From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: accel/ivpu: prevent uninitialized data bug in debugfs Date: Tue, 26 May 2026 07:38:50 +1000 Message-ID: In-Reply-To: References: X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Verdict: Looks good.** The fix adds a `*pos !=3D 0` check to the existing early-return guard: ```c - if (size >=3D sizeof(buf)) + if (*pos !=3D 0 || size >=3D sizeof(buf)) return -EINVAL; ``` This is the right approach. The function expects a single complete write co= ntaining a formatted string like `"%u %u %u %u"` =E2=80=94 partial/resumed = writes at a non-zero offset would never produce correct results even if the= buffer were properly initialized, since the `sscanf` on line 461 needs the= full string from the beginning. The pattern of rejecting `*pos !=3D 0` is well-established in the kernel fo= r debugfs write handlers that parse a complete user-space string in one sho= t (e.g., `dvfs_mode_fops_write` and similar handlers throughout the tree). One minor observation: `simple_write_to_buffer` returns the number of bytes= actually written (not necessarily equal to `size`), and that return value = is used on line 460 as `buf[ret] =3D '\0'`. With the `*pos !=3D 0` check in= place, `ret` will always reflect bytes written starting from offset 0, so = this is now fully correct. **No issues found.** Clean, minimal, well-targeted fix with a proper Fixes = tag. --- Generated by Claude Code Patch Reviewer