Claude review: drm/vc4: fix NULL dereference in vc4_hvs_unbind

[Claude Code Review Bot <claude-review@example.com>]

Patch Review

**Correctness:** The fix correctly addresses the crash. The root cause is in `vc4_drv.c:416` where `dev_set_drvdata(dev, NULL)` is called in `vc4_drm_unbind()` before the devm-managed `vc4_component_unbind_all()` fires at `vc4_drv.c:275`, which subsequently calls each component's unbind (including `vc4_hvs_unbind`). By the time `vc4_hvs_unbind` runs, `dev_get_drvdata(master)` returns NULL.

**Code change:**
```c
-	struct vc4_dev *vc4 = to_vc4_dev(drm);
-	struct vc4_hvs *hvs = vc4->hvs;
+	struct vc4_dev *vc4;
+	struct vc4_hvs *hvs;
 	struct drm_mm_node *node, *next;

+	if (!drm)
+		return;
+
+	vc4 = to_vc4_dev(drm);
+	hvs = vc4->hvs;
```

This is clean and correct — the early return prevents the NULL dereference path entirely.

**Minor observations:**

1. **Consistent with existing code?** The other unbind functions in this driver (`vc4_v3d_unbind` in `vc4_v3d.c:494`) do **not** have this same NULL guard but are susceptible to the same issue. If this NULL drvdata scenario can be triggered for `vc4_hvs_unbind`, it can likely be triggered for `vc4_v3d_unbind` as well (which does `struct vc4_dev *vc4 = to_vc4_dev(drm)` without checking). Consider adding the same guard there, or at least noting that those functions may need fixing too. `vc4_crtc_unbind` and `vc4_txp_unbind` don't dereference `master` drvdata, so they are safe.

2. **Root cause vs. symptom:** This is a band-aid. The real issue is the ordering in `vc4_drm_unbind()` — it clears drvdata before the devm-managed `component_unbind_all` action fires. Moving `dev_set_drvdata(dev, NULL)` into a devm action registered *before* the `component_unbind_all` action (so it runs *after*) would fix this at the source. However, for a stable-targeted fix, the defensive NULL check is the safer and more appropriate approach.

3. **Fixes tag and Cc stable:** Both look correct — the fix references `c8b75bca92cb` which introduced the original `vc4_hvs_unbind`, and the stable tag is appropriate for a NULL deref fix.

4. **Unused variable after early return:** `hvs` is assigned at line 1764 but only used at lines 1778-1779 (`clk_disable_unprepare(hvs->disp_clk)` and `clk_disable_unprepare(hvs->core_clk)`). Meanwhile lines 1766-1776 all use `vc4->hvs` directly instead of `hvs`. This is a pre-existing inconsistency (not introduced by this patch), but the patch does perpetuate it by keeping the `hvs` local variable.

**Overall:** Good fix, appropriate for stable. The `vc4_v3d_unbind` gap is worth flagging to the author as a follow-up.

---
Generated by Claude Code Patch Reviewer