From 35095f7529bb6abdfc956e7a41ca6957520b70a7 Mon Sep 17 00:00:00 2001
From: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Date: Sat, 27 Jul 2013 10:17:12 +0200
Subject: drm/nouveau: fix size check for cards without vm

Op 24-07-13 17:55, Dan Carpenter schreef:
> Hello Maarten Lankhorst,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 0108bc808107: "drm/nouveau: do not allow negative sizes for
> now" from Jul 7, 2013, leads to the following Smatch complaint:
>
> drivers/gpu/drm/nouveau/nouveau_bo.c:222 nouveau_bo_new()
> 	 warn: variable dereferenced before check 'drm->client.base.vm' (see line 201)
>
> drivers/gpu/drm/nouveau/nouveau_bo.c
>    200		int type = ttm_bo_type_device;
>    201		int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1);
>                                                  ^^^^^^^^^^^^^^^^^^^
> New dereference.
>
>    202
>    203		if (size <= 0 || size > max_size) {
>    204			nv_warn(drm, "skipped size %x\n", (u32)size);
>    205			return -EINVAL;
>    206		}
>    207
>    208		if (sg)
>    209			type = ttm_bo_type_sg;
>    210
>    211		nvbo = kzalloc(sizeof(struct nouveau_bo), GFP_KERNEL);
>    212		if (!nvbo)
>    213			return -ENOMEM;
>    214		INIT_LIST_HEAD(&nvbo->head);
>    215		INIT_LIST_HEAD(&nvbo->entry);
>    216		INIT_LIST_HEAD(&nvbo->vma_list);
>    217		nvbo->tile_mode = tile_mode;
>    218		nvbo->tile_flags = tile_flags;
>    219		nvbo->bo.bdev = &drm->ttm.bdev;
>    220
>    221		nvbo->page_shift = 12;
>    222		if (drm->client.base.vm) {
>                     ^^^^^^^^^^^^^^^^^^^
> Old check.
>
>    223			if (!(flags & TTM_PL_FLAG_TT) && size > 256 * 1024)
>    224				nvbo->page_shift = drm->client.base.vm->vmm->lpg_shift;
>
> regards,
> dan carpenter

8<-----
Commit 0108bc808107: "drm/nouveau: do not allow negative sizes for now" broke
older nvidia gpu's that lack a vm. Add an explicit check to handle this.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: konrad wilk <konrad.wilk@oracle.com>
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
index 4e7ee5f..af20fba 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -198,7 +198,12 @@ nouveau_bo_new(struct drm_device *dev, int size, int align,
 	size_t acc_size;
 	int ret;
 	int type = ttm_bo_type_device;
-	int max_size = INT_MAX & ~((1 << drm->client.base.vm->vmm->lpg_shift) - 1);
+	int lpg_shift = 12;
+	int max_size;
+
+	if (drm->client.base.vm)
+		lpg_shift = drm->client.base.vm->vmm->lpg_shift;
+	max_size = INT_MAX & ~((1 << lpg_shift) - 1);
 
 	if (size <= 0 || size > max_size) {
 		nv_warn(drm, "skipped size %x\n", (u32)size);
-- 
cgit v0.10.2