From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/imagination: Don't timeout job if its fence has been signaled
Date: Sat, 16 May 2026 14:11:25 +1000
Message-ID: <review-patch2-20260512-b4-context_reset-v1-2-439bee96ed83@imgtec.com>
In-Reply-To: <20260512-b4-context_reset-v1-2-439bee96ed83@imgtec.com>
References: <20260512-b4-context_reset-v1-0-439bee96ed83@imgtec.com> <20260512-b4-context_reset-v1-2-439bee96ed83@imgtec.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Patch Review

**Verdict: Bug =E2=80=94 NULL pointer dereference**

The added check:

```c
if (dma_fence_is_signaled(s_job->s_fence->parent))
    return DRM_GPU_SCHED_STAT_NO_HANG;
```

`s_job->s_fence->parent` can be NULL. The parent fence is assigned by `drm_=
sched_fence_set_parent()` during `run_job`. If the timeout fires before the=
 job has been run (e.g., the job was stuck in the pending queue), `parent` =
is NULL. This will cause a NULL dereference inside `dma_fence_is_signaled()=
`, which does not check for NULL.

The code later in the same function even has:

```c
WARN_ON(job->base.s_fence->parent);
job->base.s_fence->parent =3D dma_fence_get(job->done_fence);
```

...which explicitly expects `parent` to be NULL in some cases.

**Fix:** Add a NULL check:

```c
if (s_job->s_fence->parent &&
    dma_fence_is_signaled(s_job->s_fence->parent))
    return DRM_GPU_SCHED_STAT_NO_HANG;
```

The overall idea (avoid false timeouts when the fence has already signaled)=
 is reasonable and used in other DRM scheduler drivers.

---
Generated by Claude Code Patch Reviewer