From: DaeMyung Kang <charsyam@gmail.com>
To: pasha.tatashin@soleen.com, rppt@kernel.org, akpm@linux-foundation.org
Cc: pratyush@kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, DaeMyung Kang <charsyam@gmail.com>
Subject: [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup
Date: Tue, 14 Apr 2026 01:29:29 +0900 [thread overview]
Message-ID: <20260413162929.156163-1-charsyam@gmail.com> (raw)
memfd_luo_retrieve_folios()'s error-path cleanup loop passes the raw
PFN to kho_restore_folio(), but the function expects a physical
address. The two other call sites in the same file (the discard path
and the main retrieve loop) correctly convert with PFN_PHYS() before
calling. Without the conversion the cleanup operates on the wrong
address and fails to release the folios that were preserved but not
yet inserted into the address space, leaking them across the live
update.
Apply PFN_PHYS() to match the other call sites.
Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
---
mm/memfd_luo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
index b8edb9f981d7..6d8aa429f553 100644
--- a/mm/memfd_luo.c
+++ b/mm/memfd_luo.c
@@ -467,7 +467,7 @@ static int memfd_luo_retrieve_folios(struct file *file,
for (long j = i + 1; j < nr_folios; j++) {
const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
- folio = kho_restore_folio(pfolio->pfn);
+ folio = kho_restore_folio(PFN_PHYS(pfolio->pfn));
if (folio)
folio_put(folio);
}
--
2.43.0
reply other threads:[~2026-04-13 16:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260413162929.156163-1-charsyam@gmail.com \
--to=charsyam@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pasha.tatashin@soleen.com \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox