[bug report] drm/nouveau/disp/r535: initial support
Dan Carpenter
dan.carpenter at linaro.org
Mon Apr 15 14:41:39 UTC 2024
Hello Nouveau Devs,
Commit 9e9944449023 ("drm/nouveau/disp/r535: initial support") from
Sep 19, 2023 (linux-next), leads to the following Smatch static
checker warning:
drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c:1482 r535_disp_oneinit() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c:1582 r535_disp_oneinit() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c:1596 r535_disp_oneinit() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c:1625 r535_disp_oneinit() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/fifo/r535.c:519 r535_fifo_ectx_size() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/fifo/r535.c:556 r535_fifo_runl_ctor() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/fifo/r535.c:631 r535_fifo_runl_ctor() error: potential NULL/IS_ERR bug 'ctrl'
drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c
1432 static int
1433 r535_disp_oneinit(struct nvkm_disp *disp)
1434 {
1435 struct nvkm_device *device = disp->engine.subdev.device;
1436 struct nvkm_gsp *gsp = device->gsp;
1437 NV2080_CTRL_INTERNAL_DISPLAY_WRITE_INST_MEM_PARAMS *ctrl;
1438 int ret, i;
1439
1440 /* RAMIN. */
1441 ret = nvkm_gpuobj_new(device, 0x10000, 0x10000, false, NULL, &disp->inst);
1442 if (ret)
1443 return ret;
1444
1445 if (WARN_ON(nvkm_memory_target(disp->inst->memory) != NVKM_MEM_TARGET_VRAM))
1446 return -EINVAL;
1447
1448 ctrl = nvkm_gsp_rm_ctrl_get(&gsp->internal.device.subdevice,
1449 NV2080_CTRL_CMD_INTERNAL_DISPLAY_WRITE_INST_MEM,
1450 sizeof(*ctrl));
1451 if (IS_ERR(ctrl))
1452 return PTR_ERR(ctrl);
1453
1454 ctrl->instMemPhysAddr = nvkm_memory_addr(disp->inst->memory);
1455 ctrl->instMemSize = nvkm_memory_size(disp->inst->memory);
1456 ctrl->instMemAddrSpace = ADDR_FBMEM;
1457 ctrl->instMemCpuCacheAttr = NV_MEMORY_WRITECOMBINED;
1458
1459 ret = nvkm_gsp_rm_ctrl_wr(&gsp->internal.device.subdevice, ctrl);
1460 if (ret)
1461 return ret;
1462
1463 /* OBJs. */
1464 ret = nvkm_gsp_client_device_ctor(gsp, &disp->rm.client, &disp->rm.device);
1465 if (ret)
1466 return ret;
1467
1468 ret = nvkm_gsp_rm_alloc(&disp->rm.device.object, 0x00730000, NV04_DISPLAY_COMMON, 0,
1469 &disp->rm.objcom);
1470 if (ret)
1471 return ret;
1472
1473 {
1474 NV2080_CTRL_INTERNAL_DISPLAY_GET_STATIC_INFO_PARAMS *ctrl;
1475
1476 ctrl = nvkm_gsp_rm_ctrl_rd(&gsp->internal.device.subdevice,
1477 NV2080_CTRL_CMD_INTERNAL_DISPLAY_GET_STATIC_INFO,
1478 sizeof(*ctrl));
1479 if (IS_ERR(ctrl))
The problem here is that r535_gsp_rpc_push() returns a mix of error
pointers and NULL. I've written a blog about how mixing error pointers
and NULL normally works and I think there is some kind of similar logic
here but I forget what it is...
https://staticthinking.wordpress.com/2022/08/01/mixing-error-pointers-and-null/
1480 return PTR_ERR(ctrl);
1481
--> 1482 disp->wndw.mask = ctrl->windowPresentMask;
^^^^^^
Potential NULL dereference.
1483 disp->wndw.nr = fls(disp->wndw.mask);
1484 nvkm_gsp_rm_ctrl_done(&gsp->internal.device.subdevice, ctrl);
1485 }
1486
1487 /* */
1488 {
1489 #if defined(CONFIG_ACPI) && defined(CONFIG_X86)
1490 NV2080_CTRL_INTERNAL_INIT_BRIGHTC_STATE_LOAD_PARAMS *ctrl;
1491 struct nvkm_gsp_object *subdevice = &disp->rm.client.gsp->internal.device.subdevice;
1492
1493 ctrl = nvkm_gsp_rm_ctrl_get(subdevice,
1494 NV2080_CTRL_CMD_INTERNAL_INIT_BRIGHTC_STATE_LOAD,
1495 sizeof(*ctrl));
1496 if (IS_ERR(ctrl))
regards,
dan carpenter
More information about the Nouveau
mailing list