Re: AMD, please run Smatch on your driver

From: Harry Wentland
Date: Tue Nov 07 2017 - 14:54:52 EST


Thanks, Dan, for bringing this to our attention. We (the display guys here) weren't aware of smatch and will give it a spin and try to address some of the remaining items (after your, Dave's, and Ernst's patches).

Harry

On 2017-11-06 06:34 AM, Dan Carpenter wrote:
> Linux-next was offline for the last month and the AMD drm driver went
> through major changes. Anyway, I'm a bit overwhelmed by the number of
> warnings and I'm not going to be able to go through them all so I'm just
> sending them to you unfiltered.
>
> Part of the problem is that I'm not running the released version of
> Smatch myself. That has two effects. 1) The released version is
> crappier than I had imagined. 2) I get *way* more warnings than you see
> which is overwhelming... So this is mostly my fault and I will try to
> do better.
>
> Here are the current warnings from Friday's linux-next, lightly edited.
> I know that everyone hates a big dump of static checker warnings...
> Speaking of being ignored, I sent a fix for this one back in August but
> never heard back:
>
> drivers/gpu/drm/amd/amdgpu/ci_dpm.c:4553 ci_set_mc_special_registers()
> error: buffer overflow 'table->mc_reg_address' 16 <= 16
>
> https://lists.freedesktop.org/archives/amd-gfx/2017-August/012333.html
>
> So this is partly your fault as well because if you cleaned up static
> checker warnings little by little, then they wouldn't pile up like this.
> Eventually, everyone is going to have to start running Smatch for
> themselves because it scales better than relying on me to do it.
>
> regards,
> dan carpenter
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:2224 amdgpu_device_init() warn: 'adev->rio_mem' was not released on error
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:2395 amdgpu_device_init() warn: 'adev->rio_mem' was not released on error
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3373 amdgpu_debugfs_regs_write() warn: 'mutex:&adev->pm.mutex' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3377 amdgpu_debugfs_regs_write() warn: 'mutex:&adev->pm.mutex' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3771 amdgpu_debugfs_gpr_read() error: buffer overflow 'data' 1024 <= 4095
> drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c:155 amdgpu_driver_load_kms() warn: we tested 'r' before and it was 'false'
> drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c:689 amdgpu_gem_op_ioctl() warn: should 'robj->tbo.mem.page_alignment << 12' be a 64 bit type?
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:196 amdgpu_cs_parser_init() warn: 'mutex:&p->ctx->lock' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:674 amdgpu_cs_parser_bos() warn: we tested 'r' before and it was 'false'
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:755 amdgpu_cs_parser_fini() warn: 'mutex:&parser->ctx->lock' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/atombios_i2c.c:72 amdgpu_atombios_i2c_process_i2c_ch() warn: impossible condition '(num > 255) => (0-255 > 255)'
> drivers/gpu/drm/amd/amdgpu/amdgpu_queue_mgr.c:217 amdgpu_queue_mgr_map() warn: variable dereferenced before check 'mgr' (see line 215)
> drivers/gpu/drm/amd/amdgpu/kv_dpm.c:1618 kv_get_acp_boot_level() warn: always true condition '(table->entries[i]->clk >= 0) => (0-u32max >= 0)'
> drivers/gpu/drm/amd/amdgpu/ci_dpm.c:4560 ci_set_mc_special_registers() error: buffer overflow 'table->mc_reg_address' 16 <= 16
> drivers/gpu/drm/amd/amdgpu/ci_dpm.c:5065 ci_request_link_speed_change_before_state_change() warn: missing break? reassigning 'pi->force_pcie_gen'
> drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c:5256 gfx_v7_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4
> drivers/gpu/drm/amd/amdgpu/si.c:1288 si_common_early_init() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/dce_v6_0.c:3026 dce_v6_0_pageflip_irq() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/si_dpm.c:6242 si_request_link_speed_change_before_state_change() warn: missing break? reassigning 'si_pi->force_pcie_gen'
> drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:5222 gfx_v8_0_pre_soft_reset() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:7105 gfx_v8_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4
> drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:3077 gfx_v9_0_soft_reset() warn: we tested 'grbm_soft_reset' before and it was 'true'
> drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:3644 gfx_v9_0_ring_emit_ib_gfx() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:4457 gfx_v9_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4
> drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c:605 amdgpu_cgs_lock_grbm_idx() warn: 'mutex:&adev->grbm_idx_mutex' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/../scheduler/gpu_scheduler.c:696 amd_sched_init() warn: call of 'kthread_create_on_node' with non-constant format argument
> drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/tonga_smumgr.c:3128 tonga_set_mc_special_registers() error: buffer overflow 'table->mc_reg_address' 16 <= 16
> drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/polaris10_smumgr.c:916 polaris10_calculate_sclk_params() warn: should 'clock << table->SclkFcwRangeTable[sclk_setting->PllRange].postdiv' be a 64 bit type?
> drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/polaris10_smumgr.c:931 polaris10_calculate_sclk_params() warn: should 'ss_target_freq << table->SclkFcwRangeTable[sclk_setting->PllRange].postdiv' be a 64 bit type?
> drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/ci_smumgr.c:462 ci_populate_single_graphic_level() warn: we tested 'result' before and it was 'false'
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/processpptables.c:397 get_clock_voltage_dependency_table() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/hardwaremanager.c:248 phm_check_smc_update_required_for_display_configuration() warn: signedness bug returning '(-22)'
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/process_pptables_v1_0.c:207 get_platform_power_management_table() warn: struct type mismatch 'phm_ppm_table vs _ATOM_Tonga_PPM_Table'
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomctrl.c:220 atomctrl_calculate_voltage_evv_on_sclk() warn: function puts 1184 bytes on stack
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomfwctrl.c:43 pp_atomfwctrl_lookup_voltage_type_v4() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomfwctrl.c:51 pp_atomfwctrl_lookup_voltage_type_v4() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_hwmgr.c:3514 smu7_request_link_speed_change_before_state_change() warn: missing break? reassigning 'data->force_pcie_gen'
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_powertune.c:979 smu7_power_control_set_level() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/vega10_hwmgr.c:3030 vega10_get_pp_table_entry_callback_func() warn: buffer overflow 'vega10_power_state->performance_levels' 2 <= 7
> drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/vega10_hwmgr.c:3030 vega10_get_pp_table_entry_callback_func() warn: buffer overflow 'vega10_power_state->performance_levels' 2 <= 7
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:521 detect_mst_link_for_all_connectors() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:1019 handle_hpd_rx_irq() warn: 'mutex:&aconnector->hpd_lock' is sometimes locked here and sometimes unlocked.
> drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:932 dc_get_link_at_index() error: buffer overflow 'dc->links' 12 <= 31
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2288 create_fake_sink() error: we previously assumed 'sink' could be null (see line 2285)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2430 dm_crtc_duplicate_state() error: potential null dereference 'state'. (kzalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2672 create_eml_sink() warn: variable dereferenced before check 'aconnector->base.edid_blob_ptr' (see line 2670)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2673 create_eml_sink() warn: this array is probably non-NULL. 'aconnector->base.edid_blob_ptr->data'
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3422 create_i2c() error: potential null dereference 'i2c'. (kzalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3895 amdgpu_dm_commit_planes() error: double unlock 'spin_lock:&crtc->dev->event_lock'
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3895 amdgpu_dm_commit_planes() error: double unlock 'irqsave:flags'
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4157 amdgpu_dm_atomic_commit_tail() warn: variable dereferenced before check 'dm_new_crtc_state->stream' (see line 4153)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4294 dm_restore_drm_connector_state() warn: variable dereferenced before check 'disconnected_acrtc' (see line 4292)
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4716 amdgpu_dm_atomic_check() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4866 amdgpu_dm_add_sink_to_freesync_module() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/basics/log_helpers.c:79 dc_conn_log() error: buffer overflow 'signal_type_info_tbl' 10 <= 10
> drivers/gpu/drm/amd/amdgpu/../display/dc/bios/command_table2.c:376 init_set_crtc_timing() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:1376 get_firmware_info_v3_1() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:104 calculate_bandwidth() warn: function puts 1552 bytes on stack
> drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:2798 bw_calcs() error: potential null dereference 'data'. (kzalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dcn_calcs.c:1159 dcn_find_normalized_clock_vdd_Level() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_audio.c:182 check_audio_bandwidth_hdmi() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_link_encoder.c:669 dce110_link_encoder_validate_dp_output() warn: we tested 'enc110->base.features.flags.bits.IS_YCBCR_CAPABLE' before and it was 'false'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_opp.c:192 set_spatial_dither() warn: we tested 'params->flags.SPATIAL_DITHER_DEPTH == 2' before and it was 'false'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_dmcu.c:133 dce_dmcu_set_psr_enable() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_abm.c:94 get_current_backlight_16_bit() warn: should 'bl_pwm << (1 + bl_int_count)' be a 64 bit type?
> drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.c:136 release_engine() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.c:309 process_transaction() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/aux_engine_dce110.c:321 process_channel_reply() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_resource.c:923 dcn10_acquire_idle_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 917)
> drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c:1696 dcn10_translate_regamma_to_hw_format() error: buffer overflow 'seg_distr' 34 <= 34
> drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_timing_generator.c:248 tgn10_program_timing() warn: we tested 'tg->dlg_otg_param.vstartup_start > asic_blank_end' before and it was 'true'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_dpp_cm.c:128 program_gamut_remap() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_rq_dlg_calc.c:603 get_meta_and_pte_attr() warn: add some parenthesis here?
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_rq_dlg_calc.c:603 get_meta_and_pte_attr() warn: maybe use && instead of &
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dml1_display_rq_dlg_calc.c:875 get_surf_rq_param() warn: add some parenthesis here?
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dml1_display_rq_dlg_calc.c:875 get_surf_rq_param() warn: maybe use && instead of &
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_vba.c:436 fetch_socbb_params() error: buffer overflow 'soc->clock_limits' 7 <= 7
> drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_vba.c:451 fetch_socbb_params() error: buffer overflow 'soc->clock_limits' 7 <= 7
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_timing_generator.c:296 dce120_timing_generator_tear_down_global_swap_lock() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:606 dce110_translate_regamma_to_hw_format() error: buffer overflow 'seg_distr' 16 <= 16
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:778 dce110_enable_stream() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:1309 apply_single_controller_ctx_to_hw() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2159 set_default_colors() error: we previously assumed 'pipe_ctx->stream' could be null (see line 2149)
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2597 dce110_get_min_vblank_time_us() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2727 dce110_program_front_end_for_pipe() warn: variable dereferenced before check 'dc->current_state' (see line 2722)
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2893 dce110_apply_ctx_for_surface() error: we previously assumed 'pipe_ctx->plane_res.mi' could be null (see line 2885)
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_miv'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_oppv'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_tgv'
> drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_xfmv'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dc_ctx'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dc_vbios'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dcn_ip'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dcn_soc'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:966 dc_commit_planes_to_stream() error: potential null dereference 'flip_addr'. (kcalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:968 dc_commit_planes_to_stream() error: potential null dereference 'plane_info'. (kcalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:978 dc_commit_planes_to_stream() error: potential null dereference 'scaling_info'. (kcalloc returns null)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link.c:1908 dc_link_setup_psr() warn: variable dereferenced before check 'link' (see line 1902)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:872 resource_build_scaling_params() error: we previously assumed 'pipe_ctx->plane_res.xfm' could be null (see line 860)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:875 resource_build_scaling_params() error: we previously assumed 'pipe_ctx->plane_res.dpp' could be null (see line 864)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:997 acquire_free_pipe_for_stream() error: we previously assumed 'head_pipe' could be null (see line 994)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:1804 dc_validate_global_state() error: we previously assumed 'new_ctx' could be null (see line 1774)
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:2123 set_vendor_info_packet() warn: we tested 'hdmi_vic_mode' before and it was 'true'
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:185 dc_stream_set_cursor_attributes() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:189 dc_stream_set_cursor_attributes() warn: inconsistent indenting
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:301 dc_stream_set_cursor_position() error: we previously assumed 'hubp' could be null (see line 297)
> drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c:119 kfd_doorbell_init() warn: argument 3 to %08lX specifier is cast from pointer
> drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c:195 kfd_get_kernel_doorbell() warn: argument 4 to %08lX specifier is cast from pointer
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
>