tee: fix unbalanced context refcount in register shm from fd

Successful registration of a memory reference in the scope of a
TEE content must increase the context refcount. This change
adds this missing refcount increase.

The context refcount is already decremented when such shm reference
is freed by its owner, in tee_shm_release(), hence current unbalance
refcount before this path is applied.

Fixes: 02b91c7 ("tee: new ioctl to a register tee_shm from a dmabuf file descriptor")
Signed-off-by: Etienne Carriere <[email protected]>
Tested-by: Etienne Carriere <[email protected]> (Qemu armv7/v8)
Acked-by: Jens Wiklander <[email protected]>
[jf: update SHA-1 of commit in Fixes: tag after rebasing onto v4.18]
Signed-off-by: Jerome Forissier <[email protected]>

Author: etienne-lms

drivers/tee/tee_shm.c

@@ -366,6 +366,8 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
 	if (!tee_device_get(ctx->teedev))
 		return ERR_PTR(-EINVAL);
 
+	teedev_ctx_get(ctx);
+
 	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
 	if (!ref) {
 		rc = ERR_PTR(-ENOMEM);
@@ -446,6 +448,7 @@ struct tee_shm *tee_shm_register_fd(struct tee_context *ctx, int fd)
 			dma_buf_put(ref->dmabuf);
 	}
 	kfree(ref);
+	teedev_ctx_put(ctx);
 	tee_device_put(ctx->teedev);
 	return rc;
 }