diff mbox series

[v2,1/7] security: rework session framework

Message ID 20211013192222.1582631-2-gakhil@marvell.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series crypto/security session framework rework | expand

Checks

Context Check Description
ci/iol-testing warning apply patch failure
ci/checkpatch warning coding style issues

Commit Message

Akhil Goyal Oct. 13, 2021, 7:22 p.m. UTC
As per current design, rte_security_session_create()
unnecesarily use 2 mempool objects for a single session.
And structure rte_security_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the API will now take only 1 mempool
object instead of 2 and return a void pointer directly
to the session private data. With this change, the library layer
will get the object from mempool and pass session_private_data
to the PMD for filling the PMD data.
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  13 +-
 .../cperf_test_pmd_cyclecount.c               |   2 +-
 app/test/test_cryptodev.c                     |  17 +-
 app/test/test_ipsec.c                         |  11 +-
 app/test/test_security.c                      | 193 ++++--------------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |   5 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  30 +--
 drivers/crypto/caam_jr/caam_jr.c              |  32 +--
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |   6 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |   2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              |  50 +----
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 +---
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  34 +--
 drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
 drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  11 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  54 +----
 drivers/crypto/qat/qat_sym.c                  |   3 +-
 drivers/crypto/qat/qat_sym.h                  |   8 +-
 drivers/crypto/qat/qat_sym_session.c          |  21 +-
 drivers/crypto/qat/qat_sym_session.h          |   4 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
 drivers/net/meson.build                       |   2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  51 ++---
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
 examples/ipsec-secgw/ipsec.c                  |   9 +-
 lib/security/rte_security.c                   |  28 +--
 lib/security/rte_security.h                   |  41 ++--
 lib/security/rte_security_driver.h            |  16 +-
 31 files changed, 203 insertions(+), 615 deletions(-)
diff mbox series

Patch

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 263841c339..6c3aa77dec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -67,8 +67,6 @@  cperf_set_ops_security(struct rte_crypto_op **ops,
 
 	for (i = 0; i < nb_ops; i++) {
 		struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-		struct rte_security_session *sec_sess =
-			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
 		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -76,7 +74,7 @@  cperf_set_ops_security(struct rte_crypto_op **ops,
 		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
 
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
-		rte_security_attach_session(ops[i], sec_sess);
+		rte_security_attach_session(ops[i], (void *)sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
 							src_buf_offset);
 
@@ -608,7 +606,6 @@  cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 static struct rte_cryptodev_sym_session *
 create_ipsec_session(struct rte_mempool *sess_mp,
-		struct rte_mempool *priv_mp,
 		uint8_t dev_id,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
@@ -720,7 +717,7 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 
 	/* Create security session */
 	return (void *)rte_security_session_create(ctx,
-				&sess_conf, sess_mp, priv_mp);
+				&sess_conf, sess_mp);
 }
 
 static struct rte_cryptodev_sym_session *
@@ -831,11 +828,11 @@  cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 
 	if (options->op_type == CPERF_IPSEC) {
-		return create_ipsec_session(sess_mp, priv_mp, dev_id,
+		return create_ipsec_session(sess_mp, dev_id,
 				options, test_vector, iv_offset);
 	}
 
@@ -880,7 +877,7 @@  cperf_create_session(struct rte_mempool *sess_mp,
 
 		/* Create security session */
 		return (void *)rte_security_session_create(ctx,
-					&sess_conf, sess_mp, priv_mp);
+					&sess_conf, sess_mp);
 	}
 #endif
 	sess = rte_cryptodev_sym_session_create(sess_mp);
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index fda97e8ab9..e43e2a3b96 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@  cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
 				(struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(ctx->dev_id);
 			rte_security_session_destroy(sec_ctx,
-				(struct rte_security_session *)ctx->sess);
+				(void *)ctx->sess);
 		} else
 #endif
 		{
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 65b64e1af0..79019eb766 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -83,7 +83,7 @@  struct crypto_unittest_params {
 	union {
 		struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-		struct rte_security_session *sec_session;
+		void *sec_session;
 #endif
 	};
 #ifdef RTE_LIB_SECURITY
@@ -8278,8 +8278,7 @@  static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -8539,8 +8538,7 @@  test_pdcp_proto_SGL(int i, int oop,
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx,
-				&sess_conf, ts_params->session_mpool,
-				ts_params->session_priv_mpool);
+				&sess_conf, ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s()-%d line %d failed %s: ",
@@ -9024,8 +9022,7 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
@@ -9446,8 +9443,7 @@  test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
@@ -9622,8 +9618,7 @@  test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
 
 	/* Create security session */
 	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool,
-					ts_params->session_priv_mpool);
+					ts_params->session_mpool);
 
 	if (!ut_params->sec_session) {
 		printf("TestCase %s(%d) line %d: %s\n",
diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index c6d6b88d6d..2ffa2a8e79 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,18 +148,16 @@  const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	struct rte_security_session *sess, struct rte_mempool *mp)
+	void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
-	RTE_SET_USED(mp);
-
-	sess->sess_private_data = NULL;
+	RTE_SET_USED(sess);
 	return 0;
 }
 
 static int
-dummy_sec_destroy(void *device, struct rte_security_session *sess)
+dummy_sec_destroy(void *device, void *sess)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(sess);
@@ -631,8 +629,7 @@  create_dummy_sec_session(struct ipsec_unitest_params *ut,
 	static struct rte_security_session_conf conf;
 
 	ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
-					&conf, qp->mp_session,
-					qp->mp_session_private);
+					&conf, qp->mp_session);
 
 	if (ut->ss[j].security.ses == NULL)
 		return -ENOMEM;
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 060cf1ffa8..1cea756880 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -200,25 +200,6 @@ 
 			expected_mempool_usage, mempool_usage);		\
 } while (0)
 
-/**
- * Verify usage of mempool by checking if number of allocated objects matches
- * expectations. The mempool is used to manage objects for sessions priv data.
- * A single object is acquired from mempool during session_create
- * and put back in session_destroy.
- *
- * @param   expected_priv_mp_usage	expected number of used priv mp objects
- */
-#define TEST_ASSERT_PRIV_MP_USAGE(expected_priv_mp_usage) do {		\
-	struct security_testsuite_params *ts_params = &testsuite_params;\
-	unsigned int priv_mp_usage;					\
-	priv_mp_usage = rte_mempool_in_use_count(			\
-			ts_params->session_priv_mpool);			\
-	TEST_ASSERT_EQUAL(expected_priv_mp_usage, priv_mp_usage,	\
-			"Expecting %u priv mempool allocations, "	\
-			"but there are %u allocated objects",		\
-			expected_priv_mp_usage, priv_mp_usage);		\
-} while (0)
-
 /**
  * Mockup structures and functions for rte_security_ops;
  *
@@ -253,39 +234,28 @@ 
 static struct mock_session_create_data {
 	void *device;
 	struct rte_security_session_conf *conf;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mempool *mp;
-	struct rte_mempool *priv_mp;
 
 	int ret;
 
 	int called;
 	int failed;
-} mock_session_create_exp = {NULL, NULL, NULL, NULL, NULL, 0, 0, 0};
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
 
