From: Chenghao Duan Date: Thu, 26 Mar 2026 08:47:25 +0000 (+0800) Subject: mm/memfd_luo: fix physical address conversion in put_folios cleanup X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3538f90ab89aaf302782b4b073a0aae66904cd67;p=thirdparty%2Fkernel%2Flinux.git mm/memfd_luo: fix physical address conversion in put_folios cleanup In memfd_luo_retrieve_folios()'s put_folios cleanup path: 1. kho_restore_folio() expects a phys_addr_t (physical address) but receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address). 2. This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could incorrectly process sparse file holes where pfn=0. Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file. This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn Link: https://lore.kernel.org/20260326084727.118437-6-duanchenghao@kylinos.cn Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd") Signed-off-by: Chenghao Duan Reviewed-by: Pasha Tatashin Reviewed-by: Pratyush Yadav Cc: Haoran Jiang Cc: Mike Rapoport (Microsoft) Cc: Signed-off-by: Andrew Morton --- diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c index eb9f4cc0e7ae..eb611527dedd 100644 --- a/mm/memfd_luo.c +++ b/mm/memfd_luo.c @@ -484,8 +484,13 @@ put_folios: */ for (long j = i + 1; j < nr_folios; j++) { const struct memfd_luo_folio_ser *pfolio = &folios_ser[j]; + phys_addr_t phys; + + if (!pfolio->pfn) + continue; - folio = kho_restore_folio(pfolio->pfn); + phys = PFN_PHYS(pfolio->pfn); + folio = kho_restore_folio(phys); if (folio) folio_put(folio); }