Hello MSM Devs,
The patch 25fdd5933e4c: "drm/msm: Add SDM845 DPU support" from Jun
27, 2018, leads to the following Smatch static checker warnings:
drivers/gpu/drm/msm/msm_gpu.c:301 msm_gpu_crashstate_capture() error: potential null dereference 'state->bos'. (kcalloc returns null)
drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c:177 msm_disp_snapshot_add_block() error: potential null dereference 'new_blk'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c:96 mdp5_plane_reset() error: potential null dereference 'mdp5_state'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c:98 mdp5_plane_reset() error: potential null dereference 'mdp5_state'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:963 dpu_crtc_atomic_check() error: potential null dereference 'pstates'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:1009 dpu_crtc_atomic_check() error: potential null dereference 'pstates'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c:1075 dpu_crtc_atomic_check() error: potential null dereference 'pstates'. (kzalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_core_irq.c:214 dpu_core_irq_preinstall() error: potential null dereference 'dpu_kms->irq_obj.irq_cb_tbl'. (kcalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_core_irq.c:215 dpu_core_irq_preinstall() error: potential null dereference 'dpu_kms->irq_obj.irq_counts'. (kcalloc returns null)
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
901 static int dpu_crtc_atomic_check(struct drm_crtc *crtc,
902 struct drm_atomic_state *state)
903 {
904 struct drm_crtc_state *crtc_state = drm_atomic_get_new_crtc_state(state,
905 crtc);
906 struct dpu_crtc *dpu_crtc = to_dpu_crtc(crtc);
907 struct dpu_crtc_state *cstate = to_dpu_crtc_state(crtc_state);
908 struct plane_state *pstates;
909
910 const struct drm_plane_state *pstate;
911 struct drm_plane *plane;
912 struct drm_display_mode *mode;
913
914 int cnt = 0, rc = 0, mixer_width = 0, i, z_pos;
915
916 struct dpu_multirect_plane_states multirect_plane[DPU_STAGE_MAX * 2];
917 int multirect_count = 0;
918 const struct drm_plane_state *pipe_staged[SSPP_MAX];
919 int left_zpos_cnt = 0, right_zpos_cnt = 0;
920 struct drm_rect crtc_rect = { 0 };
921
922 pstates = kzalloc(sizeof(*pstates) * DPU_STAGE_MAX * 4, GFP_KERNEL);
^^^^^^^^^^^^^^^^^
There are a bunch of allocations with no checks for NULL
923
924 if (!crtc_state->enable || !crtc_state->active) {
925 DRM_DEBUG_ATOMIC("crtc%d -> enable %d, active %d, skip atomic_check\n",
926 crtc->base.id, crtc_state->enable,
927 crtc_state->active);
928 memset(&cstate->new_perf, 0, sizeof(cstate->new_perf));
929 goto end;
930 }
931
932 mode = &crtc_state->adjusted_mode;
933 DRM_DEBUG_ATOMIC("%s: check\n", dpu_crtc->name);
934
935 /* force a full mode set if active state changed */
936 if (crtc_state->active_changed)
937 crtc_state->mode_changed = true;
938
939 memset(pipe_staged, 0, sizeof(pipe_staged));
940
941 if (cstate->num_mixers) {
942 mixer_width = mode->hdisplay / cstate->num_mixers;
943
944 _dpu_crtc_setup_lm_bounds(crtc, crtc_state);
945 }
946
947 crtc_rect.x2 = mode->hdisplay;
948 crtc_rect.y2 = mode->vdisplay;
949
950 /* get plane state for all drm planes associated with crtc state */
951 drm_atomic_crtc_state_for_each_plane_state(plane, pstate, crtc_state) {
952 struct drm_rect dst, clip = crtc_rect;
953
954 if (IS_ERR_OR_NULL(pstate)) {
955 rc = PTR_ERR(pstate);
956 DPU_ERROR("%s: failed to get plane%d state, %d\n",
957 dpu_crtc->name, plane->base.id, rc);
958 goto end;
959 }
960 if (cnt >= DPU_STAGE_MAX * 4)
961 continue;
962
--> 963 pstates[cnt].dpu_pstate = to_dpu_plane_state(pstate);
^^^^^^^^^^^^
964 pstates[cnt].drm_pstate = pstate;
965 pstates[cnt].stage = pstate->normalized_zpos;
966 pstates[cnt].pipe_id = dpu_plane_pipe(plane);
967
regards,
dan carpenter
