Re: [PATCH v2] usb: xhci: Fix memory leak in xhci_disable_slot()

[Zilin Guan]

On Thu, Jan 08, 2026 at 04:28:42PM +0100, Greg KH wrote:
> On Thu, Jan 08, 2026 at 02:11:08PM +0000, Zilin Guan wrote:
> > xhci_alloc_command() allocates a command structure and, when the
> > second argument is true, also allocates a completion structure.
> > Currently, the error handling path in xhci_disable_slot() only frees
> > the command structure using kfree(), causing the completion structure
> > to leak.
> > 
> > Use xhci_free_command() instead of kfree(). xhci_free_command() correctly
> > frees both the command structure and the associated completion structure.
> > Since the command structure is allocated with zero-initialization,
> > command->in_ctx is NULL and will not be erroneously freed by
> > xhci_free_command().
> > 
> > This bug was found using an experimental static analysis tool we are
> > developing. The tool is based on the LLVM framework and is specifically
> > designed to detect memory management issues. It is currently under
> > active development and not yet publicly available, but we plan to
> > open-source it after our research is published.
> > 
> > The analysis was performed on Linux kernel v6.13-rc1.
> 
> That is a very old kernel version, from December 2024, please redo this
> to verify it is relevent to todays tree.
> 
> thanks,
> 
> greg k-h

Sorry for the confusion caused by our description. While the static 
analysis was indeed performed on v6.13-rc1, we have manually verified 
that the bug still exists in the latest mainline kernel before submitting
the patch.

I will clarify this distinction in the v3 patch and update the version 
information.

Thanks,
Zilin Guan