On Fri, Jan 09, 2026 at 04:24:27PM +0100, Eugenio Pérez wrote: > diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c > b/drivers/vdpa/vdpa_user/vduse_dev.c > index 82ee476d45e0..675da1465e0e 100644 > --- a/drivers/vdpa/vdpa_user/vduse_dev.c > +++ b/drivers/vdpa/vdpa_user/vduse_dev.c > @@ -923,16 +923,24 @@ static void *vduse_dev_alloc_coherent(union virtio_map > token, size_t size, > if (!token.group) > return NULL; > > + addr = alloc_pages_exact(size, flag); > + if (!addr) > + return NULL; > +
So addr has allocated pages here ... > vdev = token.group->dev; > domain = vdev->domain; > addr = vduse_domain_alloc_coherent(domain, size, > - (dma_addr_t *)&iova, flag); > + (dma_addr_t *)&iova, addr); and then is overwritten here ... > if (!addr) > - return NULL; > + goto err; except on error where we go to err ... > > *dma_addr = (dma_addr_t)iova; > > return addr; > + > +err: > + free_pages_exact(addr, size); only to try and free NULL. will leak the original pages, will it not. > + return NULL; > } > > static void vduse_dev_free_coherent(union virtio_map token, size_t size,
