1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <bitstring.h> 8 #include <crypto/crypto.h> 9 #include <kernel/mutex.h> 10 #include <kernel/thread.h> 11 #include <mm/mobj.h> 12 #include <optee_rpc_cmd.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <tee_api_defines_extensions.h> 16 #include <tee/tadb.h> 17 #include <tee/tee_fs.h> 18 #include <tee/tee_fs_rpc.h> 19 #include <tee/tee_pobj.h> 20 #include <tee/tee_svc_storage.h> 21 #include <utee_defines.h> 22 23 #define TADB_MAX_BUFFER_SIZE (64U * 1024) 24 25 #define TADB_AUTH_ENC_ALG TEE_ALG_AES_GCM 26 #define TADB_IV_SIZE TEE_AES_BLOCK_SIZE 27 #define TADB_TAG_SIZE TEE_AES_BLOCK_SIZE 28 #define TADB_KEY_SIZE TEE_AES_MAX_KEY_SIZE 29 30 struct tee_tadb_dir { 31 const struct tee_file_operations *ops; 32 struct tee_file_handle *fh; 33 int nbits; 34 bitstr_t *files; 35 }; 36 37 /* 38 * struct tadb_entry - TA database entry 39 * @prop: properties of TA 40 * @file_number: encrypted TA is stored in <file_number>.ta 41 * @iv: Initialization vector of the authentication crypto 42 * @tag: Tag used to validate the authentication encrypted TA 43 * @key: Key used to decrypt the TA 44 */ 45 struct tadb_entry { 46 struct tee_tadb_property prop; 47 uint32_t file_number; 48 uint8_t iv[TADB_IV_SIZE]; 49 uint8_t tag[TADB_TAG_SIZE]; 50 uint8_t key[TADB_KEY_SIZE]; 51 }; 52 53 struct tadb_header { 54 uint32_t opaque_len; 55 uint8_t opaque[]; 56 }; 57 58 struct tee_tadb_ta_write { 59 struct tee_tadb_dir *db; 60 int fd; 61 struct tadb_entry entry; 62 size_t pos; 63 void *ctx; 64 }; 65 66 struct tee_tadb_ta_read { 67 struct tee_tadb_dir *db; 68 int fd; 69 struct tadb_entry entry; 70 size_t pos; 71 void *ctx; 72 struct mobj *ta_mobj; 73 uint8_t *ta_buf; 74 }; 75 76 static const char tadb_obj_id[] = "ta.db"; 77 static struct tee_tadb_dir *tadb_db; 78 static unsigned int tadb_db_refc; 79 static struct mutex tadb_mutex = MUTEX_INITIALIZER; 80 81 static void file_num_to_str(char *buf, size_t blen, uint32_t file_number) 82 { 83 int rc __maybe_unused = 0; 84 85 rc = snprintf(buf, blen, "%" PRIu32 ".ta", file_number); 86 assert(rc >= 0); 87 } 88 89 static bool is_null_uuid(const TEE_UUID *uuid) 90 { 91 const TEE_UUID null_uuid = { 0 }; 92 93 return !memcmp(uuid, &null_uuid, sizeof(*uuid)); 94 } 95 96 static TEE_Result ta_operation_open(unsigned int cmd, uint32_t file_number, 97 int *fd) 98 { 99 struct mobj *mobj; 100 TEE_Result res; 101 void *va; 102 103 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS, 104 THREAD_SHM_TYPE_APPLICATION, 105 TEE_FS_NAME_MAX, &mobj); 106 if (!va) 107 return TEE_ERROR_OUT_OF_MEMORY; 108 109 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 110 111 struct thread_param params[] = { 112 [0] = THREAD_PARAM_VALUE(IN, cmd, 0, 0), 113 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 114 [2] = THREAD_PARAM_VALUE(OUT, 0, 0, 0), 115 }; 116 117 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 118 if (!res) 119 *fd = params[2].u.value.a; 120 121 return res; 122 } 123 124 static TEE_Result ta_operation_remove(uint32_t file_number) 125 { 126 struct mobj *mobj; 127 void *va; 128 129 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS, 130 THREAD_SHM_TYPE_APPLICATION, 131 TEE_FS_NAME_MAX, &mobj); 132 if (!va) 133 return TEE_ERROR_OUT_OF_MEMORY; 134 135 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 136 137 struct thread_param params[] = { 138 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_REMOVE, 0, 0), 139 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 140 }; 141 142 return thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 143 } 144 145 static TEE_Result maybe_grow_files(struct tee_tadb_dir *db, int idx) 146 { 147 void *p; 148 149 if (idx < db->nbits) 150 return TEE_SUCCESS; 151 152 p = realloc(db->files, bitstr_size(idx + 1)); 153 if (!p) 154 return TEE_ERROR_OUT_OF_MEMORY; 155 db->files = p; 156 157 bit_nclear(db->files, db->nbits, idx); 158 db->nbits = idx + 1; 159 160 return TEE_SUCCESS; 161 } 162 163 static TEE_Result set_file(struct tee_tadb_dir *db, int idx) 164 { 165 TEE_Result res = maybe_grow_files(db, idx); 166 167 if (!res) 168 bit_set(db->files, idx); 169 170 return res; 171 } 172 173 static void clear_file(struct tee_tadb_dir *db, int idx) 174 { 175 if (idx < db->nbits) 176 bit_clear(db->files, idx); 177 } 178 179 static bool test_file(struct tee_tadb_dir *db, int idx) 180 { 181 if (idx < db->nbits) 182 return bit_test(db->files, idx); 183 184 return false; 185 } 186 187 static TEE_Result read_ent(struct tee_tadb_dir *db, size_t idx, 188 struct tadb_entry *entry) 189 { 190 size_t l = sizeof(*entry); 191 TEE_Result res = db->ops->read(db->fh, idx * l, entry, &l); 192 193 if (!res && l != sizeof(*entry)) 194 return TEE_ERROR_ITEM_NOT_FOUND; 195 196 return res; 197 } 198 199 static TEE_Result write_ent(struct tee_tadb_dir *db, size_t idx, 200 const struct tadb_entry *entry) 201 { 202 const size_t l = sizeof(*entry); 203 204 return db->ops->write(db->fh, idx * l, entry, l); 205 } 206 207 static TEE_Result tadb_open(struct tee_tadb_dir **db_ret) 208 { 209 TEE_Result res; 210 struct tee_tadb_dir *db = calloc(1, sizeof(*db)); 211 struct tee_pobj po = { 212 .obj_id = (void *)tadb_obj_id, 213 .obj_id_len = sizeof(tadb_obj_id) 214 }; 215 216 if (!db) 217 return TEE_ERROR_OUT_OF_MEMORY; 218 219 db->ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE); 220 221 res = db->ops->open(&po, NULL, &db->fh); 222 if (res == TEE_ERROR_ITEM_NOT_FOUND) 223 res = db->ops->create(&po, false, NULL, 0, NULL, 0, NULL, 0, 224 &db->fh); 225 226 if (res) 227 free(db); 228 else 229 *db_ret = db; 230 231 return res; 232 } 233 234 static TEE_Result tee_tadb_open(struct tee_tadb_dir **db) 235 { 236 TEE_Result res = TEE_SUCCESS; 237 238 mutex_lock(&tadb_mutex); 239 if (!tadb_db_refc) { 240 assert(!tadb_db); 241 res = tadb_open(&tadb_db); 242 if (res) 243 goto err; 244 } 245 tadb_db_refc++; 246 *db = tadb_db; 247 err: 248 mutex_unlock(&tadb_mutex); 249 return res; 250 } 251 252 static void tadb_put(struct tee_tadb_dir *db) 253 { 254 assert(db == tadb_db); 255 mutex_lock(&tadb_mutex); 256 assert(tadb_db_refc); 257 