From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: dma-buf: fix UAF in dma_buf_put() tracepoint
Date: Sun, 12 Apr 2026 12:25:40 +1000
Message-ID: <review-overall-20260408123916.2604101-1-andi.shyti@kernel.org>
In-Reply-To: <20260408123916.2604101-1-andi.shyti@kernel.org>
References: <20260408123916.2604101-1-andi.shyti@kernel.org>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Overall Series Review

Subject: dma-buf: fix UAF in dma_buf_put() tracepoint
Author: Andi Shyti <andi.shyti@kernel.org>
Patches: 2
Reviewed: 2026-04-12T12:25:40.908159

---

This is a single-patch fix for a clear use-after-free bug in `dma_buf_put()`. The analysis is correct and the fix is straightforward: the `DMA_BUF_TRACE()` macro dereferences `dmabuf` (specifically taking `dmabuf->name_lock`) and was placed **after** `fput(dmabuf->file)`, which on the final reference drop can free the entire `dma_buf` structure. Moving the tracepoint before `fput()` is the right fix.

The patch is well-described with a clear commit message, proper `Fixes:` tag, and `Reported-by:` attribution.

**Verdict: The fix is correct and should be applied.**

---
Generated by Claude Code Patch Reviewer