qseecom: fix potential memory leak in __qseecom_update_cmd_buf_64

__qseecom_update_cmd_buf_64() called __qseecom_allocate_sg_list_buffer()
to allocate memory from within a for loop. Should it fail on any other
than the first time through the loop, the prior allocations will not be
deallocated, make change to deallocate memory in this error case.

Change-Id: I8cb71a3b141249d8266aec4890632f200d147405
Signed-off-by: Zhen Kong <zkong@codeaurora.org>

1 files changed, 8 insertions, 1 deletions

diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c
index 20949487f859..80ec3da27979 100644
--- a/drivers/misc/qseecom.c
+++ b/drivers/misc/qseecom.c
@@ -1,6 +1,6 @@
 /*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver
  *
- * Copyright (c) 2012-2016, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -3625,6 +3625,13 @@ cleanup:
 	}
 	return ret;
 err:
+	for (i = 0; i < MAX_ION_FD; i++)
+		if (data->client.sec_buf_fd[i].is_sec_buf_fd &&
+			data->client.sec_buf_fd[i].vbase)
+			dma_free_coherent(qseecom.pdev,
+				data->client.sec_buf_fd[i].size,
+				data->client.sec_buf_fd[i].vbase,
+				data->client.sec_buf_fd[i].pbase);
 	if (!IS_ERR_OR_NULL(ihandle))
 		ion_free(qseecom.ion_clnt, ihandle);
 	return -ENOMEM;