From: Hersen Wu
[ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ]
[Why]
Coverity reports Memory - illegal accesses.
[How]
Skip inactive planes.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel Wheeler
Signed-off-by: Alex Deucher
From: Alex Hung
[ Upstream commit ae13c8a5cff92015b9a3eb7cee65ebc75859487f ]
[WHY & HOW]
A read of acrtc_attach->base.state->event was not locked so moving it
inside the spinlock.
This fixes a LOCK_EVASION issue reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
From: Hersen Wu
[ Upstream commit c6077aa66fa230d12f37fef01161ef080d13b726 ]
[Why]
For subtraction, coverity reports integer overflow
warning message when variable type is uint32_t.
[How]
Change variable type to int32_t.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
Signed-off-by: Hersen
From: Alex Hung
[ Upstream commit fa71face755e27dc44bc296416ebdf2c67163316 ]
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
array index, and it needs checking before used.
This fixes 4 OVERRUN issues reported by Coverity.
Reviewed-by: Harry Wentland
From: Alex Hung
[ Upstream commit b38a4815f79b87efb196cd5121579fc51e29a7fb ]
[WHY & HOW]
num_valid_sets needs to be checked to avoid a negative index when
accessing reader_wm_sets[num_valid_sets - 1].
This fixes an OVERRUN issue reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom
From: Hersen Wu
[ Upstream commit 4e70c0f5251c25885c31ee84a31f99a01f7cf50e ]
[Why]
Coverity reports OVERRUN warning. Do not check if array
index valid.
[How]
Check msg_id valid and valid array index.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel
From: Hersen Wu
[ Upstream commit 84723eb6068c50610c5c0893980d230d7afa2105 ]
[Why]
Coverity reports OVERRUN warning. Should abort amdgpu_dm
initialize.
[How]
Return failure to amdgpu_dm_init.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel Wheeler
From: Alex Hung
[ Upstream commit 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 ]
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore
should be checked in advance.
This fixes 5 OVERRUN issues reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
From: Jesse Zhang
[ Upstream commit 12c6967428a099bbba9dfd247bb4322a984fcc0b ]
using index i - 1U may beyond element index
for mc_data[] when i = 0.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Jesse Zhang
[ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ]
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDescriptor.
V2: fix clk_index return check (Tim Huang)
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex
From: Jesse Zhang
[ Upstream commit 17e3bea65cdc453695b2fe4ff26d25d17f5339e9 ]
Check the return of pp_atomfwctrl_get_Voltage_table_v4
as it may fail to initialize max_vid_step
V2: change the check condition (Tim Huang)
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex
From: Ma Jun
[ Upstream commit 579f0c21baec9e7506b6bb3f60f0a9b6d07693b4 ]
Check the return value of smum_send_msg_to_smc, otherwise
we might use an uninitialized variable "now"
Signed-off-by: Ma Jun
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Tim Huang
[ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ]
Clear overflowed array index read warning by cast operation.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Reviewed-by: Christian König
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Alvin Lee
[ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ]
[Description]
Assign linear_pitch_alignment so we don't cause a divide by 0
error in VM environments
Reviewed-by: Sohaib Nadeem
Acked-by: Wayne Lin
Signed-off-by: Alvin Lee
Tested-by: Daniel Wheeler
Signed-off-by:
From: Alex Hung
[ Upstream commit 116a678f3a9abc24f5c9d2525b7393d18d9eb58e ]
[WHAT & HOW]
A denominator cannot be 0, and is checked before used.
This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.
Reviewed-by: Harry Wentland
Signed-off-by: Jerry Zuo
Signed-off-by: Alex Hung
Tested-by:
From: Alex Hung
[ Upstream commit 5d93060d430b359e16e7c555c8f151ead1ac614b ]
[WHAT & HOW]
Check mod_hdcp_execute_and_set() return values in authenticated_dp.
