return;
 	}
 
-	session = rte_cryptodev_sym_session_create(vcrypto->sess_pool);
+	session = rte_cryptodev_sym_session_create(vcrypto->cid, &xform1,
+			vcrypto->sess_pool);
 	if (!session) {
 		VC_LOG_ERR("Failed to create session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
 
-	if (rte_cryptodev_sym_session_init(vcrypto->cid, session, &xform1,
-			vcrypto->sess_priv_pool) < 0) {
-		VC_LOG_ERR("Failed to initialize session");
-		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
-		return;
-	}
-
 	/* insert hash to map */
 	if (rte_hash_add_key_data(vcrypto->session_map,
 			&vcrypto->last_session_id, session) < 0) {
 		VC_LOG_ERR("Failed to insert session to hash table");
 
-		if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0)
-			VC_LOG_ERR("Failed to clear session");
-		else {
-			if (rte_cryptodev_sym_session_free(session) < 0)
-				VC_LOG_ERR("Failed to free session");
-		}
+		if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0)
+			VC_LOG_ERR("Failed to free session");
 		sess_param->session_id = -VIRTIO_CRYPTO_ERR;
 		return;
 	}
@@ -427,12 +416,7 @@ vhost_crypto_close_sess(struct vhost_crypto *vcrypto, uint64_t session_id)
 		return -VIRTIO_CRYPTO_INVSESS;
 	}
 
-	if (rte_cryptodev_sym_session_clear(vcrypto->cid, session) < 0) {
-		VC_LOG_DBG("Failed to clear session");
-		return -VIRTIO_CRYPTO_ERR;
-	}
-
-	if (rte_cryptodev_sym_session_free(session) < 0) {
+	if (rte_cryptodev_sym_session_free(vcrypto->cid, session) < 0) {
 		VC_LOG_DBG("Failed to free session");
 		return -VIRTIO_CRYPTO_ERR;
 	}
@@ -1393,7 +1377,6 @@ rte_vhost_crypto_driver_start(const char *path)
 int
 rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 		struct rte_mempool *sess_pool,
-		struct rte_mempool *sess_priv_pool,
 		int socket_id)
 {
 	struct virtio_net *dev = get_device(vid);
@@ -1415,7 +1398,6 @@ rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
 	}
 
 	vcrypto->sess_pool = sess_pool;
-	vcrypto->sess_priv_pool = sess_priv_pool;
 	vcrypto->cid = cryptodev_id;
 	vcrypto->cache_session_id = UINT64_MAX;
 	vcrypto->last_session_id = 1;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 2/6] crypto/scheduler: use unified session
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 1/6] cryptodev: rework session framework Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-27 11:03         ` Ji, Kai
  2022-09-26 19:14       ` [PATCH v4 3/6] cryptodev: hide sym session structure Akhil Goyal
                         ` (5 subsequent siblings)
  7 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

From: Fan Zhang <roy.fan.zhang@intel.com>

This patch updates the scheduler PMD to use unified session
data structure. Previously thanks to the private session
array in cryptodev sym session there are no necessary
change needed for scheduler PMD other than the way ops
are enqueued/dequeued. The patch inherits the same design
in the original session data structure to the scheduler PMD
so the cryptodev sym session can be as a linear buffer for
both session header and driver private data.

With the change there are inevitable extra cost on both memory
(64 bytes per session per driver type) and cycle count (set
the correct session for each cop based on the worker before
enqueue, and retrieve the original session after dequeue).

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 drivers/crypto/scheduler/scheduler_failover.c |  19 ++-
 .../crypto/scheduler/scheduler_multicore.c    |  17 +++
 .../scheduler/scheduler_pkt_size_distr.c      |  84 +++++++++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  | 107 +++++++++++++++-
 .../crypto/scheduler/scheduler_pmd_private.h  | 120 +++++++++++++++++-
 .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
 6 files changed, 318 insertions(+), 40 deletions(-)

diff --git a/drivers/crypto/scheduler/scheduler_failover.c b/drivers/crypto/scheduler/scheduler_failover.c
index 2a0e29fa72..7fadcf66d0 100644
--- a/drivers/crypto/scheduler/scheduler_failover.c
+++ b/drivers/crypto/scheduler/scheduler_failover.c
@@ -16,18 +16,19 @@
 struct fo_scheduler_qp_ctx {
 	struct scheduler_worker primary_worker;
 	struct scheduler_worker secondary_worker;
+	uint8_t primary_worker_index;
+	uint8_t secondary_worker_index;
 
 	uint8_t deq_idx;
 };
 
 static __rte_always_inline uint16_t
 failover_worker_enqueue(struct scheduler_worker *worker,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
+		struct rte_crypto_op **ops, uint16_t nb_ops, uint8_t index)
 {
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
+	scheduler_set_worker_session(ops, nb_ops, index);
 
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
@@ -47,13 +48,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		return 0;
 
 	enqueued_ops = failover_worker_enqueue(&qp_ctx->primary_worker,
-			ops, nb_ops);
+			ops, nb_ops, PRIMARY_WORKER_IDX);
 
 	if (enqueued_ops < nb_ops)
 		enqueued_ops += failover_worker_enqueue(
 				&qp_ctx->secondary_worker,
 				&ops[enqueued_ops],
-				nb_ops - enqueued_ops);
+				nb_ops - enqueued_ops,
+				SECONDARY_WORKER_IDX);
 
 	return enqueued_ops;
 }
@@ -94,7 +96,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	qp_ctx->deq_idx = (~qp_ctx->deq_idx) & WORKER_SWITCH_MASK;
 
 	if (nb_deq_ops == nb_ops)
-		return nb_deq_ops;
+		goto retrieve_session;
 
 	worker = workers[qp_ctx->deq_idx];
 
@@ -104,6 +106,9 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		worker->nb_inflight_cops -= nb_deq_ops2;
 	}
 
+retrieve_session:
+	scheduler_retrieve_session(ops, nb_deq_ops + nb_deq_ops2);
+
 	return nb_deq_ops + nb_deq_ops2;
 }
 
diff --git a/drivers/crypto/scheduler/scheduler_multicore.c b/drivers/crypto/scheduler/scheduler_multicore.c
index 900ab4049d..3dea850661 100644
--- a/drivers/crypto/scheduler/scheduler_multicore.c
+++ b/drivers/crypto/scheduler/scheduler_multicore.c
@@ -183,11 +183,19 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 
 	while (!mc_ctx->stop_signal) {
 		if (pending_enq_ops) {
+			scheduler_set_worker_session(
+				&enq_ops[pending_enq_ops_idx], pending_enq_ops,
+				worker_idx);
 			processed_ops =
 				rte_cryptodev_enqueue_burst(worker->dev_id,
 					worker->qp_id,
 					&enq_ops[pending_enq_ops_idx],
 					pending_enq_ops);
+			if (processed_ops < pending_deq_ops)
+				scheduler_retrieve_session(
+					&enq_ops[pending_enq_ops_idx +
+						processed_ops],
+					pending_deq_ops - processed_ops);
 			pending_enq_ops -= processed_ops;
 			pending_enq_ops_idx += processed_ops;
 			inflight_ops += processed_ops;
@@ -195,9 +203,16 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 			processed_ops = rte_ring_dequeue_burst(enq_ring, (void *)enq_ops,
 							MC_SCHED_BUFFER_SIZE, NULL);
 			if (processed_ops) {
+				scheduler_set_worker_session(enq_ops,
+					processed_ops, worker_idx);
 				pending_enq_ops_idx = rte_cryptodev_enqueue_burst(
 						worker->dev_id, worker->qp_id,
 						enq_ops, processed_ops);
+				if (pending_enq_ops_idx < processed_ops)
+					scheduler_retrieve_session(
+						enq_ops + pending_enq_ops_idx,
+						processed_ops -
+						pending_enq_ops_idx);
 				pending_enq_ops = processed_ops - pending_enq_ops_idx;
 				inflight_ops += pending_enq_ops_idx;
 			}
@@ -214,6 +229,8 @@ mc_scheduler_worker(struct rte_cryptodev *dev)
 					worker->dev_id, worker->qp_id, deq_ops,
 					MC_SCHED_BUFFER_SIZE);
 			if (processed_ops) {
+				scheduler_retrieve_session(deq_ops,
+					processed_ops);
 				inflight_ops -= processed_ops;
 				if (reordering_enabled) {
 					uint16_t j;
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 933a5c6978..9204f6f608 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -48,34 +48,54 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	};
 	struct psd_schedule_op *p_enq_op;
 	uint16_t i, processed_ops_pri = 0, processed_ops_sec = 0;
-	uint32_t job_len;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
 	for (i = 0; i < nb_ops && i < 4; i++) {
 		rte_prefetch0(ops[i]->sym);
-		rte_prefetch0(ops[i]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 	}
 
 	for (i = 0; (i < (nb_ops - 8)) && (nb_ops > 8); i += 4) {
+		struct scheduler_session_ctx *sess_ctx[4];
+		uint8_t target[4];
+		uint32_t job_len[4];
+
 		rte_prefetch0(ops[i + 4]->sym);
-		rte_prefetch0(ops[i + 4]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 4]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 5]->sym);
-		rte_prefetch0(ops[i + 5]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 5]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 6]->sym);
-		rte_prefetch0(ops[i + 6]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 6]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
 		rte_prefetch0(ops[i + 7]->sym);
-		rte_prefetch0(ops[i + 7]->sym->session);
+		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
+			sizeof(struct rte_cryptodev_sym_session));
+
+		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
+		sess_ctx[1] =
+			(void *)ops[i + 1]->sym->session->driver_priv_data;
+		sess_ctx[2] =
+			(void *)ops[i + 2]->sym->session->driver_priv_data;
+		sess_ctx[3] =
+			(void *)ops[i + 3]->sym->session->driver_priv_data;
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
 		 */
-		job_len = ops[i]->sym->cipher.data.length;
-		job_len += (ops[i]->sym->cipher.data.length == 0) *
+		job_len[0] = ops[i]->sym->cipher.data.length;
+		job_len[0] += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
 		/* decide the target op based on the job length */
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[0] = !(job_len[0] & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session =
+				sess_ctx[0]->worker_sess[target[0]];
+		p_enq_op = &enq_ops[target[0]];
 
 		/* stop schedule cops before the queue is full, this shall
 		 * prevent the failed enqueue
@@ -89,10 +109,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i];
 		p_enq_op->pos++;
 
-		job_len = ops[i+1]->sym->cipher.data.length;
-		job_len += (ops[i+1]->sym->cipher.data.length == 0) *
+		job_len[1] = ops[i + 1]->sym->cipher.data.length;
+		job_len[1] += (ops[i + 1]->sym->cipher.data.length == 0) *
 				ops[i+1]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target[1] = !(job_len[1] & psd_qp_ctx->threshold);
+		if (ops[i + 1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 1]->sym->session =
+				sess_ctx[1]->worker_sess[target[1]];
+		p_enq_op = &enq_ops[target[1]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -103,10 +127,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+1];
 		p_enq_op->pos++;
 
-		job_len = ops[i+2]->sym->cipher.data.length;
-		job_len += (ops[i+2]->sym->cipher.data.length == 0) *
-				ops[i+2]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[2] = ops[i + 2]->sym->cipher.data.length;
+		job_len[2] += (ops[i + 2]->sym->cipher.data.length == 0) *
+				ops[i + 2]->sym->auth.data.length;
+		target[2] = !(job_len[2] & psd_qp_ctx->threshold);
+		if (ops[i + 2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 2]->sym->session =
+				sess_ctx[2]->worker_sess[target[2]];
+		p_enq_op = &enq_ops[target[2]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -117,10 +145,14 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		sched_ops[p_enq_op->worker_idx][p_enq_op->pos] = ops[i+2];
 		p_enq_op->pos++;
 
-		job_len = ops[i+3]->sym->cipher.data.length;
-		job_len += (ops[i+3]->sym->cipher.data.length == 0) *
-				ops[i+3]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		job_len[3] = ops[i + 3]->sym->cipher.data.length;
+		job_len[3] += (ops[i + 3]->sym->cipher.data.length == 0) *
+				ops[i + 3]->sym->auth.data.length;
+		target[3] = !(job_len[3] & psd_qp_ctx->threshold);
+		if (ops[i + 3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i + 3]->sym->session =
+				sess_ctx[1]->worker_sess[target[3]];
+		p_enq_op = &enq_ops[target[3]];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -133,10 +165,18 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	}
 
 	for (; i < nb_ops; i++) {
+		struct scheduler_session_ctx *sess_ctx =
+			(void *)ops[i]->sym->session->driver_priv_data;
+		uint32_t job_len;
+		uint8_t target;
+
 		job_len = ops[i]->sym->cipher.data.length;
 		job_len += (ops[i]->sym->cipher.data.length == 0) *
 				ops[i]->sym->auth.data.length;
-		p_enq_op = &enq_ops[!(job_len & psd_qp_ctx->threshold)];
+		target = !(job_len & psd_qp_ctx->threshold);
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			ops[i]->sym->session = sess_ctx->worker_sess[target];
+		p_enq_op = &enq_ops[target];
 
 		if (p_enq_op->pos + in_flight_ops[p_enq_op->worker_idx] ==
 				qp_ctx->max_nb_objs) {
@@ -199,6 +239,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 	if (worker->nb_inflight_cops) {
 		nb_deq_ops_pri = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+		scheduler_retrieve_session(ops, nb_deq_ops_pri);
 		worker->nb_inflight_cops -= nb_deq_ops_pri;
 	}
 
@@ -213,6 +254,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		nb_deq_ops_sec = rte_cryptodev_dequeue_burst(worker->dev_id,
 				worker->qp_id, &ops[nb_deq_ops_pri],
 				nb_ops - nb_deq_ops_pri);
+		scheduler_retrieve_session(ops, nb_deq_ops_sec);
 		worker->nb_inflight_cops -= nb_deq_ops_sec;
 
 		if (!worker->nb_inflight_cops)
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index b93821783b..2bc3f5dd27 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -9,6 +9,7 @@
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
 #include <rte_reorder.h>
+#include <rte_errno.h>
 
 #include "scheduler_pmd_private.h"
 
@@ -467,19 +468,113 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 	return max_priv_sess_size;
 }
 
+struct scheduler_configured_sess_info {
+	uint8_t dev_id;
+	uint8_t driver_id;
+	struct rte_cryptodev_sym_session *sess;
+};
+
 static int
-scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
-	struct rte_crypto_sym_xform *xform __rte_unused,
-	struct rte_cryptodev_sym_session *sess __rte_unused)
+scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
+	struct rte_crypto_sym_xform *xform,
+	struct rte_cryptodev_sym_session *sess)
 {
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct rte_mempool *mp = rte_mempool_from_obj(sess);
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info configured_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_configured_sess = 0;
+	int ret = 0;
+
+	if (mp == NULL)
+		return -EINVAL;
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		struct rte_cryptodev_sym_session *worker_sess;
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_configured_sess; j++) {
+			if (configured_sess[j].driver_id ==
+					worker->driver_id) {
+				sess_ctx->worker_sess[i] =
+					configured_sess[j].sess;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		if (rte_mempool_avail_count(mp) == 0) {
+			ret = -ENOMEM;
+			goto error_exit;
+		}
+
+		worker_sess = rte_cryptodev_sym_session_create(worker->dev_id,
+			xform, mp);
+		if (worker_sess == NULL) {
+			ret = -rte_errno;
+			goto error_exit;
+		}
+
+		worker_sess->opaque_data = (uint64_t)sess;
+		sess_ctx->worker_sess[i] = worker_sess;
+		configured_sess[n_configured_sess].driver_id =
+			worker->driver_id;
+		configured_sess[n_configured_sess].dev_id = worker->dev_id;
+		configured_sess[n_configured_sess].sess = worker_sess;
+		n_configured_sess++;
+	}
+
 	return 0;
+error_exit:
+	sess_ctx->ref_cnt = sched_ctx->ref_cnt;
+	for (i = 0; i < n_configured_sess; i++)
+		rte_cryptodev_sym_session_free(configured_sess[i].dev_id,
+			configured_sess[i].sess);
+	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static void
-scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
-		struct rte_cryptodev_sym_session *sess __rte_unused)
-{}
+scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *sess)
+{
+	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
+	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_configured_sess_info deleted_sess[
+			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
+	uint32_t i, j, n_deleted_sess = 0;
+
+	if (sched_ctx->ref_cnt != sess_ctx->ref_cnt) {
+		CR_SCHED_LOG(WARNING,
+			"Worker updated between session creation/deletion. "
+			"The session may not be freed fully.");
+	}
+
+	for (i = 0; i < sched_ctx->nb_workers; i++) {
+		struct scheduler_worker *worker = &sched_ctx->workers[i];
+		uint8_t next_worker = 0;
+
+		for (j = 0; j < n_deleted_sess; j++) {
+			if (deleted_sess[j].driver_id == worker->driver_id) {
+				sess_ctx->worker_sess[i] = NULL;
+				next_worker = 1;
+				break;
+			}
+		}
+		if (next_worker)
+			continue;
+
+		rte_cryptodev_sym_session_free(worker->dev_id,
+			sess_ctx->worker_sess[i]);
+
+		deleted_sess[n_deleted_sess++].driver_id = worker->driver_id;
+		sess_ctx->worker_sess[i] = NULL;
+	}
+}
 
 static struct rte_cryptodev_ops scheduler_pmd_ops = {
 		.dev_configure		= scheduler_pmd_config,
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 4d33b9ab44..0e508727a4 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -22,7 +22,6 @@ struct scheduler_worker {
 	uint8_t dev_id;
 	uint16_t qp_id;
 	uint32_t nb_inflight_cops;
-
 	uint8_t driver_id;
 };
 
@@ -37,6 +36,8 @@ struct scheduler_ctx {
 
 	struct scheduler_worker workers[RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
 	uint32_t nb_workers;
+	/* reference count when the workers are incremented/decremented */
+	uint32_t ref_cnt;
 
 	enum rte_cryptodev_scheduler_mode mode;
 
@@ -61,6 +62,11 @@ struct scheduler_qp_ctx {
 	struct rte_ring *order_ring;
 } __rte_cache_aligned;
 