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *priv_mp)
+		void *sess)
 {
-	void *sess_priv;
-	int ret;
 
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
-	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, priv_mp);
 
-	if (mock_session_create_exp.ret == 0) {
-		ret = rte_mempool_get(priv_mp, &sess_priv);
-		TEST_ASSERT_EQUAL(0, ret,
-			"priv mempool does not have enough objects");
-
-		set_sec_session_private_data(sess, sess_priv);
+	if (mock_session_create_exp.ret == 0)
 		mock_session_create_exp.sess = sess;
-	}
 
 	return mock_session_create_exp.ret;
 }
@@ -297,7 +267,7 @@  mock_session_create(void *device,
  */
 static struct mock_session_update_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_session_conf *conf;
 
 	int ret;
@@ -308,7 +278,7 @@  static struct mock_session_update_data {
 
 static int
 mock_session_update(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_session_conf *conf)
 {
 	mock_session_update_exp.called++;
@@ -351,7 +321,7 @@  mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_security_stats *stats;
 
 	int ret;
@@ -362,7 +332,7 @@  static struct mock_session_stats_get_data {
 
 static int
 mock_session_stats_get(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_security_stats *stats)
 {
 	mock_session_stats_get_exp.called++;
@@ -381,7 +351,7 @@  mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret;
 
@@ -390,15 +360,9 @@  static struct mock_session_destroy_data {
 } mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
 
 static int
-mock_session_destroy(void *device, struct rte_security_session *sess)
+mock_session_destroy(void *device, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	mock_session_destroy_exp.called++;
-	if ((mock_session_destroy_exp.ret == 0) && (sess_priv != NULL)) {
-		rte_mempool_put(rte_mempool_from_obj(sess_priv), sess_priv);
-		set_sec_session_private_data(sess, NULL);
-	}
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
 
@@ -412,7 +376,7 @@  mock_session_destroy(void *device, struct rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
 	void *device;
-	struct rte_security_session *sess;
+	void *sess;
 	struct rte_mbuf *m;
 	void *params;
 
@@ -424,7 +388,7 @@  static struct mock_set_pkt_metadata_data {
 
 static int
 mock_set_pkt_metadata(void *device,
-		struct rte_security_session *sess,
+		void *sess,
 		struct rte_mbuf *m,
 		void *params)
 {
@@ -536,7 +500,6 @@  struct rte_security_ops mock_ops = {
  */
 static struct security_testsuite_params {
 	struct rte_mempool *session_mpool;
-	struct rte_mempool *session_priv_mpool;
 } testsuite_params = { NULL };
 
 /**
@@ -549,7 +512,7 @@  static struct security_testsuite_params {
 static struct security_unittest_params {
 	struct rte_security_ctx ctx;
 	struct rte_security_session_conf conf;
-	struct rte_security_session *sess;
+	void *sess;
 } unittest_params = {
 	.ctx = {
 		.device = NULL,
@@ -563,7 +526,7 @@  static struct security_unittest_params {
 #define SECURITY_TEST_PRIV_MEMPOOL_NAME "SecurityTestPrivMp"
 #define SECURITY_TEST_MEMPOOL_SIZE 15
 #define SECURITY_TEST_SESSION_OBJ_SZ sizeof(struct rte_security_session)
-#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 64
+#define SECURITY_TEST_SESSION_PRIV_OBJ_SZ 1024
 
 /**
  * testsuite_setup initializes whole test suite parameters.
@@ -577,27 +540,13 @@  testsuite_setup(void)
 	ts_params->session_mpool = rte_mempool_create(
 			SECURITY_TEST_MEMPOOL_NAME,
 			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_OBJ_SZ,
+			SECURITY_TEST_SESSION_OBJ_SZ +
+			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
 			0, 0, NULL, NULL, NULL, NULL,
 			SOCKET_ID_ANY, 0);
 	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
 			"Cannot create mempool %s\n", rte_strerror(rte_errno));
 
-	ts_params->session_priv_mpool = rte_mempool_create(
-			SECURITY_TEST_PRIV_MEMPOOL_NAME,
-			SECURITY_TEST_MEMPOOL_SIZE,
-			SECURITY_TEST_SESSION_PRIV_OBJ_SZ,
-			0, 0, NULL, NULL, NULL, NULL,
-			SOCKET_ID_ANY, 0);
-	if (ts_params->session_priv_mpool == NULL) {
-		RTE_LOG(ERR, USER1, "TestCase %s() line %d failed (null): "
-				"Cannot create priv mempool %s\n",
-				__func__, __LINE__, rte_strerror(rte_errno));
-		rte_mempool_free(ts_params->session_mpool);
-		ts_params->session_mpool = NULL;
-		return TEST_FAILED;
-	}
-
 	return TEST_SUCCESS;
 }
 
@@ -612,10 +561,6 @@  testsuite_teardown(void)
 		rte_mempool_free(ts_params->session_mpool);
 		ts_params->session_mpool = NULL;
 	}
-	if (ts_params->session_priv_mpool) {
-		rte_mempool_free(ts_params->session_priv_mpool);
-		ts_params->session_priv_mpool = NULL;
-	}
 }
 
