[v4] common: avb_verify: prevent opening incorrect session

Message ID	20230127200214.287138-1-ivan.khoronzhuk@globallogic.com
State	Accepted
Commit	3106e475243e1e35df18d5086f7a5df8758bbda1
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com> To: igor.opaniuk@gmail.com, u-boot@lists.denx.de Cc: Jens Wiklander <jens.wiklander@linaro.org>, Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com> Subject: [PATCH v4] common: avb_verify: prevent opening incorrect session Date: Fri, 27 Jan 2023 22:02:14 +0200 Message-Id: <20230127200214.287138-1-ivan.khoronzhuk@globallogic.com> In-Reply-To: <20230122024130.4028621-1-ivan.khoronzhuk@gmail.com> References: <20230122024130.4028621-1-ivan.khoronzhuk@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[v4] common: avb_verify: prevent opening incorrect session \| expand [v4] common: avb_verify: prevent opening incorrect session

Message ID

20230127200214.287138-1-ivan.khoronzhuk@globallogic.com

State

Accepted

Commit

3106e475243e1e35df18d5086f7a5df8758bbda1

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20210112 header.b=e2U38vZd;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4P3T543dYjz23hg
	for <incoming@patchwork.ozlabs.org>; Sat, 28 Jan 2023 07:02:32 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 40E8F85650;
	Fri, 27 Jan 2023 21:02:25 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.b="e2U38vZd";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 7EAE1856DD; Fri, 27 Jan 2023 21:02:22 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_NONE,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
 [IPv6:2a00:1450:4864:20::530])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 2DA8E852A0
 for <u-boot@lists.denx.de>; Fri, 27 Jan 2023 21:02:19 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ivan.khoronzhuk@gmail.com
Received: by mail-ed1-x530.google.com with SMTP id z11so5731733ede.1
 for <u-boot@lists.denx.de>; Fri, 27 Jan 2023 12:02:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=CTmXY1WShME2U1qsPd8ZrHfn9NEYNF6+vQnT2cWlJ/I=;
 b=e2U38vZdQxXIneTVhP1Dd5qVD16wsb8P04F+jMkC8naGK4SkE7aHR6bQJi/q/JHT75
 uL4a2fFb0K3bSRcDGbSSQZOmLkP3o62v33ibgqX4ySZRMOt34FUliR0RJq4otHlIhWjl
 BM4yMrg0/TByfPLbzNTM6N5bpoO8MxbWNpUh9SsfsbkioAGSskgrmME8CIe2QYRQkJ5X
 AHw+/gDZHCre6+91fIf8qDA/9j6ukRswyJG/XM5zbEv/dZS04A2d9Jf9emPNzpDxZH/v
 spyLgwrOyHmgEnlSVRyFPAdK2aGvV6zrkfs6pk03NT7Evl+urT7S09A6a+folx+/mWvQ
 +LpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=CTmXY1WShME2U1qsPd8ZrHfn9NEYNF6+vQnT2cWlJ/I=;
 b=pLtMrcHuoHfSnZAj2U8YmQo2HNR1s2wYYTnw+pguCaYfuQU5I5xjsFtc42l5St2BYx
 2gHwEygEDuaiFsXBK0VjBb5c0tD34r2U1MFz4ACV+Lp6mmrYwuYOmPbpdKdbbOYsUPOB
 ihl8hnIdX8rhbZYFpHa2pO0pr/eVnHGIxUgKI2vRtn9AOQSr8SXcO0o0vzrERpB8TLoy
 HTM0U92zLrbqM5Psn/2gZDDZ+Fy7dx91ufuB6LpycibrMvLwDjmXH+zQPo+sF05xMC/r
 /Potk+08AOr5hriLSxmXFHuHdjEkKcanfg1PLZdydaTsslAn6cPaT+nMkTcNVK0EQOR/
 3QMA==
X-Gm-Message-State: AFqh2kqjkuqQ05OIGfGd24QUBe5/pMckWdzX3u7ftW8kd+NXkaZLE7+g
 D3DWQenFVB44KG+qhzwbEDhC6jlWGow=
X-Google-Smtp-Source: 
 AMrXdXvRhVenHszV+A7s8z+/dz2+PmX43D5lg4e61yilupwtcyg5/yFFK+dkbryxuecyQV0KV9u3zA==
X-Received: by 2002:a05:6402:d0:b0:49e:746f:adfa with SMTP id
 i16-20020a05640200d000b0049e746fadfamr35545427edu.31.1674849738677;
 Fri, 27 Jan 2023 12:02:18 -0800 (PST)
Received: from ikhor.synapse.com ([46.211.104.218])
 by smtp.gmail.com with ESMTPSA id
 z20-20020a1709060ad400b0085d6bfc6201sm2756981ejf.86.2023.01.27.12.02.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 27 Jan 2023 12:02:18 -0800 (PST)
From: Ivan Khoronzhuk <ivan.khoronzhuk@gmail.com>
X-Google-Original-From: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
To: igor.opaniuk@gmail.com,
	u-boot@lists.denx.de
Cc: Jens Wiklander <jens.wiklander@linaro.org>,
 Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
Subject: [PATCH v4] common: avb_verify: prevent opening incorrect session
Date: Fri, 27 Jan 2023 22:02:14 +0200
Message-Id: <20230127200214.287138-1-ivan.khoronzhuk@globallogic.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230122024130.4028621-1-ivan.khoronzhuk@gmail.com>
References: <20230122024130.4028621-1-ivan.khoronzhuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Series