+struct scheduler_session_ctx {
+	uint32_t ref_cnt;
+	struct rte_cryptodev_sym_session *worker_sess[
+		RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS];
+};
 
 extern uint8_t cryptodev_scheduler_driver_id;
 
@@ -101,6 +107,118 @@ scheduler_order_drain(struct rte_ring *order_ring,
 	return nb_ops_to_deq;
 }
 
+static __rte_always_inline void
+scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
+		uint8_t worker_index)
+{
+	struct rte_crypto_op **op = ops;
+	uint16_t n = nb_ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[1]->sym->session->driver_priv_data;
+			op[1]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[2]->sym->session->driver_priv_data;
+			op[2]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[3]->sym->session->driver_priv_data;
+			op[3]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+		}
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+			struct scheduler_session_ctx *sess_ctx =
+				(void *)op[0]->sym->session->driver_priv_data;
+
+			op[0]->sym->session =
+				sess_ctx->worker_sess[worker_index];
+			op++;
+		}
+	}
+}
+
+static __rte_always_inline void
+scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	uint16_t n = nb_ops;
+	struct rte_crypto_op **op = ops;
+
+	if (n >= 4) {
+		rte_prefetch0(op[0]->sym->session);
+		rte_prefetch0(op[1]->sym->session);
+		rte_prefetch0(op[2]->sym->session);
+		rte_prefetch0(op[3]->sym->session);
+	}
+
+	while (n >= 4) {
+		if (n >= 8) {
+			rte_prefetch0(op[4]->sym->session);
+			rte_prefetch0(op[5]->sym->session);
+			rte_prefetch0(op[6]->sym->session);
+			rte_prefetch0(op[7]->sym->session);
+		}
+
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[1]->sym->session =
+				(void *)op[1]->sym->session->opaque_data;
+		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[2]->sym->session =
+				(void *)op[2]->sym->session->opaque_data;
+		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[3]->sym->session =
+				(void *)op[3]->sym->session->opaque_data;
+
+		op += 4;
+		n -= 4;
+	}
+
+	while (n--) {
+		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			op[0]->sym->session =
+				(void *)op[0]->sym->session->opaque_data;
+		op++;
+	}
+}
+
 /** device specific operations function pointer structure */
 extern struct rte_cryptodev_ops *rte_crypto_scheduler_pmd_ops;
 
diff --git a/drivers/crypto/scheduler/scheduler_roundrobin.c b/drivers/crypto/scheduler/scheduler_roundrobin.c
index ace2dec2ec..ad3f8b842a 100644
--- a/drivers/crypto/scheduler/scheduler_roundrobin.c
+++ b/drivers/crypto/scheduler/scheduler_roundrobin.c
@@ -23,16 +23,17 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 			((struct scheduler_qp_ctx *)qp)->private_qp_ctx;
 	uint32_t worker_idx = rr_qp_ctx->last_enq_worker_idx;
 	struct scheduler_worker *worker = &rr_qp_ctx->workers[worker_idx];
-	uint16_t i, processed_ops;
+	uint16_t processed_ops;
 
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	for (i = 0; i < nb_ops && i < 4; i++)
-		rte_prefetch0(ops[i]->sym->session);
-
+	scheduler_set_worker_session(ops, nb_ops, worker_idx);
 	processed_ops = rte_cryptodev_enqueue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
+	if (processed_ops < nb_ops)
+		scheduler_retrieve_session(ops + processed_ops,
+			nb_ops - processed_ops);
 
 	worker->nb_inflight_cops += processed_ops;
 
@@ -86,7 +87,7 @@ schedule_dequeue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	nb_deq_ops = rte_cryptodev_dequeue_burst(worker->dev_id,
 			worker->qp_id, ops, nb_ops);
-
+	scheduler_retrieve_session(ops, nb_deq_ops);
 	last_worker_idx += 1;
 	last_worker_idx %= rr_qp_ctx->nb_workers;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 3/6] cryptodev: hide sym session structure
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 1/6] cryptodev: rework session framework Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 2/6] crypto/scheduler: use unified session Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 4/6] security: remove priv mempool usage Akhil Goyal
                         ` (4 subsequent siblings)
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test/test_ipsec_perf.c                    |  4 +-
 doc/guides/prog_guide/cryptodev_lib.rst       | 16 ++----
 doc/guides/rel_notes/deprecation.rst          |  5 --
 doc/guides/rel_notes/release_22_11.rst        |  9 +++
 drivers/crypto/bcmfs/bcmfs_sym_session.c      |  5 +-
 drivers/crypto/caam_jr/caam_jr.c              | 10 ++--
 drivers/crypto/ccp/ccp_crypto.c               | 30 +++++-----
 drivers/crypto/ccp/ccp_pmd_ops.c              |  2 +-
 drivers/crypto/ccp/rte_ccp_pmd.c              |  4 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  8 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      | 10 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  4 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  2 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   | 11 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |  2 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  9 ++-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  2 +-
 drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  4 +-
 drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  6 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/ipsec_mb/pmd_kasumi.c          |  2 +-
 drivers/crypto/ipsec_mb/pmd_snow3g.c          |  2 +-
 drivers/crypto/mlx5/mlx5_crypto.c             |  7 +--
 drivers/crypto/nitrox/nitrox_sym.c            |  6 +-
 drivers/crypto/null/null_crypto_pmd.c         |  3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c     |  2 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c   | 10 ++--
 drivers/crypto/openssl/rte_openssl_pmd.c      |  4 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  3 +-
 drivers/crypto/qat/qat_sym_session.c          |  6 +-
 .../scheduler/scheduler_pkt_size_distr.c      | 13 ++---
 drivers/crypto/scheduler/scheduler_pmd_ops.c  |  4 +-
 .../crypto/scheduler/scheduler_pmd_private.h  | 30 +++++-----
 drivers/crypto/virtio/virtio_cryptodev.c      |  4 +-
 drivers/crypto/virtio/virtio_rxtx.c           |  2 +-
 examples/fips_validation/fips_dev_self_test.c | 10 ++--
 lib/cryptodev/cryptodev_pmd.h                 | 32 +++++++++++
 lib/cryptodev/rte_crypto.h                    |  3 +-
 lib/cryptodev/rte_crypto_sym.h                |  7 +--
 lib/cryptodev/rte_cryptodev.c                 | 16 ++++--
 lib/cryptodev/rte_cryptodev.h                 | 56 +++++++++----------
 lib/cryptodev/rte_cryptodev_trace.h           |  8 +--
 lib/ipsec/rte_ipsec_group.h                   |  5 +-
 lib/ipsec/ses.c                               |  3 +-
 47 files changed, 201 insertions(+), 194 deletions(-)

diff --git a/app/test/test_ipsec_perf.c b/app/test/test_ipsec_perf.c
index b5d0c2e036..b221b7fc32 100644
--- a/app/test/test_ipsec_perf.c
+++ b/app/test/test_ipsec_perf.c
@@ -227,7 +227,7 @@ static int
 create_sa(enum rte_security_session_action_type action_type,
 	  struct ipsec_sa *sa)
 {
-	static struct rte_cryptodev_sym_session dummy_ses;
+	void *dummy_ses = NULL;
 	size_t sz;
 	int rc;
 
@@ -247,7 +247,7 @@ create_sa(enum rte_security_session_action_type action_type,
 		"failed to allocate memory for rte_ipsec_sa\n");
 
 	sa->ss[0].type = action_type;
-	sa->ss[0].crypto.ses = &dummy_ses;
+	sa->ss[0].crypto.ses = dummy_ses;
 
 	rc = rte_ipsec_sa_init(sa->ss[0].sa, &sa->sa_prm, sz);
 	rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 9e54683aa1..01aad842a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -125,13 +125,11 @@ Each queue pairs resources may be allocated on a specified socket.
         uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
         struct rte_mempool *mp_session;
         /**< The mempool for creating session in sessionless mode */
-        struct rte_mempool *mp_session_private;
-        /**< The mempool for creating sess private data in sessionless mode */
     };
 
 
-The fields ``mp_session`` and ``mp_session_private`` are used for creating
-temporary session to process the crypto operations in the session-less mode.
+The field ``mp_session`` is used for creating temporary session to process
+the crypto operations in the session-less mode.
 They can be the same other different mempools. Please note not all Cryptodev
 PMDs supports session-less mode.
 
@@ -595,7 +593,7 @@ chain.
         struct rte_mbuf *m_dst;
 
         union {
-            struct rte_cryptodev_sym_session *session;
+            void *session;
             /**< Handle for the initialised session context */
             struct rte_crypto_sym_xform *xform;
             /**< Session-less API Crypto operation parameters */
@@ -943,15 +941,11 @@ using one of the crypto PMDs available in DPDK.
 
     /* Create crypto session and initialize it for the crypto device. */
     struct rte_cryptodev_sym_session *session;
-    session = rte_cryptodev_sym_session_create(session_pool);
+    session = rte_cryptodev_sym_session_create(cdev_id, &cipher_xform,
+                    session_pool);
     if (session == NULL)
         rte_exit(EXIT_FAILURE, "Session could not be created\n");
 
-    if (rte_cryptodev_sym_session_init(cdev_id, session,
-                    &cipher_xform, session_priv_pool) < 0)
-        rte_exit(EXIT_FAILURE, "Session could not be initialized "
-                    "for the crypto device\n");
-
     /* Get a burst of crypto operations. */
     struct rte_crypto_op *crypto_ops[BURST_SIZE];
     if (rte_crypto_op_bulk_alloc(crypto_op_pool,
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index e7583cae4c..9785a0f3ce 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -161,11 +161,6 @@ Deprecation Notices
   this `RFC <https://patches.dpdk.org/project/dpdk/list/?series=23367>`__.
   This should be updated in DPDK 22.11.
 
-* cryptodev: Hide structures ``rte_cryptodev_sym_session`` and
-  ``rte_cryptodev_asym_session`` to remove unnecessary indirection between
-  session and the private data of session. An opaque pointer can be exposed
-  directly to application which can be attached to the ``rte_crypto_op``.
-
 * cryptodev: The function ``rte_cryptodev_cb_fn`` will be updated
   to have another parameter ``qp_id`` to return the queue pair ID
   which got error interrupt to the application,
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 7fab9d6550..4b8b34d8ba 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -89,6 +89,15 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* cryptodev: The structure ``rte_cryptodev_sym_session`` was made internal.
+  The API ``rte_cryptodev_sym_session_init`` and ``rte_cryptodev_sym_session_clear``
+  were removed and user would only need to call ``rte_cryptodev_sym_session_create``
+  and ``rte_cryptodev_sym_session_free`` to create/destroy sessions.
+  The API ``rte_cryptodev_sym_session_create`` was updated to take a single mempool
+  with element size big enough to hold session data and session private data.
+  All sample applications were updated to attach an opaque pointer for the session
+  to the ``rte_crypto_op`` while enqueuing.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c
index d3334dc920..40813d1fe5 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_session.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -210,8 +210,7 @@ bcmfs_sym_get_session(struct rte_crypto_op *op)
 		BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
 	} else if (likely(op->sym->session != NULL)) {
 		/* get existing session */
-		sess = (struct bcmfs_sym_session *)
-			op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	if (sess == NULL)
@@ -233,7 +232,7 @@ bcmfs_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = crypto_set_session_parameters(sess_private_data, xform);
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a9c93dea13..c9c783d19a 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1356,8 +1356,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
-		ses = (struct caam_jr_session *)
-			op->sym->session->driver_priv_data;
+		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
 		ses = (struct caam_jr_session *)
@@ -1699,7 +1698,7 @@ caam_jr_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(sess_private_data, 0, sizeof(struct caam_jr_session));
 	ret = caam_jr_set_session_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
@@ -1716,12 +1715,11 @@ static void
 caam_jr_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
+	struct caam_jr_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	PMD_INIT_FUNC_TRACE();
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 	}
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index bd999abe61..b21b32e507 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1585,7 +1585,7 @@ ccp_perform_hmac(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint8_t *addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	addr = session->auth.pre_compute;
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -1764,7 +1764,7 @@ ccp_perform_sha(struct rte_crypto_op *op,
 	void *append_ptr;
 	uint64_t auth_msg_bits;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1855,7 +1855,7 @@ ccp_perform_sha3_hmac(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr, dest_addr_t;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -1999,7 +1999,7 @@ ccp_perform_sha3(struct rte_crypto_op *op,
 	uint32_t tail;
 	phys_addr_t src_addr, dest_addr, ctx_paddr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
 					      op->sym->auth.data.offset);
@@ -2071,7 +2071,7 @@ ccp_perform_aes_cmac(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	key_addr = rte_mem_virt2phy(session->auth.key_ccp);
 
 	src_addr = rte_pktmbuf_iova_offset(op->sym->m_src,
@@ -2232,7 +2232,7 @@ ccp_perform_aes(struct rte_crypto_op *op,
 	phys_addr_t src_addr, dest_addr, key_addr;
 	uint8_t *iv;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	function.raw = 0;
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
@@ -2318,7 +2318,7 @@ ccp_perform_3des(struct rte_crypto_op *op,
 	uint8_t *iv;
 	phys_addr_t src_addr, dest_addr, key_addr;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	switch (session->cipher.um.des_mode) {
@@ -2426,7 +2426,7 @@ ccp_perform_aes_gcm(struct rte_crypto_op *op, struct ccp_queue *cmd_q)
 	phys_addr_t digest_dest_addr;
 	int length, non_align_len;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset);
 	key_addr = session->cipher.key_phys;
 
@@ -2591,7 +2591,7 @@ ccp_crypto_cipher(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->cipher.algo) {
 	case CCP_CIPHER_ALGO_AES_CBC:
@@ -2627,7 +2627,7 @@ ccp_crypto_auth(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_SHA1:
@@ -2695,7 +2695,7 @@ ccp_crypto_aead(struct rte_crypto_op *op,
 	int result = 0;
 	struct ccp_session *session;
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	switch (session->auth.algo) {
 	case CCP_AUTH_ALGO_AES_GCM:
@@ -2758,8 +2758,7 @@ process_ops_to_enqueue(struct ccp_qp *qp,
 	b_info->head_offset = (uint32_t)(cmd_q->qbase_phys_addr + cmd_q->qidx *
 					 Q_DESC_SIZE);
 	for (i = b_idx; i < (nb_ops+b_idx); i++) {
-		session = (struct ccp_session *)
-			op[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			result = ccp_crypto_cipher(op[i], cmd_q, b_info);
@@ -2835,7 +2834,7 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
 	int offset, digest_offset;
 	uint8_t digest_le[64];
 
-	session = (struct ccp_session *)op->sym->session->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (session->cmd_id == CCP_CMD_COMBINED) {
 		digest_data = op->sym->aead.digest.data;
@@ -2909,8 +2908,7 @@ ccp_prepare_ops(struct ccp_qp *qp,
 
 	for (i =  b_info->b_idx; i < min_ops; i++) {
 		op_d[i] = b_info->op[b_info->b_idx + b_info->op_idx++];
-		session = (struct ccp_session *)
-			op_d[i]->sym->session->driver_priv_data;
+		session = CRYPTODEV_GET_SYM_SESS_PRIV(op_d[i]->sym->session);
 		switch (session->cmd_id) {
 		case CCP_CMD_CIPHER:
 			op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c
index e401793a76..52f320b02b 100644
--- a/drivers/crypto/ccp/ccp_pmd_ops.c
+++ b/drivers/crypto/ccp/ccp_pmd_ops.c
@@ -767,7 +767,7 @@ ccp_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	internals = (struct ccp_private *)dev->data->dev_private;
 	ret = ccp_set_session_parameters(sess_private_data, xform, internals);
diff --git a/drivers/crypto/ccp/rte_ccp_pmd.c b/drivers/crypto/ccp/rte_ccp_pmd.c
index 7502281ad9..c0b016ea36 100644
--- a/drivers/crypto/ccp/rte_ccp_pmd.c
+++ b/drivers/crypto/ccp/rte_ccp_pmd.c
@@ -56,7 +56,7 @@ get_ccp_session(struct ccp_qp *qp, struct rte_crypto_op *op)
 		if (unlikely(op->sym->session == NULL))
 			return NULL;
 
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	} else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		struct rte_cryptodev_sym_session *_sess;
 		struct ccp_private *internals;
@@ -152,7 +152,7 @@ ccp_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		if (unlikely(ops[i]->sess_type ==
 			     RTE_CRYPTO_OP_SESSIONLESS)) {
 			struct ccp_session *sess =
-				(void *)ops[i]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 
 			memset(sess, 0, sizeof(*sess));
 			rte_mempool_put(qp->sess_mp,
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f96e132513..4648576ff8 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -110,7 +110,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 				return 0;
 			w7 = sec_sess->sa.inst.w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -293,9 +293,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)(
-				((struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -332,7 +330,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			*w2 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index a44f111ba6..5c344a6008 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -69,7 +69,7 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 	if (ret)
 		goto sess_put;
 
-	priv = (void *)sess->driver_priv_data;
+	priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	sym_op->session = sess;
 
@@ -92,7 +92,7 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 
 		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			sym_op = op->sym;
-			sess = (void *)sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 			ret = cpt_sym_inst_fill(qp, op, sess, infl_req, inst);
 			inst->w7.u64 = sess->cpt_inst_w7;
 		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
@@ -344,9 +344,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 		} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)((
-				(struct rte_cryptodev_sym_session *)sess)->
-				driver_priv_data);
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 			priv->qp = qp;
 			priv->cpt_inst_w2 = w2;
 		} else
@@ -383,7 +381,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 		} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct cnxk_se_sess *priv;
 
-			priv = (void *)op->sym->session->driver_priv_data;
+			priv = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 			*qp = priv->qp;
 			inst->w2.u64 = priv->cpt_inst_w2;
 		} else {
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 018d7fcee8..a5233a942a 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -624,7 +624,7 @@ sym_session_configure(struct roc_cpt *roc_cpt,
 		      struct rte_cryptodev_sym_session *sess)
 {
 	enum cpt_dp_thread_type thr_type;
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
@@ -693,7 +693,7 @@ cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
 void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	struct cnxk_se_sess *sess_priv = (void *)sess->driver_priv_data;
+	struct cnxk_se_sess *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (sess_priv->roc_se_ctx.auth_key != NULL)
 		plt_free(sess_priv->roc_se_ctx.auth_key);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ca90567620..37a7322e0f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -5,7 +5,7 @@
 #ifndef _CNXK_CRYPTODEV_OPS_H_
 #define _CNXK_CRYPTODEV_OPS_H_
 
