From nobody Sun Feb 8 04:12:46 2026 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71F7633E350 for ; Fri, 16 Jan 2026 03:24:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768533842; cv=none; b=OB2WlutdEgr46lEfRnmbApgk5d9cKphutl9B+n2z6D7qUxL3Rv6hQuKNKrIr25g+d5q1UqFRdkOzznHqpIKo1cfbyVVTGNIdPRquppBjmVk/xQeMj5Vs97wcrJDsukW5hMHP/nPySPOtFQ60DFaWf2FY8SoSZcugVQuF1vNGkY8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768533842; c=relaxed/simple; bh=ggVcZiBfePN5lPnYwbv44U7xZUfysUYCfsfZ1qWVE3Q=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=K/ziWuiO/C+TghdduvC/MWCrzSuD5Sv9YmC8cHdrX5YAGCGw1OUDL3hAOSw6TMrCZUPayrqQWHkNi54u2QIZHjj8AGMPWIoEB0Ehi0IAjxYlI5NeATwwV2ZVkOnsp9H92/+cMHGengb1nqwH0oVv1uyf1fet9FibUF0pDVhcP0k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Y95x8iUT; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y95x8iUT" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-34f63ad6f51so642755a91.0 for ; Thu, 15 Jan 2026 19:24:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768533841; x=1769138641; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=vD3ryl3jLz2XZKbnHtPpKrl5QDzzvNDdsDrTf7gVq6E=; b=Y95x8iUThtWjvdVOHwfZv/V86OgXVNLGSma3wqCC5JlO5hlVZPXO2Gpu51oNEeg7Iu UIQNXXEqwMCdfBlSKuqvNdVAUTG8IPYDmpSvEcg/Urbz4ziJz3wSaQ/dmPfpVzrUGfoh PkK54XWTWeo8nHrtcMv/OChd7EwypQq0hZq8uPjX6LJVgnEzhUOclSXuIup+ZaCe7pD4 F+27bc0pd7+v7UOLv9/jFN2XjApUxKkjPonwJFoML8YtLPinkZn2vuV6cWqia/LC9RN4 LxGM2iGirTBzotAOberlZIGqxOq8VzDL4aXaOmWdE/ZfTcPq4JH7OzUXnGB84acXeCZu lJSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768533841; x=1769138641; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=vD3ryl3jLz2XZKbnHtPpKrl5QDzzvNDdsDrTf7gVq6E=; b=vfksds/Bi7nucsMHdJZXUJL5LOULJt7wUwA4nj1PhHVErnCe/R77gwfJwmMr3/6dDP 2uYtwfIGO3ddgzdn8Qw08aZBpwkApIX/Zt6tMukt/R3biWbBX3bF4xhp2m9Ofap0FfO7 xLcfTSAxKm+atdVPAWhZxtmcNGrisxFMsb8Uc7aHerUaJk3dN+54pCEw4HFLzCytZ5xW /XE9yOiffZM8ZAc8t6TKnKTI/mfZ5D8pRD987jAkZbRAnsZLJao/dGWIjkjD/Mmi1M9m B6i4zVQFXatjHyoGuNTYjDJdVkDak/xAnfwVV1wuORv0reU9UyZ5uWfUy98r5kqB/oSq K/oQ== X-Forwarded-Encrypted: i=1; AJvYcCVmrFNZ8ecevLZ2NvlRTXUVUz1pOF8EYeaCHdivq3Y39rmXhQ1Aj4EindE0+B5NPw8Exi2cIPZsKmL333U=@vger.kernel.org X-Gm-Message-State: AOJu0YzBI0cr5jIkLFP959iNzY62IgLFVCdVRxv4/8D60FJatsjdDua9 AL+AyeBjhqCYgHkVzSdfMOHb0yXImxGYTrNIVUZbIAyN6rZ2MrXcQukk X-Gm-Gg: AY/fxX4AEGXaKPUietXmsf58BTQZl10MP7fLmvW57L8XU7MXi5/DG/9kucE2a+uXfqk 4GwnEvEqyxOij9QfUxirugk4Y/H8sKmCqH7QhspLz9J1jxSjtnALbv9gXBLUeOKdEi3SeVHf+JT v+J/vWekuud5ejSv5v56HR/TMFQSs3df03MeFH143cD37wexeIB9Z96QWS49mzN1NEU3Esyb5aV HdGH3FuJL/k2Mbz9JxZNumlV8iD69TIBnNHZ6JqqzYzZv3i9d4hRM4PLgw+cAgz6vHFCZ2nKkps RF1mgk/5QpGQedHL8CHEsMoWeF3GuPVw0Wzx2Hydr+H+EfmSqRfwlC6ZmE1b/OHQW8L1SwGI36/ JhTJ6IFmjiZbV/ASKdBtuzHzZzPRrcY8NBJzGVToIDqkPCT8fb1FTB629L0/003PR8V74WnIUL1 u/h1A6 X-Received: by 2002:a17:90b:388e:b0:341:315:f4ed with SMTP id 98e67ed59e1d1-35272ee289amr1257146a91.10.1768533840785; Thu, 15 Jan 2026 19:24:00 -0800 (PST) Received: from debian ([103.102.6.13]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-35273470a6fsm269615a91.3.2026.01.15.19.23.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jan 2026 19:24:00 -0800 (PST) From: Mouse Zhang To: dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, hpa@zytor.com Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Mouse Zhang Subject: [PATCH] x86/numa: Initialize __apicid_to_node in dummy_numa_init() to prevent OOB Date: Fri, 16 Jan 2026 11:23:21 +0800 Message-ID: <20260116032321.9841-1-mousezhang7@gmail.com> X-Mailer: git-send-email 2.51.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When NUMA is disabled (numa=3Doff) or the BIOS does not provide an SRAT table, the kernel falls back to dummy_numa_init(). This function fakes a single node (Node 0) and maps all memory to it, but it leaves the __apicid_to_node[] mapping table uninitialized (filled with NUMA_NO_NODE). This leads to a potential out-of-bounds access in srat_detect_node() and other topology-related code. Specifically, when numa_cpu_node() returns NUMA_NO_NODE, some code paths attempt to use cpu_llc_id as a fallback for the node ID. On modern systems with large APIC IDs, the cpu_llc_id (derived from APIC ID) can exceed MAX_NUMNODES. Using this invalid ID in functions like node_online(node) causes memory corruption or kernel panic. Fix this by explicitly mapping all unassigned APIC IDs to Node 0 in dummy_numa_init(). This ensures that numa_cpu_node() consistently returns Node 0 in non-NUMA environments, avoiding dangerous fallbacks and keeping the mapping consistent with the fake Node 0. Signed-off-by: Mouse Zhang --- arch/x86/mm/numa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c index 7a97327140df..673815d95974 100644 --- a/arch/x86/mm/numa.c +++ b/arch/x86/mm/numa.c @@ -212,6 +212,13 @@ static int __init dummy_numa_init(void) node_set(0, numa_nodes_parsed); numa_add_memblk(0, 0, PFN_PHYS(max_pfn)); =20 + /* Map all unassociated APIC IDs to the fake node 0 */ + unsigned int apicid; + for (apicid =3D 0; apicid < MAX_LOCAL_APIC; apicid++) { + if (__apicid_to_node[apicid] =3D=3D NUMA_NO_NODE) + __apicid_to_node[apicid] =3D 0; + } + return 0; } =20 --=20 2.51.0