tadb_db_refc--; 258 if (!tadb_db_refc) { 259 db->ops->close(&db->fh); 260 free(db->files); 261 free(db); 262 tadb_db = NULL; 263 } 264 mutex_unlock(&tadb_mutex); 265 } 266 267 static void tee_tadb_close(struct tee_tadb_dir *db) 268 { 269 tadb_put(db); 270 } 271 272 static TEE_Result tadb_authenc_init(TEE_OperationMode mode, 273 const struct tadb_entry *entry, 274 void **ctx_ret) 275 { 276 TEE_Result res; 277 void *ctx; 278 const size_t enc_size = entry->prop.custom_size + entry->prop.bin_size; 279 280 res = crypto_authenc_alloc_ctx(&ctx, TADB_AUTH_ENC_ALG); 281 if (res) 282 return res; 283 284 res = crypto_authenc_init(ctx, mode, entry->key, sizeof(entry->key), 285 entry->iv, sizeof(entry->iv), 286 sizeof(entry->tag), 0, enc_size); 287 if (res) 288 crypto_authenc_free_ctx(ctx); 289 else 290 *ctx_ret = ctx; 291 292 return res; 293 } 294 295 static TEE_Result tadb_update_payload(void *ctx, TEE_OperationMode mode, 296 const void *src, size_t len, void *dst) 297 { 298 TEE_Result res; 299 size_t sz = len; 300 301 res = crypto_authenc_update_payload(ctx, mode, (const uint8_t *)src, 302 len, dst, &sz); 303 assert(res || sz == len); 304 return res; 305 } 306 307 static TEE_Result populate_files(struct tee_tadb_dir *db) 308 { 309 TEE_Result res; 310 size_t idx; 311 312 /* 313 * If db->files isn't NULL the bitfield is already populated and 314 * there's nothing left to do here for now. 315 */ 316 if (db->nbits) 317 return TEE_SUCCESS; 318 319 /* 320 * Iterate over the TA database and set the bits in the bit field 321 * for used file numbers. Note that set_file() will allocate and 322 * grow the bitfield as needed. 323 * 324 * At the same time clean out duplicate file numbers, the first 325 * entry with the file number has precedence. Duplicate entries is 326 * not supposed to be able to happen, but if it still does better 327 * to clean it out here instead of letting the error spread with 328 * unexpected side effects. 329 */ 330 for (idx = 0;; idx++) { 331 struct tadb_entry entry; 332 333 res = read_ent(db, idx, &entry); 334 if (res) { 335 if (res == TEE_ERROR_ITEM_NOT_FOUND) 336 return TEE_SUCCESS; 337 goto err; 338 } 339 340 if (is_null_uuid(&entry.prop.uuid)) 341 continue; 342 343 if (test_file(db, entry.file_number)) { 344 IMSG("Clearing duplicate file number %" PRIu32, 345 entry.file_number); 346 memset(&entry, 0, sizeof(entry)); 347 res = write_ent(db, idx, &entry); 348 if (res) 349 goto err; 350 continue; 351 } 352 353 res = set_file(db, entry.file_number); 354 if (res) 355 goto err; 356 } 357 358 err: 359 free(db->files); 360 db->files = NULL; 361 db->nbits = 0; 362 363 return res; 364 } 365 366 TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, 367 struct tee_tadb_ta_write **ta_ret) 368 { 369 TEE_Result res; 370 struct tee_tadb_ta_write *ta; 371 int i = 0; 372 373 if (is_null_uuid(&property->uuid)) 374 return TEE_ERROR_GENERIC; 375 376 ta = calloc(1, sizeof(*ta)); 377 if (!ta) 378 return TEE_ERROR_OUT_OF_MEMORY; 379 380 res = tee_tadb_open(&ta->db); 381 if (res) 382 goto err_free; 383 384 mutex_lock(&tadb_mutex); 385 386 /* 387 * Since we're going to search for next free file number below we 388 * need to populate the bitfield holding used file numbers. 