From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: dma-buf: Add dma_buf_mapping_attach()
Date: Wed, 18 Feb 2026 11:37:56 +1000
Message-ID: <review-patch3-3-v1-b5cab63049c0+191af-dmabuf_map_type_jgg@nvidia.com>
In-Reply-To: <3-v1-b5cab63049c0+191af-dmabuf_map_type_jgg@nvidia.com>
References: <0-v1-b5cab63049c0+191af-dmabuf_map_type_jgg@nvidia.com> <3-v1-b5cab63049c0+191af-dmabuf_map_type_jgg@nvidia.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Patch Review

> +	struct dma_buf_mapping_match sgt_match[] = {
> +		DMA_BUF_IMAPPING_SGT(dev, importer_ops->allow_peer2peer ?
> +						  DMA_SGT_IMPORTER_ACCEPTS_P2P :
> +						  DMA_SGT_NO_P2P),
> +	};

In the new `dma_buf_dynamic_attach`, `importer_ops->allow_peer2peer` is dereferenced without a NULL check. The original code had `if (importer_ops)` before accessing this field. Currently all callers of `dma_buf_dynamic_attach` pass non-NULL `importer_ops` (the NULL case is handled by the separate `dma_buf_attach` wrapper), but the original API contract allowed NULL. If any future caller passes NULL, this will crash. Consider adding a `WARN_ON(!importer_ops)` guard or updating the documentation to indicate `importer_ops` is now required.

> +	if (WARN_ON(!dmabuf))
> +		return ERR_PTR(-EINVAL);

The check for `!dev` was removed since the device is now embedded in match data. But `dma_buf_mapping_attach` doesn't validate that the importer provided a non-NULL device in their match entries either. For SGT, a NULL `importing_dma_device` would propagate to `dma_map_sgtable()` calls, causing a crash there rather than at attach time.

---
Generated by Claude Code Patch Reviewer