From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <dan.carpenter@oracle.com>
Subject: re: drm/radeon: fix AGP userptr handling
Date: Wed, 24 Sep 2014 18:27:04 +0300
Message-ID: <20140924151425.GA20296@mwanda>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
 by gabe.freedesktop.org (Postfix) with ESMTP id 0E9EC6E05E
 for <dri-devel@lists.freedesktop.org>; Wed, 24 Sep 2014 08:27:21 -0700 (PDT)
Content-Disposition: inline
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: christian.koenig@amd.com
Cc: dri-devel@lists.freedesktop.org
List-Id: dri-devel@lists.freedesktop.org

Hello Christian K=F6nig,

This is a semi-automatic email about new static checker warnings.

The patch 3840a656f61f: "drm/radeon: fix AGP userptr handling" from =

Sep 17, 2014, leads to the following Smatch complaint:

drivers/gpu/drm/radeon/radeon_ttm.c:708 radeon_ttm_tt_populate()
	 error: we previously assumed 'gtt' could be null (see line 696)

drivers/gpu/drm/radeon/radeon_ttm.c
   695	=

   696		if (gtt && gtt->userptr) {
                    ^^^
New check.

   697			ttm->sg =3D kcalloc(1, sizeof(struct sg_table), GFP_KERNEL);
   698			if (!ttm->sg)
   699				return -ENOMEM;
   700	=

   701			ttm->page_flags |=3D TTM_PAGE_FLAG_SG;
   702			ttm->state =3D tt_unbound;
   703			return 0;
   704		}
   705	=

   706		if (slave && ttm->sg) {
   707			drm_prime_sg_to_page_addr_arrays(ttm->sg, ttm->pages,
   708							 gtt->ttm.dma_address, ttm->num_pages);
                                                         ^^^^^^^^
Old unchecked dereference.

   709			ttm->state =3D tt_unbound;
   710			return 0;


drivers/gpu/drm/radeon/radeon_ttm.c
   754	=

   755		if (gtt && gtt->userptr) {
                    ^^^
   756			kfree(ttm->sg);
   757			ttm->page_flags &=3D ~TTM_PAGE_FLAG_SG;
   758			return;
   759		}
   760	=

   761		if (slave)
   762			return;
   763	=

   764		rdev =3D radeon_get_rdev(ttm->bdev);
   765	#if __OS_HAS_AGP
   766		if (rdev->flags & RADEON_IS_AGP) {
   767			ttm_agp_tt_unpopulate(ttm);
   768			return;
   769		}
   770	#endif
   771	=

   772	#ifdef CONFIG_SWIOTLB
   773		if (swiotlb_nr_tbl()) {
   774			ttm_dma_unpopulate(&gtt->ttm, rdev->dev);
   775			return;
   776		}
   777	#endif
   778	=

   779		for (i =3D 0; i < ttm->num_pages; i++) {
   780			if (gtt->ttm.dma_address[i]) {
                            ^^^^^^^^
   781				pci_unmap_page(rdev->pdev, gtt->ttm.dma_address[i],
   782					       PAGE_SIZE, PCI_DMA_BIDIRECTIONAL);

regards,
dan carpenter