From nobody Thu Apr 2 23:44:50 2026 Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29A843BF698 for ; Thu, 26 Mar 2026 08:48:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=124.126.103.232 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514887; cv=none; b=rfr1e3/ssL42KeY2Te0jtyZ+OAjcYfEPaRy4dUl3hf/Lpvc4lBpbMRKQXGrRj/hGdOjbgdKA5SzeGaqf6R4eP23l7VmJ1NyQLmJOzmOnPiA+4jtGDnw0aZX66GR2jROizUDW8hA/Ky+Vx9ml4ylOAOSAO/2rrs6cY05Jt5IawyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514887; c=relaxed/simple; bh=SNQM8vGpWzpdnwsjDOIeHgkUprywTPj6ha3kn3la5pk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=g8ERlfaqUbiBbjlBuGynwMNAe4C7slqE4Favq1GmIzhjgzxpacBHgC86eAUAmjbxthYZZuOa4X9Xo/mXCmDRKxjTKqf1K/Qirb5lcd/CWHf4fYRWUPCsI9JfIl98kOHmz108y+4MKVbSnftKDpKOHDJz959Hf7+8DINWEQelBe8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kylinos.cn; spf=pass smtp.mailfrom=kylinos.cn; arc=none smtp.client-ip=124.126.103.232 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kylinos.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kylinos.cn X-UUID: 7decb7fe28f011f1a21c59e7364eecb8-20260326 X-CTIC-Tags: HR_CC_COUNT, HR_CC_DOMAIN_COUNT, HR_CC_NO_NAME, HR_CTE_8B, HR_CTT_MISS HR_DATE_H, HR_DATE_WKD, HR_DATE_ZONE, HR_FROM_NAME, HR_SJ_DIGIT_LEN HR_SJ_LANG, HR_SJ_LEN, HR_SJ_LETTER, HR_SJ_NOR_SYM, HR_SJ_PHRASE HR_SJ_PHRASE_LEN, HR_SJ_WS, HR_TO_COUNT, HR_TO_DOMAIN_COUNT, HR_TO_NO_NAME IP_TRUSTED, SRC_TRUSTED, DN_TRUSTED, SA_EXISTED, SN_EXISTED SPF_NOPASS, DKIM_NOPASS, DMARC_NOPASS, UD_TRUSTED, CIE_BAD CIE_GOOD, CIE_GOOD_SPF, GTI_FG_BS, GTI_RG_INFO, GTI_C_BU AMN_GOOD, ABX_MISS_RDNS X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.3.11,REQID:0149f3de-2b63-4fc2-baed-5df8a04f9f8a,IP:10, URL:25,TC:0,Content:0,EDM:0,RT:0,SF:-5,FILE:0,BULK:0,RULE:Release_Ham,ACTI ON:release,TS:30 X-CID-INFO: VERSION:1.3.11,REQID:0149f3de-2b63-4fc2-baed-5df8a04f9f8a,IP:10,UR L:25,TC:0,Content:0,EDM:0,RT:0,SF:-5,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:30 X-CID-META: VersionHash:89c9d04,CLOUDID:79d138a8d03187dca63f965297c09dfb,BulkI D:260326164801IH4OYY5O,BulkQuantity:0,Recheck:0,SF:17|19|38|66|78|81|82|10 2|127|850|898,TC:nil,Content:0|15|50,EDM:-3,IP:-2,URL:11|94|81|1,File:nil, RT:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,D KP:0,BRR:0,BRE:0,ARC:0 X-CID-BVR: 2,SSN|SDN X-CID-BAS: 2,SSN|SDN,0,_ X-CID-FACTOR: TF_CID_SPAM_FSD,TF_CID_SPAM_ULN,TF_CID_SPAM_SNR,TF_CID_SPAM_FAS X-CID-RHF: D41D8CD98F00B204E9800998ECF8427E X-UUID: 7decb7fe28f011f1a21c59e7364eecb8-20260326 X-User: duanchenghao@kylinos.cn Received: from localhost.localdomain [(183.242.174.21)] by mailgw.kylinos.cn (envelope-from ) (Generic MTA) with ESMTP id 2056257955; Thu, 26 Mar 2026 16:47:59 +0800 From: Chenghao Duan To: pasha.tatashin@soleen.com, rppt@kernel.org, pratyush@kernel.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: jianghaoran@kylinos.cn, duanchenghao@kylinos.cn Subject: [PATCH v3 5/7] mm/memfd_luo: fix physical address conversion in put_folios cleanup Date: Thu, 26 Mar 2026 16:47:25 +0800 Message-Id: <20260326084727.118437-6-duanchenghao@kylinos.cn> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260326084727.118437-1-duanchenghao@kylinos.cn> References: <20260326084727.118437-1-duanchenghao@kylinos.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In memfd_luo_retrieve_folios()'s put_folios cleanup path: 1. kho_restore_folio() expects a phys_addr_t (physical address) but receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address). 2. This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could incorrectly process sparse file holes where pfn=3D0. Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file. This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos= .cn Signed-off-by: Chenghao Duan Reviewed-by: Pasha Tatashin Reviewed-by: Pratyush Yadav --- mm/memfd_luo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c index 76edf9a3f5b5..b4cea3670689 100644 --- a/mm/memfd_luo.c +++ b/mm/memfd_luo.c @@ -469,8 +469,13 @@ static int memfd_luo_retrieve_folios(struct file *file, */ for (long j =3D i + 1; j < nr_folios; j++) { const struct memfd_luo_folio_ser *pfolio =3D &folios_ser[j]; + phys_addr_t phys; + + if (!pfolio->pfn) + continue; =20 - folio =3D kho_restore_folio(pfolio->pfn); + phys =3D PFN_PHYS(pfolio->pfn); + folio =3D kho_restore_folio(phys); if (folio) folio_put(folio); } --=20 2.25.1