[PATCH v1] drm/xe: use krealloc_array to prevent integer overflow

[PATCH v1] drm/xe: use krealloc_array to prevent integer overflow

[Baoli.Zhang]

Replace the use of krealloc() with krealloc_array() in xe driver to
mitigate the risk of integer overflow during memory allocation size
calculation.

Signed-off-by: Baoli.Zhang <baoli.zhang@linux.intel.com>
Signed-off-by: Junxiao.Chang <junxiao.chang@intel.com>
---
 drivers/gpu/drm/xe/xe_configfs.c   | 2 +-
 drivers/gpu/drm/xe/xe_vm_madvise.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/xe/xe_configfs.c b/drivers/gpu/drm/xe/xe_configfs.c
index 7fd07d1280bb1..4cf903c904ba0 100644
--- a/drivers/gpu/drm/xe/xe_configfs.c
+++ b/drivers/gpu/drm/xe/xe_configfs.c
@@ -766,7 +766,7 @@ static ssize_t wa_bb_store(struct wa_bb wa_bb[static XE_ENGINE_CLASS_MAX],
 	 * 2. Allocate a u32 array and set the pointers to the right positions
 	 * according to the length of each class' wa_bb
 	 */
-	tmp = krealloc(wa_bb[0].cs, count * sizeof(u32), GFP_KERNEL);
+	tmp = krealloc_array(wa_bb[0].cs, count, sizeof(u32), GFP_KERNEL);
 	if (!tmp)
 		return -ENOMEM;
 
diff --git a/drivers/gpu/drm/xe/xe_vm_madvise.c b/drivers/gpu/drm/xe/xe_vm_madvise.c
index bc39a9a9790c3..82afe4bef0725 100644
--- a/drivers/gpu/drm/xe/xe_vm_madvise.c
+++ b/drivers/gpu/drm/xe/xe_vm_madvise.c
@@ -63,8 +63,9 @@ static int get_vmas(struct xe_vm *vm, struct xe_vmas_in_madvise_range *madvise_r
 
 		if (madvise_range->num_vmas == max_vmas) {
 			max_vmas <<= 1;
-			__vmas = krealloc(madvise_range->vmas,
-					  max_vmas * sizeof(*madvise_range->vmas),
+			__vmas = krealloc_array(madvise_range->vmas,
+					  max_vmas,
+					  sizeof(*madvise_range->vmas),
 					  GFP_KERNEL);
 			if (!__vmas) {
 				kfree(madvise_range->vmas);
-- 
2.43.0

Claude review: drm/xe: use krealloc_array to prevent integer overflow

[Claude Code Review Bot]

Overall Series Review

Subject: drm/xe: use krealloc_array to prevent integer overflow
Author: "Baoli.Zhang" <baoli.zhang@linux.intel.com>
Patches: 1
Reviewed: 2026-03-25T07:53:35.984719

---

This is a single-patch series that mechanically replaces `krealloc()` with `krealloc_array()` in two xe driver files. The change is correct in principle — `krealloc_array()` adds an internal overflow check on the multiplication of `count * element_size` — but the practical overflow risk in both call sites is negligible:

1. In `xe_configfs.c`, `count` is a `ssize_t` derived from parsing a user-provided configfs page (bounded by page size), and `sizeof(u32)` is 4. Overflow of `count * 4` is not realistic.
2. In `xe_vm_madvise.c`, `max_vmas` is an `int` starting at 8 and doubling. It would need to reach ~2^30 entries (billions of VMAs) before `max_vmas * sizeof(pointer)` overflows, which is impossible in practice.

That said, using `krealloc_array()` is the accepted kernel coding convention for array allocations and tools like Coccinelle flag these patterns, so the change is reasonable as a hardening/cleanup measure.

---
Generated by Claude Code Patch Reviewer

Claude review: drm/xe: use krealloc_array to prevent integer overflow

[Claude Code Review Bot]

Patch Review

**Correctness:** The transformation is mechanically correct in both hunks. The arguments are split properly: the original `count * sizeof(u32)` becomes `count, sizeof(u32)`, and `max_vmas * sizeof(*madvise_range->vmas)` becomes `max_vmas, sizeof(*madvise_range->vmas)`.

**Commit message nit:** The subject says "prevent integer overflow" which slightly overstates the risk. Both call sites have values bounded well below overflow thresholds. A more accurate subject would be something like "use krealloc_array to guard against potential integer overflow" or "use krealloc_array for overflow-safe allocation". This is a minor style point.

**Signed-off-by ordering:** The patch has:
```
Signed-off-by: Baoli.Zhang <baoli.zhang@linux.intel.com>
Signed-off-by: Junxiao.Chang <junxiao.chang@intel.com>
```
The `From:` header shows Baoli.Zhang as the author, so Junxiao.Chang's Signed-off-by appearing second (after the author) implies Junxiao.Chang is forwarding the patch. If Junxiao.Chang is a co-developer rather than a submitter in the chain, a `Co-developed-by:` + `Signed-off-by:` pair would be more appropriate.

**xe_vm_madvise.c alignment:** The alignment of the continuation arguments is slightly off from the opening parenthesis convention:
```c
__vmas = krealloc_array(madvise_range->vmas,
                  max_vmas,
                  sizeof(*madvise_range->vmas),
                  GFP_KERNEL);
```
The arguments after the first line are indented with tabs+spaces to roughly column-align, but they don't align with the first argument after the opening `(`. This is a minor style issue — matching the existing indentation style of the surrounding code is fine.

**Overall:** A straightforward and correct cleanup patch. No functional concerns. Recommend accepting with optional minor commit message adjustment.

---
Generated by Claude Code Patch Reviewer