diff mbox series

[v2,4/7] security: pass session iova in PMD sess create

Message ID 20211013192222.1582631-5-gakhil@marvell.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series crypto/security session framework rework | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Akhil Goyal Oct. 13, 2021, 7:22 p.m. UTC
Some PMDs need session physical address which can be passed
to the hardware. But since security_session_create
does not allow PMD to get mempool object, the PMD cannot
call rte_mempool_virt2iova().
Hence the library layer need to calculate the iova for session
private data and pass it to the PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_ipsec.c                         |  3 +-
 app/test/test_security.c                      |  5 +--
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  2 +-
 drivers/crypto/caam_jr/caam_jr.c              |  3 +-
 drivers/crypto/cnxk/cn10k_ipsec.c             |  2 +-
 drivers/crypto/cnxk/cn9k_ipsec.c              | 35 +++++++++++--------
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  3 +-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 33 +++++++++--------
 drivers/crypto/qat/qat_sym_session.c          | 10 +++---
 drivers/crypto/qat/qat_sym_session.h          |  2 +-
 drivers/net/cnxk/cn10k_ethdev_sec.c           |  2 +-
 drivers/net/cnxk/cn9k_ethdev_sec.c            |  2 +-
 drivers/net/ixgbe/ixgbe_ipsec.c               |  2 +-
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  3 +-
 drivers/net/txgbe/txgbe_ipsec.c               |  2 +-
 lib/security/rte_security.c                   |  6 +++-
 lib/security/rte_security_driver.h            |  4 +--
 18 files changed, 71 insertions(+), 51 deletions(-)
diff mbox series

Patch

diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 2ffa2a8e79..3b49a0b13a 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -148,11 +148,12 @@  const struct supported_auth_algo auth_algos[] = {
 
 static int
 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
-	void *sess)
+	void *sess, rte_iova_t sess_iova)
 {
 	RTE_SET_USED(device);
 	RTE_SET_USED(conf);
 	RTE_SET_USED(sess);
+	RTE_SET_USED(sess_iova);
 	return 0;
 }
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index 1cea756880..50981f62fa 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -246,9 +246,10 @@  static struct mock_session_create_data {
 static int
 mock_session_create(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess)
+		void *sess,
+		rte_iova_t sess_iova)
 {
-
+	RTE_SET_USED(sess_iova);
 	mock_session_create_exp.called++;
 
 	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 39c67e3952..8ae6d18f36 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -1056,7 +1056,7 @@  struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
  */
 static int
 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
-			     void *sess)
+			     void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index ce7a100778..0567f1e066 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1909,7 +1909,8 @@  caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 static int
 caam_jr_security_session_create(void *dev,
 				struct rte_security_session_conf *conf,
-				void *sess)
+				void *sess,
+				rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 425fe599e0..b0dcd71e35 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -200,7 +200,7 @@  cn10k_ipsec_session_create(void *dev,
 
 static int
 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			 void *sess)
+			 void *sess, rte_iova_t sess_iova __rte_unused)
 {
 	struct cn10k_sec_session *priv = sess;
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index a602d38a11..b3d2f8c012 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -16,8 +16,8 @@ 
 #include "roc_api.h"
 
 static inline int
-cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
-		      uint8_t opcode, size_t ctx_len)
+cn9k_cpt_enq_sa_write(struct cnxk_cpt_qp *qp, uint8_t opcode,
+		      size_t ctx_len, rte_iova_t sess_iova)
 {
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
 	uint64_t lmtline = qp->lmtline.lmt_base;
@@ -39,9 +39,9 @@  cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
 	inst.w4.s.param1 = 0;
 	inst.w4.s.param2 = 0;
 	inst.w4.s.dlen = ctx_len;
-	inst.dptr = rte_mempool_virt2iova(sa);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.w7.s.cptr = rte_mempool_virt2iova(sa);
+	inst.w7.s.cptr = sess_iova;
 	inst.w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
 
 	inst.w0.u64 = 0;
@@ -275,7 +275,8 @@  static int
 cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_security_ipsec_xform *ipsec,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
 	struct roc_ie_on_ip_template *template = NULL;
@@ -409,18 +410,20 @@  cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(out_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND,
+		ctx_len, sess_iova);
 }
 
 static int
 cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 			 struct rte_security_ipsec_xform *ipsec,
 			 struct rte_crypto_sym_xform *crypto_xform,
-			 struct cn9k_sec_session *sess)
+			 struct cn9k_sec_session *sess,
+			 rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform = crypto_xform;
 	struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
@@ -474,11 +477,12 @@  cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 
 	w7.u64 = 0;
 	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-	w7.s.cptr = rte_mempool_virt2iova(in_sa);
+	w7.s.cptr = sess_iova;
 	inst_tmpl->w7 = w7.u64;
 
