Re: [PATCH] mm/damon: introduce DAMON-based NUMA memory tiering module

[Krzysztof Kozlowski]

On 26/03/2026 11:34, Lorenzo Stoakes (Oracle) wrote:

Trimming context, I agree with everything said by Lorenzo, very detailed
analysis.

> ~~~
> ● Looking at the headers specifically:
> 
>   Infrastructure:
> 
>   - Mail provider: Zoho EU (zohomail.eu) — a privacy-oriented
>     EU-jurisdiction mail provider. Easy to set up anonymously.
> 
>   - Domain: objecting.org — custom domain, no organizational affiliation,
>     no accountability chain. Anyone can register this and point MX to Zoho.
> 
>   - Authentication: DKIM, SPF, DMARC all pass — but this only proves the
>     email came from objecting.org's Zoho setup, not who's behind it.
> 
>   - X-Mailer: git-send-email 2.34.1 — Ubuntu 22.04 LTS default. One reply
>     had @ubuntu in the Message-ID, confirming the platform.
> 
>   What the headers DON'T provide:
>   - No corporate or institutional email that ties to a verifiable identity
>   - No PGP/GPG signature
>   - No Signed-off-by chain from a known developer vouching for this person
> 
>   Supply chain attack assessment:
> 
>   This matches the threat model of automated supply chain compromise:
> 
>   1. Patches already landed in stable — the bootconfig fixes made it into
>   6.19.10. The pipeline is working. Whatever is in those patches is now in
>   production kernels.
> 
>   2. Trust-building pattern — the mix of real bug fixes (fd leaks,
>   unchecked returns, type issues) alongside feature additions (DAMON
>   tiering module, glob features, debugfs interface) is textbook. The small
>   fixes build reviewer trust and merge history; the features add attack
>   surface.
> 
>   3. Volume as a weapon — 328 emails in 11 days overwhelms maintainer
>   review capacity. Maintainers like SeongJae Park (DAMON) and Masami
>   Hiramatsu (bootconfig) are now spending review cycles on AI-generated
>   submissions. Even if every patch is rejected, the reviewer's attention is
>   being consumed.
> 
>   4. The DAMON NUMA tiering module is the most concerning submission — 409
>   lines of new kernel code that runs with kernel privileges, monitors
>   physical memory access patterns, and migrates pages between NUMA
>   nodes. If accepted, it's a significant new attack surface delivered as a
>   single commit from an unverifiable identity.
> 
>   5. The feature additions are the real risk — bug fixes are relatively
>   easy to review (small, focused, verifiable). But glob_validate(),
>   glob_match_nocase(), the debugfs
> 
>   BUG/WARN site lister, and the DAMON tiering module all add new code paths
>   that are much harder to exhaustively verify.
> 
>   Bottom line: Whether the intent is malicious or not, the pattern —
>   anonymous identity, AI-generated code, industrial volume, patches already
>   in stable, mixing trust-building fixes with attack-surface-expanding
>   features — is exactly what an automated supply chain attack on the kernel
>   looks like. The 2021 University of Minnesota "Hypocrite Commits" incident
>   was a manual version of this; this appears to be the automated version at
>   scale.
> 
> ~~~
> 
> I'm hoping this is some naive attempt to try to 'contribute' to the kernel
> rather than something more nefarious, but the seemingly sophisticated
> tooling used makes me wonder otherwise.
> 
> In any case I'm deeply concerned by this.


This patch also targets NUMA which is quite unpopular setup for
hobbyist. I don't have any NUMA around me for years... Even my build
machines are not NUMA. How did you get one as a hobbyist?

Also after looking at the code style in this patch, after "reviews" [1]
and "acks" [2] (quotes on purpose) this account gave on various patches,
let's look what was admitted 3 weeks ago:

https://lore.kernel.org/all/f8772114-a495-409b-a590-a9b1d8ed1d41@xxxxxxxxx/

> I'm learning this Linux system day by day

So learning or adding serious code for MM for NUMA machines?

> I own this device ...

This is about Xilinx AXIS FIFO which is an FPGA IP core. No way you have
it. It's not popular, no easy way to get it in common embedded boards.

Even assuming if you have embedded FPGA device and work on it, the jump
from embedded to NUMA is just stunning.

Answering to reviewers with whatever confirmation they look for is also
a warning sign of non-trustworthy behavior. Or rather behavior trying to
get trust.

[1]
https://lore.kernel.org/all/D47F8215-FD08-45ED-AB01-0A5C48CD41DD@xxxxxxxxxxxxx/

[2]
https://lore.kernel.org/all/2F84DD09-2880-45E0-AA98-204F10848F85@xxxxxxxxxxxxx/

Best regards,
Krzysztof