[Linaro-mm-sig] Re: [PATCH] dma-buf: use SB_I_NOEXEC and SB_I_NODEV

8 Oct 2025


      On Tue, Oct 07, 2025 at 11:10:32PM -0700, Kees Cook wrote:
...
The dma-buf pseudo-filesystem should never have executable mappings nor
device nodes. Set SB_I_NOEXEC and SB_I_NODEV on the superblock to enforce
this at the filesystem level, similar to secretmem, commit 98f99394a104
("secretmem: use SB_I_NOEXEC").
Fix the syzbot-reported warning from the exec code to enforce this
requirement:
Can you please just enforce this in init_pseudo?  If a file system
really wants to support devices or executable it can clear them,
but a quick grep suggests that none of them should.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[Linaro-mm-sig] Re: [PATCH] dma-buf: use SB_I_NOEXEC and SB_I_NODEV