Hello Simon Ser,
The patch 03a663673063: "drm/amd/display: use FB pitch to fill
dc_cursor_attributes" from Dec 2, 2020, leads to the following Smatch
static checker warning:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1271 handle_cursor_update()
error: we previously assumed 'afb' could be null (see line 1230)
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c
1222 void handle_cursor_update(struct drm_plane *plane,
1223 struct drm_plane_state *old_plane_state)
1224 {
1225 struct amdgpu_device *adev = drm_to_adev(plane->dev);
1226 struct amdgpu_framebuffer *afb = to_amdgpu_framebuffer(plane->state->fb);
1227 struct drm_crtc *crtc = afb ? plane->state->crtc : old_plane_state->crtc;
afb is container_of() but it's basically a cast in this case. I would
always prefer to check "plane->state->fb" for NULL instead of the
container_of(), but that's sort of a style debate, I guess. Some people
really like checking the returned pointer and add build time asserts to
ensure that the container_of() is a no-op.
1228 struct dm_crtc_state *crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
1229 struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
1230 uint64_t address = afb ? afb->address : 0;
1231 struct dc_cursor_position position = {0};
1232 struct dc_cursor_attributes attributes;
1233 int ret;
1234
1235 if (!plane->state->fb && !old_plane_state->fb)
1236 return;
1237
1238 DC_LOG_CURSOR("%s: crtc_id=%d with size %d to %d\n",
1239 __func__,
1240 amdgpu_crtc->crtc_id,
1241 plane->state->crtc_w,
1242 plane->state->crtc_h);
1243
1244 ret = get_cursor_position(plane, crtc, &position);
1245 if (ret)
1246 return;
1247
1248 if (!position.enable) {
1249 /* turn off cursor */
1250 if (crtc_state && crtc_state->stream) {
1251 mutex_lock(&adev->dm.dc_lock);
1252 dc_stream_set_cursor_position(crtc_state->stream,
1253 &position);
1254 mutex_unlock(&adev->dm.dc_lock);
1255 }
1256 return;
1257 }
1258
1259 amdgpu_crtc->cursor_width = plane->state->crtc_w;
1260 amdgpu_crtc->cursor_height = plane->state->crtc_h;
1261
1262 memset(&attributes, 0, sizeof(attributes));
1263 attributes.address.high_part = upper_32_bits(address);
1264 attributes.address.low_part = lower_32_bits(address);
1265 attributes.width = plane->state->crtc_w;
1266 attributes.height = plane->state->crtc_h;
1267 attributes.color_format = CURSOR_MODE_COLOR_PRE_MULTIPLIED_ALPHA;
1268 attributes.rotation_angle = 0;
1269 attributes.attribute_flags.value = 0;
1270
--> 1271 attributes.pitch = afb->base.pitches[0] / afb->base.format->cpp[0];
^^^^^ ^^^^^
Unchecked dereferences.
1272
1273 if (crtc_state->stream) {
1274 mutex_lock(&adev->dm.dc_lock);
1275 if (!dc_stream_set_cursor_attributes(crtc_state->stream,
1276 &attributes))
1277 DRM_ERROR("DC failed to set cursor attributes\n");
1278
1279 if (!dc_stream_set_cursor_position(crtc_state->stream,
1280 &position))
1281 DRM_ERROR("DC failed to set cursor position\n");
1282 mutex_unlock(&adev->dm.dc_lock);
1283 }
1284 }
regards,
dan carpenter
