Hello Joshua Peisach,
Commit 71036457ad85 ("drm/amdgpu/amdgpu_connectors: remove
amdgpu_connector_free_edid") from Mar 3, 2026 (linux-next), leads to
the following Smatch static checker warning:
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c:1058
amdgpu_connector_dvi_detect()
warn: passing freed memory 'amdgpu_connector->edid' (line 1048)
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
1032 /* Sometimes the pins required for the DDC probe on DVI
1033 * connectors don't make contact at the same time that
the ones
1034 * for HPD do. If the DDC probe fails even though we
had an HPD
1035 * signal, try again later
1036 */
1037 if (!dret && !force &&
1038 amdgpu_display_hpd_sense(adev,
amdgpu_connector->hpd.hpd)) {
1039 DRM_DEBUG_KMS("hpd detected without ddc,
retrying in 1 second\n");
1040 amdgpu_connector->detected_hpd_without_ddc =
true;
1041 schedule_delayed_work(&adev->hotplug_work,
1042 msecs_to_jiffies(1000));
1043 goto exit;
1044 }
1045 }
1046 if (dret) {
1047 amdgpu_connector->detected_by_load = false;
1048 drm_edid_free(amdgpu_connector->edid);
^^^^^^^^^^^^^^^^^^^^^^
This frees ->edid. The old code used to set amdgpu_connector->edid = NULL
after freeing it.
1049 amdgpu_connector_get_edid(connector);
^^^^^^^^^
This function call is supposed to re-assign ->edid but because it's no
longer NULL then it's just a no-op. (It's so annoying that the naming
switches between amdgpu_connector which and connector which are basically
castings of each other).
1050
1051 if (!amdgpu_connector->edid) {
1052 drm_err(adev_to_drm(adev), "%s: probed a
monitor but no|invalid EDID\n",
1053 connector->name);
1054 ret = connector_status_connected;
1055 broken_edid = true; /* defer use_digital to
later */
1056 } else {
1057 amdgpu_connector->use_digital =
--> 1058
drm_edid_is_digital(amdgpu_connector->edid);
^^^^^^^^^^^^^^^^^^^^^^
Use after free.
1059
1060 /* some oems have boards with separate digital
and analog connectors
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
