Commit 2845989f2eba for kernel

commit 2845989f2ebaf7848e4eccf9a779daf3156ea0a5
Author: Puranjay Mohan <puranjay@kernel.org>
Date:   Fri Apr 17 08:21:33 2026 -0700

    bpf: Validate node_id in arena_alloc_pages()

    arena_alloc_pages() accepts a plain int node_id and forwards it through
    the entire allocation chain without any bounds checking.

    Validate node_id before passing it down the allocation chain in
    arena_alloc_pages().

    Fixes: 317460317a02 ("bpf: Introduce bpf_arena.")
    Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
    Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
    Link: https://lore.kernel.org/r/20260417152135.1383754-1-puranjay@kernel.org
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/arena.c b/kernel/bpf/arena.c
index 9c68c9b0b24a..523c3a61063b 100644
--- a/kernel/bpf/arena.c
+++ b/kernel/bpf/arena.c
@@ -562,6 +562,10 @@ static long arena_alloc_pages(struct bpf_arena *arena, long uaddr, long page_cnt
 	u32 uaddr32;
 	int ret, i;

+	if (node_id != NUMA_NO_NODE &&
+	    ((unsigned int)node_id >= nr_node_ids || !node_online(node_id)))
+		return 0;
+
 	if (page_cnt > page_cnt_max)
 		return 0;