This fixes 3 CHECKED_RETURN issues reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Signed-off-by: Alex Hung
Tested-by: Daniel
From: Alex Hung
[ Upstream commit 3a82f62b0d9d7687eac47603bb6cd14a50fa718b ]
[WHAT]
The DC_LOG_DC should be run after link->link_enc is checked, not before.
This fixes 1 REVERSE_INULL issue reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Signed-off-by: Alex Hung
Tested-by: Daniel
From: Rakesh Ughreja
[ Upstream commit 3309887c6ff8ca2ac05a74e1ee5d1c44829f63f2 ]
Netowrk EDMAs uses more outstanding transfers so this needs to be
programmed by EDMA firmware.
Signed-off-by: Rakesh Ughreja
Reviewed-by: Ofir Bitton
Signed-off-by: Ofir Bitton
Signed-off-by: Sasha Levin
---
From: Alex Hung
[ Upstream commit c4d31653c03b90e51515b1380115d1aedad925dd ]
Callers can pass null in filter (i.e. from returned from the function
wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is
not the case.
This fixes 4 NULL_RETURNS issues reported by Coverity.
From: Alex Hung
[ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ]
BIOS images may fail to load and null checks are added before they are
used.
This fixes 6 NULL_RETURNS issues reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Hamza Mahfooz
Signed-off-by: Alex Hung
From: Wenjing Liu
[ Upstream commit abf34ca465f5cd182b07701d3f3d369c0fc04723 ]
[why]
We set preferred link settings for virtual signal. However we don't support
virtual signal for UHBR link rate. If preferred is set to UHBR link rate, we
will allow virtual signal with UHBR link rate which
From: Wayne Lin
[ Upstream commit ad28d7c3d989fc5689581664653879d664da76f0 ]
[Why & How]
It actually exposes '6' types in enum dmub_notification_type. Not 5. Using
smaller
number to create array dmub_callback & dmub_thread_offload has potential to
access
item out of array bound. Fix it.
From: winstang
[ Upstream commit 26c56049cc4f1705b498df013949427692a4b0d5 ]
[Why]
prevent invalid memory access
[How]
check if dc and stream are NULL
Co-authored-by: winstang
Reviewed-by: Alvin Lee
Acked-by: Zaeem Mohamed
Signed-off-by: winstang
Tested-by: Daniel Wheeler
Signed-off-by:
From: Marek Vasut
[ Upstream commit 162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f ]
Make sure the connector is fully initialized before signalling any
HPD events via drm_kms_helper_hotplug_event(), otherwise this may
lead to NULL pointer dereference.
Signed-off-by: Marek Vasut
Reviewed-by: Robert
From: Jesse Zhang
[ Upstream commit c09d2eff81a997c169e0cacacd6b60c5e3aa33f2 ]
Potentially overflowing expression mall_size_per_umc * adev->gmc.num_umc with
type unsigned int (32 bits, unsigned)
is evaluated using 32-bit arithmetic,and then used in a context that expects an
expression of type
From: Tao Zhou
[ Upstream commit 2aadb520bfacec12527effce3566f8df55e5d08e ]
Avoid overflow issue.
Signed-off-by: Tao Zhou
Reviewed-by: Yang Wang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +++---
From: Jesse Zhang
[ Upstream commit d190b459b2a4304307c3468ed97477b808381011 ]
if ras_manager obj null, don't print NBIO err data
Signed-off-by: Jesse Zhang
Suggested-by: Tim Huang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Jesse Zhang
[ Upstream commit 1940708ccf5aff76de4e0b399f99267c93a89193 ]
Check the amdgpu_hive_info *hive that maybe is NULL.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 +++
From: Jesse Zhang
[ Upstream commit b1f7810b05d1950350ac2e06992982974343e441 ]
check the pointer hive before use.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
1 file changed,
From: Jesse Zhang
[ Upstream commit 1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c ]
Checks the partition mode and returns an error for an invalid mode.