389 */ 390 res = populate_files(ta->db); 391 if (res) 392 goto err_mutex; 393 394 if (ta->db->files) { 395 bit_ffc(ta->db->files, ta->db->nbits, &i); 396 if (i == -1) 397 i = ta->db->nbits; 398 } 399 400 res = set_file(ta->db, i); 401 if (res) 402 goto err_mutex; 403 404 mutex_unlock(&tadb_mutex); 405 406 ta->entry.file_number = i; 407 ta->entry.prop = *property; 408 409 res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv)); 410 if (res) 411 goto err_put; 412 413 res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key)); 414 if (res) 415 goto err_put; 416 417 res = ta_operation_open(OPTEE_RPC_FS_CREATE, ta->entry.file_number, 418 &ta->fd); 419 if (res) 420 goto err_put; 421 422 res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx); 423 if (res) 424 goto err_put; 425 426 *ta_ret = ta; 427 428 return TEE_SUCCESS; 429 430 err_mutex: 431 mutex_unlock(&tadb_mutex); 432 err_put: 433 tadb_put(ta->db); 434 err_free: 435 free(ta); 436 437 return res; 438 } 439 440 TEE_Result tee_tadb_ta_write(struct tee_tadb_ta_write *ta, const void *buf, 441 size_t len) 442 { 443 TEE_Result res; 444 const uint8_t *rb = buf; 445 size_t rl = len; 446 struct tee_fs_rpc_operation op; 447 448 while (rl) { 449 size_t wl = MIN(rl, TADB_MAX_BUFFER_SIZE); 450 void *wb; 451 452 res = tee_fs_rpc_write_init(&op, OPTEE_RPC_CMD_FS, ta->fd, 453 ta->pos, wl, &wb); 454 if (res) 455 return res; 456 457 res = tadb_update_payload(ta->ctx, TEE_MODE_ENCRYPT, 458 rb, wl, wb); 459 if (res) 460 return res; 461 462 res = tee_fs_rpc_write_final(&op); 463 if (res) 464 return res; 465 466 rl -= wl; 467 rb += wl; 468 ta->pos += wl; 469 } 470 471 return TEE_SUCCESS; 472 } 473 474 void tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write *ta) 475 { 476 crypto_authenc_final(ta->ctx); 477 crypto_authenc_free_ctx(ta->ctx); 478 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 479 ta_operation_remove(ta->entry.file_number); 480 481 mutex_lock(&tadb_mutex); 482 clear_file(ta->db, ta->entry.file_number); 483 mutex_unlock(&tadb_mutex); 484 485 tadb_put(ta->db); 486 free(ta); 487 } 488 489 static TEE_Result find_ent(struct tee_tadb_dir *db, const TEE_UUID *uuid, 490 size_t *idx_ret, struct tadb_entry *entry_ret) 491 { 492 TEE_Result res; 493 size_t idx; 494 495 /* 496 * Search for the provided uuid, if it's found return the index it 497 * has together with TEE_SUCCESS. 498 * 499 * If the uuid can't be found return the number indexes together 500 * with TEE_ERROR_ITEM_NOT_FOUND. 501 */ 502 for (idx = 0;; idx++) { 503 struct tadb_entry entry; 504 505 res = read_ent(db, idx, &entry); 506 if (res) { 507 if (res == TEE_ERROR_ITEM_NOT_FOUND) 508 break; 509 return res; 510 } 511 512 if (!memcmp(&entry.prop.uuid, uuid, sizeof(*uuid))) { 513 if (entry_ret) 514 *entry_ret = entry; 515 break; 516 } 517 } 518 519 *idx_ret = idx; 520 return res; 521 } 522 523 static TEE_Result find_free_ent_idx(struct tee_tadb_dir *db, size_t *idx) 524 { 525 const TEE_UUID null_uuid = { 0 }; 526 TEE_Result res = find_ent(db, &null_uuid, idx, NULL); 527 528 /* 529 * Note that *idx is set to the number of entries on 530 * TEE_ERROR_ITEM_NOT_FOUND. 