From: sashiko-bot@kernel.org
To: "Puranjay Mohan" <puranjay@kernel.org>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf] bpf: Validate node_id in arena_alloc_pages()
Date: Fri, 17 Apr 2026 16:55:14 +0000 [thread overview]
Message-ID: <20260417165515.63952C19425@smtp.kernel.org> (raw)
In-Reply-To: <20260417152135.1383754-1-puranjay@kernel.org>
Sashiko AI review found 2 potential issue(s):
- [High] This problem wasn't introduced by this patch, but apply_to_page_range() is called within an atomic critical section with IRQs disabled.
- [Medium] Validation of user-provided NUMA node ID uses node_online() instead of node_state(..., N_MEMORY).
--
commit 312a17d46d0e6285c5b29bc93a445829df8c62c7
Author: Puranjay Mohan <puranjay@kernel.org>
bpf: Validate node_id in arena_alloc_pages()
This commit validates the node_id parameter before passing it down the
allocation chain in arena_alloc_pages().
> diff --git a/kernel/bpf/arena.c b/kernel/bpf/arena.c
> index 9c68c9b0b24ad..523c3a61063bf 100644
> --- a/kernel/bpf/arena.c
> +++ b/kernel/bpf/arena.c
> @@ -562,6 +562,10 @@ static long arena_alloc_pages(struct bpf_arena *arena, long uaddr, long page_cnt
> u32 uaddr32;
> int ret, i;
>
> + if (node_id != NUMA_NO_NODE &&
> + ((unsigned int)node_id >= nr_node_ids || !node_online(node_id)))
> + return 0;
> +
Should this check use node_state(node_id, N_MEMORY) instead of
node_online(node_id)?
A node can be online but memory-less, such as CPU-only nodes. Passing a
memory-less node down the allocation chain could ignore the user's
placement intent and cause unexpected allocator fallback.
This issue isn't introduced by this patch, but looking at the surrounding
code in arena_alloc_pages(), is it safe to call apply_to_page_range()
while holding a raw spinlock?
arena_alloc_pages()
if (raw_res_spin_lock_irqsave(&arena->spinlock, flags))
goto out_free_pages;
...
while (remaining) {
...
ret = apply_to_page_range(...);
Since apply_to_page_range() can sleep when allocating page table entries,
could this cause a sleeping function called from invalid context panic since
the spinlock disables interrupts?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260417152135.1383754-1-puranjay@kernel.org?part=1
next prev parent reply other threads:[~2026-04-17 16:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 15:21 [PATCH bpf] bpf: Validate node_id in arena_alloc_pages() Puranjay Mohan
2026-04-17 15:37 ` Emil Tsalapatis
2026-04-17 16:55 ` sashiko-bot [this message]
2026-04-17 17:13 ` Puranjay Mohan
2026-04-17 17:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260417165515.63952C19425@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=puranjay@kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox