[PATCH v2 1/9] common/dpaax: fix invalid key command error

[Gagandeep Singh]

A race condition between loading the key into CAAM’s internal
memory and initiating cryptographic operations can cause SEC
errors in PDCP AES algorithm combinations.

To mitigate this, the CALM instruction is added for the
12-bit SN case, and the older version of the descriptor
is used for the 18-bit SN case.

Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenormand at nxp.com
Cc: stable at dpdk.org

Signed-off-by: Gagandeep Singh <g.singh at nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 9ada3905c5..f4379ede2c 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
  * Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2023 NXP
+ * Copyright 2019-2025 NXP
  */
 
 #ifndef __DESC_PDCP_H__
@@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
 	KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
 	    cipherdata->keylen, INLINE_KEY(cipherdata));
 
-	if ((sn_size == PDCP_SN_SIZE_15) ||
-			(rta_sec_era >= RTA_SEC_ERA_10)) {
+	if (sn_size == PDCP_SN_SIZE_15) {
 		PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
 			 (uint16_t)cipherdata->algtype);
 		return 0;
@@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
 			    (uint64_t)cipherdata->key, cipherdata->keylen,
 			    INLINE_KEY(cipherdata));
 
+			JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
 			if (authdata)
 				PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
 					 OP_PCLID_LTE_PDCP_USER_RN,
-- 
2.25.1