-#include <rte_cryptodev.h>
+#include <cryptodev_pmd.h>
 #include <rte_event_crypto_adapter.h>
 
 #include "roc_api.h"
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 5a38d53022..369fa9c81d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1379,7 +1379,7 @@ build_sec_fd(struct rte_crypto_op *op,
 	dpaa2_sec_session *sess;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -1677,7 +1677,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 	struct rte_crypto_sym_op *sym_op;
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa2_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
@@ -3756,7 +3756,7 @@ dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
@@ -3775,10 +3775,9 @@ dpaa2_sec_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
+	dpaa2_sec_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
-	if (sess_priv) {
+	if (s) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 795be3acc3..8c1e0abb95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1012,7 +1012,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 		sess = (dpaa2_sec_session *)get_sec_session_private_data(
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (void *)session_ctx.crypto_sess->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa2_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0cc773fba6..ec2fe56d1e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -670,7 +670,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 	struct qm_sg_entry sg[2];
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		sess = (dpaa_sec_session *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
 		sess = (dpaa_sec_session *)
@@ -1924,8 +1924,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 
 			switch (op->sess_type) {
 			case RTE_CRYPTO_OP_WITH_SESSION:
-				ses = (void *)
-					op->sym->session->driver_priv_data;
+				ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
@@ -2673,7 +2672,7 @@ dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	PMD_INIT_FUNC_TRACE();
@@ -2714,7 +2713,7 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	free_session_memory(dev, s);
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index d2e4d9d787..93129e7614 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1018,7 +1018,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 				session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
-			session_ctx.crypto_sess->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
 		return -ENOTSUP;
 	raw_dp_ctx->dequeue_burst = dpaa_sec_raw_dequeue_burst;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 90ce5bc965..cedcaa2742 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -329,7 +329,7 @@ ipsec_mb_sym_session_configure(
 	}
 
 	ret = (*pmd_data->session_configure)(mb_mgr,
-			(void *)sess->driver_priv_data, xform);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), xform);
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index 14f962ef28..63e6fd58ee 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -434,7 +434,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		}
 
 		if (unlikely(pmd_data->session_configure(qp->mb_mgr,
-			(void *)sess->driver_priv_data, sym_op->xform) != 0)) {
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess), sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			goto error_exit;
 		}
@@ -447,7 +447,7 @@ ipsec_mb_get_session_private(struct ipsec_mb_qp *qp, struct rte_crypto_op *op)
 		IPSEC_MB_LOG(ERR, "Unrecognized session type %u", sess_type);
 	}
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 error_exit:
 	op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e4f274b608..8d40bd9169 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -468,7 +468,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 		}
 
 		if (unlikely(aesni_gcm_session_configure(qp->mb_mgr,
-				(void *)sess->driver_priv_data,
+				CRYPTODEV_GET_SYM_SESS_PRIV(sess),
 				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, sess);
 			sess = NULL;
@@ -479,7 +479,7 @@ aesni_gcm_get_session(struct ipsec_mb_qp *qp,
 	if (unlikely(sess == NULL))
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 
-	return (void *)sess->driver_priv_data;
+	return CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 }
 
 static uint16_t
@@ -704,7 +704,7 @@ aesni_gcm_process_bulk(struct rte_cryptodev *dev __rte_unused,
 			__rte_unused union rte_crypto_sym_ofs ofs,
 			struct rte_crypto_sym_vec *vec)
 {
-	struct aesni_gcm_session *s = (void *)sess->driver_priv_data;
+	struct aesni_gcm_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct gcm_context_data gdata_ctx;
 	IMB_MGR *mb_mgr;
 
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index f3565b04b5..7d2f3b0e4b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1723,7 +1723,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		sess = get_sec_session_private_data(op->sym->sec_session);
 	} else
 #endif
-		sess = (void *)op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 
 	if (likely(op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)) {
 		switch (job->status) {
@@ -2013,7 +2013,7 @@ aesni_mb_process_bulk(struct rte_cryptodev *dev __rte_unused,
 	void *buf;
 	IMB_JOB *job;
 	IMB_MGR *mb_mgr;
-	struct aesni_mb_session *s = (void *)sess->driver_priv_data;
+	struct aesni_mb_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	uint8_t tmp_dgst[vec->num][DIGEST_LENGTH_MAX];
 
 	/* get per-thread MB MGR, create one if needed */
diff --git a/drivers/crypto/ipsec_mb/pmd_kasumi.c b/drivers/crypto/ipsec_mb/pmd_kasumi.c
index b2fb168154..705eed9758 100644
--- a/drivers/crypto/ipsec_mb/pmd_kasumi.c
+++ b/drivers/crypto/ipsec_mb/pmd_kasumi.c
@@ -282,7 +282,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct kasumi_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index f052d6d847..8ed069f428 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -413,7 +413,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	/* Free session if a session-less crypto op. */
 	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
-		memset(op->sym->session->driver_priv_data, 0,
+		memset(CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session), 0,
 			sizeof(struct snow3g_session));
 		rte_mempool_put(qp->sess_mp, (void *)op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c
index 46ea507cf5..c7d8fa311c 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -175,7 +175,7 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
 	struct mlx5_crypto_session *sess_private_data =
-		(void *)session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(session);
 	struct rte_crypto_cipher_xform *cipher;
 	uint8_t encryption_order;
 
@@ -239,7 +239,7 @@ mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev,
 			      struct rte_cryptodev_sym_session *sess)
 {
 	struct mlx5_crypto_priv *priv = dev->data->dev_private;
-	struct mlx5_crypto_session *spriv = (void *)sess->driver_priv_data;
+	struct mlx5_crypto_session *spriv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (unlikely(spriv == NULL)) {
 		DRV_LOG(ERR, "Failed to get session %p private data.", spriv);
@@ -355,8 +355,7 @@ mlx5_crypto_wqe_set(struct mlx5_crypto_priv *priv,
 			 struct rte_crypto_op *op,
 			 struct mlx5_umr_wqe *umr)
 {
-	struct mlx5_crypto_session *sess =
-		(void *)op->sym->session->driver_priv_data;
+	struct mlx5_crypto_session *sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	struct mlx5_wqe_cseg *cseg = &umr->ctr;
 	struct mlx5_wqe_mkey_cseg *mkc = &umr->mkc;
 	struct mlx5_wqe_dseg *klms = &umr->kseg[0];
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 505024a810..dd8457aaa4 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -534,7 +534,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 			      struct rte_crypto_sym_xform *xform,
 			      struct rte_cryptodev_sym_session *sess)
 {
-	struct nitrox_crypto_ctx *ctx = (void *)sess->driver_priv_data;
+	struct nitrox_crypto_ctx *ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
 	struct rte_crypto_aead_xform *aead_xform = NULL;
@@ -577,7 +577,7 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev __rte_unused,
 		goto err;
 	}
 
-	ctx->iova = sess->driver_priv_data_iova;
+	ctx->iova = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess);
 	return 0;
 err:
 	return ret;
@@ -593,7 +593,7 @@ get_crypto_ctx(struct rte_crypto_op *op)
 {
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(op->sym->session))
-			return (void *)op->sym->session->driver_priv_data;
+			return CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 	}
 
 	return NULL;
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 09aac3065e..27f750aaca 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -77,8 +77,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 
 	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (likely(sym_op->session != NULL))
-			sess = (struct null_crypto_session *)
-				sym_op->session->driver_priv_data;
+			sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	} else {
 		struct rte_cryptodev_sym_session *_sess = NULL;
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index fb43d3f7b5..f07e9c2ea0 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -265,7 +265,7 @@ null_crypto_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -EINVAL;
 	}
 
-	sess_private_data = (void *)sess->driver_priv_data;
+	sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	ret = null_crypto_set_session_parameters(sess_private_data, xform);
 	if (ret != 0) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index cd5ebc2af6..a5b595c05f 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -248,7 +248,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 	struct rte_crypto_sym_xform *temp_xform = xform;
 	struct cpt_sess_misc *misc;
 	vq_cmd_word3_t vq_cmd_w3;
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	ret = sym_xform_verify(xform);
@@ -294,7 +294,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 		goto priv_put;
 	}
 
-	misc->ctx_dma_addr = sess->driver_priv_data_iova +
+	misc->ctx_dma_addr = CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess) +
 			     sizeof(struct cpt_sess_misc);
 
 	vq_cmd_w3.u64 = 0;
@@ -313,7 +313,7 @@ sym_session_configure(struct rte_crypto_sym_xform *xform,
 static void
 sym_session_clear(struct rte_cryptodev_sym_session *sess)
 {
-	void *priv = (void *)sess->driver_priv_data;
+	void *priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct cpt_sess_misc *misc;
 	struct cpt_ctx *ctx;
 
@@ -507,7 +507,7 @@ otx_cpt_enq_single_sym(struct cpt_instance *instance,
 	void *req;
 	uint64_t cpt_op;
 
-	sess = (struct cpt_sess_misc *)sym_op->session->driver_priv_data;
+	sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
 	cpt_op = sess->cpt_op;
 
 	if (likely(cpt_op & CPT_OP_CIPHER_MASK))
@@ -844,7 +844,7 @@ static inline void
 free_sym_session_data(const struct cpt_instance *instance,
 		      struct rte_crypto_op *cop)
 {
-	void *sess_private_data_t = (void *)cop->sym->session->driver_priv_data;
+	void *sess_private_data_t = CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 
 	memset(sess_private_data_t, 0, cpt_get_session_size());
 	rte_mempool_put(instance->sess_mp, cop->sym->session);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bb536c9e3..cc8328cd5f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -887,8 +887,8 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 			/* get existing session */
 			if (likely(op->sym->session != NULL))
-				sess = (void *)
-					op->sym->session->driver_priv_data;
+				sess = CRYPTODEV_GET_SYM_SESS_PRIV(
+					op->sym->session);
 		} else {
 			if (likely(op->asym->session != NULL))
 				asym_sess = (struct openssl_asym_session *)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2a3662ee5a..defed4429e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -795,7 +795,7 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_private_data = (void *)sess->driver_priv_data;
+	void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	int ret;
 
 	if (unlikely(sess == NULL)) {
@@ -1319,7 +1319,7 @@ static void
 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	void *sess_priv = (void *)sess->driver_priv_data;
+	void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	openssl_reset_session(sess_priv);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 408ae9e42b..d7696822a8 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -67,7 +67,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		return -EINVAL;
 
 	if (likely(op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) {
-		ctx = (void *)op->sym->session->driver_priv_data;
+		ctx = (void *)CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		if (sess != (uintptr_t)ctx) {
 			struct rte_cryptodev *cdev;
 			struct qat_cryptodev_private *internals;
@@ -386,7 +386,7 @@ qat_sym_configure_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
 		return -EINVAL;
 
-	ctx = (void *)session_ctx.crypto_sess->driver_priv_data;
+	ctx = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 
 	dp_ctx->session = ctx;
 
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 2853ac5b88..653df0bf69 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -316,8 +316,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 	} else
 #endif
 	{
-		sess = (struct qat_sym_session *)
-			rx_op->sym->session->driver_priv_data;
+		sess = CRYPTODEV_GET_SYM_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 0;
 	}
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 8dd2357702..c6976f2cdd 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -222,7 +222,7 @@ void
 qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,
 		struct rte_cryptodev_sym_session *sess)
 {
-	struct qat_sym_session *s = (void *)sess->driver_priv_data;
+	struct qat_sym_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	if (s->bpi_ctx)
 		bpi_cipher_ctx_free(s->bpi_ctx);
@@ -505,8 +505,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
 		return -EINVAL;
 #endif
 	ret = qat_sym_session_set_parameters(dev, xform,
-			(void *)sess->driver_priv_data,
-			sess->driver_priv_data_iova);
+			CRYPTODEV_GET_SYM_SESS_PRIV(sess),
+			CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR,
 		    "Crypto QAT PMD: failed to configure session parameters");
diff --git a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
index 9204f6f608..396cc3723d 100644
--- a/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
+++ b/drivers/crypto/scheduler/scheduler_pkt_size_distr.c
@@ -76,13 +76,10 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 		rte_prefetch0((uint8_t *)ops[i + 7]->sym->session +
 			sizeof(struct rte_cryptodev_sym_session));
 
-		sess_ctx[0] = (void *)ops[i]->sym->session->driver_priv_data;
-		sess_ctx[1] =
-			(void *)ops[i + 1]->sym->session->driver_priv_data;
-		sess_ctx[2] =
-			(void *)ops[i + 2]->sym->session->driver_priv_data;
-		sess_ctx[3] =
-			(void *)ops[i + 3]->sym->session->driver_priv_data;
+		sess_ctx[0] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
+		sess_ctx[1] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 1]->sym->session);
+		sess_ctx[2] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 2]->sym->session);
+		sess_ctx[3] = CRYPTODEV_GET_SYM_SESS_PRIV(ops[i + 3]->sym->session);
 
 		/* job_len is initialized as cipher data length, once
 		 * it is 0, equals to auth data length
@@ -166,7 +163,7 @@ schedule_enqueue(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	for (; i < nb_ops; i++) {
 		struct scheduler_session_ctx *sess_ctx =
-			(void *)ops[i]->sym->session->driver_priv_data;
+			CRYPTODEV_GET_SYM_SESS_PRIV(ops[i]->sym->session);
 		uint32_t job_len;
 		uint8_t target;
 
diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c
index 2bc3f5dd27..707bb7d8d1 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_ops.c
+++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c
@@ -481,7 +481,7 @@ scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev,
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
 	struct rte_mempool *mp = rte_mempool_from_obj(sess);
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info configured_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_configured_sess = 0;
@@ -543,7 +543,7 @@ scheduler_pmd_sym_session_clear(struct rte_cryptodev *dev,
 		struct rte_cryptodev_sym_session *sess)
 {
 	struct scheduler_ctx *sched_ctx = dev->data->dev_private;
-	struct scheduler_session_ctx *sess_ctx = (void *)sess->driver_priv_data;
+	struct scheduler_session_ctx *sess_ctx = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	struct scheduler_configured_sess_info deleted_sess[
 			RTE_CRYPTODEV_SCHEDULER_MAX_NB_WORKERS] = { 0 };
 	uint32_t i, j, n_deleted_sess = 0;
diff --git a/drivers/crypto/scheduler/scheduler_pmd_private.h b/drivers/crypto/scheduler/scheduler_pmd_private.h
index 0e508727a4..41be928dc3 100644
--- a/drivers/crypto/scheduler/scheduler_pmd_private.h
+++ b/drivers/crypto/scheduler/scheduler_pmd_private.h
@@ -131,28 +131,28 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[1]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[1]->sym->session);
 			op[1]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[2]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[2]->sym->session);
 			op[2]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
 
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[3]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[3]->sym->session);
 			op[3]->sym->session =
 				sess_ctx->worker_sess[worker_index];
 		}
@@ -164,7 +164,7 @@ scheduler_set_worker_session(struct rte_crypto_op **ops, uint16_t nb_ops,
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 			struct scheduler_session_ctx *sess_ctx =
-				(void *)op[0]->sym->session->driver_priv_data;
+				CRYPTODEV_GET_SYM_SESS_PRIV(op[0]->sym->session);
 
 			op[0]->sym->session =
 				sess_ctx->worker_sess[worker_index];
@@ -195,17 +195,17 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 		}
 
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		if (op[1]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[1]->sym->session =
-				(void *)op[1]->sym->session->opaque_data;
+			op[1]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[1]->sym->session);
 		if (op[2]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[2]->sym->session =
-				(void *)op[2]->sym->session->opaque_data;
+			op[2]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[2]->sym->session);
 		if (op[3]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[3]->sym->session =
-				(void *)op[3]->sym->session->opaque_data;
+			op[3]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[3]->sym->session);
 
 		op += 4;
 		n -= 4;
@@ -213,8 +213,8 @@ scheduler_retrieve_session(struct rte_crypto_op **ops, uint16_t nb_ops)
 
 	while (n--) {
 		if (op[0]->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-			op[0]->sym->session =
-				(void *)op[0]->sym->session->opaque_data;
+			op[0]->sym->session = (void *)
+				rte_cryptodev_sym_session_opaque_data_get(op[0]->sym->session);
 		op++;
 	}
 }
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c b/drivers/crypto/virtio/virtio_cryptodev.c
index 6b9e57ee66..f068283290 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -951,7 +951,7 @@ virtio_crypto_sym_clear_session(
 
 	hw = dev->data->dev_private;
 	vq = hw->cvq;
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 
 	VIRTIO_CRYPTO_SESSION_LOG_INFO("vq->vq_desc_head_idx = %d, "
 			"vq = %p", vq->vq_desc_head_idx, vq);
@@ -1318,7 +1318,7 @@ virtio_crypto_sym_configure_session(
 		VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid parameters");
 		return ret;
 	}
-	session = (struct virtio_crypto_session *)sess->driver_priv_data;
+	session = CRYPTODEV_GET_SYM_SESS_PRIV(sess);
 	memset(session, 0, sizeof(struct virtio_crypto_session));
 	ctrl_req = &session->ctrl;
 	ctrl_req->header.opcode = VIRTIO_CRYPTO_CIPHER_CREATE_SESSION;
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index b7f492a7f2..48b5f4ebbb 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -207,7 +207,7 @@ virtqueue_crypto_sym_enqueue_xmit(
 			offsetof(struct virtio_crypto_op_cookie, iv);
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct virtio_crypto_session *session =
-		(void *)cop->sym->session->driver_priv_data;
+		CRYPTODEV_GET_SYM_SESS_PRIV(cop->sym->session);
 	struct virtio_crypto_op_data_req *op_data_req;
 	uint32_t hash_result_len = 0;
 	struct virtio_crypto_op_cookie *crypto_op_cookie;
diff --git a/examples/fips_validation/fips_dev_self_test.c b/examples/fips_validation/fips_dev_self_test.c
index bce903e007..b17f664a5e 100644
--- a/examples/fips_validation/fips_dev_self_test.c
+++ b/examples/fips_validation/fips_dev_self_test.c
@@ -980,7 +980,7 @@ typedef int (*fips_dev_self_test_prepare_xform_t)(uint8_t,
 		uint32_t);
 
 typedef int (*fips_dev_self_test_prepare_op_t)(struct rte_crypto_op *,
-		struct rte_mbuf *, struct rte_cryptodev_sym_session *,
+		struct rte_mbuf *, void *,
 		uint32_t, struct fips_dev_self_test_vector *);
 
 typedef int (*fips_dev_self_test_check_result_t)(struct rte_crypto_op *,
@@ -1172,7 +1172,7 @@ prepare_aead_xform(uint8_t dev_id,
 static int
 prepare_cipher_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1211,7 +1211,7 @@ prepare_cipher_op(struct rte_crypto_op *op,
 static int
 prepare_auth_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1250,7 +1250,7 @@ prepare_auth_op(struct rte_crypto_op *op,
 static int
 prepare_aead_op(struct rte_crypto_op *op,
 		struct rte_mbuf *mbuf,
-		struct rte_cryptodev_sym_session *session,
+		void *session,
 		uint32_t dir,
 		struct fips_dev_self_test_vector *vec)
 {
@@ -1462,7 +1462,7 @@ run_single_test(uint8_t dev_id,
 		uint32_t negative_test)
 {
 	struct rte_crypto_sym_xform xform;
-	struct rte_cryptodev_sym_session *sess;
+	void *sess;
 	uint16_t n_deqd;
 	uint8_t key[256];
 	int ret;
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index f518a0f89b..bf10364b66 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -132,6 +132,38 @@ struct cryptodev_driver {
 	uint8_t id;
 };
 
