From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: lib: add dmabuf token infrastructure
Date: Tue, 05 May 2026 11:26:00 +1000
Message-ID: <review-patch5-c61e6d928f86f4cb253ae350272e6039faefd3a6.1777475843.git.asml.silence@gmail.com>
In-Reply-To: <c61e6d928f86f4cb253ae350272e6039faefd3a6.1777475843.git.asml.silence@gmail.com>
References: <cover.1777475843.git.asml.silence@gmail.com> <c61e6d928f86f4cb253ae350272e6039faefd3a6.1777475843.git.asml.silence@gmail.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Patch Review

The core of the series. The token/map separation is well-motivated for supp=
orting invalidation. The percpu refcount + dma fence pattern for tracking i=
n-flight I/O is correct.

**Bug: Missing cleanup after failed `WARN_ON_ONCE` in `io_dmabuf_token_crea=
te`**

```c
ret =3D file->f_op->create_dmabuf_token(file, token);
if (ret) {
    memset(token, 0, sizeof(*token));
    dma_buf_put(dmabuf);
    return ret;
}

if (WARN_ON_ONCE(!token->dev_ops ||
         !token->dev_ops->map ||
         !token->dev_ops->unmap ||
         !token->dev_ops->release))
    return -EINVAL;
```

If the WARN fires, the function returns `-EINVAL` without calling `dma_buf_=
put(dmabuf)` or cleaning up whatever `create_dmabuf_token` allocated (via `=
dev_ops->release`). The dmabuf ref from `get_dma_buf()` earlier is leaked. =
The token struct may also be partially initialized.

**SPDX identifier:** `lib/io_dmabuf_token.c` uses `/* SPDX-License-Identifi=
er: GPL-2.0 */` (C-style comment) which is for header files. Source files s=
hould use `// SPDX-License-Identifier: GPL-2.0`.

**Nit:** The header guard is `_LINUX_DMA_TOKEN_H` but the file is `io_dmabu=
f_token.h` =E2=80=94 the guard could be `_LINUX_IO_DMABUF_TOKEN_H` for cons=
istency.

---

---
Generated by Claude Code Patch Reviewer