ia_css_rmgr_acq_vbuf() uses a local on stack
"struct ia_css_rmgr_vbuf_handle v" variable.
When this path using this is hit, either the rmgr_pop_handle() call
will make *handle point to another vbuf-handle, or because
v.count == 0, ia_css_rmgr_refcount_retain_vbuf() will alloc a new
vbuf-handle and make *handle point to it.
So on leaving the function *handle will never point to the on stack
vbuf-handle, but gcc does not know this and emits the following:
drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c: In function ‘ia_css_rmgr_acq_vbuf’:
drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c:276:33: warning: storing the address of local variable ‘h’ in ‘*handle’ [-Wdangling-pointer=]
276 | *handle = &h;
| ~~~~~~~~^~~~
drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c:257:40: note: ‘h’ declared here
257 | struct ia_css_rmgr_vbuf_handle h;
| ^
drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c:257:40: note: ‘handle’ declared here
Rework the code using a new_handle helper to suppress this
false-postive compiler warning.
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
---
.../atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c | 22 +++++++++++++------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c b/drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c
index afe2d22c603f..b84c6cff1499 100644
--- a/drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c
+++ b/drivers/staging/media/atomisp/pci/runtime/rmgr/src/rmgr_vbuf.c
@@ -254,14 +254,15 @@ void rmgr_pop_handle(struct ia_css_rmgr_vbuf_pool *pool,
void ia_css_rmgr_acq_vbuf(struct ia_css_rmgr_vbuf_pool *pool,
struct ia_css_rmgr_vbuf_handle **handle)
{
- struct ia_css_rmgr_vbuf_handle h = { 0 };
-
if ((!pool) || (!handle) || (!*handle)) {
IA_CSS_LOG("Invalid inputs");
return;
}
if (pool->copy_on_write) {
+ struct ia_css_rmgr_vbuf_handle *new_handle;
+ struct ia_css_rmgr_vbuf_handle h = { 0 };
+
/* only one reference, reuse (no new retain) */
if ((*handle)->count == 1)
return;
@@ -272,23 +273,30 @@ void ia_css_rmgr_acq_vbuf(struct ia_css_rmgr_vbuf_pool *pool,
h.size = (*handle)->size;
/* release ref to current buffer */
ia_css_rmgr_refcount_release_vbuf(handle);
- *handle = &h;
+ new_handle = &h;
+ } else {
+ new_handle = *handle;
}
/* get new buffer for needed size */
- if ((*handle)->vptr == 0x0) {
+ if (new_handle->vptr == 0x0) {
if (pool->recycle) {
/* try and pop from pool */
- rmgr_pop_handle(pool, handle);
+ rmgr_pop_handle(pool, &new_handle);
}
- if ((*handle)->vptr == 0x0) {
+ if (new_handle->vptr == 0x0) {
/* we need to allocate */
- (*handle)->vptr = hmm_alloc((*handle)->size,
+ new_handle->vptr = hmm_alloc(new_handle->size,
HMM_BO_PRIVATE, 0, NULL, 0);
} else {
/* we popped a buffer */
+ *handle = new_handle;
return;
}
}
+ /* Note that new_handle will change to an internally maintained one */
+ ia_css_rmgr_refcount_retain_vbuf(&new_handle);
+ *handle = new_handle;
+ return;
}
/* Note that handle will change to an internally maintained one */
ia_css_rmgr_refcount_retain_vbuf(handle);
--
2.36.0
