[bug report] drm/i915/gem: Downgrade stolen lmem setup warning

Dan Carpenter dan.carpenter at linaro.org
Fri Jul 12 14:04:02 UTC 2024


Hello Jonathan Cavitt,

Commit 05da7d9f717b ("drm/i915/gem: Downgrade stolen lmem setup
warning") from Apr 22, 2024 (linux-next), leads to the following
Smatch static checker warning:

	drivers/gpu/drm/i915/intel_memory_region.c:371 intel_memory_regions_hw_probe()
	error: potential NULL/IS_ERR bug 'mem'

drivers/gpu/drm/i915/intel_memory_region.c
    327 int intel_memory_regions_hw_probe(struct drm_i915_private *i915)
    328 {
    329         int err, i;
    330 
    331         for (i = 0; i < ARRAY_SIZE(i915->mm.regions); i++) {
    332                 struct intel_memory_region *mem = ERR_PTR(-ENODEV);
    333                 u16 type, instance;
    334 
    335                 if (!HAS_REGION(i915, i))
    336                         continue;
    337 
    338                 type = intel_region_map[i].class;
    339                 instance = intel_region_map[i].instance;
    340                 switch (type) {
    341                 case INTEL_MEMORY_SYSTEM:
    342                         if (IS_DGFX(i915))
    343                                 mem = i915_gem_ttm_system_setup(i915, type,
    344                                                                 instance);
    345                         else
    346                                 mem = i915_gem_shmem_setup(i915, type,
    347                                                            instance);
    348                         break;
    349                 case INTEL_MEMORY_STOLEN_LOCAL:
    350                         mem = i915_gem_stolen_lmem_setup(i915, type, instance);


i915_gem_stolen_lmem_setup() used to only return error pointers but now it
returns NULL as well.

    351                         if (!IS_ERR(mem))
    352                                 i915->mm.stolen_region = mem;
    353                         break;
    354                 case INTEL_MEMORY_STOLEN_SYSTEM:
    355                         mem = i915_gem_stolen_smem_setup(i915, type, instance);
    356                         if (!IS_ERR(mem))
    357                                 i915->mm.stolen_region = mem;
    358                         break;
    359                 default:
    360                         continue;
    361                 }
    362 
    363                 if (IS_ERR(mem)) {
    364                         err = PTR_ERR(mem);
    365                         drm_err(&i915->drm,
    366                                 "Failed to setup region(%d) type=%d\n",
    367                                 err, type);
    368                         goto out_cleanup;
    369                 }
    370 
--> 371                 mem->id = i;
                        ^^^^^^^^^^^^
Potentially leading to a NULL dereference here?

    372                 i915->mm.regions[i] = mem;
    373         }
    374 
    375         for (i = 0; i < ARRAY_SIZE(i915->mm.regions); i++) {
    376                 struct intel_memory_region *mem = i915->mm.regions[i];
    377                 u64 region_size, io_size;

regards,
dan carpenter


More information about the Intel-gfx mailing list