From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: Re: [PATCH] drm/amdgpu: fix PASID task_info lookup race
Date: Wed, 11 Mar 2026 13:51:08 +1000
Message-ID: <review-overall-01de9910-3fe6-4683-b005-f41103a9bf89@amd.com>
In-Reply-To: <01de9910-3fe6-4683-b005-f41103a9bf89@amd.com>
References: <01de9910-3fe6-4683-b005-f41103a9bf89@amd.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Overall Series Review

Subject: Re: [PATCH] drm/amdgpu: fix PASID task_info lookup race
Author: =3D?UTF-8?Q?Christian_K=3DC3=3DB6nig?=3D <christian.koenig@amd.com>
Patches: 2
Reviewed: 2026-03-11T13:51:08.979104

---

This is a single-patch fix for a real use-after-free race condition in `amd=
gpu_vm_get_task_info_pasid()`. The race is between the PASID lookup path an=
d `amdgpu_vm_fini()`:

1. Thread A calls `amdgpu_vm_get_vm_from_pasid()`, gets a pointer to the VM=
, releases the xarray lock.
2. Thread B runs `amdgpu_vm_fini()`, calls `xa_erase_irq()` to remove the P=
ASID mapping, then eventually calls `amdgpu_vm_put_task_info()` which may f=
ree `task_info`.
3. Thread A dereferences `vm->task_info` =E2=80=94 use-after-free.

The fix correctly collapses the lookup and reference acquisition into a sin=
gle critical section under the xarray lock. The approach is sound and well-=
motivated.

**Verdict: The patch is correct and should be accepted, with minor observat=
ions below.**

---
Generated by Claude Code Patch Reviewer