 /**
@@ -704,7 +649,7 @@  ut_setup_with_session(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
 	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	int ret = ut_setup();
 	if (ret != TEST_SUCCESS)
@@ -713,12 +658,11 @@  ut_setup_with_session(void)
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
+	mock_session_get_size_exp.called = 0;
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -757,16 +701,14 @@  test_session_create_inv_context(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(NULL, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -781,18 +723,16 @@  test_session_create_inv_context_ops(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = NULL;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -807,18 +747,16 @@  test_session_create_inv_context_ops_fun(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	ut_params->ctx.ops = &empty_ops;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -832,16 +770,14 @@  test_session_create_inv_configuration(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, NULL,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -855,39 +791,14 @@  static int
 test_session_create_inv_mempool(void)
 {
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			NULL, ts_params->session_priv_mpool);
+			NULL);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
-	TEST_ASSERT_SESSION_COUNT(0);
-
-	return TEST_SUCCESS;
-}
-
-/**
- * Test execution of rte_security_session_create with NULL session
- * priv mempool
- */
-static int
-test_session_create_inv_sess_priv_mempool(void)
-{
-	struct security_unittest_params *ut_params = &unittest_params;
-	struct security_testsuite_params *ts_params = &testsuite_params;
-	struct rte_security_session *sess;
-
-	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool, NULL);
-	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
-			sess, NULL, "%p");
-	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
-	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -902,9 +813,8 @@  test_session_create_mempool_empty(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-	void *tmp1[SECURITY_TEST_MEMPOOL_SIZE];
-	struct rte_security_session *sess;
+	void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	void *sess;
 
 	/* Get all available objects from mempool. */
 	int i, ret;
@@ -914,34 +824,23 @@  test_session_create_mempool_empty(void)
 		TEST_ASSERT_EQUAL(0, ret,
 				"Expect getting %d object from mempool"
 				" to succeed", i);
-		ret = rte_mempool_get(ts_params->session_priv_mpool,
-				(void **)(&tmp1[i]));
-		TEST_ASSERT_EQUAL(0, ret,
-				"Expect getting %d object from priv mempool"
-				" to succeed", i);
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
-	TEST_ASSERT_PRIV_MP_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/* Put objects back to the pool. */
 	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
 		rte_mempool_put(ts_params->session_mpool,
 				(void *)(tmp[i]));
-		rte_mempool_put(ts_params->session_priv_mpool,
-				(tmp1[i]));
 	}
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 
 	return TEST_SUCCESS;
 }
@@ -955,22 +854,19 @@  test_session_create_ops_failure(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = -1;	/* Return failure status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
 			sess, NULL, "%p");
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	return TEST_SUCCESS;
@@ -984,17 +880,15 @@  test_session_create_success(void)
 {
 	struct security_testsuite_params *ts_params = &testsuite_params;
 	struct security_unittest_params *ut_params = &unittest_params;
-	struct rte_security_session *sess;
+	void *sess;
 
 	mock_session_create_exp.device = NULL;
 	mock_session_create_exp.conf = &ut_params->conf;
 	mock_session_create_exp.mp = ts_params->session_mpool;
-	mock_session_create_exp.priv_mp = ts_params->session_priv_mpool;
 	mock_session_create_exp.ret = 0;	/* Return success status. */
 
 	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
-			ts_params->session_mpool,
-			ts_params->session_priv_mpool);
+			ts_params->session_mpool);
 	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
 			sess);
 	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
@@ -1003,7 +897,6 @@  test_session_create_success(void)
 			sess, mock_session_create_exp.sess);
 	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	/*
@@ -1389,7 +1282,6 @@  test_session_destroy_inv_context(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(NULL, ut_params->sess);
@@ -1397,7 +1289,6 @@  test_session_destroy_inv_context(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1414,7 +1305,6 @@  test_session_destroy_inv_context_ops(void)
 	ut_params->ctx.ops = NULL;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1423,7 +1313,6 @@  test_session_destroy_inv_context_ops(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1440,7 +1329,6 @@  test_session_destroy_inv_context_ops_fun(void)
 	ut_params->ctx.ops = &empty_ops;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1449,7 +1337,6 @@  test_session_destroy_inv_context_ops_fun(void)
 			ret, -ENOTSUP, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1464,7 +1351,6 @@  test_session_destroy_inv_session(void)
 	struct security_unittest_params *ut_params = &unittest_params;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
@@ -1472,7 +1358,6 @@  test_session_destroy_inv_session(void)
 			ret, -EINVAL, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1492,7 +1377,6 @@  test_session_destroy_ops_failure(void)
 	mock_session_destroy_exp.ret = -1;
 
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1501,7 +1385,6 @@  test_session_destroy_ops_failure(void)
 			ret, -1, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	return TEST_SUCCESS;
@@ -1519,7 +1402,6 @@  test_session_destroy_success(void)
 	mock_session_destroy_exp.sess = ut_params->sess;
 	mock_session_destroy_exp.ret = 0;
 	TEST_ASSERT_MEMPOOL_USAGE(1);
-	TEST_ASSERT_PRIV_MP_USAGE(1);
 	TEST_ASSERT_SESSION_COUNT(1);
 
 	int ret = rte_security_session_destroy(&ut_params->ctx,
@@ -1528,7 +1410,6 @@  test_session_destroy_success(void)
 			ret, 0, "%d");
 	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
 	TEST_ASSERT_MEMPOOL_USAGE(0);
-	TEST_ASSERT_PRIV_MP_USAGE(0);
 	TEST_ASSERT_SESSION_COUNT(0);
 
 	/*
@@ -2495,8 +2376,6 @@  static struct unit_test_suite security_testsuite  = {
 				test_session_create_inv_configuration),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_inv_mempool),
-		TEST_CASE_ST(ut_setup, ut_teardown,
-				test_session_create_inv_sess_priv_mempool),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_mempool_empty),
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index bbf310166e..e8da9ea9e1 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1021,8 +1021,7 @@  get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 	} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		if (likely(op->sym->sec_session != NULL))
 			sess = (struct aesni_mb_session *)
-					get_sec_session_private_data(
-						op->sym->sec_session);
+					(op->sym->sec_session);
 #endif
 	} else {
 		void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
@@ -1638,7 +1637,7 @@  post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 		 * this is for DOCSIS
 		 */
 		is_docsis_sec = 1;
-		sess = get_sec_session_private_data(op->sym->sec_session);
+		sess = (struct aesni_mb_session *)(op->sym->sec_session);
 	} else
 #endif
 	{
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 48a8f91868..39c67e3952 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,10 +1056,8 @@  struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mempool)
+			     void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -1069,40 +1067,22 @@  aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
-			sess_private_data);
-
+	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess);
 	if (ret != 0) {
 		AESNI_MB_LOG(ERR, "Failed to configure session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
+	if (sess)
+		memset(sess, 0, sizeof(struct aesni_mb_session));
 
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		memset(sess_priv, 0, sizeof(struct aesni_mb_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
 	return 0;
 }
 
