[PATCH 0/7] nouveau/gsp: Fix NULL pointer dereference and cleanup IS_ERR_OR_NULL

[Hongling Zeng]

This patch series fixes NULL pointer dereference bugs introduced in the
previous IS_ERR_OR_NULL cleanup series and adds documentation as requested
by Danilo Krummrich.

Background

The previous IS_ERR_OR_NULL cleanup series introduced serious bugs that
caused actual kernel crashes:

  BUG: kernel NULL pointer dereference, address: 000000000000002c
  RIP: 0010:r535_gsp_rpc_rm_ctrl_push+0x60/0x110 [nouveau]

The root cause was that underlying functions (r535_gsp_msgq_recv() and
r535_gsp_msg_recv()) could return NULL, but the upper layers only checked
with IS_ERR(), missing the NULL cases.

Changes in V2

Compared to the previous series, this version:

1. **Fixes underlying functions first** (Patch 1)
   - r535_gsp_msgq_recv(): Return ERR_PTR(-EINVAL) instead of NULL
   - r535_gsp_msg_recv(): Return ERR_PTR(-EIO) instead of NULL
   
2. **Adds documentation** (Patch 2, per Danilo's request)
   - Kernel-doc comments for all affected functions
   - Clear return value contracts: "never NULL"
   
3. **Safe cleanup** (Patches 3-7)
   - IS_ERR_OR_NULL() -> IS_ERR() now safe
   - No NULL pointer dereference risks

Hongling Zeng (7):
  nouveau/gsp/rm: Fix NULL return values in message receive  functions
  nouveau/gsp: Add documentation for RPC functions return  values
  nouveau/gsp: cleanup IS_ERR_OR_NULL in rpc_rd
  nouveau/gsp: cleanup IS_ERR_OR_NULL in rm_alloc functions
  nouveau/gsp: cleanup IS_ERR_OR_NULL in core  implementation
  nouveau/gsp/rm: cleanup WARN_ON(IS_ERR_OR_NULL)
  nouveau/gsp/rm: cleanup remaining IS_ERR_OR_NULL usage

 .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h |  8 +--
 .../nouveau/nvkm/subdev/gsp/rm/r535/alloc.c   |  4 +-
 .../drm/nouveau/nvkm/subdev/gsp/rm/r535/bar.c |  2 +-
 .../nouveau/nvkm/subdev/gsp/rm/r535/ctrl.c    |  2 +-
 .../drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 55 ++++++++++++++++---
 5 files changed, 55 insertions(+), 16 deletions(-)

-- 
2.25.1