531 */ 532 if (res == TEE_ERROR_ITEM_NOT_FOUND) 533 return TEE_SUCCESS; 534 return res; 535 } 536 537 TEE_Result tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write *ta) 538 { 539 TEE_Result res; 540 size_t dsz = 0; 541 size_t sz = sizeof(ta->entry.tag); 542 size_t idx; 543 struct tadb_entry old_ent; 544 bool have_old_ent = false; 545 546 res = crypto_authenc_enc_final(ta->ctx, NULL, 0, NULL, &dsz, 547 ta->entry.tag, &sz); 548 if (res) 549 goto err; 550 551 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 552 553 mutex_lock(&tadb_mutex); 554 /* 555 * First try to find an existing TA to replace. If there's one 556 * we'll use the entry, but we should also remove the old encrypted 557 * file. 558 * 559 * If there isn't an existing TA to replace, grab a new entry. 560 */ 561 res = find_ent(ta->db, &ta->entry.prop.uuid, &idx, &old_ent); 562 if (!res) { 563 have_old_ent = true; 564 } else { 565 res = find_free_ent_idx(ta->db, &idx); 566 if (res) 567 goto err_mutex; 568 } 569 res = write_ent(ta->db, idx, &ta->entry); 570 if (res) 571 goto err_mutex; 572 if (have_old_ent) 573 clear_file(ta->db, old_ent.file_number); 574 mutex_unlock(&tadb_mutex); 575 576 crypto_authenc_final(ta->ctx); 577 crypto_authenc_free_ctx(ta->ctx); 578 tadb_put(ta->db); 579 free(ta); 580 if (have_old_ent) 581 ta_operation_remove(old_ent.file_number); 582 return TEE_SUCCESS; 583 584 err_mutex: 585 mutex_unlock(&tadb_mutex); 586 err: 587 tee_tadb_ta_close_and_delete(ta); 588 return res; 589 } 590 591 TEE_Result tee_tadb_ta_delete(const TEE_UUID *uuid) 592 { 593 const struct tadb_entry null_entry = { { { 0 } } }; 594 struct tee_tadb_dir *db; 595 struct tadb_entry entry; 596 size_t idx; 597 TEE_Result res; 598 599 if (is_null_uuid(uuid)) 600 return TEE_ERROR_GENERIC; 601 602 res = tee_tadb_open(&db); 603 if (res) 604 return res; 605 606 mutex_lock(&tadb_mutex); 607 res = find_ent(db, uuid, &idx, &entry); 608 if (res) { 609 mutex_unlock(&tadb_mutex); 610 tee_tadb_close(db); 611 return res; 612 } 613 614 clear_file(db, entry.file_number); 615 res = write_ent(db, idx, &null_entry); 616 mutex_unlock(&tadb_mutex); 617 618 tee_tadb_close(db); 619 if (res) 620 return res; 621 622 ta_operation_remove(entry.file_number); 623 return TEE_SUCCESS; 624 } 625 626 TEE_Result tee_tadb_ta_open(const TEE_UUID *uuid, 627 struct tee_tadb_ta_read **ta_ret) 628 { 629 TEE_Result res = TEE_SUCCESS; 630 size_t idx = 0; 631 struct tee_tadb_ta_read *ta = NULL; 632 633 if (is_null_uuid(uuid)) 634 return TEE_ERROR_GENERIC; 635 636 ta = calloc(1, sizeof(*ta)); 637 if (!ta) 638 return TEE_ERROR_OUT_OF_MEMORY; 639 640 res = tee_tadb_open(&ta->db); 641 if (res) 642 goto err_free; /* Mustn't call tadb_put() */ 643 644 mutex_read_lock(&tadb_mutex); 645 res = find_ent(ta->db, uuid, &idx, &ta->entry); 646 