Re: [PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup

Next message: popov . nkv: "[PATCH 15901/15901] drm/vmwgfx: fix NULL pointer dereference in vmw_validation_bo_fence()"
Previous message: Leon Romanovsky: "Re: [syzbot] [rdma?] WARNING in ib_dealloc_device"
In reply to: DaeMyung Kang: "[PATCH] mm: memfd_luo: fix PFN conversion in retrieve cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pratyush Yadav

Date: Tue Apr 14 2026 - 06:56:17 EST

Hi DaeMyung,

On Tue, Apr 14 2026, DaeMyung Kang wrote:

> memfd_luo_retrieve_folios()'s error-path cleanup loop passes the raw
> PFN to kho_restore_folio(), but the function expects a physical
> address. The two other call sites in the same file (the discard path
> and the main retrieve loop) correctly convert with PFN_PHYS() before
> calling. Without the conversion the cleanup operates on the wrong
> address and fails to release the folios that were preserved but not
> yet inserted into the address space, leaking them across the live
> update.
>
> Apply PFN_PHYS() to match the other call sites.
>
> Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd")
> Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>

Thanks, but this bug is also already fixed, by this patch [0].

[0] https://lore.kernel.org/linux-mm/20260326084727.118437-6-duanchenghao@xxxxxxxxxx/

[...]

--
Regards,
Pratyush Yadav