From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/xe: use krealloc_array to prevent integer overflow Date: Wed, 25 Mar 2026 07:53:35 +1000 Message-ID: In-Reply-To: <20260323120051.983301-1-baoli.zhang@linux.intel.com> References: <20260323120051.983301-1-baoli.zhang@linux.intel.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: drm/xe: use krealloc_array to prevent integer overflow Author: "Baoli.Zhang" Patches: 1 Reviewed: 2026-03-25T07:53:35.984719 --- This is a single-patch series that mechanically replaces `krealloc()` with = `krealloc_array()` in two xe driver files. The change is correct in princip= le =E2=80=94 `krealloc_array()` adds an internal overflow check on the mult= iplication of `count * element_size` =E2=80=94 but the practical overflow r= isk in both call sites is negligible: 1. In `xe_configfs.c`, `count` is a `ssize_t` derived from parsing a user-p= rovided configfs page (bounded by page size), and `sizeof(u32)` is 4. Overf= low of `count * 4` is not realistic. 2. In `xe_vm_madvise.c`, `max_vmas` is an `int` starting at 8 and doubling.= It would need to reach ~2^30 entries (billions of VMAs) before `max_vmas *= sizeof(pointer)` overflows, which is impossible in practice. That said, using `krealloc_array()` is the accepted kernel coding conventio= n for array allocations and tools like Coccinelle flag these patterns, so t= he change is reasonable as a hardening/cleanup measure. --- Generated by Claude Code Patch Reviewer