aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEtienne Carriere <etienne.carriere@linaro.org>2018-04-16 09:43:27 +0200
committerJens Wiklander <jens.wiklander@linaro.org>2018-11-06 09:47:42 +0100
commit2c38cb4fa070d518723e8a660b1399146d139803 (patch)
tree273d9b128c5c251f9c055b0b55b3899a2a1850f4
parent42504434e538d254db28278a014f9ee9173ef384 (diff)
downloadlinux-linaro-stable-v4.14/topic/optee.tar.gz
tee: fix unbalanced context refcount in register shm from fdv4.14/topic/optee
Successful registration of a memory reference in the scope of a TEE content must increase the context refcount. This change adds this missing refcount increase. The context refcount is already decremented when such shm reference is freed by its owner, in tee_shm_release(), hence current unbalance refcount before this path is applied. Cherry-picked from https://github.com/linaro-swg/linux/tree/optee: (bf63bf641fe6 "tee: fix unbalanced context refcount in register shm from fd") Fixes: 02b91c70ea3a ("tee: new ioctl to a register tee_shm from a dmabuf file descriptor") Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (Qemu armv7/v8) Acked-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: update SHA-1 of commit in Fixes: tag after rebasing onto v4.18] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-rw-r--r--drivers/tee/tee_shm.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index cbbb0b9e781e..d8c7bfae456a 100644
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -372,6 +372,8 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
if (!tee_device_get(ctx->teedev))
return ERR_PTR(-EINVAL);
+ teedev_ctx_get(ctx);
+
ref = kzalloc(sizeof(*ref), GFP_KERNEL);
if (!ref) {
rc = ERR_PTR(-ENOMEM);
@@ -452,6 +454,7 @@ err:
dma_buf_put(ref->dmabuf);
}
kfree(ref);
+ teedev_ctx_put(ctx);
tee_device_put(ctx->teedev);
return rc;
}