Re: [RFC PATCH 5/8] drm/vkms/colorop: Update to new pipeline API

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] Unchecked kasprintf return value may lead to a NULL pointer dereference when setting up the color pipeline property.
--

commit e64dca02dc85f9d02e8990c56f98c1559490b722
Author: John Harrison <John.Harrison@Igalia.com>

drm/vkms/colorop: Update to new pipeline API
    
Switch to using the new method for building colorop pipelines.

> diff --git a/drivers/gpu/drm/vkms/vkms_colorop.c b/drivers/gpu/drm/vkms/vkms_colorop.c
> index 071f3a8d2e7c4..ecb4fd56eb8cc 100644
> --- a/drivers/gpu/drm/vkms/vkms_colorop.c
> +++ b/drivers/gpu/drm/vkms/vkms_colorop.c
[ ... ]
> @@ -93,7 +95,7 @@ static int vkms_initialize_color_pipeline(struct drm_plane *plane, struct drm_pr
>  	if (ret)
>  		goto cleanup;
>  
> -	drm_colorop_set_next_property(ops[i - 1], ops[i]);
> +	drm_colorop_add_to_pipeline(ops[0], ops[i]);
>  
>  	list->name = kasprintf(GFP_KERNEL, "Color Pipeline %d", ops[0]->base.id);
>  

[Severity: High]
This is a pre-existing issue, but does this kasprintf() need a NULL check?

If kasprintf() fails to allocate memory, it returns NULL. Since
vkms_initialize_color_pipeline() then unconditionally returns 0 (success), the
caller vkms_initialize_colorops() will pass this NULL string down to
drm_plane_create_color_pipeline_property(). This is ultimately passed to
drm_property_add_enum(), where calling strlen() on the NULL name will cause a
NULL pointer dereference.

Should this allocation be checked and routed to the cleanup path on failure?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260609171941.169104-1-John.Harrison@Igalia.com?part=5