* [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup
@ 2026-04-13 16:29 DaeMyung Kang
2026-04-14 10:49 ` Pratyush Yadav
0 siblings, 1 reply; 2+ messages in thread
From: DaeMyung Kang @ 2026-04-13 16:29 UTC (permalink / raw)
To: pasha.tatashin, rppt, akpm
Cc: pratyush, linux-mm, linux-kernel, DaeMyung Kang
memfd_luo_retrieve_folios()'s error-path cleanup loop passes the raw
PFN to kho_restore_folio(), but the function expects a physical
address. The two other call sites in the same file (the discard path
and the main retrieve loop) correctly convert with PFN_PHYS() before
calling. Without the conversion the cleanup operates on the wrong
address and fails to release the folios that were preserved but not
yet inserted into the address space, leaking them across the live
update.
Apply PFN_PHYS() to match the other call sites.
Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
---
mm/memfd_luo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
index b8edb9f981d7..6d8aa429f553 100644
--- a/mm/memfd_luo.c
+++ b/mm/memfd_luo.c
@@ -467,7 +467,7 @@ static int memfd_luo_retrieve_folios(struct file *file,
for (long j = i + 1; j < nr_folios; j++) {
const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
- folio = kho_restore_folio(pfolio->pfn);
+ folio = kho_restore_folio(PFN_PHYS(pfolio->pfn));
if (folio)
folio_put(folio);
}
--
2.43.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup
2026-04-13 16:29 [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup DaeMyung Kang
@ 2026-04-14 10:49 ` Pratyush Yadav
0 siblings, 0 replies; 2+ messages in thread
From: Pratyush Yadav @ 2026-04-14 10:49 UTC (permalink / raw)
To: DaeMyung Kang
Cc: pasha.tatashin, rppt, akpm, pratyush, linux-mm, linux-kernel
Hi DaeMyung,
On Tue, Apr 14 2026, DaeMyung Kang wrote:
> memfd_luo_retrieve_folios()'s error-path cleanup loop passes the raw
> PFN to kho_restore_folio(), but the function expects a physical
> address. The two other call sites in the same file (the discard path
> and the main retrieve loop) correctly convert with PFN_PHYS() before
> calling. Without the conversion the cleanup operates on the wrong
> address and fails to release the folios that were preserved but not
> yet inserted into the address space, leaking them across the live
> update.
>
> Apply PFN_PHYS() to match the other call sites.
>
> Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
> Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
Thanks, but this bug is also already fixed, by this patch [0].
[0] https://lore.kernel.org/linux-mm/20260326084727.118437-6-duanchenghao@kylinos.cn/
[...]
--
Regards,
Pratyush Yadav
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-14 10:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-13 16:29 [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup DaeMyung Kang
2026-04-14 10:49 ` Pratyush Yadav
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox