* [PATCH v2] dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem
@ 2026-05-23 1:11 John Hubbard
2026-05-25 8:08 ` Claude review: " Claude Code Review Bot
2026-05-25 8:08 ` Claude Code Review Bot
0 siblings, 2 replies; 3+ messages in thread
From: John Hubbard @ 2026-05-23 1:11 UTC (permalink / raw)
To: Sumit Semwal, Christian König
Cc: Christian Brauner, Jens Axboe, linux-media, dri-devel,
linaro-mm-sig, LKML, John Hubbard, stable
The dma-buf pseudo filesystem dispenses S_ANON_INODE inodes via
alloc_anon_inode() but never sets SB_I_NOEXEC on its superblock.
Since commit 1e7ab6f67824 ("anon_inode: rework assertions") in 6.17,
path_noexec() warns on exactly that combination, so an mmap() on any
dma-buf fd trips the warning:
WARNING: CPU: 11 PID: 121813 at fs/exec.c:118 path_noexec+0x47/0x50
do_mmap+0x2b5/0x680
vm_mmap_pgoff+0x129/0x210
ksys_mmap_pgoff+0x177/0x240
__x64_sys_mmap+0x33/0x70
dma-bufs have no business being executable, which is the invariant
that the new assertion is enforcing. Set SB_I_NOEXEC. Also set
SB_I_NODEV, since the pseudo filesystem creates no device nodes.
Reproducer on a CONFIG_DEBUG_VFS=y kernel:
make -C tools/testing/selftests/dmabuf-heaps
sudo ./tools/testing/selftests/dmabuf-heaps/dmabuf-heap -t system
The selftest allocates from /dev/dma_heap/system and mmaps the
returned fd, which trips the warning without this patch.
Fixes: 1e7ab6f67824 ("anon_inode: rework assertions")
Cc: stable@vger.kernel.org
Reviewed-by: Christian Brauner (Amutable) <brauner@kernel.org>
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
---
Changes since v1:
* Also set SB_I_NODEV (suggested by Christian Brauner).
* Added Christian Brauner's Reviewed-by tag (thanks!)
drivers/dma-buf/dma-buf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
index 71f37544a5c6..ea1ddd4293b2 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -216,6 +216,8 @@ static int dma_buf_fs_init_context(struct fs_context *fc)
if (!ctx)
return -ENOMEM;
ctx->dops = &dma_buf_dentry_ops;
+ fc->s_iflags |= SB_I_NOEXEC;
+ fc->s_iflags |= SB_I_NODEV;
return 0;
}
base-commit: 6779b50faa562e6cca1aa6a4649a4d764c6c7e28
--
2.54.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Claude review: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem
2026-05-23 1:11 [PATCH v2] dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem John Hubbard
@ 2026-05-25 8:08 ` Claude Code Review Bot
2026-05-25 8:08 ` Claude Code Review Bot
1 sibling, 0 replies; 3+ messages in thread
From: Claude Code Review Bot @ 2026-05-25 8:08 UTC (permalink / raw)
To: dri-devel-reviews
Overall Series Review
Subject: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem
Author: John Hubbard <jhubbard@nvidia.com>
Patches: 1
Reviewed: 2026-05-25T18:08:03.836365
---
This is a single, well-motivated bugfix patch. The dma-buf pseudo filesystem uses `alloc_anon_inode()` to create `S_ANON_INODE` inodes, but never declared `SB_I_NOEXEC` on its superblock. Since commit `1e7ab6f67824` added a `VFS_WARN_ON_ONCE` assertion in `path_noexec()` (fs/exec.c:118-119) that fires when an anonymous inode's superblock lacks `SB_I_NOEXEC`, any `mmap()` on a dma-buf fd now triggers a warning on `CONFIG_DEBUG_VFS=y` kernels.
The fix is correct, minimal, and follows established precedent. The `Cc: stable` tag is appropriate since this is a regression fix for a warning introduced in 6.17.
**Verdict: Looks good to merge.**
---
Generated by Claude Code Patch Reviewer
^ permalink raw reply [flat|nested] 3+ messages in thread
* Claude review: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem
2026-05-23 1:11 [PATCH v2] dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem John Hubbard
2026-05-25 8:08 ` Claude review: " Claude Code Review Bot
@ 2026-05-25 8:08 ` Claude Code Review Bot
1 sibling, 0 replies; 3+ messages in thread
From: Claude Code Review Bot @ 2026-05-25 8:08 UTC (permalink / raw)
To: dri-devel-reviews
Patch Review
**Correctness: Good.** The fix adds `SB_I_NOEXEC` and `SB_I_NODEV` to the superblock's internal flags in `dma_buf_fs_init_context()`. This directly addresses the `VFS_WARN_ON_ONCE` in `path_noexec()` at `fs/exec.c:118-119`:
```c
VFS_WARN_ON_ONCE(IS_ANON_FILE(d_inode(path->dentry)) &&
!(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC));
```
**Placement is correct.** The flags are set on `fc->s_iflags` after the `init_pseudo()` call, which is the same pattern used by `kvm/guest_memfd.c:976-977`:
```c
fc->s_iflags |= SB_I_NOEXEC;
fc->s_iflags |= SB_I_NODEV;
```
**Semantics are correct.** dma-bufs should never be executable (they're GPU memory buffers), and the pseudo filesystem creates no device nodes, so both flags are appropriate.
**Minor style nit (non-blocking):** Some callers (e.g., `ipc/mqueue.c:408`) combine both flags in a single statement: `sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;`. Using two separate lines is also fine and arguably more readable — the KVM code follows the same two-line pattern, so this is consistent. No change needed.
**Fixes tag and Cc stable are appropriate.** This is a regression introduced by `1e7ab6f67824` in 6.17, and the fix is trivially backportable.
**Reviewed-by from Christian Brauner** (the VFS maintainer who authored the assertion) is already present, which provides strong confidence in the approach.
No issues found. This patch is ready to merge.
---
Generated by Claude Code Patch Reviewer
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-25 8:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-23 1:11 [PATCH v2] dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem John Hubbard
2026-05-25 8:08 ` Claude review: " Claude Code Review Bot
2026-05-25 8:08 ` Claude Code Review Bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox