Trying caam_keyblob with mainline 5.10.76 on imx7

[fabioestevam]

Hi,

I am trying to run the caam_keyblob driver on a imx7s-warp
board running kernel 5.10.76.

dmesg | grep caam
[ 3.704456] caam 30900000.crypto: device ID = 0x0a16030000000000 (Era 8)
[ 3.711210] caam 30900000.crypto: job rings = 3, qi = 0
[ 3.794157] caam algorithms registered in /proc/crypto
[ 3.807700] caam 30900000.crypto: caam pkc algorithms registered in /proc/crypto
[ 3.816357] caam 30900000.crypto: registering rng-caam
[ 11.119916] caam_keyblob: loading out-of-tree module taints kernel.
[ 11.131042] caam_keyblob caam-keyblob: caam_keyblob: initialized
[ 11.138815] caam_keyblob: Secure State detected

I am using the caam-blob-example userspace application from:
https://github.com/digi-embedded/dey-examples/tree/dey-2.6/maint/caam-blob-example

echo "Test file" > test.txt
./caam-blob-example -e test.txt
[ 530.869784] caam_keyblob: kb_ioctl rawkey_len:10 keyblob_len:58
[ERROR] could not encrypt data.
[ERROR] Encryption failed

Does anyone have any suggestions as to how to fix this problem?

Thanks a lot,

Fabio Estevam

[fabioestevam]

I have also tested the caam_tool.go application:

echo "Test file" > test.txt
./caam_tool enc test.txt text.enc
caam_tool: encrypting 10 bytes fr[ 204.416010] caam_keyblob: kb_ioctl rawkey_len:10 keyblob_len:58
om test.txt
caam_tool: caam_kb_data &{Text:0x205a000 TextLen:10 Blob:0x2036080 BlobLen:58 Keymod:0x20120a0 KeymodLen:16}
caam_tool: issuing ioctl c0184900 on /dev/caam_kb
caam_tool: error, operation now in progress

The kernel warning below happened once:

