From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: libfs: set SB_I_NOEXEC and SB_I_NODEV by default in init_pseudo() Date: Fri, 05 Jun 2026 06:45:30 +1000 Message-ID: In-Reply-To: <20260604025315.245910-2-jhubbard@nvidia.com> References: <20260604025315.245910-1-jhubbard@nvidia.com> <20260604025315.245910-2-jhubbard@nvidia.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Status: Looks good.** The change is a single line addition in `fs/libfs.c:739`: ```c fc->s_iflags |=3D SB_I_NOEXEC | SB_I_NODEV; ``` placed right after the existing `fc->sb_flags |=3D SB_NOUSER;`. This is the= natural location =E2=80=94 these flags are logically coupled with `SB_NOUS= ER` since pseudo-filesystems are never path-reachable. **Correctness analysis:** - **`SB_I_NODEV`** is inert on `SB_NOUSER` mounts since device nodes on unr= eachable mounts can never be opened via path. Adding it to callers that lac= ked it (aio, dma-buf, socket, pipe, resource, erofs, btrfs-tests, vfio, drm= , dax, bdev) is harmless. - **`SB_I_NOEXEC`** has one observable effect: `mmap()` with `PROT_EXEC` on= a pseudo-fs fd will now return `-EPERM` for callers that didn't previously= set this flag. The commit message correctly states no in-tree caller maps = these fds executable, which is reasonable =E2=80=94 there's no use case for= executable mappings of sockets, pipes, dma-bufs, DRM fds, etc. - The `|=3D` operator preserves any flags already set by callers before `in= it_pseudo()`, and callers that set the same flags after `init_pseudo()` are= simply redundant (cleaned up in patch 2). - The `Fixes:` tag, `Cc: stable`, and reproducer instructions are all appro= priate. **One minor note:** The commit message says "No in-tree caller maps these e= xecutable." A stronger statement might reference that `PROT_EXEC` on a dma-= buf would be nonsensical since the backing pages are GPU memory / DMA coher= ent allocations. But this is a commit message style preference, not a corre= ctness issue. --- Generated by Claude Code Patch Reviewer