Claude review: drm/ttm: Be more aggressive when allocating below protection limit

[Claude Code Review Bot <claude-review@example.com>]

Patch Review

**Purpose:** The core behavioral change. When an allocation is covered by cgroup protection (below min/low), attempt eviction of unprotected buffers instead of backing off to GTT.

**Logic analysis:**
```c
	may_evict |= dmem_cgroup_below_min(NULL, alloc_state->charge_pool);
	below_low = dmem_cgroup_below_low(NULL, alloc_state->charge_pool);
	alloc_state->only_evict_unprotected = !may_evict && below_low;
```

This creates three tiers:
1. **Below min** (strongest): `may_evict` is forced true → full eviction including low-protected BOs
2. **Below low but not min**: `only_evict_unprotected = true` → evict only unprotected BOs
3. **Not protected**: No change from current behavior

The `only_evict_unprotected` flag prevents the retry-with-low path:
```c
	if (!lret && evict_walk.hit_low && !state->only_evict_unprotected) {
```
This is correct — when we're in "protected allocator" mode, we should not escalate to evicting low-protected BOs because those are peers that deserve their protection.

The extended comment block explaining the protection model is excellent and makes the reasoning very clear.

The condition `(may_evict || below_low)` for converting `-ENOSPC` to `-EBUSY`:
```c
		if (ret == -ENOSPC && (may_evict || below_low))
			ret = -EBUSY;
```
ensures eviction is attempted for any protected allocation.

Note: `dmem_cgroup_below_min/low(NULL, ...)` uses global root for protection calculation. This is correct for determining if the *allocator* is protected. Patch 6 then handles the per-evictee calculation correctly using common ancestors.

---
Generated by Claude Code Patch Reviewer