From: Josh Law <objecting@objecting.org>
To: SeongJae Park <sj@kernel.org>, Andrew Morton <akpm@linux-foundation.org>
Cc: damon@lists.linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Josh Law <objecting@objecting.org>
Subject: [PATCH] mm/damon/core: validate goal nid before accessing node data
Date: Wed, 25 Mar 2026 07:30:34 +0000 [thread overview]
Message-ID: <20260325073034.140353-1-objecting@objecting.org> (raw)
damos_get_node_mem_bp() and damos_get_node_memcg_used_bp() pass
goal->nid directly to si_meminfo_node() and NODE_DATA() without
checking that it refers to a valid, online NUMA node. Since
goal->nid is set from userspace via sysfs with no validation, a
negative or out-of-range value causes an out-of-bounds access in
NODE_DATA(), and a valid but offline node gives undefined results.
Add bounds and node_online() checks before using the nid.
Fixes: 0e1c773b501f ("mm/damon/core: introduce damos quota goal metrics for memory node utilization")
Signed-off-by: Josh Law <objecting@objecting.org>
---
mm/damon/core.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/damon/core.c b/mm/damon/core.c
index 59b709f04975..6ee421141996 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -2227,6 +2227,10 @@ static __kernel_ulong_t damos_get_node_mem_bp(
struct sysinfo i;
__kernel_ulong_t numerator;
+ if (goal->nid < 0 || goal->nid >= MAX_NUMNODES ||
+ !node_online(goal->nid))
+ return 0;
+
si_meminfo_node(&i, goal->nid);
if (goal->metric == DAMOS_QUOTA_NODE_MEM_USED_BP)
numerator = i.totalram - i.freeram;
@@ -2243,6 +2247,10 @@ static unsigned long damos_get_node_memcg_used_bp(
unsigned long used_pages, numerator;
struct sysinfo i;
+ if (goal->nid < 0 || goal->nid >= MAX_NUMNODES ||
+ !node_online(goal->nid))
+ return 0;
+
memcg = mem_cgroup_get_from_id(goal->memcg_id);
if (!memcg) {
if (goal->metric == DAMOS_QUOTA_NODE_MEMCG_USED_BP)
--
2.34.1
next reply other threads:[~2026-03-25 7:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 7:30 Josh Law [this message]
2026-03-25 14:37 ` [PATCH] mm/damon/core: validate goal nid before accessing node data SeongJae Park
2026-03-25 14:37 ` (sashiko review) " SeongJae Park
2026-03-25 15:04 ` SeongJae Park
2026-03-25 15:44 ` Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260325073034.140353-1-objecting@objecting.org \
--to=objecting@objecting.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.