From e2e161b34c07c86dbfd6a1bcf4f4cb16fb155c5a Mon Sep 17 00:00:00 2001 From: Anmolpreet Kaur Date: Fri, 11 Aug 2023 00:30:30 +0530 Subject: [PATCH] securemsm-kernel: smcinvoke: Release map objs if invoke call fails This change is a correction on top of commit: b1c6f1e9 which provided the fix for same issue but had a catch. In the previous change, kref_put was being done on an empty list. This change fixes that issue and deletes the list after kref_put is done. Root cause of original issue: If invoke call fails due to some reason, map objects created for memory objects should also be released. Failing to do so, creates a memory leak as TZ is unaware of these objects and no one calls release on these. Change-Id: Ibad583f6c45fbed05539757eb50a39289d532328 Signed-off-by: Anmolpreet Kaur --- smcinvoke/smcinvoke.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smcinvoke/smcinvoke.c b/smcinvoke/smcinvoke.c index da0fd05ec4..d16c2248e3 100644 --- a/smcinvoke/smcinvoke.c +++ b/smcinvoke/smcinvoke.c @@ -2800,7 +2800,6 @@ static long process_invoke_req(struct file *filp, unsigned int cmd, if (mem_obj_async_support) { mutex_lock(&g_smcinvoke_lock); add_mem_obj_info_to_async_side_channel_locked(out_msg, outmsg_size, &l_mem_objs_pending_async); - delete_pending_async_list_locked(&l_mem_objs_pending_async); mutex_unlock(&g_smcinvoke_lock); } @@ -2858,6 +2857,7 @@ out: release_map_obj_pending_async_list_locked(&l_mem_objs_pending_async); release_tzhandles(tzhandles_to_release, OBJECT_COUNTS_MAX_OO); } + delete_pending_async_list_locked(&l_mem_objs_pending_async); qtee_shmbridge_free_shm(&in_shm); qtee_shmbridge_free_shm(&out_shm); kfree(args_buf);