From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EA36BC05027 for ; Mon, 23 Jan 2023 15:43:41 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 262BE85760; Mon, 23 Jan 2023 16:42:26 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Hw2mHzfd"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 17C7885739; Mon, 23 Jan 2023 16:34:38 +0100 (CET) Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 877EB82F87 for ; Mon, 23 Jan 2023 16:34:35 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jens.wiklander@linaro.org Received: by mail-ej1-x629.google.com with SMTP id mp20so31468335ejc.7 for ; Mon, 23 Jan 2023 07:34:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=4Jj/OvIMUFcwrH3JvdMrjcuF/426hjps/5dFjlw9rzM=; b=Hw2mHzfd5IEwxAIyLogvrWy2I7Z68kUw1wbm592JlM5XnlZxbtCH7nZ8Fpjo+2IwhZ n2H0toUV2o2SC5p0h1+WFovOZH8ndNP0FHBf6bqLDS+9DEo3t7oPo0luIhsSt3ySEhwx cGquUo9NrI54E2UU+sMqvS1XN6mgDuli7zbItv7B8D6dNUA7QQ/8S3UY+UH1X+X6Gl82 B81FO76XqcezSDdIDqt9PVuWs/4KUw/3EFe798aDTw0vJEusynlQXB6IQFJ9XTPK33HD 91Y4lY+LLDaJHtuLoprOnQrhypt85cQw6cEvHE3cfzXXngHovTox/fpQXf/cWhxDJQOH EQNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4Jj/OvIMUFcwrH3JvdMrjcuF/426hjps/5dFjlw9rzM=; b=QicvUKAUXFl3dpz0LbkfySzawwkt6znaehHpBoyFuBBz0Dtg2JnYImXCoTV5WHnaU8 8aIfLMVuBcyfmS/aaOno2yaa5jDIrpq0wcq4FlibSYbm0x/AhLJmhIN5WdUZnpLc9Uow g01mg6G4e4DB+r5aVR1q11z0XNpFYfp97TB+SU0jyXYp1yZ+ZE3t2XcYqvQds5Y3YiYp AGxJsPaNSgXoPEfxsrm7Jrc0d2bYYe+SfZNVJZQq7vIxeWhmwbgRf47q2ncZyyuqUnsx j5S5VozBaUsy0xxTpqK5S67CVF6soAbGVpGQJBDDI5RZDMjfHyso7dQ1eJ0deYsMdVwm ldEw== X-Gm-Message-State: AFqh2ko5Io9DHx7q81n7mm3zrM9lzKr1b4cgEiX0s/8uqCDw4ukl/IBW FAciX0WwZI8Hik6zDH+LBsNW4uszAwGadpkdwGo= X-Google-Smtp-Source: AMrXdXvxkhH9DobTSKEqRzESlTQOES0NpjOWLXi8kpHhOkiMMVCWsS663IQEFKIM6GCryTFSqM84Xg== X-Received: by 2002:a17:907:a702:b0:877:95bf:cff3 with SMTP id vw2-20020a170907a70200b0087795bfcff3mr15234663ejc.77.1674488075072; Mon, 23 Jan 2023 07:34:35 -0800 (PST) Received: from jade (h-46-59-78-111.A175.priv.bahnhof.se. [46.59.78.111]) by smtp.gmail.com with ESMTPSA id tc9-20020a1709078d0900b0086edf177209sm12592319ejc.78.2023.01.23.07.34.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Jan 2023 07:34:34 -0800 (PST) Date: Mon, 23 Jan 2023 16:34:33 +0100 From: Jens Wiklander To: Ivan Khoronzhuk Cc: igor.opaniuk@gmail.com, u-boot@lists.denx.de Subject: Re: [PATCH v2] common: avb_verify: prevent opening incorrect session Message-ID: References: <20230122024130.4028621-1-ivan.khoronzhuk@gmail.com> <20230123145129.4063929-1-ivan.khoronzhuk@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230123145129.4063929-1-ivan.khoronzhuk@gmail.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Mon, Jan 23, 2023 at 04:51:29PM +0200, Ivan Khoronzhuk wrote: > The arg->session is not valid if arg->ret != NULL, so can't be > assigned. Leave retry for just "ret" error to save same behaviour. > > Signed-off-by: Ivan Khoronzhuk > --- > common/avb_verify.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/common/avb_verify.c b/common/avb_verify.c > index 0520a71455..97451592f5 100644 > --- a/common/avb_verify.c > +++ b/common/avb_verify.c > @@ -619,10 +619,14 @@ static int get_open_session(struct AvbOpsData *ops_data) > memset(&arg, 0, sizeof(arg)); > tee_optee_ta_uuid_to_octets(arg.uuid, &uuid); > rc = tee_open_session(tee, &arg, 0, NULL); > - if (!rc) { > - ops_data->tee = tee; > - ops_data->session = arg.session; > - } > + if (rc) > + continue; > + > + if (arg.ret) > + return -EIO; > + > + ops_data->tee = tee; > + ops_data->session = arg.session; > } > > return 0; It looks like this function is still slightly broken. The function should, if I understand it correctly, return usable tee and session pointers on success, else return an error code. The unconditional return 0 at the end doesn't seem right. Thanks, Jens