From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: nouveau/gsp: fix NULL pointer dereference in r535 nvenc/ofs alloc Date: Wed, 27 May 2026 15:18:37 +1000 Message-ID: In-Reply-To: <20260526014721.13299-1-zenghongling@kylinos.cn> References: <20260526014721.13299-1-zenghongling@kylinos.cn> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: nouveau/gsp: fix NULL pointer dereference in r535 nvenc/ofs alloc Author: Hongling Zeng Patches: 2 Reviewed: 2026-05-27T15:18:37.432235 --- This is a single-patch fix for a potential NULL pointer dereference in the = nouveau/gsp r535 nvenc and ofa allocation paths. The analysis is correct: `= nvkm_gsp_rm_alloc_get()` calls through `gsp->rm->api->alloc->get()` which c= alls `nvkm_gsp_rpc_get()`, which in turn calls `gsp->rm->api->rpc->get()`. = The `nvkm_gsp_rpc_get()` wrapper propagates whatever the underlying `.get` = returns =E2=80=94 and the sibling function `nvkm_gsp_rpc_rd()` already guar= ds against NULL with `IS_ERR_OR_NULL()`. The `nvkm_gsp_rm_alloc_get()` inli= ne in `gsp.h` also uses `IS_ERR_OR_NULL()` internally at line 376, and the = `nvkm_gsp_rm_alloc()` convenience wrapper at line 418 does the same. So the= callers that only check `IS_ERR()` are indeed inconsistent and vulnerable. The fix is correct and matches the existing pattern in `nvkm_gsp_rm_alloc()= `. However, it is **incomplete** =E2=80=94 the same bug exists in several s= ibling files that are not touched by this patch. --- Generated by Claude Code Patch Reviewer