Signed-off-by: Jesse Zhang
Suggested-by: Lijo Lazar
Reviewed-by: Lijo Lazar
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Ma Jun
[ Upstream commit df0a9bd92fbbd3fcafcb2bce6463c9228a3e6868 ]
Check the input value for CUSTOM profile mode setting on legacy
SOCs. Otherwise we may use uninitalized value of input[]
Signed-off-by: Ma Jun
Reviewed-by: Yang Wang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha
From: Michael Chen
[ Upstream commit 10f624ef239bd136cdcc5bbc626157a57b938a31 ]
Currently oem_id is defined as uint8_t[6] and casted to uint64_t*
in some use case. This would lead code scanner to complain about
access beyond. Re-define it in union to enforce 8-byte size and
alignment to avoid
From: Tim Huang
[ Upstream commit 51dfc0a4d609fe700750a62f41447f01b8c9ea50 ]
Clear warning that read mc_data[i-1] may out-of-bounds.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c |
From: Tim Huang
[ Upstream commit 8944acd0f9db33e17f387fdc75d33bb473d7936f ]
Clear warning that read ucode[] may out-of-bounds.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++
1
From: Ma Jun
[ Upstream commit d768394fa99467bcf2703bde74ddc96eeb0b71fa ]
Check the fb_channel_number range to avoid the array out-of-bounds
read error
Signed-off-by: Ma Jun
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Ma Jun
[ Upstream commit be1684930f5262a622d40ce7a6f1423530d87f89 ]
Check the ring type value to fix the out-of-bounds
write warning
Signed-off-by: Ma Jun
Suggested-by: Christian König
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: "Lin.Cao"
[ Upstream commit 547033b593063eb85bfdf9b25a5f1b8fd1911be2 ]
In interrupt context, write dbg_ev_file will be run by work queue. It
will cause write dbg_ev_file execution after debug_trap_disable, which
will cause NULL pointer access.
v2: cancel work "debug_event_workarea" before
From: Asad Kamal
[ Upstream commit 6cd2b872643bb29bba01a8ac739138db7bd79007 ]
Validate tbo resource pointer, skip if NULL
Signed-off-by: Asad Kamal
Reviewed-by: Christian König
Reviewed-by: Lijo Lazar
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Hersen Wu
[ Upstream commit 188fd1616ec43033cedbe343b6579e9921e2d898 ]
[Why]
Coverity reports OVERRUN warning. soc.num_states could
be 40. But array range of bw_params->clk_table.entries is 8.
[How]
Assert if soc.num_states greater than 8.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
From: Hersen Wu
[ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ]
[Why]
Coverity reports Memory - illegal accesses.
[How]
Skip inactive planes.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel Wheeler
Signed-off-by: Alex Deucher
From: Hersen Wu
[ Upstream commit 83c0c8361347cf43937348e8ca0a487679c003ae ]
[Why]
For addtion (uint8_t) variable + constant 1,
coverity generates message below:
Truncation due to cast operation on "cur_idx + 1" from
32 to 8 bits.
Then Coverity assume result is 32 bits value be saved into
8
From: Alex Hung
[ Upstream commit ae13c8a5cff92015b9a3eb7cee65ebc75859487f ]
[WHY & HOW]
A read of acrtc_attach->base.state->event was not locked so moving it
inside the spinlock.
This fixes a LOCK_EVASION issue reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
From: Hersen Wu
[ Upstream commit c6077aa66fa230d12f37fef01161ef080d13b726 ]
[Why]
For subtraction, coverity reports integer overflow
warning message when variable type is uint32_t.
[How]
Change variable type to int32_t.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
Signed-off-by: Hersen
From: Hersen Wu
[ Upstream commit 176abbcc71952e23009a6ed194fd203b99646884 ]
[Why]
For substrcation, coverity reports integer overflow
warning message when variable type is uint32_t.
[How]
Change varaible type to int32_t.
Reviewed-by: Alex Hung
Reviewed-by: Harry Wentland
Acked-by: Tom
From: Alex Hung
[ Upstream commit fa71face755e27dc44bc296416ebdf2c67163316 ]
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
array index, and it needs checking before used.
