mm/memfd_luo: fix physical address conversion in put_folios cleanup

In memfd_luo_retrieve_folios()'s put_folios cleanup path:

1. kho_restore_folio() expects a phys_addr_t (physical address) but
   receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to
   check the wrong physical address (pfn << PAGE_SHIFT instead of the
   actual physical address).

2. This loop lacks the !pfolio->pfn check that exists in the main
   retrieval loop and memfd_luo_discard_folios(), which could
   incorrectly process sparse file holes where pfn=0.

Fix by converting PFN to physical address with PFN_PHYS() and adding
the !pfolio->pfn check, matching the pattern used elsewhere in this file.

This issue was identified by the AI review.
https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn

Link: https://lore.kernel.org/20260326084727.118437-6-duanchenghao@kylinos.cn
Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
Cc: Haoran Jiang <jianghaoran@kylinos.cn>
Cc: Mike Rapoport (Microsoft) <rppt@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
index eb9f4cc0e7ae6aeca6d535f9d38040361571dfe9..eb611527dedd64008f64c1032b17f9faeaf57cdc 100644 (file)
--- a/mm/memfd_luo.c
+++ b/mm/memfd_luo.c
@@ -484,8 +484,13 @@ put_folios:
         */
        for (long j = i + 1; j < nr_folios; j++) {
                const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
+               phys_addr_t phys;
+
+               if (!pfolio->pfn)
+                       continue;
 
-               folio = kho_restore_folio(pfolio->pfn);
+               phys = PFN_PHYS(pfolio->pfn);
+               folio = kho_restore_folio(phys);
                if (folio)
                        folio_put(folio);
        }