On Tue, Oct 07, 2025 at 11:16:05PM -0700, Christoph Hellwig wrote:
> On Tue, Oct 07, 2025 at 11:10:32PM -0700, Kees Cook wrote:
> > The dma-buf pseudo-filesystem should never have executable mappings nor
> > device nodes. Set SB_I_NOEXEC and SB_I_NODEV on the superblock to enforce
> > this at the filesystem level, similar to secretmem, commit 98f99394a104
> > ("secretmem: use SB_I_NOEXEC").
> >
> > Fix the syzbot-reported warning from the exec code to enforce this
> > requirement:
>
> Can you please just enforce this in init_pseudo? If a file system
> really wants to support devices or executable it can clear them,
> but a quick grep suggests that none of them should.
I that that's a fine idea, but I defer to Christian -- I think the WARN
was put in place to avoid doing that...
--
Kees Cook