This fixes 4 OVERRUN issues reported by Coverity.
Reviewed-by: Harry Wentland
From: Alex Hung
[ Upstream commit efabdce3db9f3d306084c8946983f3d895810a6b ]
This prevents accessing to negative index of link_encoders array.
This fixes an OVERRUN issue reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Acked-by: Tom Chung
Signed-off-by: Alex Hung
Tested-by: Daniel
From: Alex Hung
[ Upstream commit b38a4815f79b87efb196cd5121579fc51e29a7fb ]
[WHY & HOW]
num_valid_sets needs to be checked to avoid a negative index when
accessing reader_wm_sets[num_valid_sets - 1].
This fixes an OVERRUN issue reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom
From: Hersen Wu
[ Upstream commit 4e70c0f5251c25885c31ee84a31f99a01f7cf50e ]
[Why]
Coverity reports OVERRUN warning. Do not check if array
index valid.
[How]
Check msg_id valid and valid array index.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel
From: Alex Hung
[ Upstream commit 9ba2ea6337b4f159aecb177555a6a81da92d302e ]
aux_rd_interval has size of 7 and should be checked.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Acked-by: Tom Chung
Signed-off-by: Alex Hung
Tested-by:
From: Hersen Wu
[ Upstream commit 84723eb6068c50610c5c0893980d230d7afa2105 ]
[Why]
Coverity reports OVERRUN warning. Should abort amdgpu_dm
initialize.
[How]
Return failure to amdgpu_dm_init.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel Wheeler
From: Hersen Wu
[ Upstream commit 6e41709eb1d9207d88e46026baf9cc850206b374 ]
[WHY]
Coverity reports OVERRUN issues within amdgpu_dm
interrupt registers. Do not check index value before
access array. Do not check NULL pointer.
[HOW]
Add index value check for array. Add check for
pointer from
From: Alex Hung
[ Upstream commit 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 ]
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore
should be checked in advance.
This fixes 5 OVERRUN issues reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Tom Chung
From: Jesse Zhang
[ Upstream commit 12c6967428a099bbba9dfd247bb4322a984fcc0b ]
using index i - 1U may beyond element index
for mc_data[] when i = 0.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Jesse Zhang
[ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ]
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDescriptor.
V2: fix clk_index return check (Tim Huang)
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex
From: Jesse Zhang
[ Upstream commit 17e3bea65cdc453695b2fe4ff26d25d17f5339e9 ]
Check the return of pp_atomfwctrl_get_Voltage_table_v4
as it may fail to initialize max_vid_step
V2: change the check condition (Tim Huang)
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex
From: Ma Jun
[ Upstream commit 579f0c21baec9e7506b6bb3f60f0a9b6d07693b4 ]
Check the return value of smum_send_msg_to_smc, otherwise
we might use an uninitialized variable "now"
Signed-off-by: Ma Jun
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Tim Huang
[ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ]
Clear overflowed array index read warning by cast operation.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Reviewed-by: Christian König
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Alvin Lee
[ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ]
[Description]
Assign linear_pitch_alignment so we don't cause a divide by 0
error in VM environments
Reviewed-by: Sohaib Nadeem
Acked-by: Wayne Lin
Signed-off-by: Alvin Lee
Tested-by: Daniel Wheeler
Signed-off-by:
From: Alex Hung
[ Upstream commit ea79068d4073bf303f8203f2625af7d9185a1bc6 ]
[WHAT & HOW]
A denominator cannot be 0, and is checked before used.
This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.
Reviewed-by: Harry Wentland
Signed-off-by: Jerry Zuo
Signed-off-by: Alex Hung
Tested-by:
From: Alex Hung
[ Upstream commit 116a678f3a9abc24f5c9d2525b7393d18d9eb58e ]
[WHAT & HOW]
A denominator cannot be 0, and is checked before used.
This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.