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 258750afe7..ce7a100778 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1361,9 +1361,7 @@  caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)
 					cryptodev_driver_id);
 		break;
 	case RTE_CRYPTO_OP_SECURITY_SESSION:
-		ses = (struct caam_jr_session *)
-			get_sec_session_private_data(
-					op->sym->sec_session);
+		ses = (struct caam_jr_session *)(op->sym->sec_session);
 		break;
 	default:
 		CAAM_JR_DP_ERR("sessionless crypto op not supported");
@@ -1911,22 +1909,14 @@  caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CAAM_JR_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = caam_jr_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = caam_jr_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -1935,34 +1925,24 @@  caam_jr_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		CAAM_JR_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /* Clear the memory of session so it doesn't leave key material behind */
 static int
-caam_jr_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+caam_jr_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	struct caam_jr_session *s = (struct caam_jr_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	struct caam_jr_session *s = (struct caam_jr_session *)sess;
 
+	if (sess) {
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(sess, 0, sizeof(struct caam_jr_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index c25c8e67b2..de2eebd507 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -122,8 +122,8 @@  cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
 
 	if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			sec_sess = get_sec_session_private_data(
-				sym_op->sec_session);
+			sec_sess = (struct cn10k_sec_session *)
+				(sym_op->sec_session);
 			ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
 						&inst[0]);
 			if (unlikely(ret))
@@ -360,7 +360,7 @@  cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
 	if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND))
 		return;
 
-	sess = get_sec_session_private_data(cop->sym->sec_session);
+	sess = (struct cn10k_sec_session *)(cop->sym->sec_session);
 	sa = &sess->sa;
 
 	mbuf = cop->sym->m_src;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 27df1dcd64..425fe599e0 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -35,17 +35,15 @@  static int
 cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sec_sess)
+			   struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_outb_param1 param1;
 	struct roc_ot_ipsec_outb_sa *out_sa;
 	struct cnxk_ipsec_outb_rlens rlens;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 
@@ -114,16 +112,14 @@  static int
 cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
 			  struct rte_security_ipsec_xform *ipsec_xfrm,
 			  struct rte_crypto_sym_xform *crypto_xfrm,
-			  struct rte_security_session *sec_sess)
+			  struct cn10k_sec_session *sess)
 {
 	union roc_ot_ipsec_inb_param1 param1;
 	struct roc_ot_ipsec_inb_sa *in_sa;
-	struct cn10k_sec_session *sess;
 	struct cn10k_ipsec_sa *sa;
 	union cpt_inst_w4 inst_w4;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -175,7 +171,7 @@  static int
 cn10k_ipsec_session_create(void *dev,
 			   struct rte_security_ipsec_xform *ipsec_xfrm,
 			   struct rte_crypto_sym_xform *crypto_xfrm,
-			   struct rte_security_session *sess)
+			   struct cn10k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct roc_cpt *roc_cpt;
@@ -204,55 +200,28 @@  cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 struct rte_security_session *sess,
-			 struct rte_mempool *mempool)
+			 void *sess)
 {
-	struct cn10k_sec_session *priv;
-	int ret;
+	struct cn10k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
-	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
-					 conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn10k_ipsec_session_create(device, &conf->ipsec,
+					 conf->crypto_xform, priv);
 }
 
 static int
-cn10k_sec_session_destroy(void *device __rte_unused,
-			  struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct cn10k_sec_session *priv;
-	struct rte_mempool *sess_mp;
-
-	priv = get_sec_session_private_data(sess);
+	struct cn10k_sec_session *priv = sess;
 
 	if (priv == NULL)
 		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 75277936b0..4c2dc5b080 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -56,7 +56,7 @@  cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
 		return -ENOTSUP;
 	}
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct cn9k_sec_session *)(op->sym->sec_session);
 	sa = &priv->sa;
 
 	if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 53fb793654..a602d38a11 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -275,14 +275,13 @@  static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sec_sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_outb_sa *out_sa;
-	struct cn9k_sec_session *sess;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 	struct rte_ipv6_hdr *ip6;
@@ -294,7 +293,6 @@  cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	out_sa = &sa->out_sa;
 	ctl = &out_sa->common_sa.ctl;
@@ -422,13 +420,12 @@  static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct rte_security_session *sec_sess)
+			 struct cn9k_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	struct cnxk_cpt_inst_tmpl *inst_tmpl;
 	struct roc_ie_on_inb_sa *in_sa;
-	struct cn9k_sec_session *sess;
 	struct cn9k_ipsec_sa *sa;
 	const uint8_t *auth_key;
 	union cpt_inst_w4 w4;
@@ -437,7 +434,6 @@  cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 	size_t ctx_len = 0;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sa = &sess->sa;
 	in_sa = &sa->in_sa;
 
@@ -501,7 +497,7 @@  static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct cn9k_sec_session *sess)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -532,53 +528,32 @@  cn9k_ipsec_session_create(void *dev,
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			struct rte_security_session *sess,
-			struct rte_mempool *mempool)
+			void *sess)
 {
-	struct cn9k_sec_session *priv;
-	int ret;
+	struct cn9k_sec_session *priv = sess;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
 		return -EINVAL;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, priv);
-
 	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
-		ret = -ENOTSUP;
-		goto mempool_put;
+		return -ENOTSUP;
 	}
 
-	ret = cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, sess);
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
+	return cn9k_ipsec_session_create(device, &conf->ipsec,
+					conf->crypto_xform, priv);
 }
 
 static int
-cn9k_sec_session_destroy(void *device __rte_unused,
-			 struct rte_security_session *sess)
+cn9k_sec_session_destroy(void *device __rte_unused, void *sess)
 {
 	struct roc_ie_on_outb_sa *out_sa;
 	struct cn9k_sec_session *priv;
-	struct rte_mempool *sess_mp;
 	struct roc_ie_on_sa_ctl *ctl;
 	struct cn9k_ipsec_sa *sa;
 
-	priv = get_sec_session_private_data(sess);
+	priv = sess;
 	if (priv == NULL)
 		return 0;
 
@@ -590,13 +565,8 @@  cn9k_sec_session_destroy(void *device __rte_unused,
 
 	rte_io_wmb();
 
-	sess_mp = rte_mempool_from_obj(priv);
-
 	memset(priv, 0, sizeof(*priv));
 
