From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm: zynqmp_dp: Fix uninitialized variable in debugfs() Date: Tue, 26 May 2026 07:37:39 +1000 Message-ID: In-Reply-To: References: X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Analysis of the bug:** `simple_write_to_buffer()` writes to `to + pos` where `pos =3D *ppos`. If `= *ppos` is non-zero, the beginning of the stack-allocated buffer is never in= itialized. This affects both functions: 1. **`zynqmp_dp_pattern_write()`** =E2=80=94 the uninitialized prefix bytes= in `buf` are followed by `buf[ret] =3D '\0'` and then `sysfs_match_string(= )`. The match would operate on garbage bytes at the start of the string. 2. **`zynqmp_dp_custom_write()`** =E2=80=94 `memcpy(dp->test.custom, buf, r= et)` copies from the beginning of `buf`, which includes uninitialized bytes= when `*ppos` was non-zero. This leaks stack contents into `dp->test.custom= `, which is then written to hardware via `zynqmp_dp_set_test_pattern()`. **The fix:** ```c if (*ppos !=3D 0) return -EINVAL; ``` Added at the top of both write functions. This is the standard kernel patte= rn for debugfs write handlers that expect a single complete write. Both `fi= le_operations` structs use `noop_llseek`, confirming these are not designed= for seekable I/O. **Review comments:** - **Correct and complete.** Both affected write handlers are fixed. - **Appropriate error code.** `-EINVAL` is the right choice for rejecting a= n invalid ppos. - **Behavioral note:** After a successful write, `simple_write_to_buffer()`= advances `*ppos`, so a second `write()` on the same fd will now return `-E= INVAL` instead of the previous behavior (returning `0` when `*ppos >=3D ava= ilable`). This is actually an improvement =E2=80=94 `-EINVAL` is more infor= mative than a silent zero-length write. - **Fixes tag** correctly references the commit that introduced the debugfs= interface. **No issues found.**=20 Reviewed-by worthy as-is. --- Generated by Claude Code Patch Reviewer