| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2017 14:34:40 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: amd-gfx@...ts.freedesktop.org Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org Subject: AMD, please run Smatch on your driver Linux-next was offline for the last month and the AMD drm driver went through major changes. Anyway, I'm a bit overwhelmed by the number of warnings and I'm not going to be able to go through them all so I'm just sending them to you unfiltered. Part of the problem is that I'm not running the released version of Smatch myself. That has two effects. 1) The released version is crappier than I had imagined. 2) I get *way* more warnings than you see which is overwhelming... So this is mostly my fault and I will try to do better. Here are the current warnings from Friday's linux-next, lightly edited. I know that everyone hates a big dump of static checker warnings... Speaking of being ignored, I sent a fix for this one back in August but never heard back: drivers/gpu/drm/amd/amdgpu/ci_dpm.c:4553 ci_set_mc_special_registers() error: buffer overflow 'table->mc_reg_address' 16 <= 16 https://lists.freedesktop.org/archives/amd-gfx/2017-August/012333.html So this is partly your fault as well because if you cleaned up static checker warnings little by little, then they wouldn't pile up like this. Eventually, everyone is going to have to start running Smatch for themselves because it scales better than relying on me to do it. regards, dan carpenter drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:2224 amdgpu_device_init() warn: 'adev->rio_mem' was not released on error drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:2395 amdgpu_device_init() warn: 'adev->rio_mem' was not released on error drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3373 amdgpu_debugfs_regs_write() warn: 'mutex:&adev->pm.mutex' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3377 amdgpu_debugfs_regs_write() warn: 'mutex:&adev->pm.mutex' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:3771 amdgpu_debugfs_gpr_read() error: buffer overflow 'data' 1024 <= 4095 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c:155 amdgpu_driver_load_kms() warn: we tested 'r' before and it was 'false' drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c:689 amdgpu_gem_op_ioctl() warn: should 'robj->tbo.mem.page_alignment << 12' be a 64 bit type? drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:196 amdgpu_cs_parser_init() warn: 'mutex:&p->ctx->lock' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:674 amdgpu_cs_parser_bos() warn: we tested 'r' before and it was 'false' drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:755 amdgpu_cs_parser_fini() warn: 'mutex:&parser->ctx->lock' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/atombios_i2c.c:72 amdgpu_atombios_i2c_process_i2c_ch() warn: impossible condition '(num > 255) => (0-255 > 255)' drivers/gpu/drm/amd/amdgpu/amdgpu_queue_mgr.c:217 amdgpu_queue_mgr_map() warn: variable dereferenced before check 'mgr' (see line 215) drivers/gpu/drm/amd/amdgpu/kv_dpm.c:1618 kv_get_acp_boot_level() warn: always true condition '(table->entries[i]->clk >= 0) => (0-u32max >= 0)' drivers/gpu/drm/amd/amdgpu/ci_dpm.c:4560 ci_set_mc_special_registers() error: buffer overflow 'table->mc_reg_address' 16 <= 16 drivers/gpu/drm/amd/amdgpu/ci_dpm.c:5065 ci_request_link_speed_change_before_state_change() warn: missing break? reassigning 'pi->force_pcie_gen' drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c:5256 gfx_v7_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4 drivers/gpu/drm/amd/amdgpu/si.c:1288 si_common_early_init() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/dce_v6_0.c:3026 dce_v6_0_pageflip_irq() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/si_dpm.c:6242 si_request_link_speed_change_before_state_change() warn: missing break? reassigning 'si_pi->force_pcie_gen' drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:5222 gfx_v8_0_pre_soft_reset() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:7105 gfx_v8_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:3077 gfx_v9_0_soft_reset() warn: we tested 'grbm_soft_reset' before and it was 'true' drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:3644 gfx_v9_0_ring_emit_ib_gfx() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:4457 gfx_v9_0_get_cu_info() error: buffer overflow 'cu_info->bitmap' 4 <= 4 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c:605 amdgpu_cgs_lock_grbm_idx() warn: 'mutex:&adev->grbm_idx_mutex' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/../scheduler/gpu_scheduler.c:696 amd_sched_init() warn: call of 'kthread_create_on_node' with non-constant format argument drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/tonga_smumgr.c:3128 tonga_set_mc_special_registers() error: buffer overflow 'table->mc_reg_address' 16 <= 16 drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/polaris10_smumgr.c:916 polaris10_calculate_sclk_params() warn: should 'clock << table->SclkFcwRangeTable[sclk_setting->PllRange].postdiv' be a 64 bit type? drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/polaris10_smumgr.c:931 