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index dfa72f3f93..176f1a27a0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1358,8 +1358,7 @@  build_sec_fd(struct rte_crypto_op *op,
 				op->sym->session, cryptodev_driver_id);
 #ifdef RTE_LIB_SECURITY
 	else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-		sess = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		sess = (dpaa2_sec_session *)(op->sym->sec_session);
 #endif
 	else
 		return -ENOTSUP;
@@ -1532,7 +1531,7 @@  sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	struct rte_crypto_op *op;
 	uint16_t len = DPAA2_GET_FD_LEN(fd);
 	int16_t diff = 0;
-	dpaa2_sec_session *sess_priv __rte_unused;
+	dpaa2_sec_session *sess_priv;
 
 	struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
 		DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
@@ -1545,8 +1544,7 @@  sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
 	mbuf->buf_iova = op->sym->aead.digest.phys_addr;
 	op->sym->aead.digest.phys_addr = 0L;
 
-	sess_priv = (dpaa2_sec_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+	sess_priv = (dpaa2_sec_session *)(op->sym->sec_session);
 	if (sess_priv->dir == DIR_ENC)
 		mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
 	else
@@ -3395,63 +3393,44 @@  dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  struct rte_security_session *sess,
-				  struct rte_mempool *mempool)
+				  void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA2_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa2_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa2_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa2_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	default:
 		return -EINVAL;
 	}
 	if (ret != 0) {
 		DPAA2_SEC_ERR("Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa2_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa2_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
 
-	dpaa2_sec_session *s = (dpaa2_sec_session *)sess_priv;
-
-	if (sess_priv) {
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+	dpaa2_sec_session *s = (dpaa2_sec_session *)sess;
 
+	if (sess) {
 		rte_free(s->ctxt);
 		rte_free(s->cipher_key.data);
 		rte_free(s->auth_key.data);
 		memset(s, 0, sizeof(dpaa2_sec_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d5aa2748d6..832b6e64ec 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1793,8 +1793,7 @@  dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 #ifdef RTE_LIB_SECURITY
 			case RTE_CRYPTO_OP_SECURITY_SESSION:
 				ses = (dpaa_sec_session *)
-					get_sec_session_private_data(
-							op->sym->sec_session);
+					(op->sym->sec_session);
 				break;
 #endif
 			default:
@@ -2572,7 +2571,6 @@  static inline void
 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 {
 	struct dpaa_sec_dev_private *qi = dev->data->dev_private;
-	struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
 	uint8_t i;
 
 	for (i = 0; i < MAX_DPAA_CORES; i++) {
@@ -2582,7 +2580,6 @@  free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
 		s->qp[i] = NULL;
 	}
 	free_session_data(s);
-	rte_mempool_put(sess_mp, (void *)s);
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
@@ -3117,26 +3114,17 @@  dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 struct rte_security_session *sess,
-				 struct rte_mempool *mempool)
+				 void *sess)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		DPAA_SEC_ERR("Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	switch (conf->protocol) {
 	case RTE_SECURITY_PROTOCOL_IPSEC:
-		ret = dpaa_sec_set_ipsec_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_ipsec_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_PDCP:
-		ret = dpaa_sec_set_pdcp_session(cdev, conf,
-				sess_private_data);
+		ret = dpaa_sec_set_pdcp_session(cdev, conf, sess);
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
@@ -3145,29 +3133,21 @@  dpaa_sec_security_session_create(void *dev,
 	}
 	if (ret != 0) {
 		DPAA_SEC_ERR("failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-dpaa_sec_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+dpaa_sec_security_session_destroy(void *dev __rte_unused, void *sess)
 {
 	PMD_INIT_FUNC_TRACE();
-	void *sess_priv = get_sec_session_private_data(sess);
-	dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
+	dpaa_sec_session *s = (dpaa_sec_session *)sess;
 
-	if (sess_priv) {
+	if (sess)
 		free_session_memory((struct rte_cryptodev *)dev, s);
-		set_sec_session_private_data(sess, NULL);
-	}
 	return 0;
 }
 #endif
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd.c b/drivers/crypto/mvsam/rte_mrvl_pmd.c
index a72642a772..245a4ad353 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd.c
@@ -773,8 +773,7 @@  mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
 		return -EINVAL;
 	}
 
-	sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
-			op->sym->sec_session);
+	sess = (struct mrvl_crypto_session *)(op->sym->sec_session);
 	if (unlikely(sess == NULL)) {
 		MRVL_LOG(ERR, "Session was not created for this device! %d",
 			 cryptodev_driver_id);
diff --git a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
index 3064b1f136..e04a2c88c7 100644
--- a/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
+++ b/drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
@@ -913,16 +913,12 @@  mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
 
 /** Clear the memory of session so it doesn't leave key material behind */
 static int
-mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
-		struct rte_security_session *sess)
+mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused, void *sess)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
-
 	/* Zero out the whole structure */
-	if (sess_priv) {
+	if (sess) {
 		struct mrvl_crypto_session *mrvl_sess =
 			(struct mrvl_crypto_session *)sess_priv;
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
 
 		if (mrvl_sess->sam_sess &&
 		    sam_session_destroy(mrvl_sess->sam_sess) < 0) {
@@ -932,9 +928,6 @@  mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
 		rte_free(mrvl_sess->sam_sess_params.cipher_key);
 		rte_free(mrvl_sess->sam_sess_params.auth_key);
 		rte_free(mrvl_sess->sam_sess_params.cipher_iv);
-		memset(sess, 0, sizeof(struct rte_security_session));
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 37fad11d91..7b744cd4b4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -702,7 +702,7 @@  otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	uint8_t esn;
 	int ret;
 
-	priv = get_sec_session_private_data(op->sym->sec_session);
+	priv = (struct otx2_sec_session *)(op->sym->sec_session);
 	sess = &priv->ipsec.lp;
 	sa = &sess->in_sa;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..56900e3187 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,7 +203,7 @@  static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct rte_security_session *sec_sess)
+				     struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -212,13 +212,11 @@  crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_out_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	int ret, ctx_len;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -398,7 +396,7 @@  static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct rte_security_session *sec_sess)
+				    struct otx2_sec_session *sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -406,11 +404,9 @@  crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_sa_ctl *ctl;
 	int cipher_key_len, auth_key_len;
 	struct otx2_ipsec_po_in_sa *sa;
-	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
 	int ret;
 
-	sess = get_sec_session_private_data(sec_sess);
 	sess->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	lp = &sess->ipsec.lp;
 
@@ -512,7 +508,7 @@  static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct rte_security_session *sess)
+				struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -536,10 +532,9 @@  crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       struct rte_security_session *sess,
-			       struct rte_mempool *mempool)
+			       void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
@@ -548,51 +543,25 @@  otx2_crypto_sec_session_create(void *device,
 	if (rte_security_dynfield_register() < 0)
 		return -rte_errno;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	priv->userdata = conf->userdata;
 