+/** Cryptodev symmetric crypto session
+ * Each session is derived from a fixed xform chain. Therefore each session
+ * has a fixed algo, key, op-type, digest_len etc.
+ */
+struct rte_cryptodev_sym_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Can be used for external metadata */
+	uint32_t sess_data_sz;
+	/**< Pointer to the user data stored after sess data */
+	uint16_t user_data_sz;
+	/**< Session user data will be placed after sess data */
+	uint8_t driver_id;
+	/**< Driver id to get the session priv */
+	rte_iova_t driver_priv_data_iova;
+	/**< Session driver data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	/**< Second cache line - start of the driver session data */
+	uint8_t driver_priv_data[0];
+	/**< Driver specific session data, variable size */
+};
+
+/**
+ * Helper macro to get driver private data
+ */
+#define CRYPTODEV_GET_SYM_SESS_PRIV(s) \
+	((void *)(((struct rte_cryptodev_sym_session *)s)->driver_priv_data))
+#define CRYPTODEV_GET_SYM_SESS_PRIV_IOVA(s) \
+	(((struct rte_cryptodev_sym_session *)s)->driver_priv_data_iova)
+
+
 /**
  * Get the rte_cryptodev structure device pointer for the device. Assumes a
  * valid device index.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 6dfca2c169..f9644d29ec 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -430,8 +430,7 @@ rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
  * @param	sess	cryptodev session
  */
 static inline int
-rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
-		struct rte_cryptodev_sym_session *sess)
+rte_crypto_op_attach_sym_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..84deecac48 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -580,8 +580,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-struct rte_cryptodev_sym_session;
-
 /**
  * Symmetric Cryptographic Operation.
  *
@@ -618,7 +616,7 @@ struct rte_crypto_sym_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_cryptodev_sym_session *session;
+		void *session;
 		/**< Handle for the initialised session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
@@ -923,8 +921,7 @@ __rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op,
  * @param	sess	cryptodev session
  */
 static inline int
-__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
-		struct rte_cryptodev_sym_session *sess)
+__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
 	sym_op->session = sess;
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a326eb0e17..9ec015df8a 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1950,11 +1950,11 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
 }
 
 int
-rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_free(uint8_t dev_id, void *_sess)
 {
 	struct rte_cryptodev *dev;
 	struct rte_mempool *sess_mp;
+	struct rte_cryptodev_sym_session *sess = _sess;
 	struct rte_cryptodev_sym_session_pool_private_data *pool_priv;
 
 	if (sess == NULL)
@@ -2069,10 +2069,11 @@ rte_cryptodev_asym_get_private_session_size(uint8_t dev_id)
 }
 
 int
-rte_cryptodev_sym_session_set_user_data(
-		struct rte_cryptodev_sym_session *sess, void *data,
+rte_cryptodev_sym_session_set_user_data(void *_sess, void *data,
 		uint16_t size)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL)
 		return -EINVAL;
 
@@ -2084,8 +2085,10 @@ rte_cryptodev_sym_session_set_user_data(
 }
 
 void *
-rte_cryptodev_sym_session_get_user_data(struct rte_cryptodev_sym_session *sess)
+rte_cryptodev_sym_session_get_user_data(void *_sess)
 {
+	struct rte_cryptodev_sym_session *sess = _sess;
+
 	if (sess == NULL || sess->user_data_sz == 0)
 		return NULL;
 
@@ -2129,10 +2132,11 @@ sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
 
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *_sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec)
 {
 	struct rte_cryptodev *dev;
+	struct rte_cryptodev_sym_session *sess = _sess;
 
 	if (!rte_cryptodev_is_valid_dev(dev_id)) {
 		sym_crypto_fill_status(vec, EINVAL);
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0c65958f25..8b6a7a5c1d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -902,28 +902,6 @@ struct rte_cryptodev_cb_rcu {
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
 
-/** Cryptodev symmetric crypto session
- * Each session is derived from a fixed xform chain. Therefore each session
- * has a fixed algo, key, op-type, digest_len etc.
- */
-struct rte_cryptodev_sym_session {
-	RTE_MARKER cacheline0;
-	uint8_t driver_id;
-	uint64_t opaque_data;
-	/**< Can be used for external metadata */
-	uint32_t sess_data_sz;
-	/**< Pointer to the user data stored after sess data */
-	uint16_t user_data_sz;
-	/**< session user data will be placed after sess data */
-	rte_iova_t driver_priv_data_iova;
-	/**< session driver data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	/**< second cache line - start of the driver session data */
-	uint8_t driver_priv_data[0];
-	/**< Driver specific session data, variable size */
-};
-
 /**
  * Create a symmetric session mempool.
  *
@@ -1036,7 +1014,7 @@ rte_cryptodev_asym_session_create(uint8_t dev_id,
  */
 int
 rte_cryptodev_sym_session_free(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess);
+	void *sess);
 
 /**
  * Clears and frees asymmetric crypto session header and private data,
@@ -1136,11 +1114,31 @@ const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
  */
 __rte_experimental
 int
-rte_cryptodev_sym_session_set_user_data(
-					struct rte_cryptodev_sym_session *sess,
+rte_cryptodev_sym_session_set_user_data(void *sess,
 					void *data,
 					uint16_t size);
 
+#define CRYPTO_SESS_OPAQUE_DATA_OFF 0
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_cryptodev_sym_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + CRYPTO_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_cryptodev_sym_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + CRYPTO_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
 /**
  * Get user data stored in a session.
  *
@@ -1153,8 +1151,7 @@ rte_cryptodev_sym_session_set_user_data(
  */
 __rte_experimental
 void *
-rte_cryptodev_sym_session_get_user_data(
-					struct rte_cryptodev_sym_session *sess);
+rte_cryptodev_sym_session_get_user_data(void *sess);
 
 /**
  * Store user data in an asymmetric session.
@@ -1202,7 +1199,7 @@ rte_cryptodev_asym_session_get_user_data(void *sess);
 __rte_experimental
 uint32_t
 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
-	struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+	void *sess, union rte_crypto_sym_ofs ofs,
 	struct rte_crypto_sym_vec *vec);
 
 /**
@@ -1244,8 +1241,7 @@ rte_cryptodev_session_event_mdata_set(uint8_t dev_id, void *sess,
  * Union of different crypto session types, including session-less xform
  * pointer.
  */
-union rte_cryptodev_session_ctx {
-	struct rte_cryptodev_sym_session *crypto_sess;
+union rte_cryptodev_session_ctx {void *crypto_sess;
 	struct rte_crypto_sym_xform *xform;
 	struct rte_security_session *sec_sess;
 };
diff --git a/lib/cryptodev/rte_cryptodev_trace.h b/lib/cryptodev/rte_cryptodev_trace.h
index 055c44fb22..7b4ec5c389 100644
--- a/lib/cryptodev/rte_cryptodev_trace.h
+++ b/lib/cryptodev/rte_cryptodev_trace.h
@@ -73,14 +73,10 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_create,
-	RTE_TRACE_POINT_ARGS(uint8_t dev_id,
-		struct rte_cryptodev_sym_session *sess, void *xforms,
+	RTE_TRACE_POINT_ARGS(uint8_t dev_id, void *sess, void *xforms,
 		void *mempool),
 	rte_trace_point_emit_u8(dev_id);
 	rte_trace_point_emit_ptr(sess);
-	rte_trace_point_emit_u64(sess->opaque_data);
-	rte_trace_point_emit_u8(sess->driver_id);
-	rte_trace_point_emit_u16(sess->user_data_sz);
 	rte_trace_point_emit_ptr(xforms);
 	rte_trace_point_emit_ptr(mempool);
 )
@@ -108,7 +104,7 @@ RTE_TRACE_POINT(
 
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_sym_session_free,
-	RTE_TRACE_POINT_ARGS(struct rte_cryptodev_sym_session *sess),
+	RTE_TRACE_POINT_ARGS(void *sess),
 	rte_trace_point_emit_ptr(sess);
 )
 
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index 62c2bd7217..a4e0e128f8 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -45,14 +45,15 @@ static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
 	const struct rte_security_session *ss;
-	const struct rte_cryptodev_sym_session *cs;
+	void *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
 		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
-		return (struct rte_ipsec_session *)(uintptr_t)cs->opaque_data;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_cryptodev_sym_session_opaque_data_get(cs);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..0d3c932302 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -45,7 +45,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	ss->pkt_func = fp;
 
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
-		ss->crypto.ses->opaque_data = (uintptr_t)ss;
+		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
+			(uintptr_t)ss);
 	else
 		ss->security.ses->opaque_data = (uintptr_t)ss;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 4/6] security: remove priv mempool usage
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
                         ` (2 preceding siblings ...)
  2022-09-26 19:14       ` [PATCH v4 3/6] cryptodev: hide sym session structure Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 5/6] drivers/crypto: support security session get size op Akhil Goyal
                         ` (3 subsequent siblings)
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal,
	David Coyle, Kevin O'Sullivan

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf.h                  |   1 -
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 app/test-crypto-perf/cperf_ops.h              |   2 +-
 app/test-crypto-perf/cperf_test_latency.c     |   3 +-
 app/test-crypto-perf/cperf_test_latency.h     |   1 -
 .../cperf_test_pmd_cyclecount.c               |   3 +-
 .../cperf_test_pmd_cyclecount.h               |   1 -
 app/test-crypto-perf/cperf_test_throughput.c  |   3 +-
 app/test-crypto-perf/cperf_test_throughput.h  |   1 -
 app/test-crypto-perf/cperf_test_verify.c      |   3 +-
 app/test-crypto-perf/cperf_test_verify.h      |   1 -
 app/test-crypto-perf/main.c                   |   3 -
 app/test/test_cryptodev.c                     |  44 +-----
 app/test/test_ipsec.c                         |   7 +-
 app/test/test_security.c                      | 146 ++----------------
 app/test/test_security_inline_proto.c         |  16 +-
 drivers/common/cnxk/roc_cpt.c                 |   4 +-
 drivers/crypto/caam_jr/caam_jr.c              |  31 +---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   7 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  45 ++----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   9 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  54 ++-----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +---
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  25 +--
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  26 +---
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  21 +--
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |  11 +-
 drivers/crypto/qat/qat_sym_session.c          |  27 +---
 drivers/crypto/qat/qat_sym_session.h          |   2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 ++---
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 ++--
 drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +--
 drivers/net/ixgbe/ixgbe_ipsec.c               |  31 ++--
 drivers/net/txgbe/txgbe_ipsec.c               |  32 ++--
 examples/ipsec-secgw/ipsec-secgw.c            |  34 ----
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 examples/ipsec-secgw/ipsec.h                  |   1 -
 lib/cryptodev/rte_cryptodev.h                 |   2 +-
 lib/security/rte_security.c                   |  20 ++-
 lib/security/rte_security.h                   |  30 ++--
 lib/security/rte_security_driver.h            |  13 +-
 45 files changed, 193 insertions(+), 623 deletions(-)

diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h
index 2b0aad095c..db58228dce 100644
--- a/app/test-crypto-perf/cperf.h
+++ b/app/test-crypto-perf/cperf.h
@@ -15,7 +15,6 @@ struct cperf_op_fns;
 
 typedef void  *(*cperf_constructor_t)(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c6f5735bb0..bd3c941fea 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -642,7 +642,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -753,13 +752,11 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 				rte_cryptodev_get_sec_ctx(dev_id);
 
 	/* Create security session */
-	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+	return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
 cperf_create_session(struct rte_mempool *sess_mp,
-	struct rte_mempool *priv_mp,
 	uint8_t dev_id,
 	const struct cperf_options *options,
 	const struct cperf_test_vector *test_vector,
@@ -859,12 +856,11 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -908,8 +904,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
 					rte_cryptodev_get_sec_ctx(dev_id);
 
 		/* Create security session */
-		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+		return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
 	}
 #endif
 	/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1d2fbb4e30..a1e68fd226 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -13,7 +13,7 @@
 
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
-		struct rte_mempool *sess_mp, struct rte_mempool *sess_priv_mp,
+		struct rte_mempool *sess_mp,
 		uint8_t dev_id, const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset);
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index afd8cb209b..4df08694d4 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -56,7 +56,6 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 
 void *
 cperf_latency_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -81,7 +80,7 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
 		sizeof(struct rte_crypto_sym_op) +
 		sizeof(struct cperf_op_result *);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_latency.h b/app/test-crypto-perf/cperf_test_latency.h
index ed5b0a07bb..d3fc3218d7 100644
--- a/app/test-crypto-perf/cperf_test_latency.h
+++ b/app/test-crypto-perf/cperf_test_latency.h
@@ -17,7 +17,6 @@
 void *
 cperf_latency_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index edd2730b73..f0ca78af4f 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -88,7 +88,6 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 
 void *
 cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -115,7 +114,7 @@ cperf_pmd_cyclecount_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 			sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
index 3084038a18..beb4419910 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.h
@@ -18,7 +18,6 @@
 void *
 cperf_pmd_cyclecount_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index fa13915dc3..c924459958 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -62,7 +62,6 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 
 void *
 cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -85,7 +84,7 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_throughput.h b/app/test-crypto-perf/cperf_test_throughput.h
index 91e1a4b708..439ec8e559 100644
--- a/app/test-crypto-perf/cperf_test_throughput.h
+++ b/app/test-crypto-perf/cperf_test_throughput.h
@@ -18,7 +18,6 @@
 void *
 cperf_throughput_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index c1465db243..d744b6e58e 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -50,7 +50,6 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 
 void *
 cperf_verify_test_constructor(struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id, uint16_t qp_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -73,7 +72,7 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
 	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
 		sizeof(struct rte_crypto_sym_op);
 
-	ctx->sess = op_fns->sess_create(sess_mp, sess_priv_mp, dev_id, options,
+	ctx->sess = op_fns->sess_create(sess_mp, dev_id, options,
 			test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
diff --git a/app/test-crypto-perf/cperf_test_verify.h b/app/test-crypto-perf/cperf_test_verify.h
index ac2192ba99..9f70ad87ba 100644
--- a/app/test-crypto-perf/cperf_test_verify.h
+++ b/app/test-crypto-perf/cperf_test_verify.h
@@ -18,7 +18,6 @@
 void *
 cperf_verify_test_constructor(
 		struct rte_mempool *sess_mp,
-		struct rte_mempool *sess_priv_mp,
 		uint8_t dev_id,
 		uint16_t qp_id,
 		const struct cperf_options *options,
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 3469b836e1..420acc3c6d 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -24,7 +24,6 @@
 
 static struct {
 	struct rte_mempool *sess_mp;
-	struct rte_mempool *priv_mp;
 } session_pool_socket[RTE_MAX_NUMA_NODES];
 
 const char *cperf_test_type_strs[] = {
@@ -115,7 +114,6 @@ fill_session_pool_socket(int32_t socket_id, uint32_t session_priv_size,
 		printf("Allocated pool \"%s\" on socket %d\n",
 			mp_name, socket_id);
 		session_pool_socket[socket_id].sess_mp = sess_mp;
-		session_pool_socket[socket_id].priv_mp = sess_mp;
 	}
 
 	return 0;
@@ -660,7 +658,6 @@ main(int argc, char **argv)
 
 		ctx[i] = cperf_testmap[opts.test].constructor(
 				session_pool_socket[socket_id].sess_mp,
-				session_pool_socket[socket_id].priv_mp,
 				cdev_id, qp_id,
 				&opts, t_vec, &op_fns);
 		if (ctx[i] == NULL) {
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index ae2b102ecb..f0315f9195 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -649,12 +649,6 @@ testsuite_setup(void)
 			SOCKET_ID_ANY);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"session mempool allocation failed");
-	ts_params->session_priv_mpool = rte_mempool_create(
-			"test_sess_mp_priv", MAX_NB_SESSIONS, session_size,
-			0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0);
-
-	TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-			"session mempool allocation failed");
 
