* [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup
@ 2026-04-13 16:29 DaeMyung Kang
0 siblings, 0 replies; only message in thread
From: DaeMyung Kang @ 2026-04-13 16:29 UTC (permalink / raw)
To: pasha.tatashin, rppt, akpm
Cc: pratyush, linux-mm, linux-kernel, DaeMyung Kang
memfd_luo_retrieve_folios()'s error-path cleanup loop passes the raw
PFN to kho_restore_folio(), but the function expects a physical
address. The two other call sites in the same file (the discard path
and the main retrieve loop) correctly convert with PFN_PHYS() before
calling. Without the conversion the cleanup operates on the wrong
address and fails to release the folios that were preserved but not
yet inserted into the address space, leaking them across the live
update.
Apply PFN_PHYS() to match the other call sites.
Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
---
mm/memfd_luo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
index b8edb9f981d7..6d8aa429f553 100644
--- a/mm/memfd_luo.c
+++ b/mm/memfd_luo.c
@@ -467,7 +467,7 @@ static int memfd_luo_retrieve_folios(struct file *file,
for (long j = i + 1; j < nr_folios; j++) {
const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
- folio = kho_restore_folio(pfolio->pfn);
+ folio = kho_restore_folio(PFN_PHYS(pfolio->pfn));
if (folio)
folio_put(folio);
}
--
2.43.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-13 16:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-13 16:29 [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup DaeMyung Kang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox