diff options
author | Mallikarjuna Reddy Amireddy <mamire@codeaurora.org> | 2016-11-22 17:24:46 +0530 |
---|---|---|
committer | Pat Tjin <pattjin@google.com> | 2016-12-07 07:22:23 +0000 |
commit | 7196b0d7f8814c73d222ab6310589e59aa271df5 (patch) | |
tree | 92005e87800c2bd958b8344c6c0070f48a665dc2 | |
parent | b26367aaad4f89a211bd964d32fa23b8e888d80d (diff) | |
download | msm-7196b0d7f8814c73d222ab6310589e59aa271df5.tar.gz |
qseecom: remove entry from qseecom_registered_app_listandroid-n-mr2-preview-1_r0.3android-7.1.1_r0.25android-7.1.1_r0.21android-msm-angler-3.10-nougat-mr1.4android-msm-angler-3.10-n-mr2-preview-1
In an error handling case, the QSEECOM_IOCTL_LOAD_APP_REQ ioctl
freed the entry for new TA, but didn't removed it from
qseecom_registered_app_list. Make change to remove it.
Bug: 31804432
Change-Id: Id681fbf3c923027d3db875d506cbe3f971919a8d
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Signed-off-by: Mallikarjuna Reddy Amireddy <mamire@codeaurora.org>
-rw-r--r-- | drivers/misc/qseecom.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c index 675881563840..2cd91df0c27f 100644 --- a/drivers/misc/qseecom.c +++ b/drivers/misc/qseecom.c @@ -1317,6 +1317,7 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) struct qseecom_command_scm_resp resp; struct qseecom_check_app_ireq req; struct qseecom_load_app_ireq load_req; + bool first_time = false; /* Copy the relevant information needed for loading the image */ if (copy_from_user(&load_img_req, @@ -1363,6 +1364,7 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) &qseecom.registered_app_list_lock, flags); ret = 0; } else { + first_time = true; pr_warn("App (%s) does'nt exist, loading apps for first time\n", (char *)(load_img_req.img_name)); /* Get the handle of the shared fd */ @@ -1463,8 +1465,15 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) load_img_req.app_id = app_id; if (copy_to_user(argp, &load_img_req, sizeof(load_img_req))) { pr_err("copy_to_user failed\n"); - kzfree(entry); ret = -EFAULT; + if (first_time == true) { + spin_lock_irqsave( + &qseecom.registered_app_list_lock, flags); + list_del(&entry->list); + spin_unlock_irqrestore( + &qseecom.registered_app_list_lock, flags); + kzfree(entry); + } } loadapp_err: |