 	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
 			&ts_params->conf),
@@ -694,8 +688,6 @@ testsuite_teardown(void)
 	if (ts_params->session_mpool != NULL) {
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
 	}
 
 	res = rte_cryptodev_close(ts_params->valid_devs[0]);
@@ -8621,8 +8613,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				NULL);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8901,8 +8892,7 @@ test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9497,8 +9487,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -10509,8 +10498,7 @@ test_docsis_proto_uplink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -10694,8 +10682,7 @@ test_docsis_proto_downlink(const void *data)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("Test function %s line %u: failed to allocate session\n",
@@ -14977,10 +14964,6 @@ test_scheduler_attach_worker_op(void)
 			rte_mempool_free(ts_params->session_mpool);
 			ts_params->session_mpool = NULL;
 		}
-		if (ts_params->session_priv_mpool) {
-			rte_mempool_free(ts_params->session_priv_mpool);
-			ts_params->session_priv_mpool = NULL;
-		}
 
 		if (info.sym.max_nb_sessions != 0 &&
 				info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
@@ -15004,23 +14987,6 @@ test_scheduler_attach_worker_op(void)
 					"session mempool allocation failed");
 		}
 
-		/*
-		 * Create mempool with maximum number of sessions,
-		 * to include device specific session private data
-		 */
-		if (ts_params->session_priv_mpool == NULL) {
-			ts_params->session_priv_mpool = rte_mempool_create(
-					"test_sess_mp_priv",
-					MAX_NB_SESSIONS,
-					session_size,
-					0, 0, NULL, NULL, NULL,
-					NULL, SOCKET_ID_ANY,
-					0);
-
-			TEST_ASSERT_NOT_NULL(ts_params->session_priv_mpool,
-					"session mempool allocation failed");
-		}
-
 		ts_params->qp_conf.mp_session = ts_params->session_mpool;
 
 		ret = rte_cryptodev_scheduler_worker_attach(sched_id,
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 04d231468b..a6698bb021 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -159,13 +159,12 @@ const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	struct rte_security_session *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
+	RTE_SET_USED(sess);
 
-	sess->sess_private_data = NULL;
 	return 0;
 }
 
@@ -631,7 +630,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session, NULL);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 059731b65d..bb3b3835fa 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -266,24 +247,14 @@ static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		struct rte_security_session *sess)
 {
-	void *sess_priv;
-	int ret;
-
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
 	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
 		mock_session_create_exp.sess = sess;
 	}
 
@@ -392,13 +363,7 @@ static struct mock_session_destroy_data {
 static int
 mock_session_destroy(void *device, struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -536,7 +501,6 @@ struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -562,8 +526,9 @@ static struct security_unittest_params {
 #define SECURITY_TEST_MEMPOOL_NAME "SecurityTestMp"
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
-#define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
 #define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_OBJ_SZ (sizeof(struct rte_security_session) + \
+					SECURITY_TEST_SESSION_PRIV_OBJ_SZ)
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -583,21 +548,6 @@ testsuite_setup(void)
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +562,6 @@ testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -713,12 +659,10 @@ ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -760,13 +704,11 @@ test_session_create_inv_context(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -786,13 +728,11 @@ test_session_create_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -812,13 +752,11 @@ test_session_create_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -835,13 +773,11 @@ test_session_create_inv_configuration(void)
 	struct rte_security_session *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,13 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct rte_security_session *sess;
 
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -903,7 +813,6 @@ test_session_create_mempool_empty(void)
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
 	struct rte_security_session *sess;
 
 	/* Get all available objects from mempool. */
@@ -914,34 +823,23 @@ test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -960,17 +858,14 @@ test_session_create_ops_failure(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -989,12 +884,10 @@ test_session_create_success(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +896,6 @@ test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1281,6 @@ test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1288,6 @@ test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1304,6 @@ test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1312,6 @@ test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1328,6 @@ test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1336,6 @@ test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1350,6 @@ test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1357,6 @@ test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1376,6 @@ test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1384,6 @@ test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1401,6 @@ test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1409,6 @@ test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2375,6 @@ static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index b282e7dbc9..9c6a09676e 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -66,7 +66,6 @@ extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512;
 
 static struct rte_mempool *mbufpool;
 static struct rte_mempool *sess_pool;
-static struct rte_mempool *sess_priv_pool;
 /* ethernet addresses of ports */
 static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
 
@@ -311,8 +310,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 		setenv("ETH_SEC_IV_OVR", arr, 1);
 	}
 
-	*sess = rte_security_session_create(sec_ctx,
-				sess_conf, sess_pool, sess_priv_pool);
+	*sess = rte_security_session_create(sec_ctx, sess_conf, sess_pool);
 	if (*sess == NULL) {
 		printf("SEC Session init failed.\n");
 		return TEST_FAILED;
@@ -496,18 +494,6 @@ init_mempools(unsigned int nb_mbuf)
 		}
 		printf("Allocated sess pool\n");
 	}
-	if (sess_priv_pool == NULL) {
-		snprintf(s, sizeof(s), "sess_priv_pool");
-		sess_priv_pool = rte_mempool_create(s, nb_sess, sess_sz,
-				MEMPOOL_CACHE_SIZE, 0,
-				NULL, NULL, NULL, NULL,
-				SOCKET_ID_ANY, 0);
-		if (sess_priv_pool == NULL) {
-			printf("Cannot init sess_priv pool\n");
-			return TEST_FAILED;
-		}
-		printf("Allocated sess_priv pool\n");
-	}
 
 	return 0;
 }
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index f1be6a3401..db9b7e6937 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -1004,9 +1004,9 @@ roc_on_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa, uint8_t opcode,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = (rte_iova_t)sa;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = (rte_iova_t)sa;
 	inst.w7.s.egrp = egrp;
 
 	inst.w0.u64 = 0;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c9c783d19a..7891254d78 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,9 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1900,18 +1898,12 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = caam_jr_set_ipsec_session(cdev, conf,
@@ -1924,13 +1916,8 @@ caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
-		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -1940,18 +1927,12 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = SECURITY_GET_SESS_PRIV(sess);
 
+	if (s) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
-		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
+		memset(s, 0, sizeof(struct caam_jr_session));
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 4648576ff8..f127c84fd3 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,8 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -286,7 +285,7 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = SECURITY_GET_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -323,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index d6ff1342ce..1ebdf7793a 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -47,7 +47,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *out_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -173,7 +173,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 	void *in_sa;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -290,37 +290,16 @@ cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 struct rte_security_session *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
-
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	set_sec_session_private_data(sess, priv);
-
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
 					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -329,14 +308,13 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 	struct rte_cryptodev *crypto_dev = dev;
 	union roc_ot_ipsec_sa_word2 *w2;
 	struct cn10k_sec_session *sess;
-	struct rte_mempool *sess_mp;
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 	struct roc_cpt_lf *lf;
 	void *sa_dptr = NULL;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	if (sess == NULL)
 		return 0;
 
@@ -390,11 +368,6 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 		roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
 	}
 
-	sess_mp = rte_mempool_from_obj(sess);
-
-	set_sec_session_private_data(sec_sess, NULL);
-	rte_mempool_put(sess_mp, sess);
-
 	return 0;
 }
 
@@ -416,7 +389,7 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	struct cn10k_ipsec_sa *sa;
 	struct cnxk_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
@@ -457,7 +430,7 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
 	struct cnxk_cpt_vf *vf;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 5c344a6008..b395f830b1 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -337,7 +337,7 @@ cn9k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(sess);
+			priv = SECURITY_GET_SESS_PRIV(sess);
 			sa = &priv->sa;
 			sa->qp = qp;
 			sa->inst.w2 = w2;
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = get_sec_session_private_data(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,8 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = get_sec_session_private_data(
-				sym_op->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 6d26b0cc01..1923b92134 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -33,7 +33,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -82,8 +82,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->out_sa, opcode,
-				   ctx_len, egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)SECURITY_GET_SESS_PRIV_IOVA(sec_sess),
+				   opcode, ctx_len, egrp);
 
 	if (ret)
 		return ret;
@@ -110,7 +110,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->out_sa);
+	w7.s.cptr = SECURITY_GET_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -137,7 +137,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	uint8_t egrp;
 	int ret = 0;
 
-	sess = get_sec_session_private_data(sec_sess);
+	sess = SECURITY_GET_SESS_PRIV(sec_sess);
 	sa = &sess->sa;
 
 	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
@@ -174,8 +174,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	ctx_len = ret;
 	opcode = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND;
 	egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)&sa->in_sa, opcode, ctx_len,
-				   egrp);
+	ret = roc_on_cpt_ctx_write(&qp->lf, (void *)SECURITY_GET_SESS_PRIV_IOVA(sec_sess),
+				opcode, ctx_len, egrp);
 	if (ret)
 		return ret;
 
@@ -188,7 +188,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	w4.s.param2 = param2.u16;
 
 	w7.s.egrp = egrp;
-	w7.s.cptr = rte_mempool_virt2iova(&sa->in_sa);
+	w7.s.cptr = SECURITY_GET_SESS_PRIV_IOVA(sec_sess);
 
 	inst_tmpl = &sa->inst;
 	inst_tmpl->w4 = w4.u64;
@@ -293,40 +293,20 @@ cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			struct rte_security_session *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = SECURITY_GET_SESS_PRIV(sess);
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
+	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+		return -ENOTSUP;
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
-	}
-
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
 					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static int
@@ -335,11 +315,10 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = SECURITY_GET_SESS_PRIV(sess);
 	if (priv == NULL)
 		return 0;
 
@@ -351,13 +330,8 @@ cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 369fa9c81d..563ba79418 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,8 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1583,8 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1680,8 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 
 	if (sess == NULL)
@@ -3690,18 +3687,12 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
@@ -3718,13 +3709,9 @@ dpaa2_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -3734,19 +3721,15 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
index 8c1e0abb95..0aa76c890d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
@@ -1009,8 +1009,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = SECURITY_GET_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
 	else
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index ec2fe56d1e..c2216987ca 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,9 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 #endif
 	if (sess == NULL) {
 		printf("session is NULL\n");
@@ -1928,9 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+				ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -3245,18 +3241,12 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		ret = dpaa_sec_set_ipsec_session(cdev, conf,
@@ -3273,13 +3263,9 @@ dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	ret = dpaa_sec_prep_cdb(sess_private_data);
 	if (ret) {
 		DPAA_SEC_ERR("Unable to prepare sec cdb");
@@ -3295,12 +3281,11 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
 
 	if (sess_priv) {
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
index 93129e7614..b8114a3391 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
@@ -1014,8 +1014,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	}
 
 	if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa_sec_session *)get_sec_session_private_data(
-				session_ctx.sec_sess);
+		sess = SECURITY_GET_SESS_PRIV(session_ctx.sec_sess);
 	else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 		sess = (dpaa_sec_session *)
 			CRYPTODEV_GET_SYM_SESS_PRIV(session_ctx.crypto_sess);
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 7d2f3b0e4b..76cb1c543a 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,8 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = (struct aesni_mb_session *)
-		get_sec_session_private_data(op->sym->sec_session);
+	session = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1720,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
@@ -2095,10 +2094,9 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+		struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2108,24 +2106,14 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);
 
 	if (ret != 0) {
 		IPSEC_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -2134,14 +2122,10 @@ static int
 aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
 		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index 0fede43817..09d7ed74f9 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -767,8 +767,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 0066236561..1aa8e935f1 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -833,11 +833,10 @@ struct rte_cryptodev_ops *rte_mrvl_crypto_pmd_ops = &mrvl_crypto_pmd_ops;
 static int
 mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *sess)
 {
 	struct mrvl_crypto_session *mrvl_sess;
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	int ret;
 
 	if (sess == NULL) {
@@ -845,11 +844,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		MRVL_LOG(ERR, "Couldn't get object from session mempool.");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
 		mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
@@ -863,8 +857,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		if (ret != 0) {
 			MRVL_LOG(ERR, "Failed to configure session parameters.");
 
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 
@@ -878,8 +870,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 				&mrvl_sess->sam_sess);
 		if (ret < 0) {
 			MRVL_LOG(ERR, "PMD: failed to create IPSEC session.");
-			/* Return session to mempool */
-			rte_mempool_put(mempool, sess_private_data);
 			return ret;
 		}
 		break;
@@ -889,8 +879,6 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 		return -EINVAL;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
@@ -899,13 +887,12 @@ static int
 mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 
 	/* Zero out the whole structure */
 	if (sess_priv) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -916,8 +903,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
 		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index d7696822a8..f8ec8b7233 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -9,6 +9,7 @@
 #include <rte_crypto_sym.h>
 #include <rte_bus_pci.h>
 #include <rte_byteorder.h>
+#include <rte_security_driver.h>
 
 #include "qat_sym.h"
 #include "qat_crypto.h"
@@ -100,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = get_sec_session_private_data(op->sym->sec_session);
+		ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 653df0bf69..033ec0de85 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -12,6 +12,9 @@
 
 #ifdef BUILD_QAT_SYM
 #include <openssl/evp.h>
+#ifdef RTE_LIB_SECURITY
+#include <rte_security_driver.h>
+#endif
 
 #include "qat_common.h"
 #include "qat_sym_session.h"
@@ -274,9 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -309,9 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index c6976f2cdd..7ff3aff4d3 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -25,7 +25,7 @@
 #include <rte_malloc.h>
 #include <rte_crypto_sym.h>
 #ifdef RTE_LIB_SECURITY
-#include <rte_security.h>
+#include <rte_security_driver.h>
 #endif
 
 #include "qat_logs.h"
@@ -2541,7 +2541,8 @@ qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2560,7 +2561,6 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2590,10 +2590,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				struct rte_security_session *sess)
 {
-	void *sess_private_data;
+	void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	struct qat_cryptodev_private *internals = cdev->data->dev_private;
 	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
@@ -2606,25 +2605,17 @@ qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	if (ossl_legacy_provider_load())
 		return -EINVAL;
 #endif
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, SECURITY_GET_SESS_PRIV_IOVA(sess));
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
 	sym_session = (struct qat_sym_session *)sess_private_data;
 	sym_session->dev_id = internals->dev_id;
 
@@ -2636,17 +2627,13 @@ int
 qat_security_session_destroy(void *dev __rte_unused,
 				 struct rte_security_session *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	void *sess_priv = SECURITY_GET_SESS_PRIV(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 9e4aab06a6..ac57e0b240 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -177,7 +177,7 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3795b0c78b..6de4a284da 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -583,15 +583,14 @@ cn10k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix,
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     struct rte_security_session *sess)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn10k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
+	struct cnxk_eth_sec_sess *eth_sec = SECURITY_GET_SESS_PRIV(sess);
 	struct roc_nix *nix = &dev->nix;
 	bool inbound, inl_dev;
 	rte_spinlock_t *lock;
@@ -626,11 +625,6 @@ cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
 	sess_priv.u64 = 0;
 
@@ -659,12 +653,12 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to create ingress sa, inline dev "
 				 "not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -675,7 +669,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
@@ -687,7 +681,7 @@ cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -724,7 +718,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_inb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		if (conf->ipsec.options.ip_reassembly_en) {
 			inb_priv->reass_dynfield_off = dev->reass_dynfield_off;
@@ -745,7 +739,7 @@ cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -760,7 +754,7 @@ cn10k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		if (conf->ipsec.options.iv_gen_disable == 1) {
@@ -776,7 +770,7 @@ cn10k_eth_sec_session_create(void *device,
 				 "Failed to init outb sa misc params, rc=%d",
 				 rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -818,7 +812,7 @@ cn10k_eth_sec_session_create(void *device,
 					   eth_sec->inb,
 					   sizeof(struct roc_ot_ipsec_outb_sa));
 		if (rc)
-			goto mempool_put;
+			goto err;
 	}
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
@@ -830,15 +824,14 @@ cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
 	rte_spinlock_unlock(lock);
 
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -850,7 +843,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 	void *sa_dptr;
 
@@ -896,10 +888,6 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 4dd0b6185e..8467564d91 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    struct rte_security_session *sess)
 {
+	struct cnxk_eth_sec_sess *eth_sec = SECURITY_GET_SESS_PRIV(sess);
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct rte_security_ipsec_xform *ipsec;
 	struct cn9k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	struct roc_nix *nix = &dev->nix;
 	rte_spinlock_t *lock;
 	char tbuf[128] = {0};
@@ -172,11 +171,6 @@ cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	lock = inbound ? &dev->inb.lock : &dev->outb.lock;
 	rte_spinlock_lock(lock);
 
@@ -202,7 +196,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -211,7 +205,7 @@ cn9k_eth_sec_session_create(void *device,
 				 "Inbound SA with SPI %u already in use",
 				 ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -221,7 +215,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -235,7 +229,7 @@ cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
@@ -264,7 +258,7 @@ cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -278,7 +272,7 @@ cn9k_eth_sec_session_create(void *device,
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -321,12 +315,11 @@ cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	sess->fast_mdata = sess_priv.u64;
 
 	return 0;
-mempool_put:
+err:
 	rte_spinlock_unlock(lock);
-	rte_mempool_put(mempool, eth_sec);
 	if (rc)
 		plt_err("%s", tbuf);
 	return rc;
@@ -340,7 +333,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
 	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
 	rte_spinlock_t *lock;
 
 	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
@@ -377,10 +369,6 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
 	return 0;
 }
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 75f05ee558..9bb3580690 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -640,14 +640,13 @@ set_session_parameter(struct iavf_security_ctx *iavf_sctx,
 static int
 iavf_ipsec_crypto_session_create(void *device,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *session,
-				 struct rte_mempool *mempool)
+				 struct rte_security_session *session)
 {
 	struct rte_eth_dev *ethdev = device;
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_session = NULL;
+	struct iavf_security_session *iavf_session = SECURITY_GET_SESS_PRIV(session);
 	int sa_idx;
 	int ret = 0;
 
@@ -656,12 +655,6 @@ iavf_ipsec_crypto_session_create(void *device,
 	if (ret)
 		return ret;
 
-	/* allocate session context */
-	if (rte_mempool_get(mempool, (void **)&iavf_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from sess mempool");
-		return -ENOMEM;
-	}
-
 	/* add SA to hardware database */
 	sa_idx = iavf_ipsec_crypto_security_association_add(adapter, conf);
 	if (sa_idx < 0) {
@@ -675,16 +668,12 @@ iavf_ipsec_crypto_session_create(void *device,
 				RTE_SECURITY_IPSEC_SA_DIR_INGRESS ?
 				"inbound" : "outbound");
 
