From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: mm/zone_device: Do not touch device folio after calling ->folio_free()
Date: Sun, 12 Apr 2026 09:15:48 +1000
Message-ID: <review-overall-20260410230346.4009855-1-matthew.brost@intel.com>
In-Reply-To: <20260410230346.4009855-1-matthew.brost@intel.com>
References: <20260410230346.4009855-1-matthew.brost@intel.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Overall Series Review

Subject: mm/zone_device: Do not touch device folio after calling ->folio_free()
Author: Matthew Brost <matthew.brost@intel.com>
Patches: 2
Reviewed: 2026-04-12T09:15:48.772101

---

This is a single-patch fix for a use-after-free bug in the MM zone_device code (`mm/memremap.c`). The bug is straightforward and the fix is correct: after `pgmap->ops->folio_free(folio)` is called, the folio may be immediately reallocated by the driver with a different order, making subsequent access to `folio->pgmap` unsafe. The local stack variable `pgmap` (captured at function entry on line 418) should be used instead.

The patch is well-motivated with a real crash trace showing a GPF at `free_zone_device_folio+0x149/0x240` from a non-canonical address (`0x900000000000000`), consistent with reading stale/corrupted data from a reallocated folio.

**Verdict: The patch looks correct and should be applied.**

---
Generated by Claude Code Patch Reviewer