diff options
author | Etienne Carriere <etienne.carriere@linaro.org> | 2018-04-16 09:43:27 +0200 |
---|---|---|
committer | Jens Wiklander <jens.wiklander@linaro.org> | 2018-11-06 09:47:42 +0100 |
commit | 2c38cb4fa070d518723e8a660b1399146d139803 (patch) | |
tree | 273d9b128c5c251f9c055b0b55b3899a2a1850f4 | |
parent | 42504434e538d254db28278a014f9ee9173ef384 (diff) |
tee: fix unbalanced context refcount in register shm from fdv4.14/topic/optee
Successful registration of a memory reference in the scope of a
TEE content must increase the context refcount. This change
adds this missing refcount increase.
The context refcount is already decremented when such shm reference
is freed by its owner, in tee_shm_release(), hence current unbalance
refcount before this path is applied.
Cherry-picked from https://github.com/linaro-swg/linux/tree/optee:
(bf63bf641fe6 "tee: fix unbalanced context refcount in register shm from fd")
Fixes: 02b91c70ea3a ("tee: new ioctl to a register tee_shm from a dmabuf file descriptor")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (Qemu armv7/v8)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: update SHA-1 of commit in Fixes: tag after rebasing onto v4.18]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-rw-r--r-- | drivers/tee/tee_shm.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index cbbb0b9e781e..d8c7bfae456a 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -372,6 +372,8 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd) if (!tee_device_get(ctx->teedev)) return ERR_PTR(-EINVAL); + teedev_ctx_get(ctx); + ref = kzalloc(sizeof(*ref), GFP_KERNEL); if (!ref) { rc = ERR_PTR(-ENOMEM); @@ -452,6 +454,7 @@ err: dma_buf_put(ref->dmabuf); } kfree(ref); + teedev_ctx_put(ctx); tee_device_put(ctx->teedev); return rc; } |