Reviewed-by: Harry Wentland
Signed-off-by: Jerry Zuo
Signed-off-by: Alex Hung
Tested-by:
From: Bob Zhou
[ Upstream commit 9ff2e14cf013fa887e269bdc5ea3cffacada8635 ]
Fix the unchecked return value warning reported by Coverity,
so add error handling.
Signed-off-by: Bob Zhou
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Alex Hung
[ Upstream commit 673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c ]
[WHAT & HOW]
Function return values must be checked before data can be used
in subsequent functions.
This fixes 4 CHECKED_RETURN issues reported by Coverity.
Reviewed-by: Harry Wentland
Signed-off-by: Alex Hung
From: Alex Hung
[ Upstream commit 5d93060d430b359e16e7c555c8f151ead1ac614b ]
[WHAT & HOW]
Check mod_hdcp_execute_and_set() return values in authenticated_dp.
This fixes 3 CHECKED_RETURN issues reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Signed-off-by: Alex Hung
Tested-by: Daniel
From: Alex Hung
[ Upstream commit 3a82f62b0d9d7687eac47603bb6cd14a50fa718b ]
[WHAT]
The DC_LOG_DC should be run after link->link_enc is checked, not before.
This fixes 1 REVERSE_INULL issue reported by Coverity.
Reviewed-by: Rodrigo Siqueira
Signed-off-by: Alex Hung
Tested-by: Daniel
From: Hawking Zhang
[ Upstream commit 9da0f7736763aa0fbf63bb15060c6827135f3f67 ]
fault_status is read only register. fault_cntl
is not accessible from guest environment.
Signed-off-by: Hawking Zhang
Reviewed-by: Tao Zhou
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Rakesh Ughreja
[ Upstream commit 3309887c6ff8ca2ac05a74e1ee5d1c44829f63f2 ]
Netowrk EDMAs uses more outstanding transfers so this needs to be
programmed by EDMA firmware.
Signed-off-by: Rakesh Ughreja
Reviewed-by: Ofir Bitton
Signed-off-by: Ofir Bitton
Signed-off-by: Sasha Levin
---
From: Alex Hung
[ Upstream commit a7b38c7852093385d0605aa3c8a2efd6edd1edfd ]
CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled
is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus
if (p->UnboundedRequestEnabled) checks its address, not bool value.
This fixes 1
From: Alex Hung
[ Upstream commit c4d31653c03b90e51515b1380115d1aedad925dd ]
Callers can pass null in filter (i.e. from returned from the function
wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is
not the case.
This fixes 4 NULL_RETURNS issues reported by Coverity.
From: Alex Hung
[ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ]
BIOS images may fail to load and null checks are added before they are
used.
This fixes 6 NULL_RETURNS issues reported by Coverity.
Reviewed-by: Harry Wentland
Acked-by: Hamza Mahfooz
Signed-off-by: Alex Hung
From: Alex Hung
[ Upstream commit d6b54900c564e35989cf6813e4071504fa0a90e0 ]
[WHAT & HOW]
dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned
0x. Fix it by changing it to uint8_t with value of 0xFF.
This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Reviewed-by:
From: Nicholas Kazlauskas
[ Upstream commit 7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f ]
[Why]
DMCUB can intermittently take longer than expected to process commands.
Old ASIC policy was to continue while logging a diagnostic error - which
works fine for ASIC without IPS, but with IPS this could
From: Wenjing Liu
[ Upstream commit abf34ca465f5cd182b07701d3f3d369c0fc04723 ]
[why]
We set preferred link settings for virtual signal. However we don't support
virtual signal for UHBR link rate. If preferred is set to UHBR link rate, we
will allow virtual signal with UHBR link rate which
From: Nicholas Kazlauskas
[ Upstream commit 466423c6dd8af23ebb3a69d43434d01aed0db356 ]
[Why]
These registers should not be read from driver and triggering the
security violation when DMCUB work times out and diagnostics are
collected blocks Z8 entry.
[How]
Remove the register read from DCN35.