mutex_read_unlock(&tadb_mutex); 647 if (res) 648 goto err; 649 650 res = ta_operation_open(OPTEE_RPC_FS_OPEN, ta->entry.file_number, 651 &ta->fd); 652 if (res) 653 goto err; 654 655 res = tadb_authenc_init(TEE_MODE_DECRYPT, &ta->entry, &ta->ctx); 656 if (res) 657 goto err; 658 659 *ta_ret = ta; 660 661 return TEE_SUCCESS; 662 err: 663 tadb_put(ta->db); 664 err_free: 665 free(ta); 666 return res; 667 } 668 669 const struct tee_tadb_property * 670 tee_tadb_ta_get_property(struct tee_tadb_ta_read *ta) 671 { 672 return &ta->entry.prop; 673 } 674 675 TEE_Result tee_tadb_get_tag(struct tee_tadb_ta_read *ta, uint8_t *tag, 676 unsigned int *tag_len) 677 { 678 if (!tag || *tag_len < sizeof(ta->entry.tag)) { 679 *tag_len = sizeof(ta->entry.tag); 680 return TEE_ERROR_SHORT_BUFFER; 681 } 682 *tag_len = sizeof(ta->entry.tag); 683 684 memcpy(tag, ta->entry.tag, sizeof(ta->entry.tag)); 685 686 return TEE_SUCCESS; 687 } 688 689 static TEE_Result ta_load(struct tee_tadb_ta_read *ta) 690 { 691 TEE_Result res; 692 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 693 694 if (ta->ta_mobj) 695 return TEE_SUCCESS; 696 697 ta->ta_mobj = thread_rpc_alloc_payload(sz); 698 if (!ta->ta_mobj) 699 return TEE_ERROR_OUT_OF_MEMORY; 700 701 ta->ta_buf = mobj_get_va(ta->ta_mobj, 0); 702 assert(ta->ta_buf); 703 704 struct thread_param params[] = { 705 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_READ, ta->fd, 0), 706 [1] = THREAD_PARAM_MEMREF(OUT, ta->ta_mobj, 0, sz), 707 }; 708 709 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 710 if (res) { 711 thread_rpc_free_payload(ta->ta_mobj); 712 ta->ta_mobj = NULL; 713 } 714 return res; 715 } 716 717 TEE_Result tee_tadb_ta_read(struct tee_tadb_ta_read *ta, void *buf, size_t *len) 718 { 719 TEE_Result res; 720 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 721 size_t l = MIN(*len, sz - ta->pos); 722 723 res = ta_load(ta); 724 if (res) 725 return res; 726 727 if (buf) { 728 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 729 ta->ta_buf + ta->pos, l, buf); 730 if (res) 731 return res; 732 } else { 733 size_t num_bytes = 0; 734 size_t b_size = MIN(256U, l); 735 uint8_t *b = malloc(b_size); 736 737 if (!b) 738 return TEE_ERROR_OUT_OF_MEMORY; 739 740 while (num_bytes < l) { 741 size_t n = MIN(b_size, l - num_bytes); 742 743 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 744 ta->ta_buf + ta->pos + 745 num_bytes, n, b); 746 if (res) 747 break; 748 num_bytes += n; 749 } 750 751 free(b); 752 if (res) 753 return res; 754 } 755 756 ta->pos += l; 757 if (ta->pos == sz) { 758 size_t dl = 0; 759 760 res = crypto_authenc_dec_final(ta->ctx, NULL, 0, NULL, &dl, 761 ta->entry.tag, TADB_TAG_SIZE); 762 if (res) 763 return res; 764 } 765 *len = l; 766 return TEE_SUCCESS; 767 } 768 769 void tee_tadb_ta_close(struct tee_tadb_ta_read *ta) 770 { 771 crypto_authenc_final(ta->ctx); 772 crypto_authenc_free_ctx(ta->ctx); 773 if (ta->ta_mobj) 774 thread_rpc_free_payload(ta->ta_mobj); 775 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 776 tadb_put(ta->db); 777 free(ta); 778 } 779