AMD-GFX Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: contact@emersion.fr
Cc: amd-gfx@lists.freedesktop.org
Subject: [bug report] drm/amd/display: use FB pitch to fill dc_cursor_attributes
Date: Tue, 26 Jul 2022 18:20:13 +0300	[thread overview]
Message-ID: <YuAGLYvbtrrgBH0U@kili> (raw)

Hello Simon Ser,

The patch 03a663673063: "drm/amd/display: use FB pitch to fill
dc_cursor_attributes" from Dec 2, 2020, leads to the following Smatch
static checker warning:

	drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1271 handle_cursor_update()
	error: we previously assumed 'afb' could be null (see line 1230)

drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c
    1222 void handle_cursor_update(struct drm_plane *plane,
    1223                                  struct drm_plane_state *old_plane_state)
    1224 {
    1225         struct amdgpu_device *adev = drm_to_adev(plane->dev);
    1226         struct amdgpu_framebuffer *afb = to_amdgpu_framebuffer(plane->state->fb);
    1227         struct drm_crtc *crtc = afb ? plane->state->crtc : old_plane_state->crtc;

afb is container_of() but it's basically a cast in this case.  I would
always prefer to check "plane->state->fb" for NULL instead of the
container_of(), but that's sort of a style debate, I guess.  Some people
really like checking the returned pointer and add build time asserts to
ensure that the container_of() is a no-op.

    1228         struct dm_crtc_state *crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
    1229         struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
    1230         uint64_t address = afb ? afb->address : 0;
    1231         struct dc_cursor_position position = {0};
    1232         struct dc_cursor_attributes attributes;
    1233         int ret;
    1234 
    1235         if (!plane->state->fb && !old_plane_state->fb)
    1236                 return;
    1237 
    1238         DC_LOG_CURSOR("%s: crtc_id=%d with size %d to %d\n",
    1239                       __func__,
    1240                       amdgpu_crtc->crtc_id,
    1241                       plane->state->crtc_w,
    1242                       plane->state->crtc_h);
    1243 
    1244         ret = get_cursor_position(plane, crtc, &position);
    1245         if (ret)
    1246                 return;
    1247 
    1248         if (!position.enable) {
    1249                 /* turn off cursor */
    1250                 if (crtc_state && crtc_state->stream) {
    1251                         mutex_lock(&adev->dm.dc_lock);
    1252                         dc_stream_set_cursor_position(crtc_state->stream,
    1253                                                       &position);
    1254                         mutex_unlock(&adev->dm.dc_lock);
    1255                 }
    1256                 return;
    1257         }
    1258 
    1259         amdgpu_crtc->cursor_width = plane->state->crtc_w;
    1260         amdgpu_crtc->cursor_height = plane->state->crtc_h;
    1261 
    1262         memset(&attributes, 0, sizeof(attributes));
    1263         attributes.address.high_part = upper_32_bits(address);
    1264         attributes.address.low_part  = lower_32_bits(address);
    1265         attributes.width             = plane->state->crtc_w;
    1266         attributes.height            = plane->state->crtc_h;
    1267         attributes.color_format      = CURSOR_MODE_COLOR_PRE_MULTIPLIED_ALPHA;
    1268         attributes.rotation_angle    = 0;
    1269         attributes.attribute_flags.value = 0;
    1270 
--> 1271         attributes.pitch = afb->base.pitches[0] / afb->base.format->cpp[0];
                                    ^^^^^                  ^^^^^
Unchecked dereferences.

    1272 
    1273         if (crtc_state->stream) {
    1274                 mutex_lock(&adev->dm.dc_lock);
    1275                 if (!dc_stream_set_cursor_attributes(crtc_state->stream,
    1276                                                          &attributes))
    1277                         DRM_ERROR("DC failed to set cursor attributes\n");
    1278 
    1279                 if (!dc_stream_set_cursor_position(crtc_state->stream,
    1280                                                    &position))
    1281                         DRM_ERROR("DC failed to set cursor position\n");
    1282                 mutex_unlock(&adev->dm.dc_lock);
    1283         }
    1284 }

regards,
dan carpenter

             reply	other threads:[~2022-07-26 15:20 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-26 15:20 Dan Carpenter [this message]
2022-07-26 15:27 ` [bug report] drm/amd/display: use FB pitch to fill dc_cursor_attributes Simon Ser
2022-07-26 15:47   ` Dan Carpenter
2022-07-26 17:16     ` Simon Ser
  -- strict thread matches above, loose matches on Subject: below --
2020-12-07 14:51 Dan Carpenter
2020-12-07 14:53 ` Simon Ser
2020-12-07 17:51   ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YuAGLYvbtrrgBH0U@kili \
    --to=dan.carpenter@oracle.com \
    --cc=amd-gfx@lists.freedesktop.org \
    --cc=contact@emersion.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox