[Intel-gfx] [bug report] drm/i915: buddy allocator

Dan Carpenter dan.carpenter at oracle.com
Tue Mar 2 11:18:48 UTC 2021 

[ Sorry, I don't know why Smatch is complaining about two year old code.
  The warning is valid enough, though.  - dan ]

Hello Matthew Auld,

The patch 14d1b9a6247c: "drm/i915: buddy allocator" from Aug 9, 2019,
leads to the following static checker warning:

	drivers/gpu/drm/i915/selftests/i915_buddy.c:169 igt_check_blocks()
	warn: variable dereferenced before check 'block' (see line 126)

drivers/gpu/drm/i915/selftests/i915_buddy.c
   111  static int igt_check_blocks(struct i915_buddy_mm *mm,
   112                              struct list_head *blocks,
   113                              u64 expected_size,
   114                              bool is_contiguous)
   115  {
   116          struct i915_buddy_block *block;
   117          struct i915_buddy_block *prev;
   118          u64 total;
   119          int err = 0;
   120  
   121          block = NULL;
   122          prev = NULL;
   123          total = 0;
   124  
   125          list_for_each_entry(block, blocks, link) {
                                    ^^^^^
"block" is the list iterator so it can't be NULL.

   126                  err = igt_check_block(mm, block);
   127  
   128                  if (!i915_buddy_block_is_allocated(block)) {
   129                          pr_err("block not allocated\n"),
   130                          err = -EINVAL;
   131                  }
   132  
   133                  if (is_contiguous && prev) {
   134                          u64 prev_block_size;
   135                          u64 prev_offset;
   136                          u64 offset;
   137  
   138                          prev_offset = i915_buddy_block_offset(prev);
   139                          prev_block_size = i915_buddy_block_size(mm, prev);
   140                          offset = i915_buddy_block_offset(block);
   141  
   142                          if (offset != (prev_offset + prev_block_size)) {
   143                                  pr_err("block offset mismatch\n");
   144                                  err = -EINVAL;
   145                          }
   146                  }
   147  
   148                  if (err)
   149                          break;
   150  
   151                  total += i915_buddy_block_size(mm, block);
   152                  prev = block;
   153          }
   154  
   155          if (!err) {
   156                  if (total != expected_size) {
   157                          pr_err("size mismatch, expected=%llx, found=%llx\n",
   158                                 expected_size, total);
   159                          err = -EINVAL;
   160                  }
   161                  return err;
   162          }
   163  
   164          if (prev) {
   165                  pr_err("prev block, dump:\n");
   166                  igt_dump_block(mm, prev);
   167          }
   168  
   169          if (block) {
                    ^^^^^
This is impossible.  It's not clear what was intended...

   170                  pr_err("bad block, dump:\n");
   171                  igt_dump_block(mm, block);
   172          }
   173  
   174          return err;
   175  }

regards,
dan carpenter

More information about the Intel-gfx mailing list