From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: accel/ethosu: fix IFM region index out-of-bounds in command stream parser
Date: Mon, 25 May 2026 17:21:01 +1000
Message-ID: <review-overall-20260523195159.55801-1-meatuni001@gmail.com>
In-Reply-To: <20260523195159.55801-1-meatuni001@gmail.com>
References: <20260523195159.55801-1-meatuni001@gmail.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Overall Series Review

Subject: accel/ethosu: fix IFM region index out-of-bounds in command stream=
 parser
Author: Muhammad Bilal <meatuni001@gmail.com>
Patches: 1
Reviewed: 2026-05-25T17:21:01.362311

---

This is a single-patch fix for a genuine out-of-bounds write vulnerability =
in the Arm Ethos-U NPU accelerator driver. The analysis in the commit messa=
ge is thorough and accurate: `NPU_SET_IFM_REGION` used `param & 0x7f` (mask=
 allowing values 0=E2=80=93127) while the target arrays `region_size[]` and=
 `output_region[]` are sized to `NPU_BASEP_REGION_MAX` (8, valid indices 0=
=E2=80=937). Every other region assignment in the same switch uses `param &=
 0x7`. The fix is a one-character change from `0x7f` to `0x7`, making it co=
nsistent with all other region mask operations.

**Verdict: This patch looks correct and should be applied.** It fixes a hea=
p out-of-bounds write reachable from userspace.

---
Generated by Claude Code Patch Reviewer