[v3] Modify memfd_luo code

[PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup

Posted by Chenghao Duan 1 week ago

In memfd_luo_retrieve_folios()'s put_folios cleanup path:

1. kho_restore_folio() expects a phys_addr_t (physical address) but
   receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to
   check the wrong physical address (pfn << PAGE_SHIFT instead of the
   actual physical address).

2. This loop lacks the !pfolio->pfn check that exists in the main
   retrieval loop and memfd_luo_discard_folios(), which could
   incorrectly process sparse file holes where pfn=0.

Fix by converting PFN to physical address with PFN_PHYS() and adding
the !pfolio->pfn check, matching the pattern used elsewhere in this file.

This issue was identified by the AI review.
https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn

Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
---
 mm/memfd_luo.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
index 76edf9a3f5b5..b4cea3670689 100644
--- a/mm/memfd_luo.c
+++ b/mm/memfd_luo.c
@@ -469,8 +469,13 @@ static int memfd_luo_retrieve_folios(struct file *file,
 	 */
 	for (long j = i + 1; j < nr_folios; j++) {
 		const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
+		phys_addr_t phys;
+
+		if (!pfolio->pfn)
+			continue;
 
-		folio = kho_restore_folio(pfolio->pfn);
+		phys = PFN_PHYS(pfolio->pfn);
+		folio = kho_restore_folio(phys);
 		if (folio)
 			folio_put(folio);
 	}
-- 
2.25.1

Re: [PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup

Posted by Pratyush Yadav 11 hours ago

On Thu, Mar 26 2026, Chenghao Duan wrote:

> In memfd_luo_retrieve_folios()'s put_folios cleanup path:
>
> 1. kho_restore_folio() expects a phys_addr_t (physical address) but
>    receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to
>    check the wrong physical address (pfn << PAGE_SHIFT instead of the
>    actual physical address).
>
> 2. This loop lacks the !pfolio->pfn check that exists in the main
>    retrieval loop and memfd_luo_discard_folios(), which could
>    incorrectly process sparse file holes where pfn=0.
>
> Fix by converting PFN to physical address with PFN_PHYS() and adding
> the !pfolio->pfn check, matching the pattern used elsewhere in this file.
>
> This issue was identified by the AI review.
> https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn
>
> Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>

Reviewed-by: Pratyush Yadav <pratyush@kernel.org>

Andrew, can you please add:

Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
Cc: stable@vger.kernel.org

[...]

-- 
Regards,
Pratyush Yadav

Re: [PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup

Posted by Andrew Morton 4 hours ago

On Thu, 02 Apr 2026 11:06:23 +0000 Pratyush Yadav <pratyush@kernel.org> wrote:

> > Fix by converting PFN to physical address with PFN_PHYS() and adding
> > the !pfolio->pfn check, matching the pattern used elsewhere in this file.
> >
> > This issue was identified by the AI review.
> > https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn
> >
> > Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
> 
> Reviewed-by: Pratyush Yadav <pratyush@kernel.org>

Thanks.

> Andrew, can you please add:
> 
> Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
> Cc: stable@vger.kernel.org

Done.

Re: [PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup

Posted by Pasha Tatashin 20 hours ago

On Thu, Mar 26, 2026 at 4:48 AM Chenghao Duan <duanchenghao@kylinos.cn> wrote:
>
> In memfd_luo_retrieve_folios()'s put_folios cleanup path:
>
> 1. kho_restore_folio() expects a phys_addr_t (physical address) but
>    receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to
>    check the wrong physical address (pfn << PAGE_SHIFT instead of the
>    actual physical address).
>
> 2. This loop lacks the !pfolio->pfn check that exists in the main
>    retrieval loop and memfd_luo_discard_folios(), which could
>    incorrectly process sparse file holes where pfn=0.
>
> Fix by converting PFN to physical address with PFN_PHYS() and adding
> the !pfolio->pfn check, matching the pattern used elsewhere in this file.
>
> This issue was identified by the AI review.
> https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn
>
> Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
> ---
>  mm/memfd_luo.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
> index 76edf9a3f5b5..b4cea3670689 100644
> --- a/mm/memfd_luo.c
> +++ b/mm/memfd_luo.c
> @@ -469,8 +469,13 @@ static int memfd_luo_retrieve_folios(struct file *file,
>          */
>         for (long j = i + 1; j < nr_folios; j++) {
>                 const struct memfd_luo_folio_ser *pfolio = &folios_ser[j];
> +               phys_addr_t phys;
> +
> +               if (!pfolio->pfn)
> +                       continue;
>
> -               folio = kho_restore_folio(pfolio->pfn);
> +               phys = PFN_PHYS(pfolio->pfn);
> +               folio = kho_restore_folio(phys);

Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>

Thanks,
Pasha

>                 if (folio)
>                         folio_put(folio);
>         }
> --
> 2.25.1
>

[PATCH v3 1/7] mm/memfd: use folio_nr_pages() for shmem inode accounting
[PATCH v3 2/7] mm/memfd_luo: optimize shmem_recalc_inode calls in retrieve path
[PATCH v3 3/7] mm/memfd_luo: remove unnecessary memset in zero-size memfd path
[PATCH v3 4/7] mm/memfd_luo: use i_size_write() to set inode size during retrieve
[PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup
[PATCH v3 6/7] mm/memfd_luo: remove folio from page cache when accounting fails
[PATCH v3 7/7] mm/memfd_luo: fix integer overflow in memfd_luo_preserve_folios