[PATCH] usb: xhci: Fix memory leak in xchi_disable_slot()

From: Zilin Guan
Date: Thu Dec 25 2025 - 11:37:02 EST

Next message: Yu Kuai: "Re: [PATCH] block: fix aux stat accumulation destination"
Previous message: Michael S. Tsirkin: "Re: [PATCH net 1/3] virtio-net: make refill work a per receive queue work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

xhci_alloc_command() allocates a command structure and, when the
second argument is true, also allocates a completion structure.
Currently, the error handling path in xhci_disable_slot() only frees
the command structure using kfree(), causing the completion structure
to leak.

Fix this by using xhci_free_command() instead of kfree(). This function
correctly frees both the command and the completion structure.

Fixes: cd3f1790b006d ("usb: xhci: Fix potential memory leak in xhci_disable_slot()")
Signed-off-by: Zilin Guan <zilin@xxxxxxxxxx>
---
drivers/usb/host/xhci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 02c9bfe21ae2..f0beed054954 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -4137,7 +4137,7 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
if (state == 0xffffffff || (xhci->xhc_state & XHCI_STATE_DYING) ||
(xhci->xhc_state & XHCI_STATE_HALTED)) {
spin_unlock_irqrestore(&xhci->lock, flags);
- kfree(command);
+ xhci_free_command(xhci, command);
return -ENODEV;
}

@@ -4145,7 +4145,7 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
slot_id);
if (ret) {
spin_unlock_irqrestore(&xhci->lock, flags);
- kfree(command);
+ xhci_free_command(xhci, command);
return ret;
}
xhci_ring_cmd_db(xhci);
--
2.34.1

Next message: Yu Kuai: "Re: [PATCH] block: fix aux stat accumulation destination"
Previous message: Michael S. Tsirkin: "Re: [PATCH net 1/3] virtio-net: make refill work a per receive queue work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]