From: Wayne Lin
[ Upstream commit ad28d7c3d989fc5689581664653879d664da76f0 ]
[Why & How]
It actually exposes '6' types in enum dmub_notification_type. Not 5. Using
smaller
number to create array dmub_callback & dmub_thread_offload has potential to
access
item out of array bound. Fix it.
From: winstang
[ Upstream commit 26c56049cc4f1705b498df013949427692a4b0d5 ]
[Why]
prevent invalid memory access
[How]
check if dc and stream are NULL
Co-authored-by: winstang
Reviewed-by: Alvin Lee
Acked-by: Zaeem Mohamed
Signed-off-by: winstang
Tested-by: Daniel Wheeler
Signed-off-by:
From: Marek Vasut
[ Upstream commit 162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f ]
Make sure the connector is fully initialized before signalling any
HPD events via drm_kms_helper_hotplug_event(), otherwise this may
lead to NULL pointer dereference.
Signed-off-by: Marek Vasut
Reviewed-by: Robert
From: Himal Prasad Ghimiray
[ Upstream commit 35feb8dbbca627d118ccc1f2111841788c142703 ]
Assert domain is not XE_FORCEWAKE_ALL.
v2
- use domain != XE_FORCEWAKE_ALL (Michal)
v3
- Fix commit description.
Cc: Michal Wajdeczko
Cc: Rodrigo Vivi
Cc: Lucas De Marchi
Cc: Badal Nilawar
From: Jesse Zhang
[ Upstream commit c09d2eff81a997c169e0cacacd6b60c5e3aa33f2 ]
Potentially overflowing expression mall_size_per_umc * adev->gmc.num_umc with
type unsigned int (32 bits, unsigned)
is evaluated using 32-bit arithmetic,and then used in a context that expects an
expression of type
From: Rodrigo Vivi
[ Upstream commit 46edb0a3eb16cebc2db6f9b6f7c19813d52bfcc9 ]
Current callers of this function are already taking the result
to a boolean and using in an if. It might be a problem because
current function might return negative error codes on failure,
without increasing the
From: Matthew Auld
[ Upstream commit c7117419784f612d59ee565145f722e8b5541fe6 ]
Set our various mmio mappings to NULL. This should make it easier to
catch something rogue trying to mess with mmio after device removal. For
example, we might unmap everything and then start hitting some mmio
From: Matthew Auld
[ Upstream commit a0b834c8957a7d2848face008a12382a0ad11ffc ]
Not valid to touch mmio once the device is removed, so make sure we
unmap on removal and not just when driver instance goes away. Also set
the mmio pointers to NULL to hopefully catch such issues more easily.
From: Tao Zhou
[ Upstream commit 2aadb520bfacec12527effce3566f8df55e5d08e ]
Avoid overflow issue.
Signed-off-by: Tao Zhou
Reviewed-by: Yang Wang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +++---
From: Nicholas Susanto
[ Upstream commit 3aec7a5af4d6248b7462b7d1eb597f06d35f5ee0 ]
[Why]
Missing check for when there is new pipe configuration but both cur_pipe
and new_pipe are both populated causing update_state of DSC for that
instance not being updated correctly.
This causes some
From: Jesse Zhang
[ Upstream commit d190b459b2a4304307c3468ed97477b808381011 ]
if ras_manager obj null, don't print NBIO err data
Signed-off-by: Jesse Zhang
Suggested-by: Tim Huang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Jesse Zhang
[ Upstream commit 1940708ccf5aff76de4e0b399f99267c93a89193 ]
Check the amdgpu_hive_info *hive that maybe is NULL.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 +++
From: Jesse Zhang
[ Upstream commit b1f7810b05d1950350ac2e06992982974343e441 ]
check the pointer hive before use.
Signed-off-by: Jesse Zhang
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
1 file changed,
From: Jesse Zhang
[ Upstream commit 1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c ]
Checks the partition mode and returns an error for an invalid mode.