[v4] common: avb_verify: prevent opening incorrect session | expand

The arg->session is not valid if arg->ret != NULL, so can't be assigned, correct this. Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com> --- common/avb_verify.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

Ivan Khoronzhuk Feb. 2, 2023, 8 p.m. UTC | #1

Any comments to this patch?

Jens Wiklander Feb. 3, 2023, 10:59 a.m. UTC | #2

On Fri, Jan 27, 2023 at 9:02 PM Ivan Khoronzhuk
<ivan.khoronzhuk@gmail.com> wrote:
>
> The arg->session is not valid if arg->ret != NULL, so can't be
> assigned, correct this.
>
> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
> ---
>  common/avb_verify.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Thanks,
Jens

>
> diff --git a/common/avb_verify.c b/common/avb_verify.c
> index 0520a71455..48ba8db51e 100644
> --- a/common/avb_verify.c
> +++ b/common/avb_verify.c
> @@ -619,10 +619,11 @@ static int get_open_session(struct AvbOpsData *ops_data)
>                 memset(&arg, 0, sizeof(arg));
>                 tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
>                 rc = tee_open_session(tee, &arg, 0, NULL);
> -               if (!rc) {
> -                       ops_data->tee = tee;
> -                       ops_data->session = arg.session;
> -               }
> +               if (rc || arg.ret)
> +                       continue;
> +
> +               ops_data->tee = tee;
> +               ops_data->session = arg.session;
>         }
>
>         return 0;
> --
> 2.34.1
>

Tom Rini Feb. 17, 2023, 7:19 p.m. UTC | #3

On Fri, Jan 27, 2023 at 10:02:14PM +0200, Ivan Khoronzhuk wrote:

> The arg->session is not valid if arg->ret != NULL, so can't be
> assigned, correct this.
> 
> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Applied to u-boot/master, thanks!

diff --git a/common/avb_verify.c b/common/avb_verify.c
index 0520a71455..48ba8db51e 100644
--- a/common/avb_verify.c
+++ b/common/avb_verify.c
@@ -619,10 +619,11 @@  static int get_open_session(struct AvbOpsData *ops_data)
 		memset(&arg, 0, sizeof(arg));
 		tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
 		rc = tee_open_session(tee, &arg, 0, NULL);
-		if (!rc) {
-			ops_data->tee = tee;
-			ops_data->session = arg.session;
-		}
+		if (rc || arg.ret)
+			continue;
+
+		ops_data->tee = tee;
+		ops_data->session = arg.session;
 	}
 
 	return 0;

[v4] common: avb_verify: prevent opening incorrect session

Commit Message

Comments

Patch