From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: complete perf_allow_* trio and use in drm/xe Date: Mon, 25 May 2026 18:04:51 +1000 Message-ID: In-Reply-To: <20260523013326.129491-1-jhubbard@nvidia.com> References: <20260523013326.129491-1-jhubbard@nvidia.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Overall Series Review Subject: complete perf_allow_* trio and use in drm/xe Author: John Hubbard Patches: 5 Reviewed: 2026-05-25T18:04:51.127105 --- This is a clean, well-motivated 2-patch series that completes the `perf_allow_*` API for modular callers and then uses it in drm/xe to replace open-coded permission checks. The series follows the precedent set by commit 5e9629d0ae97 for `perf_allow_kernel()` and extends it consistently to the remaining two helpers. The code is correct and the structure is sound. The main behavioral change to note is that xe observation streams will now additionally consult the `security_perf_event_open()` LSM hook and respect the graduated `kernel.perf_event_paranoid` policy rather than doing a simple `perfmon_capable()` check. This is a deliberate improvement and is well-documented in the commit messages. One subtle point worth calling out: when `kernel.perf_event_paranoid` is set to 0 (not the default, which is 2), `perf_allow_cpu()` will skip the capability check entirely and only consult the LSM hook. This means xe observation could become *less* restrictive than before in that specific admin-configured scenario. This is consistent with the stated goal of aligning with the system perf policy, but the series might benefit from a note in the commit message about this edge case for anyone bisecting a permission change. No blocking issues. Reviewed-by-worthy with minor observations below. --- --- Generated by Claude Code Patch Reviewer