Public bug reported:
[Impact]
The VFS layer now enforces that inodes flagged with S_ANON_INODE must be
located on
filesystems with the SB_I_NOEXEC flag set. The dmabuf (Direct Memory Access
Buffer)
filesystem creates inodes using alloc_anon_inode(), which sets the S_ANON_INODE
flag
but does not set SB_I_NOEXEC and SB_I_NODEV on the filesystem.
This causes a kernel warning when a dmabuf is memory-mapped, which can occur in
multimedia applications such as GStreamer's v4l2src (Video4Linux source)
element.
The warning does not cause a crash but indicates a VFS policy violation that
will
eventually become a fatal error in future kernel versions.
Error log:
```
[ 60.061328] WARNING: CPU: 2 PID: 2803 at fs/exec.c:125 path_noexec+0xa0/0xd0
...
[ 60.061637] do_mmap+0x2b5/0x680
```
Affected scenarios: Any system running multimedia applications that use video
capture
or memory-mapped dmabuf operations, particularly with Video4Linux source
elements or
similar hardware-accelerated media processing.
[Fix]
Set the SB_I_NOEXEC and SB_I_NODEV flags on the dmabuf filesystem context. This
follows
the same pattern previously applied to other anonymous inode filesystems such as
secretmem (commit 98f99394a104c) and the anon_inode filesystem (commit
ce7419b6cf23d).
The fix is minimal - adding two flag assignments in drivers/dma-buf/dma-buf.c:
- fc->s_iflags |= SB_I_NOEXEC;
- fc->s_iflags |= SB_I_NODEV;
These changes align the dmabuf filesystem with the VFS enforcement introduced in
commit 1e7ab6f67824 ("anon_inode: rework assertions").
[Test Plan]
1. Install a system with a video capture device (USB webcam, integrated camera,
or
Video4Linux-compatible device)
2. Install GStreamer and the v4l2src plugin:
$ sudo apt-get install gstreamer1.0-plugins-good gstreamer1.0-plugins-base
3. Run a GStreamer pipeline that uses v4l2src to capture video:
$ gst-launch-1.0 v4l2src ! video/x-raw, width=640, height=480,
framerate=30/1 ! videoconvert ! autovideosink
4. Check the kernel log for warnings:
$ dmesg | grep -i "path_noexec\|SB_I_NOEXEC"
Expected result without fix:
- WARNING message appears in dmesg at fs/exec.c:125 (path_noexec+0xa0/0xd0)
indicating anonymous inode on non-compliant filesystem
Expected result with fix:
- No warning appears; video capture works correctly without VFS policy
violations
[Where problems could occur]
The dmabuf filesystem itself could be affected if the SB_I_NOEXEC or SB_I_NODEV
flags
cause unexpected behavior with the filesystem's inode operations.
If there are edge cases where the dmabuf filesystem needs to allow execution or
device
access for specific operations, this fix could prevent those operations from
working.
Symptoms would include dmabuf allocations failing, memory mapping failing, or
hardware
acceleration features becoming unavailable.
The SB_I_NODEV flag prevents device node creation on the filesystem (which
should never
occur on a pseudo-filesystem), and SB_I_NOEXEC prevents execution (which is the
correct
behavior for a memory buffer filesystem). These are defensive flags used by all
similar anonymous inode filesystems, so the regression risk is minimal, but if
there
are hidden dependencies on the absence of these flags, dmabuf clients could
fail.
Monitor for:
- Memory mapping failures in applications using dmabuf
- Failures to create dmabuf file descriptors
- DMA operations failing to map memory regions
- Video capture or media acceleration features becoming unavailable
[Other Info]
This is a backport of a fix for the upstream kernel. The patch follows the exact
approach used in previous commits to other anonymous inode filesystems:
- commit 98f99394a104c ("secretmem: use SB_I_NOEXEC")
- commit ce7419b6cf23d ("anon_inode: raise SB_I_NODEV and SB_I_NOEXEC")
The warning was introduced by commit 1e7ab6f67824 ("anon_inode: rework
assertions")
which added enforcement in the VFS layer that anonymous inodes must have these
flags
set on their host filesystem.
Upstream patch reference:
https://lore.kernel.org/lkml/[email protected]/
** Affects: hwe-next
Importance: Undecided
Status: New
** Affects: linux-oem-6.17 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux-oem-6.17 (Ubuntu Noble)
Importance: Undecided
Assignee: AceLan Kao (acelankao)
Status: In Progress
** Tags: jira-somerville-3734 jira-somerville-3968 oem-priority somerville
** Also affects: linux-oem-6.17 (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: linux-oem-6.17 (Ubuntu Noble)
Status: New => In Progress
** Changed in: linux-oem-6.17 (Ubuntu Noble)
Assignee: (unassigned) => AceLan Kao (acelankao)
** Changed in: linux-oem-6.17 (Ubuntu)
Status: New => Invalid
** Tags added: jira-somerville-3968 oem-priority somerville
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2139656
Title:
dma-buf filesystem flags fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/2139656/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
