tee: fix memory leak in tee_dyn_shm_alloc_helper

When shm_register() fails in tee_dyn_shm_alloc_helper(), the pre-allocated
pages array is not freed, resulting in a memory leak.

Fixes: cf4441503e20 ("tee: optee: Move pool_op helper functions")
Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index 915239b033f5f76dc514800195a5dc6644d39ec2..2a7d253d9c554c508edaee35f4613233a29252a7 100644 (file)
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -230,7 +230,7 @@ int tee_dyn_shm_alloc_helper(struct tee_shm *shm, size_t size, size_t align,
        pages = kcalloc(nr_pages, sizeof(*pages), GFP_KERNEL);
        if (!pages) {
                rc = -ENOMEM;
-               goto err;
+               goto err_pages;
        }
 
        for (i = 0; i < nr_pages; i++)
@@ -243,11 +243,13 @@ int tee_dyn_shm_alloc_helper(struct tee_shm *shm, size_t size, size_t align,
                rc = shm_register(shm->ctx, shm, pages, nr_pages,
                                  (unsigned long)shm->kaddr);
                if (rc)
-                       goto err;
+                       goto err_kfree;
        }
 
        return 0;
-err:
+err_kfree:
+       kfree(pages);
+err_pages:
        free_pages_exact(shm->kaddr, shm->size);
        shm->kaddr = NULL;
        return rc;