From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: Re: [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack Date: Tue, 03 Mar 2026 13:58:23 +1000 Message-ID: In-Reply-To: <93f2c5b5-4f5e-46f1-a7f3-c388ab762592@amd.com> References: <93f2c5b5-4f5e-46f1-a7f3-c388ab762592@amd.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Overall Series Review Subject: Re: [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack Author: =?UTF-8?Q?Christian_K=C3=B6nig?= Patches: 3 Reviewed: 2026-03-03T13:58:23.267122 --- This is a single-patch fix for a real regression introduced by commit c2d3a7300695 ("drm/syncobj: Extend EXPORT_SYNC_FILE for timeline syncobjs"). The analysis in the commit message is correct, the fix is minimal and appropriate, and it addresses both affected ioctl handlers symmetrically. **The regression**: When the `point` field was added to `struct drm_syncobj_handle`, both `drm_syncobj_handle_to_fd_ioctl` and `drm_syncobj_fd_to_handle_ioctl` began checking `if (args->point) return -EINVAL;` on the non-timeline code paths. This breaks userspace that is compiled against new headers but doesn't initialize the `point` field (because it was written for the older interface where `point` didn't exist). The `point` field picks up stack garbage, fails the check, and the ioctl returns `-EINVAL`. Note: Userspace compiled against the *old* headers (without `point`) is unaffected because the DRM ioctl infrastructure zero-pads the struct when `in_size < drv_size` (see `drm_ioctl()` at `drm_ioctl.c:898-899`). The regression specifically affects userspace compiled against new headers but not updated to initialize `point`. **Recommendation**: This patch looks correct and ready to apply. It should also be tagged with `Cc: stable@vger.kernel.org` for backporting. --- Generated by Claude Code Patch Reviewer