From patchwork Mon Oct 18 21:34:46 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 102097
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 2A04EA0C52;
	Mon, 18 Oct 2021 23:35:29 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 7277640DDE;
	Mon, 18 Oct 2021 23:35:26 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 05BB740142
 for <dev@dpdk.org>; Mon, 18 Oct 2021 23:35:24 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 19IK0Kpj000865;
 Mon, 18 Oct 2021 14:35:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=Hb4Ma0wiyiAdg2nC135LTGLSjV5D5TusMl0xRxQOiJQ=;
 b=UJsi0JghxlsVzalULv7n0N2HpKmO2nBXbaYUOfyqgSCMQtMuMHJoSAAhJUeDA/GYyxYn
 KfoEnahqTDQwe5hujW2lyxMWmuqK4S2tDaqKgwwXcW5H8SdmyYHzXSvnSBYLu2hf8eUw
 7XRgf3flAr6yT948z5t7IZSq1EK9mlCs1rNoAmMspKI2rKAITSuWhsRWmW9tpgBCZSrc
 Abki1B/4fuCUM7SVxbax2pEIIUepe+o+69RhU7HjTtQqYP/NWs5PYdDj8iHHDp1yPEUl
 ozMuYHYSDOy2+hNQ95XVnjkJYlFB+JDwEKoTzyAkqqiICm80tFDget0zPkzjHNMcj6Cp iA==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0b-0016f401.pphosted.com with ESMTP id 3bsfk489q0-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Mon, 18 Oct 2021 14:35:18 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18;
 Mon, 18 Oct 2021 14:35:16 -0700
Received: from maili.marvell.com (10.68.76.51) by dc5-exch01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Mon, 18 Oct 2021 14:35:16 -0700
Received: from localhost.localdomain (unknown [10.28.36.185])
 by maili.marvell.com (Postfix) with ESMTP id 35AF75E6863;
 Mon, 18 Oct 2021 14:35:09 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <david.marchand@redhat.com>,
 <hemant.agrawal@nxp.com>, <anoobj@marvell.com>,
 <pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>,
 <declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>,
 <roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>,
 <asomalap@amd.com>, <ruifeng.wang@arm.com>,
 <konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>,
 <ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>,
 <adwivedi@marvell.com>, <ciara.power@intel.com>,
 <haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>,
 <jianwang@trustnetic.com>, Akhil Goyal <gakhil@marvell.com>
Date: Tue, 19 Oct 2021 03:04:46 +0530
Message-ID: <20211018213452.2734720-3-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20211018213452.2734720-1-gakhil@marvell.com>
References: <20211013192222.1582631-2-gakhil@marvell.com>
 <20211018213452.2734720-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: x3-dB3u5mCOkmzC3aC9jjA1AwoADterA
X-Proofpoint-GUID: x3-dB3u5mCOkmzC3aC9jjA1AwoADterA
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-10-18_07,2021-10-18_01,2020-04-07_01
Subject: [dpdk-dev] [PATCH v3 2/8] security: hide security session struct
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

rte_security_session struct is now hidden in the library.
application can access the opaque data and fast_mdata
using the set/get APIs introduced in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 11 ++----
 doc/guides/rel_notes/deprecation.rst   |  4 --
 doc/guides/rel_notes/release_21_11.rst |  7 ++++
 lib/ipsec/rte_ipsec.h                  |  2 +-
 lib/ipsec/rte_ipsec_group.h            |  5 ++-
 lib/ipsec/ses.c                        |  3 +-
 lib/security/rte_security.h            | 54 +++++++++++++++++++++-----
 lib/security/rte_security_driver.h     | 13 +++++++
 8 files changed, 74 insertions(+), 25 deletions(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index ad92c16868..af8f68d0e3 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -543,14 +543,11 @@ and this allows further acceleration of the offload of Crypto workloads.
 
 The Security framework provides APIs to create and free sessions for crypto/ethernet
 devices, where sessions are mempool objects. It is the application's responsibility
-to create and manage two session mempools - one for session and other for session
-private data. The private session data mempool object size should be able to
-accommodate the driver's private data of security session. The application can get
-the size of session private data using API ``rte_security_session_get_size``.
-And the session mempool object size should be enough to accommodate
-``rte_security_session``.
+to create and manage session mempool big enough for session and session
+private data. The application can get the size of session private data using API
+``rte_security_session_get_size``.
 
-Once the session mempools have been created, ``rte_security_session_create()``
+Once the session mempool has been created, ``rte_security_session_create()``
 is used to allocate and initialize a session for the required crypto/ethernet device.
 
 Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 73350e2a69..3add00a8be 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -179,10 +179,6 @@ Deprecation Notices
   session and the private data of session. An opaque pointer can be exposed
   directly to application which can be attached to the ``rte_crypto_op``.
 
-* security: Hide structure ``rte_security_session`` and expose an opaque
-  pointer for the private data to the application which can be attached
-  to the packet while enqueuing.
-
 * eventdev: The file ``rte_eventdev_pmd.h`` will be renamed to ``eventdev_driver.h``
   to make the driver interface as internal and the structures ``rte_eventdev_data``,
   ``rte_eventdev`` and ``rte_eventdevs`` will be moved to a new file named
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 1f3f777c0f..7f1872167e 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -281,6 +281,13 @@ API Changes
 * cryptodev: The structure ``rte_crypto_sym_vec`` was updated to add
   ``dest_sgl`` to support out of place processing.
 
+* security: The structure ``rte_security_session`` was moved to rte_security_driver.h
+  and was hidden from the application. The APIs to create and destroy session were
+  updated to take a single mempool with element size enough to hold session data
+  and session private data. Inline APIs are created to get and set the session data.
+  All sample applications were updated to attach an opaque pointer for the session
+  to the ``rte_crypto_op`` while enqueuing.
+
 * bbdev: Added device info related to data byte endianness processing.
 
 
diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index 5308f250a7..163a2d72b9 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -70,7 +70,7 @@ struct rte_ipsec_session {
 			uint8_t dev_id;
 		} crypto;
 		struct {
-			struct rte_security_session *ses;
+			void *ses;
 			struct rte_security_ctx *ctx;
 			uint32_t ol_flags;
 		} security;
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index ea3bdfad95..0cc5fedbf1 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,12 +44,13 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
+	void *ss;
 	const struct rte_cryptodev_sym_session *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
-		return (void *)(uintptr_t)ss->opaque_data;
+		return (void *)(uintptr_t)
+			rte_security_session_opaque_data_get(ss);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
 		return (void *)(uintptr_t)cs->opaque_data;
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..b12114269f 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -47,7 +47,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
 		ss->crypto.ses->opaque_data = (uintptr_t)ss;
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses,
+				(uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index c5ceb3b588..912c79690d 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -508,14 +508,47 @@ struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	__extension__ void *sess_private_data[0];
-	/**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
 
 /**
  * Create security session as specified by the session configuration
@@ -646,8 +679,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess);
+		uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
 		return 0;
 	}
 
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 5a177d72d7..13f2f9da32 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,19 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	/** Opaque user defined data */
+	uint64_t opaque_data;
+	/** Fast metadata to be used for inline path */
+	uint64_t fast_mdata;
+	/** Private session material */
+	__extension__ void *sess_private_data[0];
+};
+
 /**
  * Configure a security session on a device.
  *