[bug report] drm/msm: Add SDM845 DPU support
jesszhan at codeaurora.org
jesszhan at codeaurora.org
Fri Oct 1 19:04:58 UTC 2021
Hey Dan,
Thanks for the heads up, will take care of it.
On 2021-10-01 05:28, Dan Carpenter wrote:
> Hello Jeykumar Sankaran,
>
> The patch 25fdd5933e4c: "drm/msm: Add SDM845 DPU support" from Jun
> 27, 2018, leads to the following
> Smatch static checker warning:
>
> drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1679 dpu_plane_init()
> warn: '&pdpu->mplane_list' not removed from list
>
> drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
> 1567 struct drm_plane *dpu_plane_init(struct drm_device *dev,
> 1568 uint32_t pipe, enum drm_plane_type type,
> 1569 unsigned long possible_crtcs, u32
> master_plane_id)
> 1570 {
> 1571 struct drm_plane *plane = NULL, *master_plane = NULL;
> 1572 const uint32_t *format_list;
> 1573 struct dpu_plane *pdpu;
> 1574 struct msm_drm_private *priv = dev->dev_private;
> 1575 struct dpu_kms *kms = to_dpu_kms(priv->kms);
> 1576 int zpos_max = DPU_ZPOS_MAX;
> 1577 uint32_t num_formats;
> 1578 int ret = -EINVAL;
> 1579
> 1580 /* create and zero local structure */
> 1581 pdpu = kzalloc(sizeof(*pdpu), GFP_KERNEL);
> 1582 if (!pdpu) {
> 1583 DPU_ERROR("[%u]failed to allocate local plane
> struct\n", pipe);
> 1584 ret = -ENOMEM;
> 1585 return ERR_PTR(ret);
> 1586 }
> 1587
> 1588 /* cache local stuff for later */
> 1589 plane = &pdpu->base;
> 1590 pdpu->pipe = pipe;
> 1591 pdpu->is_virtual = (master_plane_id != 0);
> 1592 INIT_LIST_HEAD(&pdpu->mplane_list);
> 1593 master_plane = drm_plane_find(dev, NULL,
> master_plane_id);
> 1594 if (master_plane) {
> 1595 struct dpu_plane *mpdpu =
> to_dpu_plane(master_plane);
> 1596
> 1597 list_add_tail(&pdpu->mplane_list,
> &mpdpu->mplane_list);
> ^^^^^^^^^^^^^^^^^
> This is not removed from the list in the error handling code so it will
> lead to a Use After Free.
>
> 1598 }
> 1599
> 1600 /* initialize underlying h/w driver */
> 1601 pdpu->pipe_hw = dpu_hw_sspp_init(pipe, kms->mmio,
> kms->catalog,
> 1602
> master_plane_id != 0);
> 1603 if (IS_ERR(pdpu->pipe_hw)) {
> 1604 DPU_ERROR("[%u]SSPP init failed\n", pipe);
> 1605 ret = PTR_ERR(pdpu->pipe_hw);
> 1606 goto clean_plane;
> 1607 } else if (!pdpu->pipe_hw->cap ||
> !pdpu->pipe_hw->cap->sblk) {
> 1608 DPU_ERROR("[%u]SSPP init returned invalid
> cfg\n", pipe);
> 1609 goto clean_sspp;
> 1610 }
> 1611
> 1612 /* cache features mask for later */
> 1613 pdpu->features = pdpu->pipe_hw->cap->features;
> 1614 pdpu->pipe_sblk = pdpu->pipe_hw->cap->sblk;
> 1615 if (!pdpu->pipe_sblk) {
> 1616 DPU_ERROR("[%u]invalid sblk\n", pipe);
> 1617 goto clean_sspp;
> 1618 }
> 1619
> 1620 if (pdpu->is_virtual) {
> 1621 format_list =
> pdpu->pipe_sblk->virt_format_list;
> 1622 num_formats =
> pdpu->pipe_sblk->virt_num_formats;
> 1623 }
> 1624 else {
> 1625 format_list = pdpu->pipe_sblk->format_list;
> 1626 num_formats = pdpu->pipe_sblk->num_formats;
> 1627 }
> 1628
> 1629 ret = drm_universal_plane_init(dev, plane, 0xff,
> &dpu_plane_funcs,
> 1630 format_list, num_formats,
> 1631 supported_format_modifiers,
> type, NULL);
> 1632 if (ret)
> 1633 goto clean_sspp;
> 1634
> 1635 pdpu->catalog = kms->catalog;
> 1636
> 1637 if (kms->catalog->mixer_count &&
> 1638 kms->catalog->mixer[0].sblk->maxblendstages) {
> 1639 zpos_max =
> kms->catalog->mixer[0].sblk->maxblendstages - 1;
> 1640 if (zpos_max > DPU_STAGE_MAX - DPU_STAGE_0 -
> 1)
> 1641 zpos_max = DPU_STAGE_MAX - DPU_STAGE_0
> - 1;
> 1642 }
> 1643
> 1644 ret = drm_plane_create_zpos_property(plane, 0, 0,
> zpos_max);
> 1645 if (ret)
> 1646 DPU_ERROR("failed to install zpos property,
> rc = %d\n", ret);
> 1647
> 1648 drm_plane_create_alpha_property(plane);
> 1649 drm_plane_create_blend_mode_property(plane,
> 1650 BIT(DRM_MODE_BLEND_PIXEL_NONE) |
> 1651 BIT(DRM_MODE_BLEND_PREMULTI) |
> 1652 BIT(DRM_MODE_BLEND_COVERAGE));
> 1653
> 1654 drm_plane_create_rotation_property(plane,
> 1655 DRM_MODE_ROTATE_0,
> 1656 DRM_MODE_ROTATE_0 |
> 1657 DRM_MODE_ROTATE_180 |
> 1658 DRM_MODE_REFLECT_X |
> 1659 DRM_MODE_REFLECT_Y);
> 1660
> 1661 drm_plane_enable_fb_damage_clips(plane);
> 1662
> 1663 /* success! finalize initialization */
> 1664 drm_plane_helper_add(plane, &dpu_plane_helper_funcs);
> 1665
> 1666 /* save user friendly pipe name for later */
> 1667 snprintf(pdpu->pipe_name, DPU_NAME_SIZE, "plane%u",
> plane->base.id);
> 1668
> 1669 mutex_init(&pdpu->lock);
> 1670
> 1671 DPU_DEBUG("%s created for pipe:%u id:%u
> virtual:%u\n", pdpu->pipe_name,
> 1672 pipe, plane->base.id,
> master_plane_id);
> 1673 return plane;
> 1674
> 1675 clean_sspp:
> 1676 if (pdpu && pdpu->pipe_hw)
> 1677 dpu_hw_sspp_destroy(pdpu->pipe_hw);
> 1678 clean_plane:
> --> 1679 kfree(pdpu);
> 1680 return ERR_PTR(ret);
> 1681 }
>
> regards,
> dan carpenter
Best,
Jessica Zhang
More information about the dri-devel
mailing list