From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/amdkfd: fix NULL dereference in get_queue_ids() Date: Mon, 25 May 2026 17:31:37 +1000 Message-ID: In-Reply-To: <20260523165646.25645-1-meatuni001@gmail.com> References: <20260523165646.25645-1-meatuni001@gmail.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: drm/amdkfd: fix NULL dereference in get_queue_ids() Author: Muhammad Bilal Patches: 2 Reviewed: 2026-05-25T17:31:37.605877 --- This is a two-patch series from Muhammad Bilal fixing two distinct security= bugs in `get_queue_ids()` in the amdkfd debug-trap queue suspend/resume pa= th. Both `num_queues` and `queue_array_ptr` are user-controlled via `kfd_io= ctl_set_debug_trap()` (confirmed at `kfd_chardev.c:3225-3234`), making both= bugs userspace-triggerable. **Patch ordering**: The integer overflow fix (earlier Message-ID) is the ba= se; the NULL dereference fix (In-Reply-To the first) is an incremental foll= ow-up. Both patches are small, correct, and well-justified. **Verdict**: Both patches are correct and should be applied. The commit mes= sages are thorough and accurate. The only nit is that `suspend_queues()` ha= s a pre-existing asymmetry with `resume_queues()` in how it handles the `co= py_to_user`/`kfree` tail =E2=80=94 but that is outside the scope of these f= ixes and not a regression. --- --- Generated by Claude Code Patch Reviewer