 	return cn9k_cpt_enq_sa_write(
-		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len);
+		qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND,
+		ctx_len, sess_iova);
 }
 
 static inline int
@@ -497,7 +501,8 @@  static int
 cn9k_ipsec_session_create(void *dev,
 			  struct rte_security_ipsec_xform *ipsec_xform,
 			  struct rte_crypto_sym_xform *crypto_xform,
-			  struct cn9k_sec_session *sess)
+			  struct cn9k_sec_session *sess,
+			  rte_iova_t sess_iova)
 {
 	struct rte_cryptodev *crypto_dev = dev;
 	struct cnxk_cpt_qp *qp;
@@ -520,15 +525,15 @@  cn9k_ipsec_session_create(void *dev,
 
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform,
-						sess);
+						sess, sess_iova);
 	else
 		return cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform,
-						 sess);
+						 sess, sess_iova);
 }
 
 static int
 cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
-			void *sess)
+			void *sess, rte_iova_t sess_iova)
 {
 	struct cn9k_sec_session *priv = sess;
 
@@ -542,7 +547,7 @@  cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,
 	}
 
 	return cn9k_ipsec_session_create(device, &conf->ipsec,
-					conf->crypto_xform, priv);
+					conf->crypto_xform, priv, sess_iova);
 }
 
 static int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 176f1a27a0..15ea5de18d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3393,7 +3393,8 @@  dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
-				  void *sess)
+				  void *sess,
+				  rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 832b6e64ec..0497931c67 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -3114,7 +3114,8 @@  dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
 static int
 dpaa_sec_security_session_create(void *dev,
 				 struct rte_security_session_conf *conf,
-				 void *sess)
+				 void *sess,
+				 rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 56900e3187..5a8be84444 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -87,7 +87,8 @@  ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
 
 static int
 otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
-		      struct otx2_cpt_qp *qptr, uint8_t opcode)
+		      struct otx2_cpt_qp *qptr, uint8_t opcode,
+		      rte_iova_t sess_iova)
 {
 	uint64_t lmt_status, time_out;
 	void *lmtline = qptr->lmtline;
@@ -107,9 +108,9 @@  otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
 	inst.param1 = 0;
 	inst.param2 = 0;
 	inst.dlen = lp->ctx_len << 3;
-	inst.dptr = rte_mempool_virt2iova(lp);
+	inst.dptr = sess_iova;
 	inst.rptr = 0;
-	inst.cptr = rte_mempool_virt2iova(lp);
+	inst.cptr = sess_iova;
 	inst.egrp  = OTX2_CPT_EGRP_SE;
 
 	inst.u64[0] = 0;
@@ -203,7 +204,8 @@  static int
 crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				     struct rte_security_ipsec_xform *ipsec,
 				     struct rte_crypto_sym_xform *crypto_xform,
-				     struct otx2_sec_session *sess)
+				     struct otx2_sec_session *sess,
+				     rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	struct otx2_ipsec_po_ip_template *template = NULL;
@@ -379,7 +381,7 @@  crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -389,14 +391,15 @@  crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				    auth_xform, cipher_xform);
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 				    struct rte_security_ipsec_xform *ipsec,
 				    struct rte_crypto_sym_xform *crypto_xform,
-				    struct otx2_sec_session *sess)
+				    struct otx2_sec_session *sess,
+				    rte_iova_t sess_iova)
 {
 	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
 	const uint8_t *cipher_key, *auth_key;
@@ -473,7 +476,7 @@  crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 
 	inst.u64[7] = 0;
 	inst.egrp = OTX2_CPT_EGRP_SE;
-	inst.cptr = rte_mempool_virt2iova(sa);
+	inst.cptr = sess_iova;
 
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
@@ -501,14 +504,15 @@  crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	}
 
 	return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
-				     OTX2_IPSEC_PO_WRITE_IPSEC_INB);
+				     OTX2_IPSEC_PO_WRITE_IPSEC_INB, sess_iova);
 }
 
 static int
 crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 				struct rte_security_ipsec_xform *ipsec,
 				struct rte_crypto_sym_xform *crypto_xform,
-				struct otx2_sec_session *sess)
+				struct otx2_sec_session *sess,
+				rte_iova_t sess_iova)
 {
 	int ret;
 