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      sess);
+						      priv);
 	else
 		ret = -ENOTSUP;
 
-	if (ret)
-		goto mempool_put;
-
-	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
 	return ret;
 }
 
 static int
-otx2_crypto_sec_session_destroy(void *device __rte_unused,
-				struct rte_security_session *sess)
+otx2_crypto_sec_session_destroy(void *device __rte_unused, void *sess)
 {
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 
-	priv = get_sec_session_private_data(sess);
-
-	if (priv == NULL)
-		return 0;
-
-	sess_mp = rte_mempool_from_obj(priv);
-
-	memset(priv, 0, sizeof(*priv));
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
+	if (priv)
+		memset(priv, 0, sizeof(*priv));
 
 	return 0;
 }
@@ -604,8 +573,7 @@  otx2_crypto_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
-			      struct rte_security_session *session,
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, void *session,
 			      struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 93b257522b..fbb17e61ff 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -250,8 +250,7 @@  qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				op->sym->session, qat_sym_driver_id);
 #ifdef RTE_LIB_SECURITY
 	} else {
-		ctx = (struct qat_sym_session *)get_sec_session_private_data(
-				op->sym->sec_session);
+		ctx = (struct qat_sym_session *)(op->sym->sec_session);
 		if (likely(ctx)) {
 			if (unlikely(ctx->bpi_ctx == NULL)) {
 				QAT_DP_LOG(ERR, "QAT PMD only supports security"
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index e3ec7f0de4..8904aabd3d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -202,9 +202,7 @@  qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
 		op = (struct rte_crypto_op *)ops[i];
 
 		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-			ctx = (struct qat_sym_session *)
-				get_sec_session_private_data(
-					op->sym->sec_session);
+			ctx = (struct qat_sym_session *)(op->sym->sec_session);
 
 			if (ctx == NULL || ctx->bpi_ctx == NULL)
 				continue;
@@ -243,9 +241,7 @@  qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie)
 		 * Assuming at this point that if it's a security
 		 * op, that this is for DOCSIS
 		 */
-		sess = (struct qat_sym_session *)
-				get_sec_session_private_data(
-				rx_op->sym->sec_session);
+		sess = (struct qat_sym_session *)(rx_op->sym->sec_session);
 		is_docsis_sec = 1;
 	} else
 #endif
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 3f2f6736fc..2a22347c7f 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2283,10 +2283,8 @@  qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 int
 qat_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				struct rte_security_session *sess,
-				struct rte_mempool *mempool)
+				void *sess_private_data)
 {
-	void *sess_private_data;
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
@@ -2296,40 +2294,25 @@  qat_security_session_create(void *dev,
 		return -EINVAL;
 	}
 
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		QAT_LOG(ERR, "Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
 		return ret;
 	}
 
-	set_sec_session_private_data(sess, sess_private_data);
-
 	return ret;
 }
 
 int
-qat_security_session_destroy(void *dev __rte_unused,
-				 struct rte_security_session *sess)
+qat_security_session_destroy(void *dev __rte_unused, void *sess_priv)
 {
-	void *sess_priv = get_sec_session_private_data(sess);
 	struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
 
 	if (sess_priv) {
 		if (s->bpi_ctx)
 			bpi_cipher_ctx_free(s->bpi_ctx);
 		memset(s, 0, qat_sym_session_get_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-
-		set_sec_session_private_data(sess, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
 	}
 	return 0;
 }
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 6ebc176729..7fcc1d6f7b 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,9 +166,9 @@  qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		struct rte_security_session *sess, struct rte_mempool *mempool);
+		void *sess);
 int
-qat_security_session_destroy(void *dev, struct rte_security_session *sess);
+qat_security_session_destroy(void *dev, void *sess);
 #endif
 
 #endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index e45c5501e6..cd54a3beee 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,24 +369,17 @@  ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct ixgbe_crypto_session *ic_session = NULL;
+	struct ixgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -396,7 +389,6 @@  ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -404,7 +396,6 @@  ixgbe_crypto_create_session(void *device,
 			ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -416,12 +407,9 @@  ixgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (ixgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -436,14 +424,11 @@  ixgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-ixgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+ixgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct ixgbe_crypto_session *ic_session =
-		(struct ixgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct ixgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -455,8 +440,6 @@  ixgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -476,12 +459,11 @@  ixgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-ixgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
+ixgbe_crypto_update_mb(void *device __rte_unused, void *session,
 		       struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct ixgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct ixgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union ixgbe_crypto_tx_desc_md *mdata =
 			(union ixgbe_crypto_tx_desc_md *)
@@ -685,8 +667,10 @@  ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
-	struct ixgbe_crypto_session *ic_session
-		= get_sec_session_private_data(sess);
+	uint64_t sess_ptr = (uint64_t)sess;
+	struct ixgbe_crypto_session *ic_session =
+			(struct ixgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index bcf488f203..7a09f7183d 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@  drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-        'cnxk',
+#        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2a36883cb..ef851fe52c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -350,7 +350,7 @@  static int
 eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 			      struct rte_security_ipsec_xform *ipsec,
 			      struct rte_crypto_sym_xform *crypto_xform,
-			      struct rte_security_session *sec_sess)
+			      struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_sec_session_ipsec_ip *sess;
@@ -363,7 +363,7 @@  eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 	struct otx2_cpt_inst_s inst;
 	struct otx2_cpt_qp *qp;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -468,7 +468,7 @@  static int
 eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 			     struct rte_security_ipsec_xform *ipsec,
 			     struct rte_crypto_sym_xform *crypto_xform,
-			     struct rte_security_session *sec_sess)
+			     struct otx2_sec_session *sec_sess)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
@@ -495,7 +495,7 @@  eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 
 	ctl = &sa->ctl;
 
-	priv = get_sec_session_private_data(sec_sess);
+	priv = sec_sess;
 	priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	sess = &priv->ipsec.ip;
 
@@ -619,7 +619,7 @@  static int
 eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct rte_security_session *sess)
+			  struct otx2_sec_session *sess)
 {
 	int ret;
 
@@ -638,22 +638,14 @@  eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess)
 {
-	struct otx2_sec_session *priv;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
 		return -ENOTSUP;
 