-		rte_mempool_put(mempool, iavf_session);
 		return -EFAULT;
 	}
 
 	/* save data plane required session parameters */
 	set_session_parameter(iavf_sctx, iavf_session, conf, sa_idx);
 
-	/* save to security session private data */
-	set_sec_session_private_data(session, iavf_session);
-
 	return 0;
 }
 
@@ -702,7 +691,7 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
 {
 	struct iavf_adapter *adapter =
 		IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
-	struct iavf_security_session *sess = session->sess_private_data;
+	const struct iavf_security_session *sess = (const void *)session->driver_priv_data;
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(sess == NULL || sess->adapter != adapter))
@@ -880,7 +869,7 @@ iavf_ipsec_crypto_session_update(void *device,
 	int rc = 0;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = SECURITY_GET_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1045,7 +1034,7 @@ iavf_ipsec_crypto_session_destroy(void *device,
 	int ret;
 
 	adapter = IAVF_DEV_PRIVATE_TO_ADAPTER(eth_dev->data->dev_private);
-	iavf_sess = (struct iavf_security_session *)session->sess_private_data;
+	iavf_sess = SECURITY_GET_SESS_PRIV(session);
 
 	/* verify we have a valid session and that it belong to this adapter */
 	if (unlikely(iavf_sess == NULL || iavf_sess->adapter != adapter))
@@ -1140,7 +1129,7 @@ iavf_ipsec_crypto_pkt_metadata_set(void *device,
 	struct iavf_adapter *adapter =
 			IAVF_DEV_PRIVATE_TO_ADAPTER(ethdev->data->dev_private);
 	struct iavf_security_ctx *iavf_sctx = adapter->security_ctx;
-	struct iavf_security_session *iavf_sess = session->sess_private_data;
+	struct iavf_security_session *iavf_sess = SECURITY_GET_SESS_PRIV(session);
 	struct iavf_ipsec_crypto_pkt_metadata *md;
 	struct rte_esp_tail *esp_tail;
 	uint64_t *sqn = params;
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index c353ae33b4..210071b7d6 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -440,9 +428,7 @@ ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -480,8 +466,7 @@ ixgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +670,12 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct ixgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 3ca3d85ed5..f75cfe33a4 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -420,9 +408,7 @@ txgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
 	struct rte_eth_dev *eth_dev = device;
-	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
 	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
 
 	if (eth_dev != ic_session->dev) {
@@ -460,8 +446,8 @@ txgbe_crypto_update_mb(void *device __rte_unused,
 		struct rte_security_session *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(session);
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +647,12 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+	/**
+	 * FIXME Updating the session priv data when the session is const.
+	 * Typecasting done here is wrong and the implementation need to be corrected.
+	 */
+	struct txgbe_crypto_session *ic_session = (void *)(uint64_t)
+			((const struct rte_security_session *)sess)->driver_priv_data;
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index ce4b4ba806..7171db2cc3 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2110,38 +2110,6 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 		printf("Allocated session pool on socket %d\n",	socket_id);
 }
 
-static void
-session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
-	size_t sess_sz)
-{
-	char mp_name[RTE_MEMPOOL_NAMESIZE];
-	struct rte_mempool *sess_mp;
-	uint32_t nb_sess;
-
-	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
-			"sess_mp_priv_%u", socket_id);
-	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
-		rte_lcore_count());
-	nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ *
-			CDEV_MP_CACHE_MULTIPLIER);
-	sess_mp = rte_mempool_create(mp_name,
-			nb_sess,
-			sess_sz,
-			CDEV_MP_CACHE_SZ,
-			0, NULL, NULL, NULL,
-			NULL, socket_id,
-			0);
-	ctx->session_priv_pool = sess_mp;
-
-	if (ctx->session_priv_pool == NULL)
-		rte_exit(EXIT_FAILURE,
-			"Cannot init session priv pool on socket %d\n",
-			socket_id);
-	else
-		printf("Allocated session priv pool on socket %d\n",
-			socket_id);
-}
-
 static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, int portid,
 	  uint32_t nb_mbuf)
@@ -3022,8 +2990,6 @@ main(int32_t argc, char **argv)
 			continue;
 
 		session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz);
-		session_priv_pool_init(&socket_ctx[socket_id], socket_id,
-			sess_sz);
 	}
 	printf("Number of mbufs in packet pool %d\n", nb_bufs_in_pool);
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index bb84dcec7e..ee1cf871ca 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -151,8 +151,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -278,8 +277,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -478,8 +476,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 2c37bb022d..538eb17d94 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -258,7 +258,6 @@ struct socket_ctx {
 	struct rte_mempool *mbuf_pool[RTE_MAX_ETHPORTS];
 	struct rte_mempool *mbuf_pool_indir;
 	struct rte_mempool *session_pool;
-	struct rte_mempool *session_priv_pool;
 };
 
 struct cnt_blk {
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 8b6a7a5c1d..ece7157970 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -967,7 +967,7 @@ rte_cryptodev_asym_session_pool_create(const char *name, uint32_t nb_elts,
  * @param   dev_id   ID of device that we want the session to be used on
  * @param   xforms   Symmetric crypto transform operations to apply on flow
  *                   processed with this session
- * @param   mempool  Mempool where the private data is allocated.
+ * @param   mp       Mempool where the private data is allocated.
  *
  * @return
  *  - On success return pointer to sym-session.
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index b5e9b0d34a..87a21a6e33 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -45,21 +45,28 @@ rte_security_dynfield_register(void)
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	uint32_t sess_priv_size;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	sess_priv_size = instance->ops->session_get_size(instance->device);
+	if (mp->elt_size < (sizeof(struct rte_security_session) + sess_priv_size))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
-	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+	/* Clear session priv data */
+	memset(sess->driver_priv_data, 0, sess_priv_size);
+
+	sess->driver_priv_data_iova = rte_mempool_virt2iova(sess) +
+			offsetof(struct rte_security_session, driver_priv_data);
+	if (instance->ops->session_create(instance->device, conf, sess)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
@@ -86,7 +93,8 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
 
-	return instance->ops->session_get_size(instance->device);
+	return (sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device));
 }
 
 int
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 675db940eb..bf4ff3c18c 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -519,10 +519,17 @@ struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
+	RTE_MARKER cacheline0;
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
 };
 
 /**
@@ -531,7 +538,6 @@ struct rte_security_session {
  * @param   instance	security instance
  * @param   conf	session configuration parameters
  * @param   mp		mempool to allocate session objects from
- * @param   priv_mp	mempool to allocate session private data objects from
  * @return
  *  - On success, pointer to session
  *  - On failure, NULL
@@ -539,8 +545,7 @@ struct rte_security_session {
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -656,7 +661,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess->fast_mdata);
 		return 0;
 	}
 
@@ -713,19 +718,6 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..c8119a8a50 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,24 +19,29 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * Helper macro to get driver private data
+ */
+#define SECURITY_GET_SESS_PRIV(s) \
+	((void *)(((struct rte_security_session *)s)->driver_priv_data))
+#define SECURITY_GET_SESS_PRIV_IOVA(s) \
+	(((struct rte_security_session *)s)->driver_priv_data_iova)
+
 /**
  * Configure a security session on a device.
  *
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
  *  - Returns -EINVAL if input parameters are invalid.
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
- *  - Returns -ENOMEM if the private session could not be allocated.
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		struct rte_security_session *sess);
 
 /**
  * Free driver private session data.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 5/6] drivers/crypto: support security session get size op
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
                         ` (3 preceding siblings ...)
  2022-09-26 19:14       ` [PATCH v4 4/6] security: remove priv mempool usage Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-26 19:14       ` [PATCH v4 6/6] security: hide session structure Akhil Goyal
                         ` (2 subsequent siblings)
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal, Kai Ji,
	David Coyle, Kevin O'Sullivan

Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 drivers/crypto/caam_jr/caam_jr.c            | 6 ++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 7 +++++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 8 ++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 7 +++++++
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c     | 7 +++++++
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c   | 1 +
 drivers/crypto/qat/qat_sym_session.c        | 6 ++++++
 drivers/crypto/qat/qat_sym_session.h        | 2 ++
 8 files changed, 44 insertions(+)

diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 7891254d78..a6d3a494e6 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1937,6 +1937,11 @@ caam_jr_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+caam_jr_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct caam_jr_session);
+}
 
 static int
 caam_jr_dev_configure(struct rte_cryptodev *dev,
@@ -2031,6 +2036,7 @@ static struct rte_cryptodev_ops caam_jr_ops = {
 static struct rte_security_ops caam_jr_security_ops = {
 	.session_create = caam_jr_security_session_create,
 	.session_update = NULL,
+	.session_get_size = caam_jr_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = caam_jr_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 563ba79418..3c51913dd8 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3733,6 +3733,12 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa2_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa2_sec_session);
+}
 #endif
 static int
 dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -4184,6 +4190,7 @@ dpaa2_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa2_sec_security_ops = {
 	.session_create = dpaa2_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa2_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa2_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c2216987ca..72b848fd49 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3289,6 +3289,13 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused,
 	}
 	return 0;
 }
+
+static unsigned int
+dpaa_sec_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(dpaa_sec_session);
+}
+
 #endif
 static int
 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
@@ -3547,6 +3554,7 @@ dpaa_sec_capabilities_get(void *device __rte_unused)
 static const struct rte_security_ops dpaa_sec_security_ops = {
 	.session_create = dpaa_sec_security_session_create,
 	.session_update = NULL,
+	.session_get_size = dpaa_sec_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = dpaa_sec_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 76cb1c543a..fc9ee01124 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -2130,6 +2130,12 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+aesni_mb_pmd_sec_sess_get_size(void *device __rte_unused)
+{
+	return sizeof(struct aesni_mb_session);
+}
+
 /** Get security capabilities for aesni multi-buffer */
 static const struct rte_security_capability *
 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
@@ -2140,6 +2146,7 @@ aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
 		.session_create = aesni_mb_pmd_sec_sess_create,
 		.session_update = NULL,
+		.session_get_size = aesni_mb_pmd_sec_sess_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = aesni_mb_pmd_sec_sess_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 1aa8e935f1..6ac0407c36 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -907,6 +907,12 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 	return 0;
 }
 
+static unsigned int
+mrvl_crypto_pmd_security_session_create(void *device __rte_unused)
+{
+	return sizeof(struct mrvl_crypto_session);
+}
+
 static const
 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
@@ -971,6 +977,7 @@ mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
 struct rte_security_ops mrvl_sec_security_pmd_ops = {
 	.session_create = mrvl_crypto_pmd_security_session_create,
 	.session_update = NULL,
+	.session_get_size = mrvl_crypto_pmd_security_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = mrvl_crypto_pmd_security_session_destroy,
 	.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
index 99f5a22a06..462c1a722f 100644
--- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
@@ -428,6 +428,7 @@ qat_security_cap_get_gen1(void *dev __rte_unused)
 struct rte_security_ops security_qat_ops_gen1 = {
 		.session_create = qat_security_session_create,
 		.session_update = NULL,
+		.session_get_size = qat_security_session_get_size,
 		.session_stats_get = NULL,
 		.session_destroy = qat_security_session_destroy,
 		.set_pkt_metadata = NULL,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 7ff3aff4d3..dce185d424 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2641,4 +2641,10 @@ qat_security_session_destroy(void *dev __rte_unused,
 # endif
 	return 0;
 }
+
+unsigned int
+qat_security_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct qat_sym_session);
+}
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ac57e0b240..6322d7e3bc 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -180,6 +180,8 @@ qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
 		struct rte_security_session *sess);
 int
 qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+unsigned int
+qat_security_session_get_size(void *dev __rte_unused);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* [PATCH v4 6/6] security: hide session structure
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
                         ` (4 preceding siblings ...)
  2022-09-26 19:14       ` [PATCH v4 5/6] drivers/crypto: support security session get size op Akhil Goyal
@ 2022-09-26 19:14       ` Akhil Goyal
  2022-09-26 19:23       ` [PATCH v4 0/6] crypto/security session framework rework Akhil Goyal
  2022-09-27  3:27       ` Ruifeng Wang
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:14 UTC (permalink / raw)
  To: dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, ndabilpuram, roy.fan.zhang, Akhil Goyal,
	David Coyle, Kevin O'Sullivan

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
---
 app/test-crypto-perf/cperf_ops.c              |  6 +-
 .../cperf_test_pmd_cyclecount.c               |  2 +-
 app/test-crypto-perf/cperf_test_throughput.c  |  2 +-
 app/test/test_cryptodev.c                     |  2 +-
 app/test/test_cryptodev_security_ipsec.c      |  2 +-
 app/test/test_cryptodev_security_ipsec.h      |  2 +-
 app/test/test_security.c                      | 32 ++++----
 app/test/test_security_inline_proto.c         | 10 +--
 doc/guides/rel_notes/deprecation.rst          |  4 -
 doc/guides/rel_notes/release_22_11.rst        |  5 ++
 drivers/crypto/caam_jr/caam_jr.c              |  2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  4 +-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  4 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  4 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |  2 +-
 examples/ipsec-secgw/ipsec_worker.c           |  2 +-
 lib/cryptodev/rte_crypto_sym.h                |  4 +-
 lib/ipsec/rte_ipsec_group.h                   | 12 +--
 lib/ipsec/ses.c                               |  2 +-
 lib/security/rte_security.c                   | 13 ++-
 lib/security/rte_security.h                   | 80 ++++++++++++-------
 lib/security/rte_security_driver.h            | 18 +++++
 26 files changed, 137 insertions(+), 97 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index bd3c941fea..7ba4e13244 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+		void *sec_sess = (void *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops,
 		uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
 		uint64_t *tsc_start)
 {
-	struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
+	void *sec_sess = sess;
 	const uint32_t test_buffer_size = options->test_buffer_size;
 	const uint32_t headroom_sz = options->headroom_sz;
 	const uint32_t segment_sz = options->segment_sz;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index f0ca78af4f..045fd1c29a 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -71,7 +71,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index c924459958..38340dae08 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -49,7 +49,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
 					rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(
 				sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		}
 #endif
 		else
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f0315f9195..981db009b8 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -84,7 +84,7 @@ struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3f691f0f56..cb77b39dbb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 
 int
 test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			struct rte_security_session *sess,
+			void *sess,
 			const struct ipsec_test_flags *flags,
 			enum rte_security_ipsec_sa_direction dir)
 {
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 02b08f9f95..6a119bee46 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -277,7 +277,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
 			    int pkt_num);
 
 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index bb3b3835fa..f336479b2e 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,7 +234,7 @@
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
 	struct rte_mempool *priv_mp;
 
@@ -268,7 +268,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -322,7 +322,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -352,7 +352,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -513,7 +513,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -650,7 +650,7 @@ ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -701,7 +701,7 @@ test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
 			ts_params->session_mpool);
@@ -723,7 +723,7 @@ test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
@@ -747,7 +747,7 @@ test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
@@ -770,7 +770,7 @@ test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
 			ts_params->session_mpool);
@@ -791,7 +791,7 @@ static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
@@ -812,8 +812,8 @@ test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -853,7 +853,7 @@ test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
@@ -879,7 +879,7 @@ test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 9c6a09676e..3f520840ac 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
 /* Create Inline IPsec session */
 static int
 create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
-		struct rte_security_session **sess, struct rte_security_ctx **ctx,
+		void **sess, struct rte_security_ctx **ctx,
 		uint32_t *ol_flags, const struct ipsec_test_flags *flags,
 		struct rte_security_session_conf *sess_conf)
 {
@@ -695,8 +695,8 @@ static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
 		const struct ipsec_test_flags *flags)
 {
-	struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
-	struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
+	void *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
 	struct rte_eth_ip_reassembly_params reass_capa = {0};
 	struct rte_security_session_conf sess_conf_out = {0};
 	struct rte_security_session_conf sess_conf_in = {0};
@@ -963,7 +963,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
 	struct rte_crypto_sym_xform cipher = {0};
 	struct rte_crypto_sym_xform auth = {0};
 	struct rte_crypto_sym_xform aead = {0};
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	int nb_rx = 0, nb_sent;
 	uint32_t ol_flags;
@@ -1199,7 +1199,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
 	struct rte_mbuf *rx_pkt = NULL;
 	struct rte_mbuf *tx_pkt = NULL;
 	int nb_rx, nb_sent;
-	struct rte_security_session *ses;
+	void *ses;
 	struct rte_security_ctx *ctx;
 	uint32_t ol_flags;
 	bool outer_ipv4;
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 9785a0f3ce..701d32b818 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -166,10 +166,6 @@ Deprecation Notices
   which got error interrupt to the application,
   so that application can reset that particular queue pair.
 
-* security: Hide structure ``rte_security_session`` and expose an opaque
-  pointer for the private data to the application which can be attached
-  to the packet while enqueuing.
-
 * security: MACsec support is planned to be added in DPDK 22.11,
   which would result in updates to structures ``rte_security_macsec_xform``,
   ``rte_security_macsec_stats`` and security capability structure
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 4b8b34d8ba..6a6d1649cc 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -98,6 +98,11 @@ API Changes
   All sample applications were updated to attach an opaque pointer for the session
   to the ``rte_crypto_op`` while enqueuing.
 