polaris10_calculate_sclk_params() warn: should 'ss_target_freq << table->SclkFcwRangeTable[sclk_setting->PllRange].postdiv' be a 64 bit type? drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/ci_smumgr.c:462 ci_populate_single_graphic_level() warn: we tested 'result' before and it was 'false' drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/processpptables.c:397 get_clock_voltage_dependency_table() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/hardwaremanager.c:248 phm_check_smc_update_required_for_display_configuration() warn: signedness bug returning '(-22)' drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/process_pptables_v1_0.c:207 get_platform_power_management_table() warn: struct type mismatch 'phm_ppm_table vs _ATOM_Tonga_PPM_Table' drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomctrl.c:220 atomctrl_calculate_voltage_evv_on_sclk() warn: function puts 1184 bytes on stack drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomfwctrl.c:43 pp_atomfwctrl_lookup_voltage_type_v4() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/ppatomfwctrl.c:51 pp_atomfwctrl_lookup_voltage_type_v4() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_hwmgr.c:3514 smu7_request_link_speed_change_before_state_change() warn: missing break? reassigning 'data->force_pcie_gen' drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_powertune.c:979 smu7_power_control_set_level() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/vega10_hwmgr.c:3030 vega10_get_pp_table_entry_callback_func() warn: buffer overflow 'vega10_power_state->performance_levels' 2 <= 7 drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/vega10_hwmgr.c:3030 vega10_get_pp_table_entry_callback_func() warn: buffer overflow 'vega10_power_state->performance_levels' 2 <= 7 drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:521 detect_mst_link_for_all_connectors() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:1019 handle_hpd_rx_irq() warn: 'mutex:&aconnector->hpd_lock' is sometimes locked here and sometimes unlocked. drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:932 dc_get_link_at_index() error: buffer overflow 'dc->links' 12 <= 31 drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2288 create_fake_sink() error: we previously assumed 'sink' could be null (see line 2285) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2430 dm_crtc_duplicate_state() error: potential null dereference 'state'. (kzalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2672 create_eml_sink() warn: variable dereferenced before check 'aconnector->base.edid_blob_ptr' (see line 2670) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:2673 create_eml_sink() warn: this array is probably non-NULL. 'aconnector->base.edid_blob_ptr->data' drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3422 create_i2c() error: potential null dereference 'i2c'. (kzalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3895 amdgpu_dm_commit_planes() error: double unlock 'spin_lock:&crtc->dev->event_lock' drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:3895 amdgpu_dm_commit_planes() error: double unlock 'irqsave:flags' drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4157 amdgpu_dm_atomic_commit_tail() warn: variable dereferenced before check 'dm_new_crtc_state->stream' (see line 4153) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4294 dm_restore_drm_connector_state() warn: variable dereferenced before check 'disconnected_acrtc' (see line 4292) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4716 amdgpu_dm_atomic_check() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:4866 amdgpu_dm_add_sink_to_freesync_module() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/basics/log_helpers.c:79 dc_conn_log() error: buffer overflow 'signal_type_info_tbl' 10 <= 10 drivers/gpu/drm/amd/amdgpu/../display/dc/bios/command_table2.c:376 init_set_crtc_timing() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:1376 get_firmware_info_v3_1() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:104 calculate_bandwidth() warn: function puts 1552 bytes on stack drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:2798 bw_calcs() error: potential null dereference 'data'. (kzalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dcn_calcs.c:1159 dcn_find_normalized_clock_vdd_Level() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_audio.c:182 check_audio_bandwidth_hdmi() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_link_encoder.c:669 dce110_link_encoder_validate_dp_output() warn: we tested 'enc110->base.features.flags.bits.IS_YCBCR_CAPABLE' before and it was 'false' drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_opp.c:192 set_spatial_dither() warn: we tested 'params->flags.SPATIAL_DITHER_DEPTH == 2' before and it was 'false' drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_dmcu.c:133 dce_dmcu_set_psr_enable() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_abm.c:94 get_current_backlight_16_bit() warn: should 'bl_pwm << (1 + bl_int_count)' be a 64 bit type? drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.c:136 release_engine() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.c:309 