@@ -523,16 +527,17 @@  crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
 
 	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
 		return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,
-							   crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 	else
 		return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,
-							    crypto_xform, sess);
+						crypto_xform, sess, sess_iova);
 }
 
 static int
 otx2_crypto_sec_session_create(void *device,
 			       struct rte_security_session_conf *conf,
-			       void *sess)
+			       void *sess,
+			       rte_iova_t sess_iova)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
@@ -548,7 +553,7 @@  otx2_crypto_sec_session_create(void *device,
 	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
 		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
 						      conf->crypto_xform,
-						      priv);
+						      priv, sess_iova);
 	else
 		ret = -ENOTSUP;
 
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 2a22347c7f..2c0e44dff4 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2232,7 +2232,8 @@  qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
 
 static int
 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
-		struct rte_security_session_conf *conf, void *session_private)
+		struct rte_security_session_conf *conf, void *session_private,
+		rte_iova_t session_paddr)
 {
 	int ret;
 	int qat_cmd_id;
@@ -2251,7 +2252,6 @@  qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	xform = conf->crypto_xform;
 
 	/* Verify the session physical address is known */
-	rte_iova_t session_paddr = rte_mempool_virt2iova(session);
 	if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
 		QAT_LOG(ERR,
 			"Session physical address unknown. Bad memory pool.");
@@ -2282,8 +2282,8 @@  qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 
 int
 qat_security_session_create(void *dev,
-				struct rte_security_session_conf *conf,
-				void *sess_private_data)
+			struct rte_security_session_conf *conf,
+			void *sess_private_data, rte_iova_t sess_priv_iova)
 {
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
@@ -2295,7 +2295,7 @@  qat_security_session_create(void *dev,
 	}
 
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
-			sess_private_data);
+			sess_private_data, sess_priv_iova);
 	if (ret != 0) {
 		QAT_LOG(ERR, "Failed to configure session parameters");
 		return ret;
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index 7fcc1d6f7b..b93dc549ef 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -166,7 +166,7 @@  qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
 #ifdef RTE_LIB_SECURITY
 int
 qat_security_session_create(void *dev, struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 int
 qat_security_session_destroy(void *dev, void *sess);
 #endif
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 3d0f4044d9..ee0847e35c 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,7 +228,7 @@  cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     void *sess_priv)
+			     void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 8a6fa75b37..7c10339295 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,7 +137,7 @@  ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess_priv)
+			    void *sess_priv, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index cd54a3beee..f2d4cfa2ba 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -369,7 +369,7 @@  ixgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 ixgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct ixgbe_crypto_session *ic_session = session;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index ef851fe52c..c1901f8f34 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -638,7 +638,8 @@  eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,
 static int
 otx2_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    void *sess)
+			    void *sess,
+			    rte_iova_t sess_iova __rte_unused)
 {
 	struct otx2_sec_session *priv = sess;
 	int ret;
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 444da5b8f3..6187e84063 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -349,7 +349,7 @@  txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
-		void *session)
+		void *session, rte_iova_t sess_iova __rte_unused)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct txgbe_crypto_session *ic_session = session;
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 06560b9cba..93eaf395bb 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -45,6 +45,7 @@  rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_mempool *mp)
 {
 	struct rte_security_session *sess = NULL;
+	rte_iova_t sess_priv_iova;
 
 	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
 	RTE_PTR_OR_ERR_RET(conf, NULL);
@@ -57,8 +58,11 @@  rte_security_session_create(struct rte_security_ctx *instance,
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
 
+	sess_priv_iova = rte_mempool_virt2iova(sess) +
+		offsetof(struct rte_security_session, sess_private_data);
+
 	if (instance->ops->session_create(instance->device, conf,
-				sess->sess_private_data)) {
+				sess->sess_private_data, sess_priv_iova)) {
 		rte_mempool_put(mp, (void *)sess);
 		return NULL;
 	}
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 13f2f9da32..04c418a893 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -38,7 +38,7 @@  struct rte_security_session {
  * @param	device		Crypto/eth device pointer
  * @param	conf		Security session configuration
  * @param	sess		Pointer to Security private session structure
- * @param	mp		Mempool where the private session is allocated
+ * @param	sess_iova	Private session IOVA
  *
  * @return
  *  - Returns 0 if private session structure have been created successfully.
@@ -48,7 +48,7 @@  struct rte_security_session {
  */
 typedef int (*security_session_create_t)(void *device,
 		struct rte_security_session_conf *conf,
-		void *sess);
+		void *sess, rte_iova_t sess_iova);
 
 /**
  * Free driver private session data.