[ 397.989563] ------------[ cut here ]------------
[ 397.994224] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:202 __lock_acquire+0xaac/0x2dd4
[ 398.002843] DEBUG_LOCKS_WARN_ON(1)
[ 398.002851] Modules linked in: brcmfmac brcmutil ov2680 caam_keyblob(O) evbug
[ 398.013445] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 5.10.76 #1
[ 398.020847] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 398.026623] [] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[ 398.034383] [] (show_stack) from [] (dump_stack+0xdc/0x104)
[ 398.041710] [] (dump_stack) from [] (__warn+0xd4/0x154)
[ 398.048690] [] (__warn) from [] (warn_slowpath_fmt+0x74/0xa8)
[ 398.056192] [] (warn_slowpath_fmt) from [] (__lock_acquire+0xaac/0x2dd4)
[ 398.064647] [] (__lock_acquire) from [] (lock_acquire+0x138/0x440)
[ 398.072581] [] (lock_acquire) from [] (_raw_spin_lock_irqsave+0x58/0x74)
[ 398.081036] [] (_raw_spin_lock_irqsave) from [] (complete+0x14/0x40)
[ 398.089147] [] (complete) from [] (caam_jr_dequeue+0x1d4/0x2a8)
[ 398.096825] [] (caam_jr_dequeue) from [] (tasklet_action_common.constprop.0+0x74/0x11c)
[ 398.106584] [] (tasklet_action_common.constprop.0) from [] (__do_softirq+0x198/0x5e8)
[ 398.116167] [] (__do_softirq) from [] (__irq_exit_rcu+0x150/0x1d8)
[ 398.124100] [] (__irq_exit_rcu) from [] (irq_exit+0x8/0x40)
[ 398.131426] [] (irq_exit) from [] (__handle_domain_irq+0x8c/0xfc)
[ 398.139276] [] (__handle_domain_irq) from [] (gic_handle_irq+0x8c/0xb4)
[ 398.147645] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98)
[ 398.155135] Exception stack(0xc1601f10 to 0xc1601f58)
[ 398.160198] 1f00: ffffffff ffffffff 00000001 c011c9c0
[ 398.168388] 1f20: c17f1060 c16093d4 c16093d4 c1609410 c15810f0 c16097c4 00000000 00000000
[ 398.176577] 1f40: ffffffff c1601f60 c01082d4 c01082d8 60000013 ffffffff
[ 398.183209] [] (__irq_svc) from [] (arch_cpu_idle+0x30/0x3c)
[ 398.190624] [] (arch_cpu_idle) from [] (default_idle_call+0x74/0x2b4)
[ 398.198821] [] (default_idle_call) from [] (do_idle+0x23c/0x304)
[ 398.206582] [] (do_idle) from [] (cpu_startup_entry+0x18/0x1c)
[ 398.214170] [] (cpu_startup_entry) from [] (start_kernel+0x47c/0x55c)
[ 398.222355] irq event stamp: 55099
[ 398.225770] hardirqs last enabled at (55098): [] _raw_spin_unlock_irqrestore+0x4c/0x50
[ 398.234653] hardirqs last disabled at (55099): [] _raw_spin_lock_irqsave+0x70/0x74
[ 398.243103] softirqs last enabled at (55090): [] irq_enter_rcu+0x94/0xb0
[ 398.250771] softirqs last disabled at (55091): [] __irq_exit_rcu+0x150/0x1d8
[ 398.258694] ---[ end trace 49686823a69b5d80 ]---
[ 398.263324] 8<--- cut here ---
[ 398.266387] Unable to handle kernel NULL pointer dereference at virtual address 00000060
[ 398.274487] pgd = fd8e8e0b
[ 398.277201] [00000060] *pgd=00000000
[ 398.280796] Internal error: Oops: 5 [#1] SMP ARM
[ 398.285421] Modules linked in: brcmfmac brcmutil ov2680 caam_keyblob(O) evbug
[ 398.292607] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 5.10.76 #1
[ 398.300008] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 398.305765] PC is at __lock_acquire+0x1c4/0x2dd4
[ 398.310392] LR is at __lock_acquire+0xaac/0x2dd4
[ 398.315018] pc : [] lr : [] psr: 60000193
[ 398.321292] sp : c1601cb8 ip : 00000000 fp : 00000000
[ 398.326524] r10: c160d000 r9 : 28f16f1a r8 : c160d540
[ 398.331757] r7 : 00000080 r6 : 00000000 r5 : 00002f1a r4 : 00000000
[ 398.338292] r3 : 00000000 r2 : 00000000 r1 : c17fb5d8 r0 : 00000000
[ 398.344829] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 398.352059] Control: 10c5387d Table: 84b5006a DAC: 00000051
[ 398.357814] Process swapper/0 (pid: 0, stack limit = 0xd63c7ee8)
[ 398.363828] Stack: (0xc1601cb8 to 0xc1602000)
[ 398.368193] 1ca0: c131c53c 0020e5e9
[ 398.376384] 1cc0: 00000000 c01a9948 dcbf8e80 c017ac84 0038fece 00000000 00000001 c160d540
[ 398.384574] 1ce0: 0000001a c0e45064 ffffffe1 ffffffff 0000153c dcbf8e80 00000000 aa0653bb
