tee: fix unbalanced context refcount in register shm from fd

Successful registration of a memory reference in the scope of a TEE content must increase the context refcount. This change adds this missing refcount increase. The context refcount is already decremented when such shm reference is freed by its owner, in tee_shm_release(), hence current unbalance refcount before this path is applied. Fixes: 9f9806e ("tee: new ioctl to a register tee_shm from a dmabuf file descriptor") Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (Qemu armv7/v8) Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
sahilnxp · Apr 16, 2018 · 94c2f2e · 94c2f2e
1 parent 3ed4ce4
commit 94c2f2e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
@@ -372,6 +372,8 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
 	if (!tee_device_get(ctx->teedev))
 		return ERR_PTR(-EINVAL);
 
+	teedev_ctx_get(ctx);
+
 	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
 	if (!ref) {
 		rc = ERR_PTR(-ENOMEM);
@@ -452,6 +454,7 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
 			dma_buf_put(ref->dmabuf);
 	}
 	kfree(ref);
+	teedev_ctx_put(ctx);
 	tee_device_put(ctx->teedev);
 	return rc;
 }