Re: [PATCH] usb: xhci: Fix memory leak in xchi_disable_slot()

Next message: Gao Xiang: "Re: [PATCH v2] erofs: don't bother with s_stack_depth increasing for now"
Previous message: javen: "[PATCH net-next v2 2/2] r8169: enable LTR support"
Next in thread: Greg KH: "Re: [PATCH] usb: xhci: Fix memory leak in xchi_disable_slot()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zilin Guan

Date: Wed Jan 07 2026 - 21:37:20 EST

On Wed, Jan 07, 2026 at 04:04:43PM +0100, Greg KH wrote:
> On Thu, Dec 25, 2025 at 04:21:19PM +0000, Zilin Guan wrote:
> > xhci_alloc_command() allocates a command structure and, when the
> > second argument is true, also allocates a completion structure.
> > Currently, the error handling path in xhci_disable_slot() only frees
> > the command structure using kfree(), causing the completion structure
> > to leak.
> >
> > Fix this by using xhci_free_command() instead of kfree(). This function
> > correctly frees both the command and the completion structure.
> >
> > Fixes: cd3f1790b006d ("usb: xhci: Fix potential memory leak in xhci_disable_slot()")
>
> No cc: stable?

My understanding is that the Cc: stable tag is primarily intended for
severe bugs. I wasn't sure if this leak was critical enough to warrant
backporting, especially since the amount of leaked memory is small. I
decided to avoid adding unnecessary noise to the stable tree, but I am
happy to include the tag if you advise doing so.

> And how was this found? How was it tested?

This issue was reported by our static analysis tool, but we manually verify
the bugs.

We enforced a rigorous manual check to trace the code path and confirm
the resource leak is genuine specifically to filter out any false
positives from the tool.

> What tool created this fix?

We wrote patch manually.

Thanks,
Zilin Guan