-	if (rte_mempool_get(mempool, (void **)&priv)) {
-		otx2_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
-	set_sec_session_private_data(sess, priv);
-
 	/*
 	 * Save userdata provided by the application. For ingress packets, this
 	 * could be used to identify the SA.
@@ -663,19 +655,14 @@  otx2_eth_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = eth_sec_ipsec_sess_create(device, &conf->ipsec,
 						conf->crypto_xform,
-						sess);
+						priv);
 	else
 		ret = -ENOTSUP;
 
 	if (ret)
-		goto mempool_put;
+		return ret;
 
 	return 0;
-
-mempool_put:
-	rte_mempool_put(mempool, priv);
-	set_sec_session_private_data(sess, NULL);
-	return ret;
 }
 
 static void
@@ -688,20 +675,14 @@  otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
 }
 
 static int
-otx2_eth_sec_session_destroy(void *device,
-			     struct rte_security_session *sess)
+otx2_eth_sec_session_destroy(void *device, void *sess)
 {
 	struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
 	struct otx2_sec_session_ipsec_ip *sess_ip;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct otx2_sec_session *priv;
-	struct rte_mempool *sess_mp;
+	struct otx2_sec_session *priv = sess;
 	int ret;
 
-	priv = get_sec_session_private_data(sess);
-	if (priv == NULL)
-		return -EINVAL;
-
 	sess_ip = &priv->ipsec.ip;
 
 	if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
@@ -727,11 +708,6 @@  otx2_eth_sec_session_destroy(void *device,
 			return ret;
 	}
 
-	sess_mp = rte_mempool_from_obj(priv);
-
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(sess_mp, priv);
-
 	return 0;
 }
 
@@ -742,9 +718,8 @@  otx2_eth_sec_session_get_size(void *device __rte_unused)
 }
 
 static int
-otx2_eth_sec_set_pkt_mdata(void *device __rte_unused,
-			    struct rte_security_session *session,
-			    struct rte_mbuf *m, void *params __rte_unused)
+otx2_eth_sec_set_pkt_mdata(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
 	/* Set security session as the pkt metadata */
 	*rte_security_dynfield(m) = (rte_security_dynfield_t)session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 623a2a841e..9ecb786947 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -54,7 +54,7 @@  otx2_sec_event_tx(uint64_t base, struct rte_event *ev, struct rte_mbuf *m,
 		struct nix_iova_s nix_iova;
 	} *sd;
 
-	priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
+	priv = (void *)(*rte_security_dynfield(m));
 	sess = &priv->ipsec.ip;
 	sa = &sess->out_sa;
 
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index ccd747973b..444da5b8f3 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,24 +349,17 @@  txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *session,
-		struct rte_mempool *mempool)
+		void *session)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
-	struct txgbe_crypto_session *ic_session = NULL;
+	struct txgbe_crypto_session *ic_session = session;
 	struct rte_crypto_aead_xform *aead_xform;
 	struct rte_eth_conf *dev_conf = &eth_dev->data->dev_conf;
 
-	if (rte_mempool_get(mempool, (void **)&ic_session)) {
-		PMD_DRV_LOG(ERR, "Cannot get object from ic_session mempool");
-		return -ENOMEM;
-	}
-
 	if (conf->crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD ||
 			conf->crypto_xform->aead.algo !=
 					RTE_CRYPTO_AEAD_AES_GCM) {
 		PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
-		rte_mempool_put(mempool, (void *)ic_session);
 		return -ENOTSUP;
 	}
 	aead_xform = &conf->crypto_xform->aead;
@@ -376,7 +369,6 @@  txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_DECRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	} else {
@@ -384,7 +376,6 @@  txgbe_crypto_create_session(void *device,
 			ic_session->op = TXGBE_OP_AUTHENTICATED_ENCRYPTION;
 		} else {
 			PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -ENOTSUP;
 		}
 	}
@@ -396,12 +387,9 @@  txgbe_crypto_create_session(void *device,
 	ic_session->spi = conf->ipsec.spi;
 	ic_session->dev = eth_dev;
 
-	set_sec_session_private_data(session, ic_session);
-
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		if (txgbe_crypto_add_sa(ic_session)) {
 			PMD_DRV_LOG(ERR, "Failed to add SA\n");
-			rte_mempool_put(mempool, (void *)ic_session);
 			return -EPERM;
 		}
 	}
@@ -416,14 +404,11 @@  txgbe_crypto_session_get_size(__rte_unused void *device)
 }
 
 static int
-txgbe_crypto_remove_session(void *device,
-		struct rte_security_session *session)
+txgbe_crypto_remove_session(void *device, void *session)
 {
 	struct rte_eth_dev *eth_dev = device;
 	struct txgbe_crypto_session *ic_session =
-		(struct txgbe_crypto_session *)
-		get_sec_session_private_data(session);
-	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+		(struct txgbe_crypto_session *)session;
 
 	if (eth_dev != ic_session->dev) {
 		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
@@ -435,8 +420,6 @@  txgbe_crypto_remove_session(void *device,
 		return -EFAULT;
 	}
 
-	rte_mempool_put(mempool, (void *)ic_session);
-
 	return 0;
 }
 
@@ -456,12 +439,11 @@  txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
 }
 
 static int
-txgbe_crypto_update_mb(void *device __rte_unused,
-		struct rte_security_session *session,
-		       struct rte_mbuf *m, void *params __rte_unused)
+txgbe_crypto_update_mb(void *device __rte_unused, void *session,
+		struct rte_mbuf *m, void *params __rte_unused)
 {
-	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(session);
+	struct txgbe_crypto_session *ic_session = session;
+
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
 		union txgbe_crypto_tx_desc_md *mdata =
 			(union txgbe_crypto_tx_desc_md *)
@@ -661,8 +643,10 @@  txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 				      const void *ip_spec,
 				      uint8_t is_ipv6)
 {
+	uint64_t sess_ptr = (uint64_t)sess;
 	struct txgbe_crypto_session *ic_session =
-			get_sec_session_private_data(sess);
+			(struct txgbe_crypto_session *)sess_ptr;
+	/* TODO: A proper fix need to be added to remove above typecasting. */
 
