Re: [PATCH] platform/x86/intel/tpmi: Fix memory leak in mem_write() error path

Next message: Wolfram Sang: "Re: [PATCH v2 1/3] mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC"
Previous message: Han Gao: "[PATCH] pinctrl: spacemit: fix NULL check in spacemit_pin_set_config"
In reply to: ZhaoJinming: "[PATCH 2/2] platform/x86/intel/tpmi: convert mutex lock/unlock in mem_write() to guard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: srinivas pandruvada

Date: Tue May 19 2026 - 12:41:22 EST

On Tue, 2026-05-19 at 16:21 +0800, ZhaoJinming wrote:
> In mem_write(), when the IS_ALIGNED() check fails, the function
> returns
> -EINVAL directly without freeing the 'array' allocated by
> parse_int_array_user(). This causes a memory leak.
>
> Other error paths in the same function correctly use 'goto
> exit_write'
> to free the array before returning. Fix this inconsistency by using
> the same pattern for the alignment check.
>

Thanks. I see Ilpo suggested using cleanup.h. Let me know if you have
issue in doing that.

-Srinivas

> Fixes: 8e0a2fc68ec3 ("platform/x86/intel/tpmi: Use 32 bit aligned
> address for debugfs mem write")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: ZhaoJinming <zhaojinming@xxxxxxxxxxxxx>
> ---
> drivers/platform/x86/intel/vsec_tpmi.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/x86/intel/vsec_tpmi.c
> b/drivers/platform/x86/intel/vsec_tpmi.c
> index 16fd7aa41f20..2a428bfcb209 100644
> --- a/drivers/platform/x86/intel/vsec_tpmi.c
> +++ b/drivers/platform/x86/intel/vsec_tpmi.c
> @@ -495,8 +495,10 @@ static ssize_t mem_write(struct file *file,
> const char __user *userbuf, size_t l
> addr = array[2];
> value = array[3];
>
> - if (!IS_ALIGNED(addr, sizeof(u32)))
> - return -EINVAL;
> + if (!IS_ALIGNED(addr, sizeof(u32))) {
> + ret = -EINVAL;
> + goto exit_write;
> + }
>
> if (punit >= pfs->pfs_header.num_entries) {
> ret = -EINVAL;