+* security: The structure ``rte_security_session`` was made internal and corresponding
+  APIs were updated to take/return an opaque session pointer. The API
+  ``rte_security_session_create`` was updated to take only one mempool which has enough
+  space to hold session and driver private data.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index a6d3a494e6..3b06522d06 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 		ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		ses = SECURITY_GET_SESS_PRIV(op->sym->session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f127c84fd3..0dc2dc4baa 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,7 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+			sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session);
 			ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
 			if (unlikely(ret))
 				return 0;
@@ -322,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn10k_sec_session *priv;
 			struct cn10k_ipsec_sa *sa;
 
-			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			*w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index b395f830b1..2ed298e01f 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 	struct cn9k_ipsec_sa *sa;
 	int ret;
 
-	priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 	sa = &priv->sa;
 
 	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
 			struct cn9k_sec_session *priv;
 			struct cn9k_ipsec_sa *sa;
 
-			priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 			sa = &priv->sa;
 			*qp = sa->qp;
 			inst->w2.u64 = sa->inst.w2;
@@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
 			     CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
 			int ret;
 
-			priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session);
+			priv = SECURITY_GET_SESS_PRIV(sym_op->session);
 			sa = &priv->sa;
 
 			ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3c51913dd8..afa9bd0a62 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 	else {
 		DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 
 	if (sess == NULL)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 72b848fd49..331e23e628 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -673,7 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp)
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 #endif
 	if (sess == NULL) {
 		printf("session is NULL\n");
@@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				break;
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
-				ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+				ses = SECURITY_GET_SESS_PRIV(op->sym->session);
 				break;
 #endif
 			default:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index fc9ee01124..8ec2364aa7 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		return -1;
 	}
-	session = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+	session = SECURITY_GET_SESS_PRIV(op->sym->session);
 
 	if (unlikely(session == NULL)) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(op->sym->session);
 	} else
 #endif
 		sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index f8ec8b7233..69f5add637 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+		ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
 		if (unlikely(!ctx)) {
 			QAT_DP_LOG(ERR, "No session for this device");
 			return -EINVAL;
@@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				}
 			}
 
-			sess = (uintptr_t)op->sym->sec_session;
+			sess = (uintptr_t)op->sym->session;
 			build_request = ctx->build_request[proc_type];
 			opaque[0] = sess;
 			opaque[1] = (uintptr_t)build_request;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index 033ec0de85..9a4251e08b 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session);
+			ctx = SECURITY_GET_SESS_PRIV(op->sym->session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session);
+		sess = SECURITY_GET_SESS_PRIV(rx_op->sym->session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 8ea0f9540e..49f9202aca 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -5,7 +5,7 @@
 #ifndef _IAVF_IPSEC_CRYPTO_H_
 #define _IAVF_IPSEC_CRYPTO_H_
 
-#include <rte_security.h>
+#include <rte_security_driver.h>
 
 #include "iavf.h"
 
diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 5e69450d27..49b1b951f1 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -17,7 +17,7 @@
 #endif
 
 struct port_drv_mode_data {
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_ctx *ctx;
 };
 
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 84deecac48..b1650adcac 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -617,11 +617,9 @@ struct rte_crypto_sym_op {
 	RTE_STD_C11
 	union {
 		void *session;
-		/**< Handle for the initialised session context */
+		/**< Handle for the initialised crypto/security session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
-		struct rte_security_session *sec_session;
-		/**< Handle for the initialised security session context */
 	};
 
 	RTE_STD_C11
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index a4e0e128f8..c6458ef81e 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
-	void *cs;
+	void *ses;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-		ss = cop->sym[0].sec_session;
-		return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
+		ses = cop->sym[0].session;
+		return (struct rte_ipsec_session *)(uintptr_t)
+			rte_security_session_opaque_data_get(ses);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-		cs = cop->sym[0].session;
+		ses = cop->sym[0].session;
 		return (struct rte_ipsec_session *)(uintptr_t)
-			rte_cryptodev_sym_session_opaque_data_get(cs);
+			rte_cryptodev_sym_session_opaque_data_get(ses);
 	}
 	return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 0d3c932302..d9ab1e6d2b 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 		rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
 			(uintptr_t)ss);
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 87a21a6e33..59bb141cac 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -42,7 +42,7 @@ rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp)
@@ -72,12 +72,12 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return (void *)sess;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -99,7 +99,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
@@ -111,8 +111,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
 	int ret;
 
@@ -134,7 +133,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index bf4ff3c18c..2e717b7468 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -518,20 +518,6 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	RTE_MARKER cacheline0;
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	rte_iova_t driver_priv_data_iova;
-	/**< session private data IOVA address */
-
-	RTE_MARKER cacheline1 __rte_cache_min_aligned;
-	uint8_t driver_priv_data[0];
-	/**< Private session material, variable size (depends on driver) */
-};
-
 /**
  * Create security session as specified by the session configuration
  *
@@ -542,7 +528,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -560,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -590,8 +576,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  *  - other negative values in case of freeing private data errors.
  */
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -634,10 +619,52 @@ static inline bool rte_security_dynfield_is_registered(void)
 	return rte_security_dynfield_offset >= 0;
 }
 
+#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF	0
+#define RTE_SECURITY_SESS_FAST_MDATA_OFF	1
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
+
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -655,13 +682,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->fast_mdata);
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)
+			rte_security_session_fast_mdata_get(sess);
 		return 0;
 	}
 
@@ -710,10 +737,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  * @param	sess	security session
  */
 static inline int
-__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
-	sym_op->sec_session = sess;
+	sym_op->session = sess;
 
 	return 0;
 }
@@ -729,7 +755,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
  */
 static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+			    void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -791,7 +817,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index c8119a8a50..37be87b9f7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,24 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	RTE_MARKER cacheline0;
+	uint64_t opaque_data;
+	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	rte_iova_t driver_priv_data_iova;
+	/**< session private data IOVA address */
+
+	RTE_MARKER cacheline1 __rte_cache_min_aligned;
+	uint8_t driver_priv_data[0];
+	/**< Private session material, variable size (depends on driver) */
+};
+
 /**
  * Helper macro to get driver private data
  */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 0/6] crypto/security session framework rework
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
                         ` (5 preceding siblings ...)
  2022-09-26 19:14       ` [PATCH v4 6/6] security: hide session structure Akhil Goyal
@ 2022-09-26 19:23       ` Akhil Goyal
  2022-09-27  3:27       ` Ruifeng Wang
  7 siblings, 0 replies; 47+ messages in thread
From: Akhil Goyal @ 2022-09-26 19:23 UTC (permalink / raw)
  To: Akhil Goyal, dev, Liron Himi
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, pablo.de.lara.guarch, matan,
	g.singh, qiming.yang, wenjun1.wu, jianwang, jingjing.wu,
	beilei.xing, Nithin Kumar Dabilpuram, roy.fan.zhang

++ Liron for mvsam.

> Subject: [PATCH v4 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session
> data structure to use a single virtual/physical contiguous buffer
> for symmetric crypto/security session and driver private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed
> by multiple device drivers. For the same reason
> rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and
> clear the driver specific data field.
> 
> The change was also submitted last year during DPDK 21.11
> timeframe also[1], but was not applied due to lack of feedback from
> community. Please help in getting this cleanup merged in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all
> the issues reported so far.
> 
> Changes in v4:
> - squashed armv8_crypto fixes.
> http://patches.dpdk.org/project/dpdk/cover/20220926100120.3980185-1-
> ruifeng.wang@arm.com/
> 
> Changes in v3:
> - Updated release notes
> - fixed checkpatch issues
> - renamed macro to get sess priv data to align with crypto macro
> - added acked-by/tested-by
> 
> Changes in v2:
> This patchset is a v2 for the patch that was sent by Fan Zhang(Intel)
> with a few changes
> - Added security session rework also.
> - fixed issues in [2] reported on mailing list.
> - few other fixes.
> 
> Please review and provide feedback as soon as possible
> as this is intended to be merged in DPDK 22.11 RC1.
> 
> Currently the cnxk platform is tested with this change.
> Request everyone to review and test on their platform.
> 
> Special note to ixgbe and txgbe maintainers.
> There is a wrong implementation for flow creation. Please check.
> A hack is added to bypass it. Please fix it separately.
> 
> [1] https://patches.dpdk.org/project/dpdk/cover/20211018213452.2734720-1-
> gakhil@marvell.com/
> [2] https://patches.dpdk.org/project/dpdk/cover/20220829160645.378406-1-
> roy.fan.zhang@intel.com/
> 
> 
> 
> Akhil Goyal (5):
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   security: remove priv mempool usage
>   drivers/crypto: support security session get size op
>   security: hide session structure
> 
> Fan Zhang (1):
>   crypto/scheduler: use unified session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  40 +--
>  app/test-crypto-perf/cperf_ops.h              |   2 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   9 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |  10 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |  11 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   9 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  30 +-
>  app/test-eventdev/test_perf_common.c          |  35 +-
>  app/test-eventdev/test_perf_common.h          |   1 -
>  app/test/test_cryptodev.c                     | 337 +++++-------------
>  app/test/test_cryptodev_blockcipher.c         |  16 +-
>  app/test/test_cryptodev_security_ipsec.c      |   2 +-
>  app/test/test_cryptodev_security_ipsec.h      |   2 +-
>  app/test/test_event_crypto_adapter.c          |  35 +-
>  app/test/test_ipsec.c                         |  47 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 178 ++-------
>  app/test/test_security_inline_proto.c         |  26 +-
>  doc/guides/prog_guide/cryptodev_lib.rst       |  16 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 -
>  doc/guides/rel_notes/release_22_11.rst        |  14 +
>  drivers/common/cnxk/roc_cpt.c                 |   4 +-
>  drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  35 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  39 +-
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   3 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  69 +---
>  drivers/crypto/ccp/ccp_crypto.c               |  56 +--
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +-
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  29 +-
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  41 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  45 +--
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  38 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  54 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  55 +--
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  70 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   6 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  69 +---
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   7 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  34 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  41 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  48 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  69 +---
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   4 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |  10 +-
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   9 +-
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   4 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |  11 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  49 +--
>  drivers/crypto/nitrox/nitrox_sym.c            |  39 +-
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  33 +-
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  67 +---
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  24 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  29 +-
>  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c     |   1 +
>  drivers/crypto/qat/qat_sym.c                  |  15 +-
>  drivers/crypto/qat/qat_sym.h                  |  16 +-
>  drivers/crypto/qat/qat_sym_session.c          |  73 ++--
>  drivers/crypto/qat/qat_sym_session.h          |  10 +-
>  drivers/crypto/scheduler/scheduler_failover.c |  19 +-
>  .../crypto/scheduler/scheduler_multicore.c    |  17 +
>  .../scheduler/scheduler_pkt_size_distr.c      |  81 +++--
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  93 ++++-
>  .../crypto/scheduler/scheduler_pmd_private.h  | 120 ++++++-
>  .../crypto/scheduler/scheduler_roundrobin.c   |  11 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  40 +--
>  drivers/crypto/virtio/virtio_rxtx.c           |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  38 +-
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  32 +-
>  drivers/net/iavf/iavf_ipsec_crypto.c          |  23 +-
>  drivers/net/iavf/iavf_ipsec_crypto.h          |   2 +-
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  31 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  32 +-
>  examples/fips_validation/fips_dev_self_test.c |  40 +--
>  examples/fips_validation/main.c               |  35 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  44 +--
>  examples/ipsec-secgw/ipsec.c                  |  16 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   2 +-
>  examples/l2fwd-crypto/main.c                  |  54 +--
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  60 ++--
>  lib/cryptodev/cryptodev_trace_points.c        |   6 -
>  lib/cryptodev/rte_crypto.h                    |   3 +-
>  lib/cryptodev/rte_crypto_sym.h                |  11 +-
>  lib/cryptodev/rte_cryptodev.c                 | 284 ++++++---------
>  lib/cryptodev/rte_cryptodev.h                 | 153 +++-----
>  lib/cryptodev/rte_cryptodev_trace.h           |  35 +-
>  lib/cryptodev/version.map                     |   6 -
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   5 +-
>  lib/pipeline/rte_table_action.c               |  10 +-
>  lib/security/rte_security.c                   |  33 +-
>  lib/security/rte_security.h                   |  90 +++--
>  lib/security/rte_security_driver.h            |  31 +-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |  28 +-
>  110 files changed, 1253 insertions(+), 2435 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 0/6] crypto/security session framework rework
  2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
                         ` (6 preceding siblings ...)
  2022-09-26 19:23       ` [PATCH v4 0/6] crypto/security session framework rework Akhil Goyal
@ 2022-09-27  3:27       ` Ruifeng Wang
  7 siblings, 0 replies; 47+ messages in thread
From: Ruifeng Wang @ 2022-09-27  3:27 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	Ajit Khaparde (ajit.khaparde@broadcom.com),
	anoobj, pablo.de.lara.guarch, matan, g.singh, qiming.yang,
	wenjun1.wu, jianwang, jingjing.wu, beilei.xing, ndabilpuram,
	roy.fan.zhang, nd

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, September 27, 2022 3:14 AM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com; hemant.agrawal@nxp.com;
> vattunuru@marvell.com; ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com; yisen.zhuang@huawei.com;
> irusskikh@marvell.com; jerinj@marvell.com; adwivedi@marvell.com;
> maxime.coquelin@redhat.com; chandu@amd.com; Ruifeng Wang <Ruifeng.Wang@arm.com>; Ajit
> Khaparde (ajit.khaparde@broadcom.com) <ajit.khaparde@broadcom.com>; anoobj@marvell.com;
> pablo.de.lara.guarch@intel.com; matan@nvidia.com; g.singh@nxp.com; qiming.yang@intel.com;
> wenjun1.wu@intel.com; jianwang@trustnetic.com; jingjing.wu@intel.com;
> beilei.xing@intel.com; ndabilpuram@marvell.com; roy.fan.zhang@intel.com; Akhil Goyal
> <gakhil@marvell.com>
> Subject: [PATCH v4 0/6] crypto/security session framework rework
> 
> This patchset reworks the symmetric crypto and security session data structure to use a
> single virtual/physical contiguous buffer for symmetric crypto/security session and driver
> private data.
> In addition the session data structure is now private.
> The session is represented as an opaque pointer in the application.
> 
> With the change the session is no longer supported to be accessed by multiple device
> drivers. For the same reason rte_cryptodev_sym_session_init/clear APIs are deprecated as
> rte_cryptodev_sym_session_create/free will initialize and clear the driver specific data
> field.
> 
> The change was also submitted last year during DPDK 21.11 timeframe also[1], but was not
> applied due to lack of feedback from community. Please help in getting this cleanup merged
> in this cycle.
> 
> Now the similar work was already done for asymmetric crypto.
> This patchset is rebased over current tree and fixes all the issues reported so far.
> 
> Changes in v4:
> - squashed armv8_crypto fixes.
> http://patches.dpdk.org/project/dpdk/cover/20220926100120.3980185-1-ruifeng.wang@arm.com/
> 

Verified for armv8 crypto PMD. Test cases are passing.
For the series,
Tested-by: Ruifeng Wang <ruifeng.wang@arm.com>

Thanks,
Ruifeng

^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 2/6] crypto/scheduler: use unified session
  2022-09-26 19:14       ` [PATCH v4 2/6] crypto/scheduler: use unified session Akhil Goyal
@ 2022-09-27 11:03         ` Ji, Kai
  2022-09-27 19:25           ` Akhil Goyal
  0 siblings, 1 reply; 47+ messages in thread
From: Ji, Kai @ 2022-09-27 11:03 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, vattunuru, ferruh.yigit,
	andrew.rybchenko, konstantin.v.ananyev, jiawenwu, yisen.zhuang,
	irusskikh, jerinj, adwivedi, maxime.coquelin, chandu,
	ruifeng.wang, ajit.khaparde, anoobj, De Lara Guarch, Pablo,
	matan, g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu,
	Jingjing, Xing, Beilei, ndabilpuram, Zhang, Roy Fan, Coyle,
	David, O'Sullivan, Kevin

Have the sym sessions changes been tested with the dpdk-test-crypto-perf tool ? 

root@silpixa00401033:build# ./app/dpdk-test-crypto-perf -l 3,4 --socket-mem 4096,0 -a 0000:33:01.0,qat_sym_cipher_crc_enable=1 --vdev crypto_aesni_mb1 --vdev "crypto_scheduler,worker=crypto_aesni_mb1,worker=0000:33:01.0_qat_sym,mode=packet-size-distr,ordering=disable,mode_param=threshold:64" -n 6 --force-max-simd-bitwidth=512 -- --ptest throughput --silent --total-ops 3000000 --burst-sz 32 --buffer-sz 105,277,1301  --imix 15,10,75 --devtype crypto_scheduler --optype cipher-only --cipher-algo aes-docsisbpi --cipher-iv-sz 16 --cipher-op encrypt --cipher-key-sz 16 --docsis-hdr-sz 17
EAL: Detected CPU lcores: 128
EAL: Detected NUMA nodes: 2
EAL: Detected static linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: VFIO support initialized
EAL: Using IOMMU type 1 (Type 1)
EAL: Probe PCI driver: qat (8086:37c9) device: 0000:33:01.0 (socket 0)
CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_sym

CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_sym,socket id: 0, max queue pairs: 0
CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_asym

CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_asym,socket id: 0, max queue pairs: 0
CRYPTODEV: Creating cryptodev crypto_aesni_mb1

CRYPTODEV: Initialisation parameters - name: crypto_aesni_mb1,socket id: 0, max queue pairs: 8
ipsec_mb_create() line 152: IPSec Multi-buffer library version used: 1.2.0

CRYPTODEV: Creating cryptodev crypto_scheduler

CRYPTODEV: Initialisation parameters - name: crypto_scheduler,socket id: 0, max queue pairs: 8
cryptodev_scheduler_create() line 138:   Scheduling mode = packet-size-distr
PMD:   Sched mode param (threshold = 64)
cryptodev_scheduler_create() line 193:   Packet ordering = disable
scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached worker 0000:33:01.0_qat_sym
scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached worker crypto_aesni_mb1
Allocated pool "sess_mp_0" on socket 0
USER1: Test run constructor failed 

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Monday, September 26, 2022 8:14 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; vattunuru@marvell.com;
> ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> anoobj@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> ndabilpuram@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> Akhil Goyal <gakhil@marvell.com>; Ji, Kai <kai.ji@intel.com>; Coyle, David
> <david.coyle@intel.com>; O'Sullivan, Kevin <kevin.osullivan@intel.com>
> Subject: [PATCH v4 2/6] crypto/scheduler: use unified session
> 
> From: Fan Zhang <roy.fan.zhang@intel.com>
> 
> This patch updates the scheduler PMD to use unified session data structure.
> Previously thanks to the private session array in cryptodev sym session there
> are no necessary change needed for scheduler PMD other than the way ops
> are enqueued/dequeued. The patch inherits the same design in the original
> session data structure to the scheduler PMD so the cryptodev sym session
> can be as a linear buffer for both session header and driver private data.
> 
> With the change there are inevitable extra cost on both memory
> (64 bytes per session per driver type) and cycle count (set the correct session
> for each cop based on the worker before enqueue, and retrieve the original
> session after dequeue).
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> Tested-by: Gagandeep Singh <g.singh@nxp.com>
> Tested-by: David Coyle <david.coyle@intel.com>
> Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
> ---


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 2/6] crypto/scheduler: use unified session
  2022-09-27 11:03         ` Ji, Kai
@ 2022-09-27 19:25           ` Akhil Goyal
  2022-09-28 12:56             ` Akhil Goyal
  0 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-27 19:25 UTC (permalink / raw)
  To: Ji, Kai, dev
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, De Lara Guarch, Pablo, matan,
	g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu, Jingjing, Xing,
	Beilei, Nithin Kumar Dabilpuram, Zhang, Roy Fan, Coyle, David,
	O'Sullivan, Kevin

> Have the sym sessions changes been tested with the dpdk-test-crypto-perf tool ?

