From patchwork Sun Oct 2 18:55:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 117252 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7C168A0093; Sun, 2 Oct 2022 20:56:31 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6B08C40F19; Sun, 2 Oct 2022 20:56:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1F22540146 for ; Sun, 2 Oct 2022 20:56:29 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 292Irv9p013830; Sun, 2 Oct 2022 11:56:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Eh3AMSk8aXGYFHSYzV6nFOzX/JK0HiZ4mhiyN2i637A=; b=dN1zif0xJsd9QramObuYOcV9jhVY6+/FcOFvYxGhtT4DLe7u0O2EhPK7pLr8i3+m8Nbj wjwHr7ESLCo/vEKQl34iyff23H5k1SxXvi1a5pFjPKsRAp5WgLs1aTlWmYPyYReQW8gI Jpskd1gSBsa2iEd6UT0SbnYuWSAh60B7TQt+nRG0eTIhj7bIRk7cmrRPhfUOp+4xvAyp bvUSvV1wuVoBn3Qn6NdmIELEv2uB1LOpY5ndBb4QmlnZPBirBylak311VwGnH9JqZVVt v+Tal84Cu0rGU55+kPQkb7JMYmnmTnKeJOuP5tI0B7G4nVXbeq/VcAAqE/eDx1DMFLZ+ aA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jxjwqugr2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 02 Oct 2022 11:56:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 2 Oct 2022 11:56:23 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 2 Oct 2022 11:56:23 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id A947B3F7059; Sun, 2 Oct 2022 11:56:13 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Akhil Goyal , David Coyle , Kevin O'Sullivan Subject: [PATCH v5 6/6] security: hide session structure Date: Mon, 3 Oct 2022 00:25:11 +0530 Message-ID: <20221002185511.2669151-7-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221002185511.2669151-1-gakhil@marvell.com> References: <20221002185511.2669151-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: zO49r2SFRV_EIcsegXBcKVlQ9oy6ysZt X-Proofpoint-GUID: zO49r2SFRV_EIcsegXBcKVlQ9oy6ysZt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-10-02_01,2022-09-29_03,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Structure rte_security_session is moved to internal headers which are not visible to applications. The only field which should be used by app is opaque_data. This field can now be accessed via set/get APIs added in this patch. Subsequent changes in app and lib are made to compile the code. Signed-off-by: Akhil Goyal Tested-by: Gagandeep Singh Tested-by: David Coyle Tested-by: Kevin O'Sullivan --- app/test-crypto-perf/cperf_ops.c | 6 +- .../cperf_test_pmd_cyclecount.c | 2 +- app/test-crypto-perf/cperf_test_throughput.c | 2 +- app/test/test_cryptodev.c | 2 +- app/test/test_cryptodev_security_ipsec.c | 2 +- app/test/test_cryptodev_security_ipsec.h | 2 +- app/test/test_security.c | 32 ++++---- app/test/test_security_inline_proto.c | 10 +-- doc/guides/rel_notes/deprecation.rst | 4 - doc/guides/rel_notes/release_22_11.rst | 5 ++ drivers/crypto/caam_jr/caam_jr.c | 2 +- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 6 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 +- drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 4 +- drivers/crypto/qat/qat_sym.c | 4 +- drivers/crypto/qat/qat_sym.h | 4 +- drivers/net/iavf/iavf_ipsec_crypto.h | 2 +- examples/ipsec-secgw/ipsec_worker.c | 2 +- lib/cryptodev/rte_crypto_sym.h | 4 +- lib/ipsec/rte_ipsec_group.h | 12 +-- lib/ipsec/ses.c | 2 +- lib/security/rte_security.c | 13 ++- lib/security/rte_security.h | 80 ++++++++++++------- lib/security/rte_security_driver.h | 18 +++++ 26 files changed, 137 insertions(+), 97 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 727eee6599..61a3967697 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, for (i = 0; i < nb_ops; i++) { struct rte_crypto_sym_op *sym_op = ops[i]->sym; - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; + void *sec_sess = (void *)sess; uint32_t buf_sz; uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i], @@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops, uint16_t iv_offset __rte_unused, uint32_t *imix_idx, uint64_t *tsc_start) { - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; + void *sec_sess = sess; const uint32_t test_buffer_size = options->test_buffer_size; const uint32_t headroom_sz = options->headroom_sz; const uint32_t segment_sz = options->segment_sz; diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index aa2654250f..0307e82996 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -71,7 +71,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } else #endif rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess); diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index db89b7ddff..e892a70699 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -49,7 +49,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy( sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } #endif else diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9708fc87d2..c6d47a035e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -84,7 +84,7 @@ struct crypto_unittest_params { union { void *sess; #ifdef RTE_LIB_SECURITY - struct rte_security_session *sec_session; + void *sec_session; #endif }; #ifdef RTE_LIB_SECURITY diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 3f691f0f56..cb77b39dbb 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, int test_ipsec_stats_verify(struct rte_security_ctx *ctx, - struct rte_security_session *sess, + void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) { diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index acbb75d59d..67b783e637 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -279,7 +279,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td, int pkt_num); int test_ipsec_stats_verify(struct rte_security_ctx *ctx, - struct rte_security_session *sess, + void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); diff --git a/app/test/test_security.c b/app/test/test_security.c index 7467211673..5e50a67c53 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -234,7 +234,7 @@ static struct mock_session_create_data { void *device; struct rte_security_session_conf *conf; - struct rte_security_session *sess; + void *sess; struct rte_mempool *mp; struct rte_mempool *priv_mp; @@ -268,7 +268,7 @@ mock_session_create(void *device, */ static struct mock_session_update_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_session_conf *conf; int ret; @@ -322,7 +322,7 @@ mock_session_get_size(void *device) */ static struct mock_session_stats_get_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_stats *stats; int ret; @@ -352,7 +352,7 @@ mock_session_stats_get(void *device, */ static struct mock_session_destroy_data { void *device; - struct rte_security_session *sess; + void *sess; int ret; @@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess) */ static struct mock_set_pkt_metadata_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_mbuf *m; void *params; @@ -475,7 +475,7 @@ static struct security_testsuite_params { static struct security_unittest_params { struct rte_security_ctx ctx; struct rte_security_session_conf conf; - struct rte_security_session *sess; + void *sess; } unittest_params = { .ctx = { .device = NULL, @@ -610,7 +610,7 @@ ut_setup_with_session(void) { struct security_unittest_params *ut_params = &unittest_params; struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; int ret = ut_setup(); if (ret != TEST_SUCCESS) @@ -661,7 +661,7 @@ test_session_create_inv_context(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(NULL, &ut_params->conf, ts_params->session_mpool); @@ -683,7 +683,7 @@ test_session_create_inv_context_ops(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = NULL; @@ -707,7 +707,7 @@ test_session_create_inv_context_ops_fun(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = &empty_ops; @@ -730,7 +730,7 @@ test_session_create_inv_configuration(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, NULL, ts_params->session_mpool); @@ -751,7 +751,7 @@ static int test_session_create_inv_mempool(void) { struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, @@ -772,8 +772,8 @@ test_session_create_mempool_empty(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; - struct rte_security_session *sess; + void *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *sess; /* Get all available objects from mempool. */ int i, ret; @@ -813,7 +813,7 @@ test_session_create_ops_failure(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; @@ -839,7 +839,7 @@ test_session_create_success(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index ee13c55dd6..f54cc90322 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; /* Create Inline IPsec session */ static int create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, - struct rte_security_session **sess, struct rte_security_ctx **ctx, + void **sess, struct rte_security_ctx **ctx, uint32_t *ol_flags, const struct ipsec_test_flags *flags, struct rte_security_session_conf *sess_conf) { @@ -695,8 +695,8 @@ static int test_ipsec_with_reassembly(struct reassembly_vector *vector, const struct ipsec_test_flags *flags) { - struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; - struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; + void *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; + void *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; struct rte_eth_ip_reassembly_params reass_capa = {0}; struct rte_security_session_conf sess_conf_out = {0}; struct rte_security_session_conf sess_conf_in = {0}; @@ -1032,12 +1032,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; struct sa_expiry_vector vector = {0}; - struct rte_security_session *ses; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; uint32_t ol_flags; int i, j = 0, ret; bool outer_ipv4; + void *ses; memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * nb_pkts); @@ -1301,7 +1301,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], struct rte_mbuf *rx_pkt = NULL; struct rte_mbuf *tx_pkt = NULL; int nb_rx, nb_sent; - struct rte_security_session *ses; + void *ses; struct rte_security_ctx *ctx; uint32_t ol_flags; bool outer_ipv4; diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index cc94014bf3..80ec8ba01d 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -129,10 +129,6 @@ Deprecation Notices which got error interrupt to the application, so that application can reset that particular queue pair. -* security: Hide structure ``rte_security_session`` and expose an opaque - pointer for the private data to the application which can be attached - to the packet while enqueuing. - * eventdev: The function pointer declaration ``eventdev_stop_flush_t`` will be renamed to ``rte_eventdev_stop_flush_t`` in DPDK 22.11. diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst index 6c33327c2f..788137ec60 100644 --- a/doc/guides/rel_notes/release_22_11.rst +++ b/doc/guides/rel_notes/release_22_11.rst @@ -258,6 +258,11 @@ API Changes All sample applications were updated to attach an opaque pointer for the session to the ``rte_crypto_op`` while enqueuing. +* security: The structure ``rte_security_session`` was made internal and corresponding + APIs were updated to take/return an opaque session pointer. The API + ``rte_security_session_create`` was updated to take only one mempool which has enough + space to hold session and driver private data. + * security: MACsec support is added which resulted in updates to structures ``rte_security_macsec_xform``, ``rte_security_macsec_stats`` and security capability structure ``rte_security_capability`` diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index 67d9bb89e5..b55258689b 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); break; case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ses = SECURITY_GET_SESS_PRIV(op->sym->session); break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index d911deef55..1d7a9e2952 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -122,7 +122,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session); + sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session); ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]); if (unlikely(ret)) return 0; @@ -338,7 +338,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op, struct cn10k_sec_session *priv; struct cn10k_ipsec_sa *sa; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; *qp = sa->qp; *w2 = sa->inst.w2; diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index b395f830b1..2ed298e01f 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn9k_ipsec_sa *sa; int ret; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { @@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op, struct cn9k_sec_session *priv; struct cn9k_ipsec_sa *sa; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; *qp = sa->qp; inst->w2.u64 = sa->inst.w2; @@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop, CPT_OP_FLAGS_IPSEC_INB_REPLAY)) { int ret; - priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session); + priv = SECURITY_GET_SESS_PRIV(sym_op->session); sa = &priv->sa; ret = ipsec_antireplay_check( diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 49f08f69f0..c25e40030b 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op, sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif else { DPAA2_SEC_DP_ERR("Session type invalid\n"); @@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) mbuf->buf_iova = op->sym->aead.digest.phys_addr; op->sym->aead.digest.phys_addr = 0L; - sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session); if (sess_priv->dir == DIR_ENC) mbuf->data_off += SEC_FLC_DHR_OUTBOUND; else @@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op) sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIBRTE_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif if (sess == NULL) diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 0df63aaf3f..b1e7027823 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -673,7 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp) sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIBRTE_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif if (sess == NULL) { printf("session is NULL\n"); @@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, break; #ifdef RTE_LIB_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ses = SECURITY_GET_SESS_PRIV(op->sym->session); break; #endif default: diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index fc9ee01124..8ec2364aa7 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return -1; } - session = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + session = SECURITY_GET_SESS_PRIV(op->sym->session); if (unlikely(session == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; @@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job) * this is for DOCSIS */ is_docsis_sec = 1; - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); } else #endif sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 6eca40276a..54c3d59a51 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ctx = SECURITY_GET_SESS_PRIV(op->sym->session); if (unlikely(!ctx)) { QAT_DP_LOG(ERR, "No session for this device"); return -EINVAL; @@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, } } - sess = (uintptr_t)op->sym->sec_session; + sess = (uintptr_t)op->sym->session; build_request = ctx->build_request[proc_type]; opaque[0] = sess; opaque[1] = (uintptr_t)build_request; diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index 033ec0de85..9a4251e08b 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops) op = (struct rte_crypto_op *)ops[i]; if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ctx = SECURITY_GET_SESS_PRIV(op->sym->session); if (ctx == NULL || ctx->bpi_ctx == NULL) continue; @@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie, * Assuming at this point that if it's a security * op, that this is for DOCSIS */ - sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(rx_op->sym->session); is_docsis_sec = 1; } else #endif diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h index 8ea0f9540e..49f9202aca 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.h +++ b/drivers/net/iavf/iavf_ipsec_crypto.h @@ -5,7 +5,7 @@ #ifndef _IAVF_IPSEC_CRYPTO_H_ #define _IAVF_IPSEC_CRYPTO_H_ -#include +#include #include "iavf.h" diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 5e69450d27..49b1b951f1 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -17,7 +17,7 @@ #endif struct port_drv_mode_data { - struct rte_security_session *sess; + void *sess; struct rte_security_ctx *ctx; }; diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h index 7781a013c9..bd59fe4d26 100644 --- a/lib/cryptodev/rte_crypto_sym.h +++ b/lib/cryptodev/rte_crypto_sym.h @@ -626,11 +626,9 @@ struct rte_crypto_sym_op { RTE_STD_C11 union { void *session; - /**< Handle for the initialised session context */ + /**< Handle for the initialised crypto/security session context */ struct rte_crypto_sym_xform *xform; /**< Session-less API crypto operation parameters */ - struct rte_security_session *sec_session; - /**< Handle for the initialised security session context */ }; RTE_STD_C11 diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h index a4e0e128f8..c6458ef81e 100644 --- a/lib/ipsec/rte_ipsec_group.h +++ b/lib/ipsec/rte_ipsec_group.h @@ -44,16 +44,16 @@ struct rte_ipsec_group { static inline struct rte_ipsec_session * rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) { - const struct rte_security_session *ss; - void *cs; + void *ses; if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ss = cop->sym[0].sec_session; - return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data; + ses = cop->sym[0].session; + return (struct rte_ipsec_session *)(uintptr_t) + rte_security_session_opaque_data_get(ses); } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - cs = cop->sym[0].session; + ses = cop->sym[0].session; return (struct rte_ipsec_session *)(uintptr_t) - rte_cryptodev_sym_session_opaque_data_get(cs); + rte_cryptodev_sym_session_opaque_data_get(ses); } return NULL; } diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c index 0d3c932302..d9ab1e6d2b 100644 --- a/lib/ipsec/ses.c +++ b/lib/ipsec/ses.c @@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss) rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses, (uintptr_t)ss); else - ss->security.ses->opaque_data = (uintptr_t)ss; + rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss); return 0; } diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index 7c0e86968b..29af5f3e4b 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -42,7 +42,7 @@ rte_security_dynfield_register(void) return rte_security_dynfield_offset; } -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp) @@ -72,12 +72,12 @@ rte_security_session_create(struct rte_security_ctx *instance, } instance->sess_cnt++; - return sess; + return (void *)sess; } int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, @@ -99,7 +99,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance) int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, @@ -111,8 +111,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess) +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { int ret; @@ -220,7 +219,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_ int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 07f3c2c365..4bacf9fcd9 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -673,20 +673,6 @@ struct rte_security_session_conf { /**< Application specific userdata to be saved with session */ }; -struct rte_security_session { - RTE_MARKER cacheline0; - uint64_t opaque_data; - /**< Opaque user defined data */ - uint64_t fast_mdata; - /**< Fast metadata to be used for inline path */ - rte_iova_t driver_priv_data_iova; - /**< session private data IOVA address */ - - RTE_MARKER cacheline1 __rte_cache_min_aligned; - uint8_t driver_priv_data[0]; - /**< Private session material, variable size (depends on driver) */ -}; - /** * Create security session as specified by the session configuration * @@ -697,7 +683,7 @@ struct rte_security_session { * - On success, pointer to session * - On failure, NULL */ -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp); @@ -715,7 +701,7 @@ rte_security_session_create(struct rte_security_ctx *instance, __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf); /** @@ -745,8 +731,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); * - other negative values in case of freeing private data errors. */ int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess); +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); /** * @warning @@ -863,10 +848,52 @@ static inline bool rte_security_dynfield_is_registered(void) return rte_security_dynfield_offset >= 0; } +#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 +#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 +/** + * Get opaque data from session handle + */ +static inline uint64_t +rte_security_session_opaque_data_get(void *sess) +{ + return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF); +} + +/** + * Set opaque data in session handle + */ +static inline void +rte_security_session_opaque_data_set(void *sess, uint64_t opaque) +{ + uint64_t *data; + data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF); + *data = opaque; +} + +/** + * Get fast mdata from session handle + */ +static inline uint64_t +rte_security_session_fast_mdata_get(void *sess) +{ + return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF); +} + +/** + * Set fast mdata in session handle + */ +static inline void +rte_security_session_fast_mdata_set(void *sess, uint64_t fdata) +{ + uint64_t *data; + data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF); + *data = fdata; +} + /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params); /** @@ -884,13 +911,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { - *rte_security_dynfield(mb) = - (rte_security_dynfield_t)(sess->fast_mdata); + *rte_security_dynfield(mb) = (rte_security_dynfield_t) + rte_security_session_fast_mdata_get(sess); return 0; } @@ -905,10 +932,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance, * @param sess security session */ static inline int -__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, - struct rte_security_session *sess) +__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess) { - sym_op->sec_session = sess; + sym_op->session = sess; return 0; } @@ -924,7 +950,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, */ static inline int rte_security_attach_session(struct rte_crypto_op *op, - struct rte_security_session *sess) + void *sess) { if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) return -EINVAL; @@ -1040,7 +1066,7 @@ struct rte_security_stats { __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index cb16b55277..9a767226bd 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -19,6 +19,24 @@ extern "C" { #include "rte_security.h" +/** + * @internal + * Security session to be used by library for internal usage + */ +struct rte_security_session { + RTE_MARKER cacheline0; + uint64_t opaque_data; + /**< Opaque user defined data */ + uint64_t fast_mdata; + /**< Fast metadata to be used for inline path */ + rte_iova_t driver_priv_data_iova; + /**< session private data IOVA address */ + + RTE_MARKER cacheline1 __rte_cache_min_aligned; + uint8_t driver_priv_data[0]; + /**< Private session material, variable size (depends on driver) */ +}; + /** * Helper macro to get driver private data */