From: Dan Carpenter <error27@gmail.com>
To: Joshua Peisach <jpeisach@ubuntu.com>
Cc: amd-gfx@lists.freedesktop.org, "SHANMUGAM,
SRINIVASAN" <SRINIVASAN.SHANMUGAM@amd.com>
Subject: [bug report] drm/amdgpu/amdgpu_connectors: remove amdgpu_connector_free_edid
Date: Fri, 10 Apr 2026 10:32:53 +0300 [thread overview]
Message-ID: <adinpZORBkhVcw31@stanley.mountain> (raw)
Hello Joshua Peisach,
Commit 71036457ad85 ("drm/amdgpu/amdgpu_connectors: remove
amdgpu_connector_free_edid") from Mar 3, 2026 (linux-next), leads to
the following Smatch static checker warning:
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c:1058 amdgpu_connector_dvi_detect()
warn: passing freed memory 'amdgpu_connector->edid' (line 1048)
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
1032 /* Sometimes the pins required for the DDC probe on DVI
1033 * connectors don't make contact at the same time that the ones
1034 * for HPD do. If the DDC probe fails even though we had an HPD
1035 * signal, try again later
1036 */
1037 if (!dret && !force &&
1038 amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd)) {
1039 DRM_DEBUG_KMS("hpd detected without ddc, retrying in 1 second\n");
1040 amdgpu_connector->detected_hpd_without_ddc = true;
1041 schedule_delayed_work(&adev->hotplug_work,
1042 msecs_to_jiffies(1000));
1043 goto exit;
1044 }
1045 }
1046 if (dret) {
1047 amdgpu_connector->detected_by_load = false;
1048 drm_edid_free(amdgpu_connector->edid);
^^^^^^^^^^^^^^^^^^^^^^
This frees ->edid. The old code used to set amdgpu_connector->edid = NULL
after freeing it.
1049 amdgpu_connector_get_edid(connector);
^^^^^^^^^
This function call is supposed to re-assign ->edid but because it's no
longer NULL then it's just a no-op. (It's so annoying that the naming
switches between amdgpu_connector which and connector which are basically
castings of each other).
1050
1051 if (!amdgpu_connector->edid) {
1052 drm_err(adev_to_drm(adev), "%s: probed a monitor but no|invalid EDID\n",
1053 connector->name);
1054 ret = connector_status_connected;
1055 broken_edid = true; /* defer use_digital to later */
1056 } else {
1057 amdgpu_connector->use_digital =
--> 1058 drm_edid_is_digital(amdgpu_connector->edid);
^^^^^^^^^^^^^^^^^^^^^^
Use after free.
1059
1060 /* some oems have boards with separate digital and analog connectors
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
next reply other threads:[~2026-04-13 8:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 7:32 Dan Carpenter [this message]
2026-04-10 12:00 ` [bug report] drm/amdgpu/amdgpu_connectors: remove amdgpu_connector_free_edid Joshua Peisach
2026-04-11 5:30 ` SHANMUGAM, SRINIVASAN
2026-04-11 11:45 ` Joshua Peisach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adinpZORBkhVcw31@stanley.mountain \
--to=error27@gmail.com \
--cc=SRINIVASAN.SHANMUGAM@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=jpeisach@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.