[bug report] drm/amd/display: Implement dmub trace event
Dan Carpenter
dan.carpenter at oracle.com
Fri Mar 5 11:25:07 UTC 2021
Hello Yongqiang Sun,
This is a semi-automatic email about new static checker warnings.
The patch 70732504c53b: "drm/amd/display: Implement dmub trace event"
from Feb 19, 2021, leads to the following Smatch complaint:
drivers/gpu/drm/amd/amdgpu/../display/dmub/src/dmub_srv.c:520 dmub_srv_hw_init()
error: we previously assumed 'tracebuff_fb' could be null (see line 447)
drivers/gpu/drm/amd/amdgpu/../display/dmub/src/dmub_srv.c
446
447 if (inst_fb && data_fb && bios_fb && mail_fb && tracebuff_fb &&
^^^^^^^^^^^^
This old code assumes "tracebuff_fb" can be NULL.
448 fw_state_fb && scratch_mem_fb) {
449 cw2.offset.quad_part = data_fb->gpu_addr;
450 cw2.region.base = DMUB_CW0_BASE + inst_fb->size;
451 cw2.region.top = cw2.region.base + data_fb->size;
452
453 cw3.offset.quad_part = bios_fb->gpu_addr;
454 cw3.region.base = DMUB_CW3_BASE;
455 cw3.region.top = cw3.region.base + bios_fb->size;
456
457 cw4.offset.quad_part = mail_fb->gpu_addr;
458 cw4.region.base = DMUB_CW4_BASE;
459 cw4.region.top = cw4.region.base + mail_fb->size;
460
461 /**
462 * Doubled the mailbox region to accomodate inbox and outbox.
463 * Note: Currently, currently total mailbox size is 16KB. It is split
464 * equally into 8KB between inbox and outbox. If this config is
465 * changed, then uncached base address configuration of outbox1
466 * has to be updated in funcs->setup_out_mailbox.
467 */
468 inbox1.base = cw4.region.base;
469 inbox1.top = cw4.region.base + DMUB_RB_SIZE;
470 outbox1.base = inbox1.top;
471 outbox1.top = cw4.region.top;
472
473 cw5.offset.quad_part = tracebuff_fb->gpu_addr;
474 cw5.region.base = DMUB_CW5_BASE;
475 cw5.region.top = cw5.region.base + tracebuff_fb->size;
476
477 outbox0.base = DMUB_REGION5_BASE + TRACE_BUFFER_ENTRY_OFFSET;
478 outbox0.top = outbox0.base + sizeof(struct dmcub_trace_buf_entry) * PERF_TRACE_MAX_ENTRY;
479
480
481 cw6.offset.quad_part = fw_state_fb->gpu_addr;
482 cw6.region.base = DMUB_CW6_BASE;
483 cw6.region.top = cw6.region.base + fw_state_fb->size;
484
485 dmub->fw_state = fw_state_fb->cpu_addr;
486
487 dmub->scratch_mem_fb = *scratch_mem_fb;
488
489 if (dmub->hw_funcs.setup_windows)
490 dmub->hw_funcs.setup_windows(dmub, &cw2, &cw3, &cw4,
491 &cw5, &cw6);
492
493 if (dmub->hw_funcs.setup_outbox0)
494 dmub->hw_funcs.setup_outbox0(dmub, &outbox0);
495
496 if (dmub->hw_funcs.setup_mailbox)
497 dmub->hw_funcs.setup_mailbox(dmub, &inbox1);
498 if (dmub->hw_funcs.setup_out_mailbox)
499 dmub->hw_funcs.setup_out_mailbox(dmub, &outbox1);
500 }
501
502 if (mail_fb) {
503 dmub_memset(&rb_params, 0, sizeof(rb_params));
504 rb_params.ctx = dmub;
505 rb_params.base_address = mail_fb->cpu_addr;
506 rb_params.capacity = DMUB_RB_SIZE;
507
508 dmub_rb_init(&dmub->inbox1_rb, &rb_params);
509
510 // Initialize outbox1 ring buffer
511 rb_params.ctx = dmub;
512 rb_params.base_address = (void *) ((uint64_t) (mail_fb->cpu_addr) + DMUB_RB_SIZE);
513 rb_params.capacity = DMUB_RB_SIZE;
514 dmub_rb_init(&dmub->outbox1_rb, &rb_params);
515
516 }
517
518 dmub_memset(&outbox0_rb_params, 0, sizeof(outbox0_rb_params));
519 outbox0_rb_params.ctx = dmub;
520 outbox0_rb_params.base_address = (void *)((uint64_t)(tracebuff_fb->cpu_addr) + TRACE_BUFFER_ENTRY_OFFSET);
^^^^^^^^^^^^^^^^^^^^^^
This new code just dereferences "tracebuff_fb" without checking.
521 outbox0_rb_params.capacity = sizeof(struct dmcub_trace_buf_entry) * PERF_TRACE_MAX_ENTRY;
522 dmub_rb_init(&dmub->outbox0_rb, &outbox0_rb_params);
regards,
dan carpenter
More information about the amd-gfx
mailing list