process_transaction() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/aux_engine_dce110.c:321 process_channel_reply() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_resource.c:923 dcn10_acquire_idle_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 917) drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c:1696 dcn10_translate_regamma_to_hw_format() error: buffer overflow 'seg_distr' 34 <= 34 drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_timing_generator.c:248 tgn10_program_timing() warn: we tested 'tg->dlg_otg_param.vstartup_start > asic_blank_end' before and it was 'true' drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_dpp_cm.c:128 program_gamut_remap() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_rq_dlg_calc.c:603 get_meta_and_pte_attr() warn: add some parenthesis here? drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_rq_dlg_calc.c:603 get_meta_and_pte_attr() warn: maybe use && instead of & drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dml1_display_rq_dlg_calc.c:875 get_surf_rq_param() warn: add some parenthesis here? drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dml1_display_rq_dlg_calc.c:875 get_surf_rq_param() warn: maybe use && instead of & drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_vba.c:436 fetch_socbb_params() error: buffer overflow 'soc->clock_limits' 7 <= 7 drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_vba.c:451 fetch_socbb_params() error: buffer overflow 'soc->clock_limits' 7 <= 7 drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_timing_generator.c:296 dce120_timing_generator_tear_down_global_swap_lock() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:606 dce110_translate_regamma_to_hw_format() error: buffer overflow 'seg_distr' 16 <= 16 drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:778 dce110_enable_stream() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:1309 apply_single_controller_ctx_to_hw() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2159 set_default_colors() error: we previously assumed 'pipe_ctx->stream' could be null (see line 2149) drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2597 dce110_get_min_vblank_time_us() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2727 dce110_program_front_end_for_pipe() warn: variable dereferenced before check 'dc->current_state' (see line 2722) drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.c:2893 dce110_apply_ctx_for_surface() error: we previously assumed 'pipe_ctx->plane_res.mi' could be null (see line 2885) drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_miv' drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_oppv' drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_tgv' drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.c:1044 underlay_create() warn: possible memory leak of 'dce110_xfmv' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dc_ctx' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dc_vbios' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dcn_ip' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:619 construct() warn: possible memory leak of 'dcn_soc' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:966 dc_commit_planes_to_stream() error: potential null dereference 'flip_addr'. (kcalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:968 dc_commit_planes_to_stream() error: potential null dereference 'plane_info'. (kcalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:978 dc_commit_planes_to_stream() error: potential null dereference 'scaling_info'. (kcalloc returns null) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link.c:1908 dc_link_setup_psr() warn: variable dereferenced before check 'link' (see line 1902) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:872 resource_build_scaling_params() error: we previously assumed 'pipe_ctx->plane_res.xfm' could be null (see line 860) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:875 resource_build_scaling_params() error: we previously assumed 'pipe_ctx->plane_res.dpp' could be null (see line 864) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:997 acquire_free_pipe_for_stream() error: we previously assumed 'head_pipe' could be null (see line 994) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:1804 dc_validate_global_state() error: we previously assumed 'new_ctx' could be null (see line 1774) drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:2123 set_vendor_info_packet() warn: we tested 'hdmi_vic_mode' before and it was 'true' drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:185 dc_stream_set_cursor_attributes() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:189 dc_stream_set_cursor_attributes() warn: inconsistent indenting drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:301 dc_stream_set_cursor_position() error: we previously assumed 'hubp' could be null (see line 297) drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c:119 kfd_doorbell_init() warn: argument 3 to %08lX specifier is cast from pointer drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c:195 kfd_get_kernel_doorbell() warn: argument 4 to %08lX specifier is cast from pointer
Powered by blists - more mailing lists