From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem Date: Mon, 25 May 2026 18:08:04 +1000 Message-ID: In-Reply-To: <20260523011117.121390-1-jhubbard@nvidia.com> References: <20260523011117.121390-1-jhubbard@nvidia.com> <20260523011117.121390-1-jhubbard@nvidia.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Correctness: Good.** The fix adds `SB_I_NOEXEC` and `SB_I_NODEV` to the s= uperblock's internal flags in `dma_buf_fs_init_context()`. This directly ad= dresses the `VFS_WARN_ON_ONCE` in `path_noexec()` at `fs/exec.c:118-119`: ```c VFS_WARN_ON_ONCE(IS_ANON_FILE(d_inode(path->dentry)) && !(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC)); ``` **Placement is correct.** The flags are set on `fc->s_iflags` after the `in= it_pseudo()` call, which is the same pattern used by `kvm/guest_memfd.c:976= -977`: ```c fc->s_iflags |=3D SB_I_NOEXEC; fc->s_iflags |=3D SB_I_NODEV; ``` **Semantics are correct.** dma-bufs should never be executable (they're GPU= memory buffers), and the pseudo filesystem creates no device nodes, so bot= h flags are appropriate. **Minor style nit (non-blocking):** Some callers (e.g., `ipc/mqueue.c:408`)= combine both flags in a single statement: `sb->s_iflags |=3D SB_I_NOEXEC |= SB_I_NODEV;`. Using two separate lines is also fine and arguably more read= able =E2=80=94 the KVM code follows the same two-line pattern, so this is c= onsistent. No change needed. **Fixes tag and Cc stable are appropriate.** This is a regression introduce= d by `1e7ab6f67824` in 6.17, and the fix is trivially backportable. **Reviewed-by from Christian Brauner** (the VFS maintainer who authored the= assertion) is already present, which provides strong confidence in the app= roach. No issues found. This patch is ready to merge. --- Generated by Claude Code Patch Reviewer