[v3,1/8] security: rework session framework

Message ID	20211018213452.2734720-2-gakhil@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	show Return-Path: <dev-bounces@dpdk.org> From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>, <anoobj@marvell.com>, <pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>, <declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>, <roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>, <asomalap@amd.com>, <ruifeng.wang@arm.com>, <konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>, <ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>, <adwivedi@marvell.com>, <ciara.power@intel.com>, <haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>, <jianwang@trustnetic.com>, Akhil Goyal <gakhil@marvell.com> Date: Tue, 19 Oct 2021 03:04:45 +0530 Message-ID: <20211018213452.2734720-2-gakhil@marvell.com> In-Reply-To: <20211018213452.2734720-1-gakhil@marvell.com> References: <20211013192222.1582631-2-gakhil@marvell.com> <20211018213452.2734720-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Subject: [dpdk-dev] [PATCH v3 1/8] security: rework session framework Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	crypto/security session framework rework \| expand [v3,0/8] crypto/security session framework rework [v3,1/8] security: rework session framework [v3,2/8] security: hide security session struct [v3,3/8] net/cnxk: rework security session framework [v3,4/8] security: pass session iova in PMD sess create [v3,5/8] drivers/crypto: support security session get size op [v3,6/8] cryptodev: rework session framework [v3,7/8] cryptodev: hide sym session structure [v3,8/8] cryptodev: pass session iova in configure session

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-testing	warning	apply patch failure

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 263841c339..6c3aa77dec 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -67,8 +67,6 @@ cperf_set_ops_security(struct rte_crypto_op **ops, for (i = 0; i < nb_ops; i++) { struct rte_crypto_sym_op *sym_op = ops[i]->sym; - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; uint32_t buf_sz; uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i], @@ -76,7 +74,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, *per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN; ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; - rte_security_attach_session(ops[i], sec_sess); + rte_security_attach_session(ops[i], (void *)sess); sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); @@ -608,7 +606,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, static struct rte_cryptodev_sym_session * create_ipsec_session(struct rte_mempool *sess_mp, - struct rte_mempool *priv_mp, uint8_t dev_id, const struct cperf_options *options, const struct cperf_test_vector *test_vector, @@ -720,7 +717,7 @@ create_ipsec_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } static struct rte_cryptodev_sym_session * @@ -831,11 +828,11 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } if (options->op_type == CPERF_IPSEC) { - return create_ipsec_session(sess_mp, priv_mp, dev_id, + return create_ipsec_session(sess_mp, dev_id, options, test_vector, iv_offset); } @@ -880,7 +877,7 @@ cperf_create_session(struct rte_mempool *sess_mp, /* Create security session */ return (void *)rte_security_session_create(ctx, - &sess_conf, sess_mp, priv_mp); + &sess_conf, sess_mp); } #endif sess = rte_cryptodev_sym_session_create(sess_mp); diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index fda97e8ab9..e43e2a3b96 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } else #endif { diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 814a0b401d..996b3b4de6 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -83,7 +83,7 @@ struct crypto_unittest_params { union { struct rte_cryptodev_sym_session *sess; #ifdef RTE_LIB_SECURITY - struct rte_security_session *sec_session; + void *sec_session; #endif }; #ifdef RTE_LIB_SECURITY @@ -8403,8 +8403,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -8675,8 +8674,7 @@ test_pdcp_proto_SGL(int i, int oop, /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, - &sess_conf, ts_params->session_mpool, - ts_params->session_priv_mpool); + &sess_conf, ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s()-%d line %d failed %s: ", @@ -9175,8 +9173,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (ut_params->sec_session == NULL) return TEST_SKIPPED; @@ -9597,8 +9594,7 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", @@ -9773,8 +9769,7 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) /* Create security session */ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); if (!ut_params->sec_session) { printf("TestCase %s(%d) line %d: %s\n", diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index c6d6b88d6d..2ffa2a8e79 100644 --- a/app/test/test_ipsec.c +++ b/app/test/test_ipsec.c @@ -148,18 +148,16 @@ const struct supported_auth_algo auth_algos[] = { static int dummy_sec_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mp) + void *sess) { RTE_SET_USED(device); RTE_SET_USED(conf); - RTE_SET_USED(mp); - - sess->sess_private_data = NULL; + RTE_SET_USED(sess); return 0; } static int -dummy_sec_destroy(void *device, struct rte_security_session *sess) +dummy_sec_destroy(void *device, void *sess) { RTE_SET_USED(device); RTE_SET_USED(sess); @@ -631,8 +629,7 @@ create_dummy_sec_session(struct ipsec_unitest_params *ut, static struct rte_security_session_conf conf; ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx, - &conf, qp->mp_session, - qp->mp_session_private); + &conf, qp->mp_session); if (ut->ss[j].security.ses == NULL) return -ENOMEM; diff --git a/app/test/test_security.c b/app/test/test_security.c index 060cf1ffa8..1cea756880 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -200,25 +200,6 @@ expected_mempool_usage, mempool_usage); \ } while (0) -/** - * Verify usage of mempool by checking if number of allocated objects matches - * expectations. The mempool is used to manage objects for sessions priv data. - * A single object is acquired from mempool during session_create - * and put back in session_destroy. - * - * @param expected_priv_mp_usage expected number of used priv mp objects - */ -#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do { \ - struct security_testsuite_params *ts_params = &testsuite_params;\ - unsigned int priv_mp_usage; \ - priv_mp_usage = rte_mempool_in_use_count( \ - ts_params->session_priv_mpool); \ - TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage, \ - "Expecting %u priv mempool allocations, " \ - "but there are %u allocated objects", \ - expected_priv_mp_usage, priv_mp_usage); \ -} while (0) - /** * Mockup structures and functions for rte_security_ops; * @@ -253,39 +234,28 @@ static struct mock_session_create_data { void *device; struct rte_security_session_conf *conf; - struct rte_security_session *sess; + void *sess; struct rte_mempool *mp; - struct rte_mempool *priv_mp; int ret; int called; int failed; -} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0}; +} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0}; static int mock_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *priv_mp) + void *sess) { - void *sess_priv; - int ret; mock_session_create_exp.called++; MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf); - MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp); - if (mock_session_create_exp.ret == 0) { - ret = rte_mempool_get(priv_mp, &sess_priv); - TEST_ASSERT_EQUAL(0, ret, - "priv mempool does not have enough objects"); - - set_sec_session_private_data(sess, sess_priv); + if (mock_session_create_exp.ret == 0) mock_session_create_exp.sess = sess; - } return mock_session_create_exp.ret; } @@ -297,7 +267,7 @@ mock_session_create(void *device, */ static struct mock_session_update_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_session_conf *conf; int ret; @@ -308,7 +278,7 @@ static struct mock_session_update_data { static int mock_session_update(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { mock_session_update_exp.called++; @@ -351,7 +321,7 @@ mock_session_get_size(void *device) */ static struct mock_session_stats_get_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_stats *stats; int ret; @@ -362,7 +332,7 @@ static struct mock_session_stats_get_data { static int mock_session_stats_get(void *device, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats) { mock_session_stats_get_exp.called++; @@ -381,7 +351,7 @@ mock_session_stats_get(void *device, */ static struct mock_session_destroy_data { void *device; - struct rte_security_session *sess; + void *sess; int ret; @@ -390,15 +360,9 @@ static struct mock_session_destroy_data { } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0}; static int -mock_session_destroy(void *device, struct rte_security_session *sess) +mock_session_destroy(void *device, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - mock_session_destroy_exp.called++; - if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) { - rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv); - set_sec_session_private_data(sess, NULL); - } MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device); MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess); @@ -412,7 +376,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess) */ static struct mock_set_pkt_metadata_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_mbuf *m; void *params; @@ -424,7 +388,7 @@ static struct mock_set_pkt_metadata_data { static int mock_set_pkt_metadata(void *device, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { @@ -536,7 +500,6 @@ struct rte_security_ops mock_ops = { */ static struct security_testsuite_params { struct rte_mempool *session_mpool; - struct rte_mempool *session_priv_mpool; } testsuite_params = { NULL }; /** @@ -549,7 +512,7 @@ static struct security_testsuite_params { static struct security_unittest_params { struct rte_security_ctx ctx; struct rte_security_session_conf conf; - struct rte_security_session *sess; + void *sess; } unittest_params = { .ctx = { .device = NULL, @@ -563,7 +526,7 @@ static struct security_unittest_params { #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp" #define SECURITY_TEST_MEMPOOL_SIZE 15 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session) -#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64 +#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024 /** * testsuite_setup initializes whole test suite parameters. @@ -577,27 +540,13 @@ testsuite_setup(void) ts_params->session_mpool = rte_mempool_create( SECURITY_TEST_MEMPOOL_NAME, SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_OBJ_SZ, + SECURITY_TEST_SESSION_OBJ_SZ + + SECURITY_TEST_SESSION_PRIV_OBJ_SZ, 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0); TEST_ASSERT_NOT_NULL(ts_params->session_mpool, "Cannot create mempool %s\n", rte_strerror(rte_errno)); - ts_params->session_priv_mpool = rte_mempool_create( - SECURITY_TEST_PRIV_MEMPOOL_NAME, - SECURITY_TEST_MEMPOOL_SIZE, - SECURITY_TEST_SESSION_PRIV_OBJ_SZ, - 0, 0, NULL, NULL, NULL, NULL, - SOCKET_ID_ANY, 0); - if (ts_params->session_priv_mpool == NULL) { - RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): " - "Cannot create priv mempool %s\n", - __func__, __LINE__, rte_strerror(rte_errno)); - rte_mempool_free(ts_params->session_mpool); - ts_params->session_mpool = NULL; - return TEST_FAILED; - } - return TEST_SUCCESS; } @@ -612,10 +561,6 @@ testsuite_teardown(void) rte_mempool_free(ts_params->session_mpool); ts_params->session_mpool = NULL; } - if (ts_params->session_priv_mpool) { - rte_mempool_free(ts_params->session_priv_mpool); - ts_params->session_priv_mpool = NULL; - } } /** @@ -704,7 +649,7 @@ ut_setup_with_session(void) { struct security_unittest_params *ut_params = &unittest_params; struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; int ret = ut_setup(); if (ret != TEST_SUCCESS) @@ -713,12 +658,11 @@ ut_setup_with_session(void) mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); + mock_session_get_size_exp.called = 0; TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -757,16 +701,14 @@ test_session_create_inv_context(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(NULL, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -781,18 +723,16 @@ test_session_create_inv_context_ops(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = NULL; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -807,18 +747,16 @@ test_session_create_inv_context_ops_fun(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = &empty_ops; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -832,16 +770,14 @@ test_session_create_inv_configuration(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, NULL, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -855,39 +791,14 @@ static int test_session_create_inv_mempool(void) { struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - NULL, ts_params->session_priv_mpool); + NULL); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); - TEST_ASSERT_SESSION_COUNT(0); - - return TEST_SUCCESS; -} - -/** - * Test execution of rte_security_session_create with NULL session - * priv mempool - */ -static int -test_session_create_inv_sess_priv_mempool(void) -{ - struct security_unittest_params *ut_params = &unittest_params; - struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; - - sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, NULL); - TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, - sess, NULL, "%p"); - TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); - TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -902,9 +813,8 @@ test_session_create_mempool_empty(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; - void *tmp1[SECURITY_TEST_MEMPOOL_SIZE]; - struct rte_security_session *sess; + void *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *sess; /* Get all available objects from mempool. */ int i, ret; @@ -914,34 +824,23 @@ test_session_create_mempool_empty(void) TEST_ASSERT_EQUAL(0, ret, "Expect getting %d object from mempool" " to succeed", i); - ret = rte_mempool_get(ts_params->session_priv_mpool, - (void **)(&tmp1[i])); - TEST_ASSERT_EQUAL(0, ret, - "Expect getting %d object from priv mempool" - " to succeed", i); } TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE); - TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE); TEST_ASSERT_SESSION_COUNT(0); /* Put objects back to the pool. */ for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) { rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i])); - rte_mempool_put(ts_params->session_priv_mpool, - (tmp1[i])); } TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); return TEST_SUCCESS; } @@ -955,22 +854,19 @@ test_session_create_ops_failure(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = -1; /* Return failure status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, sess, NULL, "%p"); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); return TEST_SUCCESS; @@ -984,17 +880,15 @@ test_session_create_success(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; mock_session_create_exp.mp = ts_params->session_mpool; - mock_session_create_exp.priv_mp = ts_params->session_priv_mpool; mock_session_create_exp.ret = 0; /* Return success status. */ sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, - ts_params->session_mpool, - ts_params->session_priv_mpool); + ts_params->session_mpool); TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess); TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess, @@ -1003,7 +897,6 @@ test_session_create_success(void) sess, mock_session_create_exp.sess); TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); /* @@ -1389,7 +1282,6 @@ test_session_destroy_inv_context(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(NULL, ut_params->sess); @@ -1397,7 +1289,6 @@ test_session_destroy_inv_context(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1414,7 +1305,6 @@ test_session_destroy_inv_context_ops(void) ut_params->ctx.ops = NULL; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1423,7 +1313,6 @@ test_session_destroy_inv_context_ops(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1440,7 +1329,6 @@ test_session_destroy_inv_context_ops_fun(void) ut_params->ctx.ops = &empty_ops; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1449,7 +1337,6 @@ test_session_destroy_inv_context_ops_fun(void) ret, -ENOTSUP, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1464,7 +1351,6 @@ test_session_destroy_inv_session(void) struct security_unittest_params *ut_params = &unittest_params; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, NULL); @@ -1472,7 +1358,6 @@ test_session_destroy_inv_session(void) ret, -EINVAL, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1492,7 +1377,6 @@ test_session_destroy_ops_failure(void) mock_session_destroy_exp.ret = -1; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1501,7 +1385,6 @@ test_session_destroy_ops_failure(void) ret, -1, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); return TEST_SUCCESS; @@ -1519,7 +1402,6 @@ test_session_destroy_success(void) mock_session_destroy_exp.sess = ut_params->sess; mock_session_destroy_exp.ret = 0; TEST_ASSERT_MEMPOOL_USAGE(1); - TEST_ASSERT_PRIV_MP_USAGE(1); TEST_ASSERT_SESSION_COUNT(1); int ret = rte_security_session_destroy(&ut_params->ctx, @@ -1528,7 +1410,6 @@ test_session_destroy_success(void) ret, 0, "%d"); TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1); TEST_ASSERT_MEMPOOL_USAGE(0); - TEST_ASSERT_PRIV_MP_USAGE(0); TEST_ASSERT_SESSION_COUNT(0); /* @@ -2495,8 +2376,6 @@ static struct unit_test_suite security_testsuite = { test_session_create_inv_configuration), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_inv_mempool), - TEST_CASE_ST(ut_setup, ut_teardown, - test_session_create_inv_sess_priv_mempool), TEST_CASE_ST(ut_setup, ut_teardown, test_session_create_mempool_empty), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index 8c56610ac8..00e680cf03 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -1361,9 +1361,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) cryptodev_driver_id); break; case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = (struct caam_jr_session *) - get_sec_session_private_data( - op->sym->sec_session); + ses = (struct caam_jr_session *)(op->sym->sec_session); break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); @@ -1911,22 +1909,14 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, static int caam_jr_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - CAAM_JR_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = caam_jr_set_ipsec_session(cdev, conf, - sess_private_data); + ret = caam_jr_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -1935,34 +1925,24 @@ caam_jr_security_session_create(void *dev, } if (ret != 0) { CAAM_JR_ERR("failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /* Clear the memory of session so it doesn't leave key material behind */ static int -caam_jr_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +caam_jr_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - struct caam_jr_session *s = (struct caam_jr_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + struct caam_jr_session *s = (struct caam_jr_session *)sess; + if (sess) { rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(sess, 0, sizeof(struct caam_jr_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index c25c8e67b2..de2eebd507 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -122,8 +122,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = get_sec_session_private_data( - sym_op->sec_session); + sec_sess = (struct cn10k_sec_session *) + (sym_op->sec_session); ret = cpt_sec_inst_fill(op, sec_sess, infl_req, &inst[0]); if (unlikely(ret)) @@ -360,7 +360,7 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop, if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND)) return; - sess = get_sec_session_private_data(cop->sym->sec_session); + sess = (struct cn10k_sec_session *)(cop->sym->sec_session); sa = &sess->sa; mbuf = cop->sym->m_src; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 27df1dcd64..425fe599e0 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -35,17 +35,15 @@ static int cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { union roc_ot_ipsec_outb_param1 param1; struct roc_ot_ipsec_outb_sa *out_sa; struct cnxk_ipsec_outb_rlens rlens; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; @@ -114,16 +112,14 @@ static int cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sess) { union roc_ot_ipsec_inb_param1 param1; struct roc_ot_ipsec_inb_sa *in_sa; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -175,7 +171,7 @@ static int cn10k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sess) + struct cn10k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct roc_cpt *roc_cpt; @@ -204,55 +200,28 @@ cn10k_ipsec_session_create(void *dev, static int cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn10k_sec_session *priv; - int ret; + struct cn10k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn10k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn10k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn10k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn10k_sec_session_destroy(void *device __rte_unused, void *sess) { - struct cn10k_sec_session *priv; - struct rte_mempool *sess_mp; - - priv = get_sec_session_private_data(sess); + struct cn10k_sec_session *priv = sess; if (priv == NULL) return 0; - - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + memset(priv, 0, sizeof(*priv)); return 0; } diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 75277936b0..4c2dc5b080 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -56,7 +56,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, return -ENOTSUP; } - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct cn9k_sec_session *)(op->sym->sec_session); sa = &priv->sa; if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 53fb793654..a602d38a11 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -275,14 +275,13 @@ static int cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; struct roc_ie_on_ip_template *template = NULL; struct roc_cpt *roc_cpt = qp->lf.roc_cpt; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_outb_sa *out_sa; - struct cn9k_sec_session *sess; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; struct rte_ipv6_hdr *ip6; @@ -294,7 +293,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; out_sa = &sa->out_sa; ctl = &out_sa->common_sa.ctl; @@ -422,13 +420,12 @@ static int cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct cn9k_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform = crypto_xform; struct roc_cpt *roc_cpt = qp->lf.roc_cpt; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_inb_sa *in_sa; - struct cn9k_sec_session *sess; struct cn9k_ipsec_sa *sa; const uint8_t *auth_key; union cpt_inst_w4 w4; @@ -437,7 +434,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, size_t ctx_len = 0; int ret; - sess = get_sec_session_private_data(sec_sess); sa = &sess->sa; in_sa = &sa->in_sa; @@ -501,7 +497,7 @@ static int cn9k_ipsec_session_create(void *dev, struct rte_security_ipsec_xform *ipsec_xform, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct cn9k_sec_session *sess) { struct rte_cryptodev *crypto_dev = dev; struct cnxk_cpt_qp *qp; @@ -532,53 +528,32 @@ cn9k_ipsec_session_create(void *dev, static int cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct cn9k_sec_session *priv; - int ret; + struct cn9k_sec_session *priv = sess; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_mempool_get(mempool, (void **)&priv)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, priv); - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { - ret = -ENOTSUP; - goto mempool_put; + return -ENOTSUP; } - ret = cn9k_ipsec_session_create(device, &conf->ipsec, - conf->crypto_xform, sess); - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; + return cn9k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, priv); } static int -cn9k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn9k_sec_session_destroy(void *device __rte_unused, void *sess) { struct roc_ie_on_outb_sa *out_sa; struct cn9k_sec_session *priv; - struct rte_mempool *sess_mp; struct roc_ie_on_sa_ctl *ctl; struct cn9k_ipsec_sa *sa; - priv = get_sec_session_private_data(sess); + priv = sess; if (priv == NULL) return 0; @@ -590,13 +565,8 @@ cn9k_sec_session_destroy(void *device __rte_unused, rte_io_wmb(); - sess_mp = rte_mempool_from_obj(priv); - memset(priv, 0, sizeof(*priv)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index cb2ad435bf..feaf3ccd4f 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1351,8 +1351,7 @@ build_sec_fd(struct rte_crypto_op *op, op->sym->session, cryptodev_driver_id); #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (dpaa2_sec_session *)(op->sym->sec_session); #endif else return -ENOTSUP; @@ -1525,7 +1524,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) struct rte_crypto_op *op; uint16_t len = DPAA2_GET_FD_LEN(fd); int16_t diff = 0; - dpaa2_sec_session *sess_priv __rte_unused; + dpaa2_sec_session *sess_priv; struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF( DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)), @@ -1538,8 +1537,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) mbuf->buf_iova = op->sym->aead.digest.phys_addr; op->sym->aead.digest.phys_addr = 0L; - sess_priv = (dpaa2_sec_session *)get_sec_session_private_data( - op->sym->sec_session); + sess_priv = (dpaa2_sec_session *)(op->sym->sec_session); if (sess_priv->dir == DIR_ENC) mbuf->data_off += SEC_FLC_DHR_OUTBOUND; else @@ -3388,63 +3386,44 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa2_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA2_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa2_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa2_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess); break; default: return -EINVAL; } if (ret != 0) { DPAA2_SEC_ERR("Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa2_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv; - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + dpaa2_sec_session *s = (dpaa2_sec_session *)sess; + if (sess) { rte_free(s->ctxt); rte_free(s->cipher_key.data); rte_free(s->auth_key.data); memset(s, 0, sizeof(dpaa2_sec_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c index a2ffc6c02f..387bd92ab0 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c @@ -1005,8 +1005,7 @@ dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, } if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa2_sec_session *)get_sec_session_private_data( - session_ctx.sec_sess); + sess = (dpaa2_sec_session *)session_ctx.sec_sess; else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) sess = (dpaa2_sec_session *)get_sym_session_private_data( session_ctx.crypto_sess, cryptodev_driver_id); diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 454b9c4785..617c48298f 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -1790,8 +1790,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, #ifdef RTE_LIB_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: ses = (dpaa_sec_session *) - get_sec_session_private_data( - op->sym->sec_session); + (op->sym->sec_session); break; #endif default: @@ -2569,7 +2568,6 @@ static inline void free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) { struct dpaa_sec_dev_private *qi = dev->data->dev_private; - struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s); uint8_t i; for (i = 0; i < MAX_DPAA_CORES; i++) { @@ -2579,7 +2577,6 @@ free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s) s->qp[i] = NULL; } free_session_data(s); - rte_mempool_put(sess_mp, (void *)s); } /** Clear the memory of session so it doesn't leave key material behind */ @@ -3114,26 +3111,17 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, static int dpaa_sec_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; - if (rte_mempool_get(mempool, &sess_private_data)) { - DPAA_SEC_ERR("Couldn't get object from session mempool"); - return -ENOMEM; - } - switch (conf->protocol) { case RTE_SECURITY_PROTOCOL_IPSEC: - ret = dpaa_sec_set_ipsec_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_ipsec_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_PDCP: - ret = dpaa_sec_set_pdcp_session(cdev, conf, - sess_private_data); + ret = dpaa_sec_set_pdcp_session(cdev, conf, sess); break; case RTE_SECURITY_PROTOCOL_MACSEC: return -ENOTSUP; @@ -3142,29 +3130,21 @@ dpaa_sec_security_session_create(void *dev, } if (ret != 0) { DPAA_SEC_ERR("failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it doesn't leave key material behind */ static int -dpaa_sec_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess) { PMD_INIT_FUNC_TRACE(); - void *sess_priv = get_sec_session_private_data(sess); - dpaa_sec_session *s = (dpaa_sec_session *)sess_priv; + dpaa_sec_session *s = (dpaa_sec_session *)sess; - if (sess_priv) { + if (sess) free_session_memory((struct rte_cryptodev *)dev, s); - set_sec_session_private_data(sess, NULL); - } return 0; } #endif diff --git a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c index 522685f8cf..a07901ebd3 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c @@ -1010,8 +1010,7 @@ dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, } if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = (dpaa_sec_session *)get_sec_session_private_data( - session_ctx.sec_sess); + sess = (dpaa_sec_session *)session_ctx.sec_sess; else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) sess = (dpaa_sec_session *)get_sym_session_private_data( session_ctx.crypto_sess, dpaa_cryptodev_driver_id); diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index e05bc04c3b..58ca2a6e54 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1353,8 +1353,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return -1; } - session = (struct aesni_mb_session *) - get_sec_session_private_data(op->sym->sec_session); + session = (struct aesni_mb_session *)(op->sym->sec_session); if (unlikely(session == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; @@ -1491,7 +1490,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job) * this is for DOCSIS */ is_docsis_sec = 1; - sess = get_sec_session_private_data(op->sym->sec_session); + sess = (struct aesni_mb_session *)(op->sym->sec_session); } else #endif { @@ -1894,10 +1893,8 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = { */ static int aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_private_data) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -1907,41 +1904,24 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - IPSEC_MB_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess_private_data); if (ret != 0) { IPSEC_MB_LOG(ERR, "Failed to configure session parameters"); - - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } /** Clear the memory of session so it does not leave key material behind */ static int -aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess_priv) { - void *sess_priv = get_sec_session_private_data(sess); - - if (sess_priv) { - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - + if (sess_priv) memset(sess_priv, 0, sizeof(struct aesni_mb_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); - } + return 0; } diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c index 04efd9aaa8..94e3ff9e5b 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c @@ -773,8 +773,7 @@ mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request, return -EINVAL; } - sess = (struct mrvl_crypto_session *)get_sec_session_private_data( - op->sym->sec_session); + sess = (struct mrvl_crypto_session *)(op->sym->sec_session); if (unlikely(sess == NULL)) { MRVL_LOG(ERR, "Session was not created for this device! %d", cryptodev_driver_id); diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c index 3064b1f136..e04a2c88c7 100644 --- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c +++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c @@ -913,16 +913,12 @@ mrvl_crypto_pmd_security_session_create(__rte_unused void *dev, /** Clear the memory of session so it doesn't leave key material behind */ static int -mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess) { - void *sess_priv = get_sec_session_private_data(sess); - /* Zero out the whole structure */ - if (sess_priv) { + if (sess) { struct mrvl_crypto_session *mrvl_sess = (struct mrvl_crypto_session *)sess_priv; - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); if (mrvl_sess->sam_sess && sam_session_destroy(mrvl_sess->sam_sess) < 0) { @@ -932,9 +928,6 @@ mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, rte_free(mrvl_sess->sam_sess_params.cipher_key); rte_free(mrvl_sess->sam_sess_params.auth_key); rte_free(mrvl_sess->sam_sess_params.cipher_iv); - memset(sess, 0, sizeof(struct rte_security_session)); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 37fad11d91..7b744cd4b4 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -702,7 +702,7 @@ otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, uint8_t esn; int ret; - priv = get_sec_session_private_data(op->sym->sec_session); + priv = (struct otx2_sec_session *)(op->sym->sec_session); sess = &priv->ipsec.lp; sa = &sess->in_sa; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index a5db40047d..56900e3187 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -203,7 +203,7 @@ static int crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_ipsec_po_ip_template *template = NULL; @@ -212,13 +212,11 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_out_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; struct rte_ipv6_hdr *ip6; struct rte_ipv4_hdr *ip; int ret, ctx_len; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; lp = &sess->ipsec.lp; @@ -398,7 +396,7 @@ static int crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; const uint8_t *cipher_key, *auth_key; @@ -406,11 +404,9 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_in_sa *sa; - struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; int ret; - sess = get_sec_session_private_data(sec_sess); sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; lp = &sess->ipsec.lp; @@ -512,7 +508,7 @@ static int crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -536,10 +532,9 @@ crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, static int otx2_crypto_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) @@ -548,51 +543,25 @@ otx2_crypto_sec_session_create(void *device, if (rte_security_dynfield_register() < 0) return -rte_errno; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - priv->userdata = conf->userdata; if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = crypto_sec_ipsec_session_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; - if (ret) - goto mempool_put; - - return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); return ret; } static int -otx2_crypto_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess) { - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; - priv = get_sec_session_private_data(sess); - - if (priv == NULL) - return 0; - - sess_mp = rte_mempool_from_obj(priv); - - memset(priv, 0, sizeof(*priv)); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + if (priv) + memset(priv, 0, sizeof(*priv)); return 0; } @@ -604,8 +573,7 @@ otx2_crypto_sec_session_get_size(void *device __rte_unused) } static int -otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, +otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 93b257522b..fbb17e61ff 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -250,8 +250,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, op->sym->session, qat_sym_driver_id); #ifdef RTE_LIB_SECURITY } else { - ctx = (struct qat_sym_session *)get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (likely(ctx)) { if (unlikely(ctx->bpi_ctx == NULL)) { QAT_DP_LOG(ERR, "QAT PMD only supports security" diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index e3ec7f0de4..8904aabd3d 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -202,9 +202,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops) op = (struct rte_crypto_op *)ops[i]; if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = (struct qat_sym_session *) - get_sec_session_private_data( - op->sym->sec_session); + ctx = (struct qat_sym_session *)(op->sym->sec_session); if (ctx == NULL || ctx->bpi_ctx == NULL) continue; @@ -243,9 +241,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie) * Assuming at this point that if it's a security * op, that this is for DOCSIS */ - sess = (struct qat_sym_session *) - get_sec_session_private_data( - rx_op->sym->sec_session); + sess = (struct qat_sym_session *)(rx_op->sym->sec_session); is_docsis_sec = 1; } else #endif diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 3f2f6736fc..2a22347c7f 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2283,10 +2283,8 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_private_data) { - void *sess_private_data; struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; @@ -2296,40 +2294,25 @@ qat_security_session_create(void *dev, return -EINVAL; } - if (rte_mempool_get(mempool, &sess_private_data)) { - QAT_LOG(ERR, "Couldn't get object from session mempool"); - return -ENOMEM; - } - ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { QAT_LOG(ERR, "Failed to configure session parameters"); - /* Return session to mempool */ - rte_mempool_put(mempool, sess_private_data); return ret; } - set_sec_session_private_data(sess, sess_private_data); - return ret; } int -qat_security_session_destroy(void *dev __rte_unused, - struct rte_security_session *sess) +qat_security_session_destroy(void *dev __rte_unused, void *sess_priv) { - void *sess_priv = get_sec_session_private_data(sess); struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; if (sess_priv) { if (s->bpi_ctx) bpi_cipher_ctx_free(s->bpi_ctx); memset(s, 0, qat_sym_session_get_private_size(dev)); - struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, sess_priv); } return 0; } diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index 6ebc176729..7fcc1d6f7b 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -166,9 +166,9 @@ qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); #ifdef RTE_LIB_SECURITY int qat_security_session_create(void *dev, struct rte_security_session_conf *conf, - struct rte_security_session *sess, struct rte_mempool *mempool); + void *sess); int -qat_security_session_destroy(void *dev, struct rte_security_session *sess); +qat_security_session_destroy(void *dev, void *sess); #endif #endif /* _QAT_SYM_SESSION_H_ */ diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index e45c5501e6..cd54a3beee 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -369,24 +369,17 @@ ixgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int ixgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct ixgbe_crypto_session *ic_session = NULL; + struct ixgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -396,7 +389,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -404,7 +396,6 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -416,12 +407,9 @@ ixgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (ixgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -436,14 +424,11 @@ ixgbe_crypto_session_get_size(__rte_unused void *device) } static int -ixgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +ixgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct ixgbe_crypto_session *ic_session = - (struct ixgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct ixgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -455,8 +440,6 @@ ixgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -476,12 +459,11 @@ ixgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -ixgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, +ixgbe_crypto_update_mb(void *device __rte_unused, void *session, struct rte_mbuf *m, void *params __rte_unused) { - struct ixgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct ixgbe_crypto_session *ic_session = session; + if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { union ixgbe_crypto_tx_desc_md *mdata = (union ixgbe_crypto_tx_desc_md *) @@ -685,8 +667,10 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, uint8_t is_ipv6) { - struct ixgbe_crypto_session *ic_session - = get_sec_session_private_data(sess); + uint64_t sess_ptr = (uint64_t)sess; + struct ixgbe_crypto_session *ic_session = + (struct ixgbe_crypto_session *)sess_ptr; + /* TODO: A proper fix need to be added to remove above typecasting. */ if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/drivers/net/meson.build b/drivers/net/meson.build index bcf488f203..7a09f7183d 100644 --- a/drivers/net/meson.build +++ b/drivers/net/meson.build @@ -12,7 +12,7 @@ drivers = [ 'bnx2x', 'bnxt', 'bonding', - 'cnxk', +# 'cnxk', 'cxgbe', 'dpaa', 'dpaa2', diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index c2a36883cb..ef851fe52c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -350,7 +350,7 @@ static int eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_sec_session_ipsec_ip *sess; @@ -363,7 +363,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, struct