[bug report] drm/msm/dpu: add support for virtual planes

Dan Carpenter dan.carpenter at linaro.org
Tue Dec 17 08:43:09 UTC 2024 

Hello Dmitry Baryshkov,

Commit 774bcfb73176 ("drm/msm/dpu: add support for virtual planes")
from Dec 15, 2024 (linux-next), leads to the following Smatch static
checker warning:

drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1062 dpu_plane_virtual_atomic_check() error: 'plane_state' dereferencing possible ERR_PTR()
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1066 dpu_plane_virtual_atomic_check() error: uninitialized symbol 'crtc_state'.

drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
    1051 static int dpu_plane_virtual_atomic_check(struct drm_plane *plane,
    1052                                           struct drm_atomic_state *state)
    1053 {
    1054         struct drm_plane_state *plane_state =
    1055                 drm_atomic_get_plane_state(state, plane);
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^
drm_atomic_get_plane_state() can fail.

    1056         struct drm_plane_state *old_plane_state =
    1057                 drm_atomic_get_old_plane_state(state, plane);
    1058         struct dpu_plane_state *pstate = to_dpu_plane_state(plane_state);
    1059         struct drm_crtc_state *crtc_state;
    1060         int ret;
    1061 
--> 1062         if (plane_state->crtc)
                     ^^^^^^^^^^^
    1063                 crtc_state = drm_atomic_get_new_crtc_state(state,
    1064                                                            plane_state->crtc);

crtc_state isn't initialized on else path.

    1065 
    1066         ret = dpu_plane_atomic_check_nosspp(plane, plane_state, crtc_state);

Presumably crtc_state isn't used, but it's still considered a bug.  It's
undefined behavior in C.

    1067         if (ret)
    1068                 return ret;
    1069 
    1070         if (!plane_state->visible) {
    1071                 /*
    1072                  * resources are freed by dpu_crtc_assign_plane_resources(),
    1073                  * but clean them here.
    1074                  */
    1075                 pstate->pipe.sspp = NULL;
    1076                 pstate->r_pipe.sspp = NULL;
    1077 
    1078                 return 0;
    1079         }
    1080 
    1081         /*
    1082          * Force resource reallocation if the format of FB or src/dst have
    1083          * changed. We might need to allocate different SSPP or SSPPs for this
    1084          * plane than the one used previously.
    1085          */
    1086         if (!old_plane_state || !old_plane_state->fb ||
    1087             old_plane_state->src_w != plane_state->src_w ||
    1088             old_plane_state->src_h != plane_state->src_h ||
    1089             old_plane_state->src_w != plane_state->src_w ||
    1090             old_plane_state->crtc_h != plane_state->crtc_h ||
    1091             msm_framebuffer_format(old_plane_state->fb) !=
    1092             msm_framebuffer_format(plane_state->fb))
    1093                 crtc_state->planes_changed = true;
    1094 
    1095         return 0;
    1096 }

regards,
dan carpenter

More information about the Freedreno mailing list