[PATCH v2] common: avb_verify: prevent opening incorrect session
Jens Wiklander
jens.wiklander at linaro.org
Mon Jan 23 16:34:33 CET 2023
On Mon, Jan 23, 2023 at 04:51:29PM +0200, Ivan Khoronzhuk wrote:
> The arg->session is not valid if arg->ret != NULL, so can't be
> assigned. Leave retry for just "ret" error to save same behaviour.
>
> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk at gmail.com>
> ---
> common/avb_verify.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/common/avb_verify.c b/common/avb_verify.c
> index 0520a71455..97451592f5 100644
> --- a/common/avb_verify.c
> +++ b/common/avb_verify.c
> @@ -619,10 +619,14 @@ static int get_open_session(struct AvbOpsData *ops_data)
> memset(&arg, 0, sizeof(arg));
> tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
> rc = tee_open_session(tee, &arg, 0, NULL);
> - if (!rc) {
> - ops_data->tee = tee;
> - ops_data->session = arg.session;
> - }
> + if (rc)
> + continue;
> +
> + if (arg.ret)
> + return -EIO;
> +
> + ops_data->tee = tee;
> + ops_data->session = arg.session;
> }
>
> return 0;
It looks like this function is still slightly broken. The function
should, if I understand it correctly, return usable tee and session
pointers on success, else return an error code. The unconditional return
0 at the end doesn't seem right.
Thanks,
Jens
More information about the U-Boot
mailing list