 	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
 		if (is_ipv6) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 6817139663..03d907cba8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -117,8 +117,7 @@  create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 			set_ipsec_conf(sa, &(sess_conf.ipsec));
 
 			ips->security.ses = rte_security_session_create(ctx,
-					&sess_conf, ipsec_ctx->session_pool,
-					ipsec_ctx->session_priv_pool);
+					&sess_conf, ipsec_ctx->session_pool);
 			if (ips->security.ses == NULL) {
 				RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -199,8 +198,7 @@  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-				&sess_conf, skt_ctx->session_pool,
-				skt_ctx->session_priv_pool);
+				&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
@@ -380,8 +378,7 @@  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		sess_conf.userdata = (void *) sa;
 
 		ips->security.ses = rte_security_session_create(sec_ctx,
-					&sess_conf, skt_ctx->session_pool,
-					skt_ctx->session_priv_pool);
+					&sess_conf, skt_ctx->session_pool);
 		if (ips->security.ses == NULL) {
 			RTE_LOG(ERR, IPSEC,
 				"SEC Session init failed: err: %d\n", ret);
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index fe81ed3e4c..06560b9cba 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,35 +39,37 @@  rte_security_dynfield_register(void)
 	return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp)
+			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
 	RTE_PTR_OR_ERR_RET(mp, NULL);
-	RTE_PTR_OR_ERR_RET(priv_mp, NULL);
+
+	if (mp->elt_size < sizeof(struct rte_security_session) +
+			instance->ops->session_get_size(instance->device))
+		return NULL;
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
 	if (instance->ops->session_create(instance->device, conf,
-				sess, priv_mp)) {
+				sess->sess_private_data)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
 	instance->sess_cnt++;
 
-	return sess;
+	return sess->sess_private_data;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -88,8 +90,7 @@  rte_security_session_get_size(struct rte_security_ctx *instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
-			       struct rte_security_stats *stats)
+			       void *sess, struct rte_security_stats *stats)
 {
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
 			-ENOTSUP);
@@ -100,9 +101,9 @@  rte_security_session_stats_get(struct rte_security_ctx *instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
+	struct rte_security_session *s;
 	int ret;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -113,7 +114,8 @@  rte_security_session_destroy(struct rte_security_ctx *instance,
 	if (ret != 0)
 		return ret;
 
-	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+	s = container_of(sess, struct rte_security_session, sess_private_data);
+	rte_mempool_put(rte_mempool_from_obj(s), (void *)s);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -123,7 +125,7 @@  rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-				struct rte_security_session *sess,
+				void *sess,
 				struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c0ea13892e..2c8e78c4c7 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -491,10 +491,12 @@  struct rte_security_session_conf {
 };
 
 struct rte_security_session {
-	void *sess_private_data;
-	/**< Private session material */
 	uint64_t opaque_data;
 	/**< Opaque user defined data */
+	uint64_t fast_mdata;
+	/**< Fast metadata to be used for inline path */
+	__extension__ void *sess_private_data[0];
+	/**< Private session material */
 };
 
 /**
@@ -508,11 +510,10 @@  struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
-			    struct rte_mempool *mp,
-			    struct rte_mempool *priv_mp);
+			    struct rte_mempool *mp);
 
 /**
  * Update security session as specified by the session configuration
@@ -527,7 +528,7 @@  rte_security_session_create(struct rte_security_ctx *instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-			    struct rte_security_session *sess,
+			    void *sess,
 			    struct rte_security_session_conf *conf);
 
 /**
@@ -558,7 +559,7 @@  rte_security_session_get_size(struct rte_security_ctx *instance);
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-			     struct rte_security_session *sess);
+			     void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -604,7 +605,7 @@  static inline bool rte_security_dynfield_is_registered(void)
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-					   struct rte_security_session *sess,
+					   void *sess,
 					   struct rte_mbuf *m, void *params);
 
 /**
@@ -622,13 +623,13 @@  extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
+			      void *sess,
 			      struct rte_mbuf *mb, void *params)
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
 		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess->sess_private_data);
+			(rte_security_dynfield_t)(sess);
 		return 0;
 	}
 
@@ -678,26 +679,13 @@  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
  */
 static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-			      struct rte_security_session *sess)
+			      void *sess)
 {
 	sym_op->sec_session = sess;
 
 	return 0;
 }
 
-static inline void *
-get_sec_session_private_data(const struct rte_security_session *sess)
-{
-	return sess->sess_private_data;
-}
-
-static inline void
-set_sec_session_private_data(struct rte_security_session *sess,
-			     void *private_data)
-{
-	sess->sess_private_data = private_data;
-}
-
 /**
  * Attach a session to a crypto operation.
  * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
@@ -708,8 +696,7 @@  set_sec_session_private_data(struct rte_security_session *sess,
  * @param	sess	security session
  */
 static inline int
-rte_security_attach_session(struct rte_crypto_op *op,
-			    struct rte_security_session *sess)
+rte_security_attach_session(struct rte_crypto_op *op, void *sess)
 {
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -EINVAL;
@@ -771,7 +758,7 @@  struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-			       struct rte_security_session *sess,
+			       void *sess,
 			       struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index b0253e962e..5a177d72d7 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -35,8 +35,7 @@  extern "C" {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		struct rte_security_session *sess,
-		struct rte_mempool *mp);
+		void *sess);
 
 /**
  * Free driver private session data.
@@ -44,8 +43,7 @@  typedef int (*security_session_create_t)(void *device,
  * @param	device		Crypto/eth device pointer
  * @param	sess		Security session structure
  */
-typedef int (*security_session_destroy_t)(void *device,
-		struct rte_security_session *sess);
+typedef int (*security_session_destroy_t)(void *device, void *sess);
 
 /**
  * Update driver private session data.
@@ -60,8 +58,7 @@  typedef int (*security_session_destroy_t)(void *device,
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
  */
 typedef int (*security_session_update_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_session_conf *conf);
+		void *sess, struct rte_security_session_conf *conf);
 
 /**
  * Get the size of a security session
@@ -86,8 +83,7 @@  typedef unsigned int (*security_session_get_size)(void *device);
  *  - Returns -EINVAL if session parameters are invalid.
  */
 typedef int (*security_session_stats_get_t)(void *device,
-		struct rte_security_session *sess,
-		struct rte_security_stats *stats);
+		void *sess, struct rte_security_stats *stats);
 
 __rte_internal
 int rte_security_dynfield_register(void);
@@ -96,7 +92,7 @@  int rte_security_dynfield_register(void);
  * Update the mbuf with provided metadata.
  *
  * @param	device		Crypto/eth device pointer
- * @param	sess		Security session structure
+ * @param	sess		Security session
  * @param	mb		Packet buffer
  * @param	params		Metadata
  *
@@ -105,7 +101,7 @@  int rte_security_dynfield_register(void);
  *  - Returns -ve value for errors.
  */
 typedef int (*security_set_pkt_metadata_t)(void *device,
-		struct rte_security_session *sess, struct rte_mbuf *mb,
+		void *sess, struct rte_mbuf *mb,
 		void *params);
 
 /**