From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: accel/qda: Add FastRPC dynamic invocation support
Date: Tue, 24 Feb 2026 18:20:13 +1000
Message-ID: <review-patch14-20260224-qda-firstpost-v1-14-fe46a9c1a046@oss.qualcomm.com>
In-Reply-To: <20260224-qda-firstpost-v1-14-fe46a9c1a046@oss.qualcomm.com>
References: <20260224-qda-firstpost-v1-0-fe46a9c1a046@oss.qualcomm.com> <20260224-qda-firstpost-v1-14-fe46a9c1a046@oss.qualcomm.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Patch Review

**SECURITY ISSUE**: Dmitry identified a critical problem with `__user` poin=
ter handling:

```
Nah, it's a direct route to failure. __user is for user pointers, it
can't be a kernel data. Define separate functions and be 100% sure
whether the data is coming from the user (and thus needs to be
sanitized) or of it is coming from the kernel. Otherwise a funny user
can pass kernel pointer and get away with your code copying data from or
writing data to the kernel buffer.
```

This is a potential privilege escalation if user-supplied values are treate=
d as kernel pointers. This must be fixed before any merge consideration.

- Dmitry also asked: "Can you actually write the user code by looking at yo=
ur uapi header?" =E2=80=94 suggesting the UAPI is not self-documenting enou=
gh.

---
Generated by Claude Code Patch Reviewer