[ Smatch checking is paused while we raise funding. #SadFace
https://lore.kernel.org/all/[email protected]/ -dan ]
Hello Hamza Mahfooz,
Commit 2728e9c7c842 ("drm/amd/display: add DC changes for DCN351")
from Feb 23, 2024 (linux-next), leads to the following Smatch static
checker warning:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn351/dcn351_resource.c:1284
dcn35_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn36/dcn36_resource.c:1285
dcn35_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn321/dcn321_resource.c:1222
dcn321_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn315/dcn315_resource.c:1252
dcn315_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn35/dcn35_resource.c:1304
dcn35_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:1241
dcn32_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn316/dcn316_resource.c:1245
dcn316_stream_encoder_create() index hardmax out of bounds
'stream_enc_regs[eng_id]' size=5 max='5' rl='s32min-5'
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn351/dcn351_resource.c
1246 static struct stream_encoder *dcn35_stream_encoder_create(
1247 enum engine_id eng_id,
1248 struct dc_context *ctx)
1249 {
1250 struct dcn10_stream_encoder *enc1;
1251 struct vpg *vpg;
1252 struct afmt *afmt;
1253 int vpg_inst;
1254 int afmt_inst;
1255
1256 /* Mapping of VPG, AFMT, DME register blocks to DIO block
instance */
1257 if (eng_id <= ENGINE_ID_DIGF) {
ENGINE_ID_DIGF is 5. should <= be <?
Unrelated but, ugh, why is Smatch saying that "eng_id" can be negative?
end_id is type signed long, but there are checks in the caller which
prevent it from being negative.
1258 vpg_inst = eng_id;
1259 afmt_inst = eng_id;
1260 } else
1261 return NULL;
1262
1263 enc1 = kzalloc(sizeof(struct dcn10_stream_encoder),
GFP_KERNEL);
1264 vpg = dcn31_vpg_create(ctx, vpg_inst);
1265 afmt = dcn31_afmt_create(ctx, afmt_inst);
1266
1267 if (!enc1 || !vpg || !afmt) {
1268 kfree(enc1);
1269 kfree(vpg);
1270 kfree(afmt);
1271 return NULL;
1272 }
1273
1274 #undef REG_STRUCT
1275 #define REG_STRUCT stream_enc_regs
1276 stream_enc_regs_init(0),
1277 stream_enc_regs_init(1),
1278 stream_enc_regs_init(2),
1279 stream_enc_regs_init(3),
1280 stream_enc_regs_init(4);
1281
1282 dcn35_dio_stream_encoder_construct(enc1, ctx, ctx->dc_bios,
1283 eng_id, vpg, afmt,
--> 1284 &stream_enc_regs[eng_id],
^^^^^^^^^^^^^^^^^^^^^^^
This stream_enc_regs[] array has 5 elements so we are one element
beyond the end of the array.
1285 &se_shift, &se_mask);
1286
1287 return &enc1->base;
1288 }
regards,
dan carpenter
