From 2490cdf6435b1d3cac0dbf710cd752487c67c296 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Sat, 6 Jan 2018 12:22:30 +0300
Subject: [PATCH] tee: shm: Potential NULL dereference calling
 tee_shm_register()

get_user_pages_fast() can return zero in certain error paths.  We should
handle that or else it means we accidentally return ERR_PTR(0) which is
NULL instead of an error pointer.  The callers are not expecting that
and will crash with a NULL dereference.

Fixes: 033ddf12bcf5 ("tee: add register user memory")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 drivers/tee/tee_shm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
index 6f36da9ee412..556960a1bab3 100644
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -283,7 +283,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
 	if (rc > 0)
 		shm->num_pages = rc;
 	if (rc != num_pages) {
-		if (rc > 0)
+		if (rc >= 0)
 			rc = -ENOMEM;
 		ret = ERR_PTR(rc);
 		goto err;