I have not tested for scheduler pmd. Can you root cause the issue and send a fix? 
Fan may have tested it.

> 
> root@silpixa00401033:build# ./app/dpdk-test-crypto-perf -l 3,4 --socket-mem
> 4096,0 -a 0000:33:01.0,qat_sym_cipher_crc_enable=1 --vdev crypto_aesni_mb1
> --vdev
> "crypto_scheduler,worker=crypto_aesni_mb1,worker=0000:33:01.0_qat_sym,m
> ode=packet-size-distr,ordering=disable,mode_param=threshold:64" -n 6 --force-
> max-simd-bitwidth=512 -- --ptest throughput --silent --total-ops 3000000 --
> burst-sz 32 --buffer-sz 105,277,1301  --imix 15,10,75 --devtype crypto_scheduler
> --optype cipher-only --cipher-algo aes-docsisbpi --cipher-iv-sz 16 --cipher-op
> encrypt --cipher-key-sz 16 --docsis-hdr-sz 17
> EAL: Detected CPU lcores: 128
> EAL: Detected NUMA nodes: 2
> EAL: Detected static linkage of DPDK
> EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
> EAL: Selected IOVA mode 'PA'
> EAL: VFIO support initialized
> EAL: Using IOMMU type 1 (Type 1)
> EAL: Probe PCI driver: qat (8086:37c9) device: 0000:33:01.0 (socket 0)
> CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_sym
> 
> CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_sym,socket id:
> 0, max queue pairs: 0
> CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_asym
> 
> CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_asym,socket
> id: 0, max queue pairs: 0
> CRYPTODEV: Creating cryptodev crypto_aesni_mb1
> 
> CRYPTODEV: Initialisation parameters - name: crypto_aesni_mb1,socket id: 0,
> max queue pairs: 8
> ipsec_mb_create() line 152: IPSec Multi-buffer library version used: 1.2.0
> 
> CRYPTODEV: Creating cryptodev crypto_scheduler
> 
> CRYPTODEV: Initialisation parameters - name: crypto_scheduler,socket id: 0,
> max queue pairs: 8
> cryptodev_scheduler_create() line 138:   Scheduling mode = packet-size-distr
> PMD:   Sched mode param (threshold = 64)
> cryptodev_scheduler_create() line 193:   Packet ordering = disable
> scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached
> worker 0000:33:01.0_qat_sym
> scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached
> worker crypto_aesni_mb1
> Allocated pool "sess_mp_0" on socket 0
> USER1: Test run constructor failed
> 
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Monday, September 26, 2022 8:14 PM
> > To: dev@dpdk.org
> > Cc: thomas@monjalon.net; david.marchand@redhat.com;
> > hemant.agrawal@nxp.com; vattunuru@marvell.com;
> > ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> > konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> > yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> > adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> > ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> > anoobj@marvell.com; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> > Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> > <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> > <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> > ndabilpuram@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > Akhil Goyal <gakhil@marvell.com>; Ji, Kai <kai.ji@intel.com>; Coyle, David
> > <david.coyle@intel.com>; O'Sullivan, Kevin <kevin.osullivan@intel.com>
> > Subject: [PATCH v4 2/6] crypto/scheduler: use unified session
> >
> > From: Fan Zhang <roy.fan.zhang@intel.com>
> >
> > This patch updates the scheduler PMD to use unified session data structure.
> > Previously thanks to the private session array in cryptodev sym session there
> > are no necessary change needed for scheduler PMD other than the way ops
> > are enqueued/dequeued. The patch inherits the same design in the original
> > session data structure to the scheduler PMD so the cryptodev sym session
> > can be as a linear buffer for both session header and driver private data.
> >
> > With the change there are inevitable extra cost on both memory
> > (64 bytes per session per driver type) and cycle count (set the correct session
> > for each cop based on the worker before enqueue, and retrieve the original
> > session after dequeue).
> >
> > Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > Acked-by: Kai Ji <kai.ji@intel.com>
> > Tested-by: Gagandeep Singh <g.singh@nxp.com>
> > Tested-by: David Coyle <david.coyle@intel.com>
> > Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
> > ---


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 2/6] crypto/scheduler: use unified session
  2022-09-27 19:25           ` Akhil Goyal
@ 2022-09-28 12:56             ` Akhil Goyal
  2022-09-28 15:29               ` Ji, Kai
  0 siblings, 1 reply; 47+ messages in thread
From: Akhil Goyal @ 2022-09-28 12:56 UTC (permalink / raw)
  To: Ji, Kai, dev
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, De Lara Guarch, Pablo, matan,
	g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu, Jingjing, Xing,
	Beilei, Nithin Kumar Dabilpuram, Zhang, Roy Fan, Coyle, David,
	O'Sullivan, Kevin

> Subject: RE: [PATCH v4 2/6] crypto/scheduler: use unified session
> 
> > Have the sym sessions changes been tested with the dpdk-test-crypto-perf
> tool ?
> 
> I have not tested for scheduler pmd. Can you root cause the issue and send a
> fix?
> Fan may have tested it.

Can this fix be taken up as a follow up patch (if not ready) and we merge this series in RC1,
As it is a big change and we cannot delay it beyond RC1.

> 
> >
> > root@silpixa00401033:build# ./app/dpdk-test-crypto-perf -l 3,4 --socket-mem
> > 4096,0 -a 0000:33:01.0,qat_sym_cipher_crc_enable=1 --vdev
> crypto_aesni_mb1
> > --vdev
> >
> "crypto_scheduler,worker=crypto_aesni_mb1,worker=0000:33:01.0_qat_sym,m
> > ode=packet-size-distr,ordering=disable,mode_param=threshold:64" -n 6 --
> force-
> > max-simd-bitwidth=512 -- --ptest throughput --silent --total-ops 3000000 --
> > burst-sz 32 --buffer-sz 105,277,1301  --imix 15,10,75 --devtype
> crypto_scheduler
> > --optype cipher-only --cipher-algo aes-docsisbpi --cipher-iv-sz 16 --cipher-op
> > encrypt --cipher-key-sz 16 --docsis-hdr-sz 17
> > EAL: Detected CPU lcores: 128
> > EAL: Detected NUMA nodes: 2
> > EAL: Detected static linkage of DPDK
> > EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
> > EAL: Selected IOVA mode 'PA'
> > EAL: VFIO support initialized
> > EAL: Using IOMMU type 1 (Type 1)
> > EAL: Probe PCI driver: qat (8086:37c9) device: 0000:33:01.0 (socket 0)
> > CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_sym
> >
> > CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_sym,socket
> id:
> > 0, max queue pairs: 0
> > CRYPTODEV: Creating cryptodev 0000:33:01.0_qat_asym
> >
> > CRYPTODEV: Initialisation parameters - name: 0000:33:01.0_qat_asym,socket
> > id: 0, max queue pairs: 0
> > CRYPTODEV: Creating cryptodev crypto_aesni_mb1
> >
> > CRYPTODEV: Initialisation parameters - name: crypto_aesni_mb1,socket id: 0,
> > max queue pairs: 8
> > ipsec_mb_create() line 152: IPSec Multi-buffer library version used: 1.2.0
> >
> > CRYPTODEV: Creating cryptodev crypto_scheduler
> >
> > CRYPTODEV: Initialisation parameters - name: crypto_scheduler,socket id: 0,
> > max queue pairs: 8
> > cryptodev_scheduler_create() line 138:   Scheduling mode = packet-size-distr
> > PMD:   Sched mode param (threshold = 64)
> > cryptodev_scheduler_create() line 193:   Packet ordering = disable
> > scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached
> > worker 0000:33:01.0_qat_sym
> > scheduler_attach_init_worker() line 45: Scheduler crypto_scheduler attached
> > worker crypto_aesni_mb1
> > Allocated pool "sess_mp_0" on socket 0
> > USER1: Test run constructor failed
> >
> > > -----Original Message-----
> > > From: Akhil Goyal <gakhil@marvell.com>
> > > Sent: Monday, September 26, 2022 8:14 PM
> > > To: dev@dpdk.org
> > > Cc: thomas@monjalon.net; david.marchand@redhat.com;
> > > hemant.agrawal@nxp.com; vattunuru@marvell.com;
> > > ferruh.yigit@xilinx.com; andrew.rybchenko@oktetlabs.ru;
> > > konstantin.v.ananyev@yandex.ru; jiawenwu@trustnetic.com;
> > > yisen.zhuang@huawei.com; irusskikh@marvell.com; jerinj@marvell.com;
> > > adwivedi@marvell.com; maxime.coquelin@redhat.com; chandu@amd.com;
> > > ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> > > anoobj@marvell.com; De Lara Guarch, Pablo
> > > <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> > > Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> > > <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> > > <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>;
> > > ndabilpuram@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > > Akhil Goyal <gakhil@marvell.com>; Ji, Kai <kai.ji@intel.com>; Coyle, David
> > > <david.coyle@intel.com>; O'Sullivan, Kevin <kevin.osullivan@intel.com>
> > > Subject: [PATCH v4 2/6] crypto/scheduler: use unified session
> > >
> > > From: Fan Zhang <roy.fan.zhang@intel.com>
> > >
> > > This patch updates the scheduler PMD to use unified session data structure.
> > > Previously thanks to the private session array in cryptodev sym session there
> > > are no necessary change needed for scheduler PMD other than the way ops
> > > are enqueued/dequeued. The patch inherits the same design in the original
> > > session data structure to the scheduler PMD so the cryptodev sym session
> > > can be as a linear buffer for both session header and driver private data.
> > >
> > > With the change there are inevitable extra cost on both memory
> > > (64 bytes per session per driver type) and cycle count (set the correct session
> > > for each cop based on the worker before enqueue, and retrieve the original
> > > session after dequeue).
> > >
> > > Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> > > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > > Acked-by: Kai Ji <kai.ji@intel.com>
> > > Tested-by: Gagandeep Singh <g.singh@nxp.com>
> > > Tested-by: David Coyle <david.coyle@intel.com>
> > > Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
> > > ---


^ permalink raw reply	[flat|nested] 47+ messages in thread

* RE: [PATCH v4 2/6] crypto/scheduler: use unified session
  2022-09-28 12:56             ` Akhil Goyal
@ 2022-09-28 15:29               ` Ji, Kai
  0 siblings, 0 replies; 47+ messages in thread
From: Ji, Kai @ 2022-09-28 15:29 UTC (permalink / raw)
  To: Akhil Goyal, dev
  Cc: thomas, david.marchand, hemant.agrawal, Vamsi Krishna Attunuru,
	ferruh.yigit, andrew.rybchenko, konstantin.v.ananyev, jiawenwu,
	yisen.zhuang, Igor Russkikh, Jerin Jacob Kollanukkaran,
	Ankur Dwivedi, maxime.coquelin, chandu, ruifeng.wang,
	ajit.khaparde, Anoob Joseph, De Lara Guarch, Pablo, matan,
	g.singh, Yang, Qiming, Wu, Wenjun1, jianwang, Wu, Jingjing, Xing,
	Beilei, Nithin Kumar Dabilpuram, Zhang, Roy Fan, Coyle, David,
	O'Sullivan, Kevin



> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 28, 2022 1:56 PM
> To: Ji, Kai <kai.ji@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; david.marchand@redhat.com;
> hemant.agrawal@nxp.com; Vamsi Krishna Attunuru
> <vattunuru@marvell.com>; ferruh.yigit@xilinx.com;
> andrew.rybchenko@oktetlabs.ru; konstantin.v.ananyev@yandex.ru;
> jiawenwu@trustnetic.com; yisen.zhuang@huawei.com; Igor Russkikh
> <irusskikh@marvell.com>; Jerin Jacob Kollanukkaran <jerinj@marvell.com>;
> Ankur Dwivedi <adwivedi@marvell.com>; maxime.coquelin@redhat.com;
> chandu@amd.com; ruifeng.wang@arm.com; ajit.khaparde@broadcom.com;
> Anoob Joseph <anoobj@marvell.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; matan@nvidia.com; g.singh@nxp.com;
> Yang, Qiming <qiming.yang@intel.com>; Wu, Wenjun1
> <wenjun1.wu@intel.com>; jianwang@trustnetic.com; Wu, Jingjing
> <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>; Nithin Kumar
> Dabilpuram <ndabilpuram@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Coyle, David <david.coyle@intel.com>;
> O'Sullivan, Kevin <kevin.osullivan@intel.com>
> Subject: RE: [PATCH v4 2/6] crypto/scheduler: use unified session
> 
> > Subject: RE: [PATCH v4 2/6] crypto/scheduler: use unified session
> >
> > > Have the sym sessions changes been tested with the
> > > dpdk-test-crypto-perf
> > tool ?
> >
> > I have not tested for scheduler pmd. Can you root cause the issue and
> > send a fix?
> > Fan may have tested it.
> 
> Can this fix be taken up as a follow up patch (if not ready) and we merge this
> series in RC1, As it is a big change and we cannot delay it beyond RC1.
That's fine with me, I will try to root cause this today, but there is no issue to fix it after rc1 

> 
> >
> > >
> > > root@silpixa00401033:build# ./app/dpdk-test-crypto-perf -l 3,4
> > > --socket-mem
> > > 4096,0 -a 0000:33:01.0,qat_sym_cipher_crc_enable=1 --vdev
> > crypto_aesni_mb1
> > > --vdev
> > >
> >
> "crypto_scheduler,worker=crypto_aesni_mb1,worker=0000:33:01.0_qat_sy
> m,
> > m
> > > ode=packet-size-distr,ordering=disable,mode_param=threshold:64" -n 6
> > > --


^ permalink raw reply	[flat|nested] 47+ messages in thread

end of thread, other threads:[~2022-09-28 15:30 UTC | newest]

Thread overview: 47+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-29 16:06 [PATCH 0/3] cryptodev: sym session framework rework Fan Zhang
2022-08-29 16:06 ` [PATCH 1/3] cryptodev: rework session framework Fan Zhang
2022-09-15  7:07   ` [EXT] " Akhil Goyal
2022-09-15  7:26     ` Akhil Goyal
2022-08-29 16:06 ` [PATCH 2/3] crypto/scheduler: use unified session Fan Zhang
2022-09-15  7:06   ` [EXT] " Akhil Goyal
2022-09-15  7:23     ` Akhil Goyal
2022-09-18 13:01   ` Akhil Goyal
2022-08-29 16:06 ` [PATCH 3/3] cryptodev: hide sym session structure Fan Zhang
2022-09-18 13:19   ` [EXT] " Akhil Goyal
2022-09-21 15:02 ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
2022-09-21 15:02   ` [PATCH v2 1/6] cryptodev: rework session framework Akhil Goyal
2022-09-22 14:06     ` Ji, Kai
2022-09-21 15:02   ` [PATCH v2 2/6] crypto/scheduler: use unified session Akhil Goyal
2022-09-22 14:04     ` Ji, Kai
2022-09-21 15:02   ` [PATCH v2 3/6] cryptodev: hide sym session structure Akhil Goyal
2022-09-22 13:49     ` Ji, Kai
2022-09-21 15:02   ` [PATCH v2 4/6] security: remove priv mempool usage Akhil Goyal
2022-09-21 15:02   ` [PATCH v2 5/6] drivers/crypto: support security session get size op Akhil Goyal
2022-09-22 13:52     ` Ji, Kai
2022-09-21 15:02   ` [PATCH v2 6/6] security: hide session structure Akhil Goyal
2022-09-21 15:11   ` [PATCH v2 0/6] crypto/security session framework rework Akhil Goyal
2022-09-23 13:00     ` Coyle, David
2022-09-23  9:29   ` Gagandeep Singh
2022-09-24 16:35   ` [PATCH v3 " Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 1/6] cryptodev: rework session framework Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 2/6] crypto/scheduler: use unified session Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 3/6] cryptodev: hide sym session structure Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 4/6] security: remove priv mempool usage Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 5/6] drivers/crypto: support security session get size op Akhil Goyal
2022-09-24 16:35     ` [PATCH v3 6/6] security: hide session structure Akhil Goyal
2022-09-24 16:39     ` [PATCH v3 0/6] crypto/security session framework rework Akhil Goyal
2022-09-26 10:09     ` Ruifeng Wang
2022-09-26 10:12       ` Akhil Goyal
2022-09-26 19:14     ` [PATCH v4 " Akhil Goyal
2022-09-26 19:14       ` [PATCH v4 1/6] cryptodev: rework session framework Akhil Goyal
2022-09-26 19:14       ` [PATCH v4 2/6] crypto/scheduler: use unified session Akhil Goyal
2022-09-27 11:03         ` Ji, Kai
2022-09-27 19:25           ` Akhil Goyal
2022-09-28 12:56             ` Akhil Goyal
2022-09-28 15:29               ` Ji, Kai
2022-09-26 19:14       ` [PATCH v4 3/6] cryptodev: hide sym session structure Akhil Goyal
2022-09-26 19:14       ` [PATCH v4 4/6] security: remove priv mempool usage Akhil Goyal
2022-09-26 19:14       ` [PATCH v4 5/6] drivers/crypto: support security session get size op Akhil Goyal
2022-09-26 19:14       ` [PATCH v4 6/6] security: hide session structure Akhil Goyal
2022-09-26 19:23       ` [PATCH v4 0/6] crypto/security session framework rework Akhil Goyal
2022-09-27  3:27       ` Ruifeng Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).