[ 398.392764] 1d00: 0000005c 00000005 c1609a1c 00000000 dcbf8e00 c01a9948 dcbf8e80 00000000
[ 398.400954] 1d20: 00000001 c0e45064 00000002 ffffffff 00000001 ffffffff c17f08e0 0d7b7ce2
[ 398.409144] 1d40: 00000000 c1601d68 c1600000 1b677000 00000080 c157659c c16097c4 60000193
[ 398.417334] 1d60: c157659c c01895f0 00000001 00000080 00000000 c0176cf4 00000000 00000000
[ 398.425524] 1d80: 00000000 c46e9f38 c17f08e0 c160d540 00000000 c01807f0 c46e9f38 c1600000
[ 398.433714] 1da0: c160d000 c16097c4 00000001 0d7b7ce2 c472eeb4 c42c9ec8 c0176cf4 60000113
[ 398.441904] 1dc0: 00000005 00000005 00000000 c42c9ec0 c46c7240 c0e4f5bc 00000001 00000000
[ 398.450094] 1de0: c0176cf4 60000113 c42c9ec4 c42c9ec8 00000004 c0176cf4 c4b43400 000001ff
[ 398.458284] 1e00: 00000004 c0a45684 00000000 ffffffff 00000000 c46b7810 bf005174 dd89a000
[ 398.466474] 1e20: c16097c4 c46c7254 00000000 c46c7258 dcbed4b0 00000000 00000006 c1600000
[ 398.474664] 1e40: 00000040 c012e274 00000007 c1603098 00000006 c17f03c0 c16093d4 00000101
[ 398.482854] 1e60: c1600000 c0101478 c160d000 c16097c4 00000001 0000000a 00002646 00200002
[ 398.491044] 1e80: 00000001 c0199124 c46b1400 c16097c4 c1580a94 c16097c4 00000000 00000001
[ 398.499235] 1ea0: c4012400 c16097c4 c1601f10 c012da80 00000000 c1580a94 c16097c4 c012df18
[ 398.507425] 1ec0: 00000000 c019912c dd814000 c1609a44 dd81400c c1746b68 c1580ab8 c1600000
[ 398.515615] 1ee0: c16097c4 c05ff464 00000000 c01082d8 60000013 ffffffff c1601f44 c15810f0
[ 398.523806] 1f00: c1600000 00000000 00000000 c0100b30 ffffffff ffffffff 00000001 c011c9c0
[ 398.531996] 1f20: c17f1060 c16093d4 c16093d4 c1609410 c15810f0 c16097c4 00000000 00000000
[ 398.540186] 1f40: ffffffff c1601f60 c01082d4 c01082d8 60000013 ffffffff 00000051 00000000
[ 398.548376] 1f60: c17f1060 c0e4f178 c1600000 00000000 c16093d4 c01626b4 60000053 c1600000
[ 398.556566] 1f80: c155ba78 0d7b7ce2 00000000 000000d9 c155ba78 c1609380 00000000 c155ba78
[ 398.564756] 1fa0: 410fc075 10c5387d 00000000 c0162b5c c17fb068 c1500db4 ffffffff ffffffff
[ 398.572947] 1fc0: 00000000 c1500588 00000000 c155ba78 0d7e76ae 00000000 00000000 c1500330
[ 398.581137] 1fe0: 00000051 10c0387d 00000000 83000000 410fc075 00000000 00000000 00000000
[ 398.589330] [] (__lock_acquire) from [] (lock_acquire+0x138/0x440)
[ 398.597263] [] (lock_acquire) from [] (_raw_spin_lock_irqsave+0x58/0x74)
[ 398.605716] [] (_raw_spin_lock_irqsave) from [] (complete+0x14/0x40)
[ 398.613825] [] (complete) from [] (caam_jr_dequeue+0x1d4/0x2a8)
[ 398.621501] [] (caam_jr_dequeue) from [] (tasklet_action_common.constprop.0+0x74/0x11c)
[ 398.631258] [] (tasklet_action_common.constprop.0) from [] (__do_softirq+0x198/0x5e8)
[ 398.640841] [] (__do_softirq) from [] (__irq_exit_rcu+0x150/0x1d8)
[ 398.648774] [] (__irq_exit_rcu) from [] (irq_exit+0x8/0x40)
[ 398.656100] [] (irq_exit) from [] (__handle_domain_irq+0x8c/0xfc)
[ 398.663947] [] (__handle_domain_irq) from [] (gic_handle_irq+0x8c/0xb4)
[ 398.672314] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98)
[ 398.679805] Exception stack(0xc1601f10 to 0xc1601f58)
[ 398.684866] 1f00: ffffffff ffffffff 00000001 c011c9c0
[ 398.693056] 1f20: c17f1060 c16093d4 c16093d4 c1609410 c15810f0 c16097c4 00000000 00000000
[ 398.701245] 1f40: ffffffff c1601f60 c01082d4 c01082d8 60000013 ffffffff
[ 398.707876] [] (__irq_svc) from [] (arch_cpu_idle+0x30/0x3c)
[ 398.715290] [] (arch_cpu_idle) from [] (default_idle_call+0x74/0x2b4)
[ 398.723486] [] (default_idle_call) from [] (do_idle+0x23c/0x304)
[ 398.731247] [] (do_idle) from [] (cpu_startup_entry+0x18/0x1c)
[ 398.738832] [] (cpu_startup_entry) from [] (start_kernel+0x47c/0x55c)
[ 398.747023] Code: e59f3e24 e0844104 e0834104 e1d851b4 (e5d44060)
[ 398.753137] ---[ end trace 49686823a69b5d81 ]---
[ 398.757764] Kernel panic - not syncing: Fatal exception in interrupt
[ 398.764140] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