Signed-off-by: Jesse Zhang
Suggested-by: Lijo Lazar
Reviewed-by: Lijo Lazar
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: "David (Ming Qiang) Wu"
[ Upstream commit 10fe1a79cd1bff3048e13120e93c02f8ecd05e9d ]
We do not directly enable/disable VCN IRQ in vcn 5.0.0.
And we do not handle the IRQ state as well. So the calls to
disable IRQ and set state are removed. This effectively gets
rid of the warining of
From: Ma Jun
[ Upstream commit adb9de4dd207fb1264ea70b9eacab9f70ee4707a ]
Check the input value for CUSTOM profile mode setting on smu 11,
smu13 and smu14. Otherwise we use uninitialized value of input[]
Signed-off-by: Ma Jun
Reviewed-by: Yang Wang
Signed-off-by: Alex Deucher
Signed-off-by:
From: Ma Jun
[ Upstream commit df0a9bd92fbbd3fcafcb2bce6463c9228a3e6868 ]
Check the input value for CUSTOM profile mode setting on legacy
SOCs. Otherwise we may use uninitalized value of input[]
Signed-off-by: Ma Jun
Reviewed-by: Yang Wang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha
From: Michael Chen
[ Upstream commit 10f624ef239bd136cdcc5bbc626157a57b938a31 ]
Currently oem_id is defined as uint8_t[6] and casted to uint64_t*
in some use case. This would lead code scanner to complain about
access beyond. Re-define it in union to enforce 8-byte size and
alignment to avoid
From: Tim Huang
[ Upstream commit 51dfc0a4d609fe700750a62f41447f01b8c9ea50 ]
Clear warning that read mc_data[i-1] may out-of-bounds.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c |
From: Tim Huang
[ Upstream commit 8944acd0f9db33e17f387fdc75d33bb473d7936f ]
Clear warning that read ucode[] may out-of-bounds.
Signed-off-by: Tim Huang
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++
1
From: Ma Jun
[ Upstream commit d768394fa99467bcf2703bde74ddc96eeb0b71fa ]
Check the fb_channel_number range to avoid the array out-of-bounds
read error
Signed-off-by: Ma Jun
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: "Lin.Cao"
[ Upstream commit 547033b593063eb85bfdf9b25a5f1b8fd1911be2 ]
In interrupt context, write dbg_ev_file will be run by work queue. It
will cause write dbg_ev_file execution after debug_trap_disable, which
will cause NULL pointer access.
v2: cancel work "debug_event_workarea" before
From: Ma Jun
[ Upstream commit be1684930f5262a622d40ce7a6f1423530d87f89 ]
Check the ring type value to fix the out-of-bounds
write warning
Signed-off-by: Ma Jun
Suggested-by: Christian König
Reviewed-by: Tim Huang
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Asad Kamal
[ Upstream commit 6cd2b872643bb29bba01a8ac739138db7bd79007 ]
Validate tbo resource pointer, skip if NULL
Signed-off-by: Asad Kamal
Reviewed-by: Christian König
Reviewed-by: Lijo Lazar
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Hersen Wu
[ Upstream commit 188fd1616ec43033cedbe343b6579e9921e2d898 ]
[Why]
Coverity reports OVERRUN warning. soc.num_states could
be 40. But array range of bw_params->clk_table.entries is 8.
[How]
Assert if soc.num_states greater than 8.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
From: Hersen Wu
[ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ]
[Why]
Coverity reports Memory - illegal accesses.
[How]
Skip inactive planes.
Reviewed-by: Alex Hung
Acked-by: Tom Chung
Signed-off-by: Hersen Wu
Tested-by: Daniel Wheeler
Signed-off-by: Alex Deucher
From: Hersen Wu
[ Upstream commit 83c0c8361347cf43937348e8ca0a487679c003ae ]
[Why]
For addtion (uint8_t) variable + constant 1,
coverity generates message below:
Truncation due to cast operation on "cur_idx + 1" from
32 to 8 bits.
Then Coverity assume result is 32 bits value be saved into
8
201 - 300 of 497271 matches
Mail list logo