From: SeongJae Park <sj@kernel.org>
To: Josh Law <objecting@objecting.org>
Cc: SeongJae Park <sj@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
damon@lists.linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: (sashiko review) [PATCH] mm/damon/core: validate goal nid before accessing node data
Date: Wed, 25 Mar 2026 07:37:39 -0700 [thread overview]
Message-ID: <20260325143740.87690-1-sj@kernel.org> (raw)
In-Reply-To: <20260325073034.140353-1-objecting@objecting.org>
Forwarding Sashiko review for doing discussions via mails.
# review url: https://sashiko.dev/#/patchset/20260325073034.140353-1-objecting@objecting.org
# start of sashiko.dev inline review
commit 7e17cbe1dc95a0cd1a1410be38ab6964f78fb15c
Author: Josh Law <objecting@objecting.org>
mm/damon/core: validate goal nid before accessing node data
This commit adds bounds checking and node_online() validation for the
goal->nid in the DAMON quota metrics. It prevents out-of-bounds accesses
to NODE_DATA() when an invalid or offline NUMA node is provided by userspace.
> diff --git a/mm/damon/core.c b/mm/damon/core.c
> index db6c67e52d2b..81ce27baa1a1 100644
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
> @@ -2245,6 +2245,10 @@ static __kernel_ulong_t damos_get_node_mem_bp(
> struct sysinfo i;
> __kernel_ulong_t numerator;
>
> + if (goal->nid < 0 || goal->nid >= MAX_NUMNODES ||
> + !node_online(goal->nid))
> + return 0;
> +
> si_meminfo_node(&i, goal->nid);
> if (goal->metric == DAMOS_QUOTA_NODE_MEM_USED_BP)
> numerator = i.totalram - i.freeram;
> else /* DAMOS_QUOTA_NODE_MEM_FREE_BP */
> numerator = i.freeram;
> return mult_frac(numerator, 10000, i.totalram);
Could this cause a division by zero if the node is online but memoryless?
For CPU-only compute nodes or nodes where all memory has been hot-removed,
node_online(goal->nid) will evaluate to true. When si_meminfo_node() is
called for these memoryless nodes, it populates the sysinfo struct with
i.totalram = 0.
The mult_frac() macro unconditionally performs integer division and modulo
by the third argument, which could trigger a kernel panic when dividing by
zero.
Would it be safer to check if i.totalram is zero before returning, or use
node_state(goal->nid, N_MEMORY) instead of node_online()?
[ ... ]
> @@ -2261,6 +2265,10 @@ static unsigned long damos_get_node_memcg_used_bp(
> unsigned long used_pages, numerator;
> struct sysinfo i;
>
> + if (goal->nid < 0 || goal->nid >= MAX_NUMNODES ||
> + !node_online(goal->nid))
> + return 0;
> +
> memcg = mem_cgroup_get_from_id(goal->memcg_id);
The same division by zero risk exists here when mult_frac() is called at the
end of this function.
# end of sashiko.dev inline review
# review url: https://sashiko.dev/#/patchset/20260325073034.140353-1-objecting@objecting.org
#
# hkml [1] generated a draft of this mail. It can be regenerated
# using below command:
#
# hkml patch sashiko_dev --for_forwarding \
# 20260325073034.140353-1-objecting@objecting.org
#
# [1] https://github.com/sjp38/hackermail
Sent using hkml (https://github.com/sjp38/hackermail)
next prev parent reply other threads:[~2026-03-25 14:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 7:30 [PATCH] mm/damon/core: validate goal nid before accessing node data Josh Law
2026-03-25 14:37 ` SeongJae Park
2026-03-25 14:37 ` SeongJae Park [this message]
2026-03-25 15:04 ` (sashiko review) " SeongJae Park
2026-03-25 15:44 ` Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260325143740.87690-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=objecting@objecting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.