The dma-buf pseudo filesystem dispenses S_ANON_INODE inodes via alloc_anon_inode() but never sets SB_I_NOEXEC on its superblock. Since commit 1e7ab6f67824 ("anon_inode: rework assertions") in 6.17, path_noexec() warns on exactly that combination, so an mmap() on any dma-buf fd trips the warning:

WARNING: CPU: 11 PID: 121813 at fs/exec.c:118 path_noexec+0x47/0x50 do_mmap+0x2b5/0x680 vm_mmap_pgoff+0x129/0x210 ksys_mmap_pgoff+0x177/0x240 __x64_sys_mmap+0x33/0x70

dma-bufs have no business being executable, which is the invariant that the new assertion is enforcing. Set SB_I_NOEXEC. Also set SB_I_NODEV, since the pseudo filesystem creates no device nodes.

Reproducer on a CONFIG_DEBUG_VFS=y kernel:

make -C tools/testing/selftests/dmabuf-heaps sudo ./tools/testing/selftests/dmabuf-heaps/dmabuf-heap -t system

The selftest allocates from /dev/dma_heap/system and mmaps the returned fd, which trips the warning without this patch.

Fixes: 1e7ab6f67824 ("anon_inode: rework assertions") Cc: stable@vger.kernel.org Reviewed-by: Christian Brauner (Amutable) brauner@kernel.org Signed-off-by: John Hubbard jhubbard@nvidia.com ---

Changes since v1:

* Also set SB_I_NODEV (suggested by Christian Brauner). * Added Christian Brauner's Reviewed-by tag (thanks!)

drivers/dma-buf/dma-buf.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 71f37544a5c6..ea1ddd4293b2 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -216,6 +216,8 @@ static int dma_buf_fs_init_context(struct fs_context *fc) if (!ctx) return -ENOMEM; ctx->dops = &dma_buf_dentry_ops; + fc->s_iflags |= SB_I_NOEXEC; + fc->s_iflags |= SB_I_NODEV; return 0; }

base-commit: 6779b50faa562e6cca1aa6a4649a4d764c6c7e28