Claude review: drm/gpusvm, pagemap: Do not assume DRM pagemap owns device pages

[Claude Code Review Bot <claude-review@example.com>]

Patch Review

**drm_pagemap.h: `drm_pagemap_page_zone_device_data()` change**

```c
+	if (WARN_ON_ONCE(page_pgmap(page)->ops != drm_pagemap_pagemap_ops_get()))
+		return NULL;
```

`WARN_ON_ONCE` is inappropriate here. The commit message itself says "it is possible to encounter device pages that are not owned by DRM pagemap" — this is an expected condition, not a kernel bug. `WARN_ON` emits a full stack trace to dmesg/console and is reserved for situations that indicate a programming error. If encountering a non-DRM device page is a legitimate runtime possibility, this should be a plain `if` check:

```c
	if (page_pgmap(page)->ops != drm_pagemap_pagemap_ops_get())
		return NULL;
```

Additionally, this change makes `drm_pagemap_page_zone_device_data()` return NULL in new cases, but `drm_pagemap_page_to_dpagemap()` at `drm_pagemap.c:1322-1327` was not updated:

```c
struct drm_pagemap *drm_pagemap_page_to_dpagemap(struct page *page)
{
	struct drm_pagemap_zdd *zdd = drm_pagemap_page_zone_device_data(page);

	return zdd->devmem_allocation->dpagemap;  // NULL deref if zdd is NULL
}
```

This exported function will now crash if called on a non-DRM device page. Either this function should also get a NULL guard, or you should audit all callers to ensure they're already protected. Currently in `drm_gpusvm.c:1507`, the call to `drm_pagemap_page_to_dpagemap(page)` is reached after the new `__zdd` NULL check, so that specific path is safe. But other callers (current or future) are not.

**drm_gpusvm.c: NULL check after `drm_pagemap_page_zone_device_data()`**

```c
+			if (!__zdd) {
+				err = -EINVAL;
+				goto err_unmap;
+			}
```

This is the right defensive check. If `drm_pagemap_page_zone_device_data()` returns NULL (either from the new ops check or from `!CONFIG_ZONE_DEVICE`), the code would otherwise:
- Set `zdd = __zdd` (NULL) at line 1499
- Compare `pagemap != page_pgmap(page)` at line 1500, enter that branch
- Call `drm_pagemap_page_to_dpagemap(page)` at line 1507 which dereferences the NULL zdd

The `err_unmap` goto is the correct error path here. No issues with this hunk.

**drm_pagemap.c: NULL check for `src_zdd` in `drm_pagemap_migrate_to_devmem()`**

```c
-			cur.dpagemap = src_zdd->dpagemap;
-			cur.ops = src_zdd->devmem_allocation->ops;
-			cur.device = cur.dpagemap->drm->dev;
-			pages[i] = src_page;
+			if (src_zdd) {
+				cur.dpagemap = src_zdd->dpagemap;
+				cur.ops = src_zdd->devmem_allocation->ops;
+				cur.device = cur.dpagemap->drm->dev;
+				pages[i] = src_page;
+			} else {
+				npages = i;
+				err = -EINVAL;
+				goto err_finalize;
+			}
```

Several issues:

1. **Does not apply to drm-next.** In the current drm-next tree, these lines are inside `if (mdetails->source_peer_migrates)` (line 654), which the patch context doesn't show. The patch was made against a different base. This needs to be rebased.

2. **`npages = i` is correct** (vs `npages = i + 1` used at the existing error at line 688). At this point in the loop, `drm_pagemap_get_devmem_page(page, order, zdd)` at line 681 has NOT yet been called for page `i`, so page `i`'s zone_device_data is uninitialized. `drm_pagemap_migration_unlock_put_pages()` must not process it, so `npages = i` limits cleanup to pages 0..i-1 only. This is correct.

3. **Consider whether this error path leaks destination page `i`.** The destination page at index `i` was allocated by `populate_devmem_pfn()` (line 630) but `migrate_pfn()` at line 667 was not called for it. Whether `migrate_vma_finalize()` can clean it up depends on whether `populate_devmem_pfn` already set `MIGRATE_PFN_VALID`. If not, this page may leak. This should be verified against the driver implementations (e.g., Xe's `populate_devmem_pfn` callback).

**Commit message / metadata:**

`Suggested-by: sashiko.dev` — this is not a valid kernel tag. The `Suggested-by` format requires `Name <email>`, per `Documentation/process/submitting-patches.rst`. A bare domain name is not an email address.

---
Generated by Claude Code Patch Reviewer