[abarisani]

Can you please share the CAAM related entries in your dts file? (see here for an example of the equivalent i.MX6UL configuration).

[fabioestevam]

Hi Andrea,

The dts patch is this one:

https://pastebin.com/raw/bs8HNVkZ

Do you know if imx6ul-usbarmory works well with 5.10.76?

Thanks!

[fabioestevam]

I have also tested 5.10.76 running on a imx6ulp-pico-pi board and the same error happens:

./caam_tool enc test.txt text.enc

caam_tool: encrypting 10 bytes fr[ 74.847839] caam_keyblob: kb_ioctl rawkey_len:10 keyblob_len:58
om test.txt
caam_tool: caam_kb_data &{Text:0x85a000 TextLen:10 Blob:0x836080 BlobLen:58 Keymod:0x8120a0 KeymodLen:16}
caam_tool: issuing ioctl c0184900 on /dev/caam_kb
caam_tool: error, operation now in progress

[fabioestevam]

And here is an strace log:
https://pastebin.com/raw/2gV2zVmY

[abarisani]

strace is not necessary as the exception happens in kernel code and not in the userspace tool (though thanks anyway), the dts patch looks fine.

I don't have an i.MX7 board handy, but at the end of next week I will double check if the current patch works correctly with 5.10.76 on i.MX6UL to reproduce, or not, the issue.

[fabioestevam]

Thanks, Andrea.

Just FYI: the strace was taken on an imx6ul-pico-pi. I do see the same error on both i.MX6UL and i.MX7.

Cheers

[jo-bitsch]

I think, the problem lies in
https://github.com/f-secure-foundry/caam-keyblob/blob/2e303fa357f6ec69199ba6e45ae9e9088a43ca3b/caam_keyblob.c#L413
and
https://github.com/f-secure-foundry/caam-keyblob/blob/2e303fa357f6ec69199ba6e45ae9e9088a43ca3b/caam_keyblob.c#L513

The return behavior of caam_jr_enqueue slightly changed in kernel 5.7. When previously it returned 0 on success, it now returns EINPROGRESS: torvalds/linux@4d370a1#diff-8acc41c534456288daba59a125ddb3f779635dc493ff4888545adbf1dd0a17c1R417
https://github.com/torvalds/linux/blob/4d370a1036958d7df9f1492c345b4984a4eba7f6/drivers/crypto/caam/jr.c#L417

Accordingly, the next lines should not be
if(!res) {
but
if(res == -EINPROGRESS) {

It's probably just this fix in line https://github.com/f-secure-foundry/caam-keyblob/blob/2e303fa357f6ec69199ba6e45ae9e9088a43ca3b/caam_keyblob.c#L415 and https://github.com/f-secure-foundry/caam-keyblob/blob/2e303fa357f6ec69199ba6e45ae9e9088a43ca3b/caam_keyblob.c#L515

Unfortunately, I don't have any hardware available to test and debug right now, so I'll have to leave the actual fix to someone else.

[fabioestevam]

Thanks, Jo.

I did as you suggested and changed caam-keyblob like this:

https://pastebin.com/raw/dLDzQzDV

Rebuilt the driver with the applied patch, but the same error happens:

./caam_tool enc test.txt text.enc
caam_tool: encrypting 10 bytes fr[ 167.842934] caam_keyblob: kb_ioctl rawkey_len:10 keyblob_len:58
om test.txt
caam_tool: caam_kb_data &{Text:0xc5a000 TextLen:10 Blob:0xc36080 BlobLen:58 Keymod:0xc120a0 KeymodLen:16}
caam_tool: issuing ioctl c0184900 on /dev/caam_kb
caam_tool: error, operation now in progress

Thanks!

[fabioestevam]

Hi Jo,

I managed to fix it :-)

./caam_tool enc test.txt text.enc
caam_tool: encrypting 10 bytes from test.txt
caam_tool: caam_kb_data &{Text:0x[ 45.744248] caam_keyblob: kb_ioctl rawkey_len:10 keyblob_len:58
185a000 TextLen:10 Blob:0x1836080 BlobLen:58 Keymod:0x18120a0 KeymodLen:16}
caam_tool: issuing ioctl c0184900 on /dev/caam_kb
caam_tool: encrypted 58 bytes to text.enc

I will submit a patch for caam-keyblob soon.

Thanks a lot for your help!