lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aDB909HDzfUaA3hv@lizhi-Precision-Tower-5810>
Date: Fri, 23 May 2025 09:53:23 -0400
From: Frank Li <Frank.li@....com>
To: John Ernberg <john.ernberg@...ia.se>
Cc: Horia Geantă <horia.geanta@....com>,
	Pankaj Gupta <pankaj.gupta@....com>,
	Gaurav Jain <gaurav.jain@....com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S . Miller" <davem@...emloft.net>,
	Rob Herring <robh@...nel.org>,
	Krzysztof Kozlowski <krzk+dt@...nel.org>,
	Conor Dooley <conor+dt@...nel.org>, Shawn Guo <shawnguo@...nel.org>,
	Sascha Hauer <s.hauer@...gutronix.de>,
	Pengutronix Kernel Team <kernel@...gutronix.de>,
	Fabio Estevam <festevam@...il.com>,
	Thomas Richard <thomas.richard@...tlin.com>,
	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
	"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"imx@...ts.linux.dev" <imx@...ts.linux.dev>,
	"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>,
	"stable@...nel.org" <stable@...nel.org>
Subject: Re: [PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM
 / iMX8ULP

On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> Since the CAAM on these SoCs is managed by another ARM core, called the
> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> also reserves access to register page 0 suspend operations cannot touch
> this page.
>
> Introduce a variable to track this situation. Since this is synonymous
> with the optee case in suspend/resume the optee check is replaced with
> this new check.
>
> Fixes the following splat at suspend:
>
>     Internal error: synchronous external abort: 0000000096000010 [#1] SMP
>     Hardware name: Freescale i.MX8QXP ACU6C (DT)
>     pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>     pc : readl+0x0/0x18
>     lr : rd_reg32+0x18/0x3c
>     sp : ffffffc08192ba20
>     x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
>     x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
>     x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
>     x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
>     x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
>     x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
>     x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
>     x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
>     x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
>     x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
>     Call trace:
>      readl+0x0/0x18
>      caam_ctrl_suspend+0x30/0xdc
>      dpm_run_callback.constprop.0+0x24/0x5c
>      device_suspend+0x170/0x2e8
>      dpm_suspend+0xa0/0x104
>      dpm_suspend_start+0x48/0x50
>      suspend_devices_and_enter+0x7c/0x45c
>      pm_suspend+0x148/0x160
>      state_store+0xb4/0xf8
>      kobj_attr_store+0x14/0x24
>      sysfs_kf_write+0x38/0x48
>      kernfs_fop_write_iter+0xb4/0x178
>      vfs_write+0x118/0x178
>      ksys_write+0x6c/0xd0
>      __arm64_sys_write+0x14/0x1c
>      invoke_syscall.constprop.0+0x64/0xb0
>      do_el0_svc+0x90/0xb0
>      el0_svc+0x18/0x44
>      el0t_64_sync_handler+0x88/0x124
>      el0t_64_sync+0x150/0x154
>     Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
>
> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
> Cc: stable@...nel.org # v6.10+
> Signed-off-by: John Ernberg <john.ernberg@...ia.se>
>
> ---
>
> I noticed this when enabling the iMX8QXP support (next patch), hence the
> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
>
> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
> ---
>  drivers/crypto/caam/ctrl.c   | 5 +++--
>  drivers/crypto/caam/intern.h | 1 +
>  2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 38ff931059b4..766c447c9cfb 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
>  {
>  	const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
>  		caam_state_save(dev);
>
>  	return 0;
> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
>  	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>  	int ret = 0;
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
>  		caam_state_restore(dev);
>
>  		/* HW and rng will be reset so deinstantiation can be removed */
> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
>
>  		imx_soc_data = imx_soc_match->data;
>  		reg_access = reg_access && imx_soc_data->page0_access;
> +		ctrlpriv->no_page0 = !reg_access;

If you want to use no_page0 to control if call caam_state_save(), you'd
better set ctrlpriv->no_page0 also after ctrlpriv->optee_en = !!np;

Frank

>  		/*
>  		 * CAAM clocks cannot be controlled from kernel.
>  		 */
> diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
> index e51320150872..51c90d17a40d 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -115,6 +115,7 @@ struct caam_drv_private {
>  	u8 blob_present;	/* Nonzero if BLOB support present in device */
>  	u8 mc_en;		/* Nonzero if MC f/w is active */
>  	u8 optee_en;		/* Nonzero if OP-TEE f/w is active */
> +	u8 no_page0;		/* Nonzero if register page 0 is not controlled by Linux */
>  	bool pr_support;        /* RNG prediction resistance available */
>  	int secvio_irq;		/* Security violation interrupt number */
>  	int virt_en;		/* Virtualization enabled in CAAM */
> --
> 2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