drm/qxl: fix smatch warnings

drivers/gpu/drm/qxl/qxl_display.c:99 qxl_alloc_client_monitors_config() error: dereferencing freed memory 'qdev->client_monitors_config'
drivers/gpu/drm/qxl/qxl_object.c:66 qxl_ttm_placement_from_domain() warn: bitwise AND condition is false here
drivers/gpu/drm/qxl/qxl_ioctl.c:353 qxl_clientcap_ioctl() warn: buffer overflow 'qdev->rom->client_capabilities' 58 <= 58

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

drivers/gpu/drm/qxl/qxl_display.c

@@ -84,6 +84,7 @@ void qxl_alloc_client_monitors_config(struct qxl_device *qdev, unsigned count)
 	if (qdev->client_monitors_config &&
 	    count > qdev->client_monitors_config->count) {
 		kfree(qdev->client_monitors_config);
+		qdev->client_monitors_config = NULL;
 	}
 	if (!qdev->client_monitors_config) {
 		qdev->client_monitors_config = kzalloc(

drivers/gpu/drm/qxl/qxl_ioctl.c

@@ -347,7 +347,7 @@ static int qxl_clientcap_ioctl(struct drm_device *dev, void *data,
 	if (qdev->pdev->revision < 4)
 		return -ENOSYS;
 
-	if (byte > 58)
+	if (byte >= 58)
 		return -ENOSYS;
 
 	if (qdev->rom->client_capabilities[byte] & (1 << idx))

drivers/gpu/drm/qxl/qxl_object.c

@@ -59,11 +59,11 @@ void qxl_ttm_placement_from_domain(struct qxl_bo *qbo, u32 domain)
 	qbo->placement.lpfn = 0;
 	qbo->placement.placement = qbo->placements;
 	qbo->placement.busy_placement = qbo->placements;
-	if (domain & QXL_GEM_DOMAIN_VRAM)
+	if (domain == QXL_GEM_DOMAIN_VRAM)
 		qbo->placements[c++] = TTM_PL_FLAG_CACHED | TTM_PL_FLAG_VRAM;
-	if (domain & QXL_GEM_DOMAIN_SURFACE)
+	if (domain == QXL_GEM_DOMAIN_SURFACE)
 		qbo->placements[c++] = TTM_PL_FLAG_CACHED | TTM_PL_FLAG_PRIV0;
-	if (domain & QXL_GEM_DOMAIN_CPU)
+	if (domain == QXL_GEM_DOMAIN_CPU)
 		qbo->placements[c++] = TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;
 	if (!c)
 		qbo->placements[c++] = TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;