[RFC PATCH 0/2] mm/damon/core: validate damos_quota_goal->nid

Next message: SeongJae Park: "[RFC PATCH 1/2] mm/damon/core: validate damos_quota_goal-&gt;nid for node_mem_{used,free}_bp"
Previous message: SeongJae Park: "Re: (sashiko review) [PATCH 1/2] mm/damon/core: fix damon_call() vs kdamond_fn() exit race"
Next in thread: SeongJae Park: "[RFC PATCH 1/2] mm/damon/core: validate damos_quota_goal-&gt;nid for node_mem_{used,free}_bp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: SeongJae Park

Date: Fri Mar 27 2026 - 20:54:34 EST

node_mem[cg]_{used,free}_bp DAMOS quota goals receive the node id. The
node id is used for si_meminfo_node() and NODE_DATA() without proper
validation. As a result, privileged users can trigger an out of bounds
memory access using DAMON_SYSFS. Fix the issues.

The issue was originally reported [1] with a fix by another author. The
original author announced [2] that they will stop working including the
fix that was still in the review stage. Hence I'm restarting this.

[1] https://lore.kernel.org/20260325073034.140353-1-objecting@xxxxxxxxxxxxx
[2] https://lore.kernel.org/20260327040924.68553-1-sj@xxxxxxxxxx

SeongJae Park (2):
mm/damon/core: validate damos_quota_goal->nid for
node_mem_{used,free}_bp
mm/damon/core: validate damos_quota_goal->nid for
node_memcg_{used,free}_bp

mm/damon/core.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

base-commit: 7da5718476562bc8136c08216a1621aac09bcb51
--
2.47.3