securemsm-kernel: smcinvoke: Release map objs if invoke call fails

If invoke call fails due to some reason, map objects created for memory objects should also be released. Failing to do so, creates a memory leak as TZ is unaware of these objects and no one calls release on these. Change-Id: If5c48b810192553e3a216a0c3671f98a79bb2b59 Signed-off-by: Anmolpreet Kaur <quic_anmolpre@quicinc.com>
2023-04-27 08:26:20 +05:30
commit b1c6f1e933
--- a/smcinvoke/smcinvoke.c
+++ b/smcinvoke/smcinvoke.c
@@ -2410,6 +2410,23 @@ static void delete_pending_async_list_locked(struct list_head *l_pending_mem_obj
 	}
 }

+
+/*
+ * Unmap/release the mapped objects from  pending async list.
+ */
+static void release_map_obj_pending_async_list_locked(struct list_head *l_pending_mem_obj)
+{
+	struct smcinvoke_mem_obj_pending_async *mem_obj_pending = NULL;
+	struct smcinvoke_mem_obj_pending_async *temp = NULL;
+
+	if (list_empty(l_pending_mem_obj))
+		return;
+
+	list_for_each_entry_safe(mem_obj_pending, temp, l_pending_mem_obj, list) {
+		kref_put(&mem_obj_pending->mem_obj->mem_map_obj_ref_cnt, del_mem_map_obj_locked);
+	}
+}
+
 static long process_ack_local_obj(struct file *filp, unsigned int cmd,
 						unsigned long arg)
 {
@@ -2826,8 +2843,10 @@ out:
 			req.op, req.counts);

 	release_filp(filp_to_release, OBJECT_COUNTS_MAX_OO);
-	if (ret)
+	if (ret) {
+		release_map_obj_pending_async_list_locked(&l_mem_objs_pending_async);
 		release_tzhandles(tzhandles_to_release, OBJECT_COUNTS_MAX_OO);
+	}
 	qtee_shmbridge_free_shm(&in_shm);
 	qtee_shmbridge_free_shm(&out_shm);
 	kfree(args_buf);