linux-kernel - [PATCH] drm/msm/dpu: avoid uninitialized variable use

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-Id: <20250807072016.4109051-1-arnd@kernel.org>
Date: Thu,  7 Aug 2025 09:19:48 +0200
From: Arnd Bergmann <arnd@...nel.org>
To: Rob Clark <robin.clark@....qualcomm.com>,
	Dmitry Baryshkov <lumag@...nel.org>,
	David Airlie <airlied@...il.com>,
	Simona Vetter <simona@...ll.ch>,
	Nathan Chancellor <nathan@...nel.org>,
	Abhinav Kumar <quic_abhinavk@...cinc.com>
Cc: Arnd Bergmann <arnd@...db.de>,
	Abhinav Kumar <abhinav.kumar@...ux.dev>,
	Jessica Zhang <jessica.zhang@....qualcomm.com>,
	Sean Paul <sean@...rly.run>,
	Marijn Suijten <marijn.suijten@...ainline.org>,
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>,
	Antonino Maniscalco <antomani103@...il.com>,
	Konrad Dybcio <konrad.dybcio@....qualcomm.com>,
	Jun Nie <jun.nie@...aro.org>,
	linux-arm-msm@...r.kernel.org,
	dri-devel@...ts.freedesktop.org,
	freedreno@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org,
	llvm@...ts.linux.dev
Subject: [PATCH] drm/msm/dpu: avoid uninitialized variable use

From: Arnd Bergmann <arnd@...db.de>

clang-21 points out a variable that is conditionally initialized
but then dereferenced:

drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1138:6: error: variable 'crtc_state' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
 1138 |         if (plane_state->crtc)
      |             ^~~~~~~~~~~~~~~~~
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1142:58: note: uninitialized use occurs here
 1142 |         ret = dpu_plane_atomic_check_nosspp(plane, plane_state, crtc_state);
      |                                                                 ^~~~~~~~~~
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1138:2: note: remove the 'if' if its condition is always true
 1138 |         if (plane_state->crtc)
      |         ^~~~~~~~~~~~~~~~~~~~~~
 1139 |                 crtc_state = drm_atomic_get_new_crtc_state(state,
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1132:35: note: initialize the variable 'crtc_state' to silence this warning
 1132 |         struct drm_crtc_state *crtc_state;
      |                                          ^
      |                                           = NULL

The bug is real, but the suggestion from clang to set it to NULL is
unfortunately just as harmful as dereferencing a NULL pointer is little
better than uninitialized data.

Change the function to return an error in this case.

Fixes: 774bcfb73176 ("drm/msm/dpu: add support for virtual planes")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
 drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
index 01171c535a27..4987f2f2fee0 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
@@ -1135,10 +1135,10 @@ static int dpu_plane_virtual_atomic_check(struct drm_plane *plane,
 	if (IS_ERR(plane_state))
 		return PTR_ERR(plane_state);
 
-	if (plane_state->crtc)
-		crtc_state = drm_atomic_get_new_crtc_state(state,
-							   plane_state->crtc);
+	if (!plane_state->crtc)
+		return -ENXIO;
 
+	crtc_state = drm_atomic_get_new_crtc_state(state, plane_state->crtc);
 	ret = dpu_plane_atomic_check_nosspp(plane, plane_state, crtc_state);
 	if (ret)
 		return ret;
-- 
2.39.5