[bug report] drm/vmwgfx: Do not drop the reference to the handle too soon
Dan Carpenter
error27 at gmail.com
Wed Mar 22 09:06:03 UTC 2023
Hello Zack Rusin,
The patch 9ef8d83e8e25: "drm/vmwgfx: Do not drop the reference to the
handle too soon" from Feb 11, 2023, leads to the following Smatch
static checker warning:
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c:698 vmw_dumb_create()
error: uninitialized symbol 'vbo'.
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
669 int vmw_dumb_create(struct drm_file *file_priv,
670 struct drm_device *dev,
671 struct drm_mode_create_dumb *args)
672 {
673 struct vmw_private *dev_priv = vmw_priv(dev);
674 struct vmw_bo *vbo;
675 int cpp = DIV_ROUND_UP(args->bpp, 8);
676 int ret;
677
678 switch (cpp) {
679 case 1: /* DRM_FORMAT_C8 */
680 case 2: /* DRM_FORMAT_RGB565 */
681 case 4: /* DRM_FORMAT_XRGB8888 */
682 break;
683 default:
684 /*
685 * Dumb buffers don't allow anything else.
686 * This is tested via IGT's dumb_buffers
687 */
688 return -EINVAL;
689 }
690
691 args->pitch = args->width * cpp;
692 args->size = ALIGN(args->pitch * args->height, PAGE_SIZE);
693
694 ret = vmw_gem_object_create_with_handle(dev_priv, file_priv,
695 args->size, &args->handle,
696 &vbo);
697 /* drop reference from allocate - handle holds it now */
--> 698 drm_gem_object_put(&vbo->tbo.base);
This is a false positive, but the code is buggy. The bug is that if
"ret" is failure then "vbo" is NULL leading to an Oops.
699 return ret;
700 }
regards,
dan carpenter
More information about the dri-devel
mailing list