From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/xe: use krealloc_array to prevent integer overflow
Date: Sun, 12 Apr 2026 11:54:39 +1000
Message-ID: <review-overall-20260409012520.3531256-1-baoli.zhang@linux.intel.com>
In-Reply-To: <20260409012520.3531256-1-baoli.zhang@linux.intel.com>
References: <20260409012520.3531256-1-baoli.zhang@linux.intel.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Overall Series Review

Subject: drm/xe: use krealloc_array to prevent integer overflow
Author: "Baoli.Zhang" <baoli.zhang@linux.intel.com>
Patches: 1
Reviewed: 2026-04-12T11:54:39.270190

---

This is a single patch (v2) that mechanically replaces `krealloc()` with `k=
realloc_array()` in two xe driver files to leverage the built-in overflow c=
hecking in `krealloc_array()`. The change is correct, low-risk, and follows=
 established kernel conventions. The kernel provides `krealloc_array()` spe=
cifically for this pattern =E2=80=94 separating count from element size so =
the allocator can check for multiplication overflow internally.

The practical overflow risk here is low (especially in `xe_vm_madvise.c` wh=
ere `max_vmas` starts at 8 and doubles, so it would OOM long before overflo=
wing), but using the safe API is the right thing to do as a defense-in-dept=
h measure. In `xe_configfs.c`, `count` is a `ssize_t` derived from user-sup=
plied configfs input, so the overflow protection is slightly more meaningfu=
l there.

**Verdict: Looks good.** Minor nits below but nothing blocking.

---
Generated by Claude Code Patch Reviewer