Hi,
> -----Original Message-----
> From: Hemant Agrawal (OSS) <[email protected]>
> Sent: Tuesday, May 20, 2025 11:46 AM
> To: Gagandeep Singh <[email protected]>; [email protected]; Hemant Agrawal
> <[email protected]>; Sachin Saxena <[email protected]>; Franck
> Lenormand <[email protected]>; Akhil Goyal <[email protected]>
> Cc: [email protected]
> Subject: Re: [PATCH 1/9] common/dpaax: fix invalid key command error
>
>
> On 20-05-2025 11:21, Gagandeep Singh wrote:
> > Due to race between KEY loading to CAAM’s internal memory and
> > initiating crypto operations can SEC errors in PDCP AES algo
> > combinations.
> Please fix grammar.
Ok.
> > To mitigate this, adding CALM instruction in SN 12bit case and using
> > older version of descriptor for SN 18bit case.
> >
> > Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
> > Cc: [email protected]
> > Cc: [email protected]
> >
> > Signed-off-by: Gagandeep Singh <[email protected]>
> > ---
>
> Please send cover-letter for multi patch series.
Sure, I will send it in next version.
>
> > drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h
> > b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > index 9ada3905c5..f4379ede2c 100644
> > --- a/drivers/common/dpaax/caamflib/desc/pdcp.h
> > +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > @@ -1,6 +1,6 @@
> > /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
> > * Copyright 2008-2013 Freescale Semiconductor, Inc.
> > - * Copyright 2019-2023 NXP
> > + * Copyright 2019-2025 NXP
> > */
> >
> > #ifndef __DESC_PDCP_H__
> > @@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> > KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
> > cipherdata->keylen, INLINE_KEY(cipherdata));
> >
> > - if ((sn_size == PDCP_SN_SIZE_15) ||
> > - (rta_sec_era >= RTA_SEC_ERA_10)) {
> > + if (sn_size == PDCP_SN_SIZE_15) {
>
> In description, you mentioned 18 bit SN case, however here you are modifying
> 15
> bit code?
>
> am I missing the changes for 18 bit ?
There are two variants of the 18-bit SN descriptor. One uses the PROTOCOL
instruction, which is available only in Security Version 10 and above.
The other uses the OPERATION instruction, which is supported in all security
versions.
However, the PROTOCOL instruction has some issues: it may trigger an 'Invalid
key command' error due to a race condition.
To address this, I removed the check (rta_sec_era >= RTA_SEC_ERA_10),
allowing the 18-bit SN case on higher security versions to fall back to the
older OPERATION-based descriptor.
>
> > PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
> > (uint16_t)cipherdata->algtype);
> > return 0;
> > @@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t
> *descbuf,
> > (uint64_t)cipherdata->key, cipherdata->keylen,
> > INLINE_KEY(cipherdata));
> >
> > + JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
> > if (authdata)
> > PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
> > OP_PCLID_LTE_PDCP_USER_RN,
