From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/msm/adreno: fix userspace-triggered crash on a2xx-a4xx
Date: Sun, 12 Apr 2026 14:17:19 +1000
Message-ID: <review-overall-20260407-adreno-fix-ubwc-v1-1-bb2b09450b87@oss.qualcomm.com>
In-Reply-To: <20260407-adreno-fix-ubwc-v1-1-bb2b09450b87@oss.qualcomm.com>
References: <20260407-adreno-fix-ubwc-v1-1-bb2b09450b87@oss.qualcomm.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Overall Series Review

Subject: drm/msm/adreno: fix userspace-triggered crash on a2xx-a4xx
Author: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Patches: 3
Reviewed: 2026-04-12T14:17:19.494675

---

This is a single patch fixing a real NULL pointer dereference bug in the Adreno GPU driver. The problem is genuine: the commit `a452510aad53` ("drm/msm/adreno: Switch to the common UBWC config struct") introduced unconditional dereferences of `adreno_gpu->ubwc_config` in `adreno_get_param()`, but on a2xx through a4xx hardware, `ubwc_config` is never initialized (confirmed: none of a2xx_gpu.c, a3xx_gpu.c, or a4xx_gpu.c ever set `ubwc_config`). Any userspace process can trigger this crash by issuing an `MSM_PARAM_HIGHEST_BANK_BIT`, `MSM_PARAM_UBWC_SWIZZLE`, or `MSM_PARAM_MACROTILE_MODE` ioctl query on those older GPUs.

The fix is correct in that it prevents the crash, but the approach is debatable.

---
Generated by Claude Code Patch Reviewer