From: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: igor.opaniuk@gmail.com, u-boot@lists.denx.de
Subject: Re: [PATCH v2] common: avb_verify: prevent opening incorrect session
Date: Mon, 23 Jan 2023 18:09:12 +0200 [thread overview]
Message-ID: <Y86xKNROivxbl3Ij@ikhor> (raw)
In-Reply-To: <Y86pCaja0gABRfjP@jade>
On Mon, Jan 23, 2023 at 04:34:33PM +0100, Jens Wiklander wrote:
>On Mon, Jan 23, 2023 at 04:51:29PM +0200, Ivan Khoronzhuk wrote:
>> The arg->session is not valid if arg->ret != NULL, so can't be
>> assigned. Leave retry for just "ret" error to save same behaviour.
>>
>> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com>
>> ---
>> common/avb_verify.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/common/avb_verify.c b/common/avb_verify.c
>> index 0520a71455..97451592f5 100644
>> --- a/common/avb_verify.c
>> +++ b/common/avb_verify.c
>> @@ -619,10 +619,14 @@ static int get_open_session(struct AvbOpsData *ops_data)
>> memset(&arg, 0, sizeof(arg));
>> tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
>> rc = tee_open_session(tee, &arg, 0, NULL);
>> - if (!rc) {
>> - ops_data->tee = tee;
>> - ops_data->session = arg.session;
>> - }
>> + if (rc)
>> + continue;
>> +
>> + if (arg.ret)
>> + return -EIO;
>> +
>> + ops_data->tee = tee;
>> + ops_data->session = arg.session;
>> }
>>
>> return 0;
>
>It looks like this function is still slightly broken. The function
>should, if I understand it correctly, return usable tee and session
>pointers on success, else return an error code. The unconditional return
>0 at the end doesn't seem right.
>
>Thanks,
>Jens
It doesn't return, it loops infinitely...
Yes, it looks so, but it's how it works. I don't see a reason why the
function must loop trying to open the session that potentially never will be
opened. But this is how it's implemented and I didn't wont to change this
behaviour that can have some "sacral" roots, only add a fix I bother, I've
mentioned it in the comment. Better would be drop this loop ofc and add the
following:
+ if (ret || arg.ret)
+ return -EIO;
I can do this in v3 if you don't mind.
--
Regards,
Ivan Khoronzhuk
next prev parent reply other threads:[~2023-01-23 16:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-22 2:41 [PATCH] common: avb_verify: prevent opening incorrect session Ivan Khoronzhuk
2023-01-23 9:55 ` Jens Wiklander
2023-01-23 14:51 ` [PATCH v2] " Ivan Khoronzhuk
2023-01-23 15:34 ` Jens Wiklander
2023-01-23 16:09 ` Ivan Khoronzhuk [this message]
2023-01-24 10:15 ` Jens Wiklander
2023-01-27 18:42 ` [PATCH v3] " Ivan Khoronzhuk
2023-01-27 19:45 ` Ivan Khoronzhuk
2023-01-27 20:02 ` [PATCH v4] " Ivan Khoronzhuk
2023-02-02 20:00 ` Ivan Khoronzhuk
2023-02-03 10:59 ` Jens Wiklander
2023-02-17 19:19 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y86xKNROivxbl3Ij@ikhor \
--to=ivan.khoronzhuk@gmail.com \
--cc=igor.opaniuk@gmail.com \
--cc=jens.wiklander@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox