From: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: igor.opaniuk@gmail.com, u-boot@lists.denx.de
Subject: Re: [PATCH v2] common: avb_verify: prevent opening incorrect session
Date: Mon, 23 Jan 2023 18:09:12 +0200 [thread overview]
Message-ID: <Y86xKNROivxbl3Ij@ikhor> (raw)
In-Reply-To: <Y86pCaja0gABRfjP@jade>
On Mon, Jan 23, 2023 at 04:34:33PM +0100, Jens Wiklander wrote:
>On Mon, Jan 23, 2023 at 04:51:29PM +0200, Ivan Khoronzhuk wrote:
>> The arg->session is not valid if arg->ret != NULL, so can't be
>> assigned. Leave retry for just "ret" error to save same behaviour.
>>
>> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com>
>> ---
>> common/avb_verify.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/common/avb_verify.c b/common/avb_verify.c
>> index 0520a71455..97451592f5 100644
>> --- a/common/avb_verify.c
>> +++ b/common/avb_verify.c
>> @@ -619,10 +619,14 @@ static int get_open_session(struct AvbOpsData *ops_data)
>> memset(&arg, 0, sizeof(arg));
>> tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
>> rc = tee_open_session(tee, &arg, 0, NULL);
>> - if (!rc) {
>> - ops_data->tee = tee;
>> - ops_data->session = arg.session;
>> - }
>> + if (rc)
>> + continue;
>> +
>> + if (arg.ret)
>> + return -EIO;
>> +
>> + ops_data->tee = tee;
>> + ops_data->session = arg.session;
>> }
>>
>> return 0;
>
>It looks like this function is still slightly broken. The function
>should, if I understand it correctly, return usable tee and session
>pointers on success, else return an error code. The unconditional return
>0 at the end doesn't seem right.
>
>Thanks,
>Jens
It doesn't return, it loops infinitely...
Yes, it looks so, but it's how it works. I don't see a reason why the
function must loop trying to open the session that potentially never will be
opened. But this is how it's implemented and I didn't wont to change this
behaviour that can have some "sacral" roots, only add a fix I bother, I've
mentioned it in the comment. Better would be drop this loop ofc and add the
following:
+ if (ret || arg.ret)
+ return -EIO;
I can do this in v3 if you don't mind.
--
Regards,
Ivan Khoronzhuk
next prev parent reply other threads:[~2023-01-23 16:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-22 2:41 [PATCH] common: avb_verify: prevent opening incorrect session Ivan Khoronzhuk
2023-01-23 9:55 ` Jens Wiklander
2023-01-23 14:51 ` [PATCH v2] " Ivan Khoronzhuk
2023-01-23 15:34 ` Jens Wiklander
2023-01-23 16:09 ` Ivan Khoronzhuk [this message]
2023-01-24 10:15 ` Jens Wiklander
2023-01-27 18:42 ` [PATCH v3] " Ivan Khoronzhuk
2023-01-27 19:45 ` Ivan Khoronzhuk
2023-01-27 20:02 ` [PATCH v4] " Ivan Khoronzhuk
2023-02-02 20:00 ` Ivan Khoronzhuk
2023-02-03 10:59 ` Jens Wiklander
2023-02-17 19:19 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y86xKNROivxbl3Ij@ikhor \
--to=ivan.khoronzhuk@gmail.com \
--cc=igor.opaniuk@gmail.com \
--cc=jens.wiklander@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.