lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20260201170953.19800-1-xiyou.wangcong@gmail.com>
Date: Sun,  1 Feb 2026 09:09:52 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: linux-kernel@...r.kernel.org
Cc: linux-fsdevel@...r.kernel.org,
	linux-media@...r.kernel.org,
	dri-devel@...ts.freedesktop.org,
	Cong Wang <cwang@...tikernel.io>,
	Sumit Semwal <sumit.semwal@...aro.org>,
	Christian König <christian.koenig@....com>
Subject: [PATCH] dma-buf: add SB_I_NOEXEC flag to dmabuf pseudo-filesystem

From: Cong Wang <cwang@...tikernel.io>

The dmabuf filesystem uses alloc_anon_inode() to create anonymous inodes
but does not set the SB_I_NOEXEC flag on its superblock. This triggers a
VFS warning in path_noexec() when userspace mmaps a dma-buf:

  WARNING: CPU: 6 PID: 5660 at fs/exec.c:118 path_noexec+0x47/0x50

The warning exists to catch anonymous inode filesystems that forget to
set SB_I_NOEXEC, as anonymous files should not be executable. All other
pseudo-filesystems that use alloc_anon_inode() properly set this flag:

  - fs/anon_inodes.c: sets SB_I_NOEXEC
  - fs/aio.c: sets SB_I_NOEXEC
  - mm/secretmem.c: sets SB_I_NOEXEC

Add the missing SB_I_NOEXEC flag to dma_buf_fs_init_context() to fix the
warning and maintain consistency with other anonymous inode filesystems.

This was triggered when testing DAXFS (https://github.com/multikernel/daxfs)
and was 100% reproducible with CONFIG_DEBUG_VFS=y.

Cc: Sumit Semwal <sumit.semwal@...aro.org>
Cc: "Christian König" <christian.koenig@....com>
Signed-off-by: Cong Wang <cwang@...tikernel.io>
---
 drivers/dma-buf/dma-buf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
index edaa9e4ee4ae..e2e1f77aca80 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -192,6 +192,7 @@ static int dma_buf_fs_init_context(struct fs_context *fc)
 	ctx = init_pseudo(fc, DMA_BUF_MAGIC);
 	if (!ctx)
 		return -ENOMEM;
+	fc->s_iflags |= SB_I_NOEXEC;
 	ctx->dops = &dma_buf_dentry_ops;
 	return 0;
 }
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