otx2_cpt_inst_s inst; struct otx2_cpt_qp *qp; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; sess = &priv->ipsec.ip; @@ -468,7 +468,7 @@ static int eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sec_sess) + struct otx2_sec_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev); @@ -495,7 +495,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, ctl = &sa->ctl; - priv = get_sec_session_private_data(sec_sess); + priv = sec_sess; priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; sess = &priv->ipsec.ip; @@ -619,7 +619,7 @@ static int eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, - struct rte_security_session *sess) + struct otx2_sec_session *sess) { int ret; @@ -638,22 +638,14 @@ eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev, static int otx2_eth_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess) { - struct otx2_sec_session *priv; + struct otx2_sec_session *priv = sess; int ret; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) return -ENOTSUP; - if (rte_mempool_get(mempool, (void **)&priv)) { - otx2_err("Could not allocate security session private data"); - return -ENOMEM; - } - - set_sec_session_private_data(sess, priv); - /* * Save userdata provided by the application. For ingress packets, this * could be used to identify the SA. @@ -663,19 +655,14 @@ otx2_eth_sec_session_create(void *device, if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) ret = eth_sec_ipsec_sess_create(device, &conf->ipsec, conf->crypto_xform, - sess); + priv); else ret = -ENOTSUP; if (ret) - goto mempool_put; + return ret; return 0; - -mempool_put: - rte_mempool_put(mempool, priv); - set_sec_session_private_data(sess, NULL); - return ret; } static void @@ -688,20 +675,14 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa) } static int -otx2_eth_sec_session_destroy(void *device, - struct rte_security_session *sess) +otx2_eth_sec_session_destroy(void *device, void *sess) { struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device); struct otx2_sec_session_ipsec_ip *sess_ip; struct otx2_ipsec_fp_in_sa *sa; - struct otx2_sec_session *priv; - struct rte_mempool *sess_mp; + struct otx2_sec_session *priv = sess; int ret; - priv = get_sec_session_private_data(sess); - if (priv == NULL) - return -EINVAL; - sess_ip = &priv->ipsec.ip; if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { @@ -727,11 +708,6 @@ otx2_eth_sec_session_destroy(void *device, return ret; } - sess_mp = rte_mempool_from_obj(priv); - - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); - return 0; } @@ -742,9 +718,8 @@ otx2_eth_sec_session_get_size(void *device __rte_unused) } static int -otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { /* Set security session as the pkt metadata */ *rte_security_dynfield(m) = (rte_security_dynfield_t)session; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h index 623a2a841e..9ecb786947 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h @@ -54,7 +54,7 @@ otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m, struct nix_iova_s nix_iova; } *sd; - priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m))); + priv = (void *)(*rte_security_dynfield(m)); sess = &priv->ipsec.ip; sa = &sess->out_sa; diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c index ccd747973b..444da5b8f3 100644 --- a/drivers/net/txgbe/txgbe_ipsec.c +++ b/drivers/net/txgbe/txgbe_ipsec.c @@ -349,24 +349,17 @@ txgbe_crypto_remove_sa(struct rte_eth_dev *dev, static int txgbe_crypto_create_session(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *session, - struct rte_mempool *mempool) + void *session) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; - struct txgbe_crypto_session *ic_session = NULL; + struct txgbe_crypto_session *ic_session = session; struct rte_crypto_aead_xform *aead_xform; struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf; - if (rte_mempool_get(mempool, (void **)&ic_session)) { - PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool"); - return -ENOMEM; - } - if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD || conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -376,7 +369,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -384,7 +376,6 @@ txgbe_crypto_create_session(void *device, ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); - rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } @@ -396,12 +387,9 @@ txgbe_crypto_create_session(void *device, ic_session->spi = conf->ipsec.spi; ic_session->dev = eth_dev; - set_sec_session_private_data(session, ic_session); - if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (txgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); - rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } } @@ -416,14 +404,11 @@ txgbe_crypto_session_get_size(__rte_unused void *device) } static int -txgbe_crypto_remove_session(void *device, - struct rte_security_session *session) +txgbe_crypto_remove_session(void *device, void *session) { struct rte_eth_dev *eth_dev = device; struct txgbe_crypto_session *ic_session = - (struct txgbe_crypto_session *) - get_sec_session_private_data(session); - struct rte_mempool *mempool = rte_mempool_from_obj(ic_session); + (struct txgbe_crypto_session *)session; if (eth_dev != ic_session->dev) { PMD_DRV_LOG(ERR, "Session not bound to this device\n"); @@ -435,8 +420,6 @@ txgbe_crypto_remove_session(void *device, return -EFAULT; } - rte_mempool_put(mempool, (void *)ic_session); - return 0; } @@ -456,12 +439,11 @@ txgbe_crypto_compute_pad_len(struct rte_mbuf *m) } static int -txgbe_crypto_update_mb(void *device __rte_unused, - struct rte_security_session *session, - struct rte_mbuf *m, void *params __rte_unused) +txgbe_crypto_update_mb(void *device __rte_unused, void *session, + struct rte_mbuf *m, void *params __rte_unused) { - struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(session); + struct txgbe_crypto_session *ic_session = session; + if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) { union txgbe_crypto_tx_desc_md *mdata = (union txgbe_crypto_tx_desc_md *) @@ -661,8 +643,10 @@ txgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, uint8_t is_ipv6) { + uint64_t sess_ptr = (uint64_t)sess; struct txgbe_crypto_session *ic_session = - get_sec_session_private_data(sess); + (struct txgbe_crypto_session *)sess_ptr; + /* TODO: A proper fix need to be added to remove above typecasting. */ if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) { if (is_ipv6) { diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 6817139663..03d907cba8 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -117,8 +117,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa, set_ipsec_conf(sa, &(sess_conf.ipsec)); ips->security.ses = rte_security_session_create(ctx, - &sess_conf, ipsec_ctx->session_pool, - ipsec_ctx->session_priv_pool); + &sess_conf, ipsec_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -199,8 +198,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, } ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); @@ -380,8 +378,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.userdata = (void *) sa; ips->security.ses = rte_security_session_create(sec_ctx, - &sess_conf, skt_ctx->session_pool, - skt_ctx->session_priv_pool); + &sess_conf, skt_ctx->session_pool); if (ips->security.ses == NULL) { RTE_LOG(ERR, IPSEC, "SEC Session init failed: err: %d\n", ret); diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index fe81ed3e4c..06560b9cba 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -39,35 +39,37 @@ rte_security_dynfield_register(void) return rte_security_dynfield_offset; } -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp) + struct rte_mempool *mp) { struct rte_security_session *sess = NULL; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); RTE_PTR_OR_ERR_RET(conf, NULL); RTE_PTR_OR_ERR_RET(mp, NULL); - RTE_PTR_OR_ERR_RET(priv_mp, NULL); + + if (mp->elt_size < sizeof(struct rte_security_session) + + instance->ops->session_get_size(instance->device)) + return NULL; if (rte_mempool_get(mp, (void **)&sess)) return NULL; if (instance->ops->session_create(instance->device, conf, - sess, priv_mp)) { + sess->sess_private_data)) { rte_mempool_put(mp, (void *)sess); return NULL; } instance->sess_cnt++; - return sess; + return sess->sess_private_data; } int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, @@ -88,8 +90,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance) int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, - struct rte_security_stats *stats) + void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); @@ -100,9 +101,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess) +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { + struct rte_security_session *s; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, @@ -113,7 +114,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance, if (ret != 0) return ret; - rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess); + s = container_of(sess, struct rte_security_session, sess_private_data); + rte_mempool_put(rte_mempool_from_obj(s), (void *)s); if (instance->sess_cnt) instance->sess_cnt--; @@ -123,7 +125,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 4c55dcd744..c5ceb3b588 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -509,10 +509,12 @@ struct rte_security_session_conf { }; struct rte_security_session { - void *sess_private_data; - /**< Private session material */ uint64_t opaque_data; /**< Opaque user defined data */ + uint64_t fast_mdata; + /**< Fast metadata to be used for inline path */ + __extension__ void *sess_private_data[0]; + /**< Private session material */ }; /** @@ -526,11 +528,10 @@ struct rte_security_session { * - On success, pointer to session * - On failure, NULL */ -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, - struct rte_mempool *mp, - struct rte_mempool *priv_mp); + struct rte_mempool *mp); /** * Update security session as specified by the session configuration @@ -545,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance, __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf); /** @@ -576,7 +577,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); */ int rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess); + void *sess); /** Device-specific metadata field type */ typedef uint64_t rte_security_dynfield_t; @@ -622,7 +623,7 @@ static inline bool rte_security_dynfield_is_registered(void) /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params); /** @@ -640,13 +641,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = - (rte_security_dynfield_t)(sess->sess_private_data); + (rte_security_dynfield_t)(sess); return 0; } @@ -696,26 +697,13 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) */ static inline int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, - struct rte_security_session *sess) + void *sess) { sym_op->sec_session = sess; return 0; } -static inline void * -get_sec_session_private_data(const struct rte_security_session *sess) -{ - return sess->sess_private_data; -} - -static inline void -set_sec_session_private_data(struct rte_security_session *sess, - void *private_data) -{ - sess->sess_private_data = private_data; -} - /** * Attach a session to a crypto operation. * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD @@ -726,8 +714,7 @@ set_sec_session_private_data(struct rte_security_session *sess, * @param sess security session */ static inline int -rte_security_attach_session(struct rte_crypto_op *op, - struct rte_security_session *sess) +rte_security_attach_session(struct rte_crypto_op *op, void *sess) { if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) return -EINVAL; @@ -789,7 +776,7 @@ struct rte_security_stats { __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index b0253e962e..5a177d72d7 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -35,8 +35,7 @@ extern "C" { */ typedef int (*security_session_create_t)(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mp); + void *sess); /** * Free driver private session data. @@ -44,8 +43,7 @@ typedef int (*security_session_create_t)(void *device, * @param device Crypto/eth device pointer * @param sess Security session structure */ -typedef int (*security_session_destroy_t)(void *device, - struct rte_security_session *sess); +typedef int (*security_session_destroy_t)(void *device, void *sess); /** * Update driver private session data. @@ -60,8 +58,7 @@ typedef int (*security_session_destroy_t)(void *device, * - Returns -ENOTSUP if crypto device does not support the crypto transform. */ typedef int (*security_session_update_t)(void *device, - struct rte_security_session *sess, - struct rte_security_session_conf *conf); + void *sess, struct rte_security_session_conf *conf); /** * Get the size of a security session @@ -86,8 +83,7 @@ typedef unsigned int (*security_session_get_size)(void *device); * - Returns -EINVAL if session parameters are invalid. */ typedef int (*security_session_stats_get_t)(void *device, - struct rte_security_session *sess, - struct rte_security_stats *stats); + void *sess, struct rte_security_stats *stats); __rte_internal int rte_security_dynfield_register(void); @@ -96,7 +92,7 @@ int rte_security_dynfield_register(void); * Update the mbuf with provided metadata. * * @param device Crypto/eth device pointer - * @param sess Security session structure + * @param sess Security session * @param mb Packet buffer * @param params Metadata * @@ -105,7 +101,7 @@ int rte_security_dynfield_register(void); * - Returns -ve value for errors. */ typedef int (*security_set_pkt_metadata_t)(void *device, - struct rte_security_session *sess, struct rte_mbuf *mb, + void *sess, struct rte_mbuf *mb, void *params); /**

[v3,1/8] security: rework session framework

Checks

Commit Message

Patch