[PATCH] drm/amdgpu/ttm: Fix crash when handling MMIO_REMAP in PDE flags

Mon, 17 Nov 2025 05:31:29 -0800 

MMIO_REMAP is a special IO page backed by the device's remap BAR
(adev->rmmio_remap.bus_addr) rather than regular TT-backed system
memory.  There is no meaningful ttm_tt/sg behind the MMIO_REMAP
singleton BO.

amdgpu_ttm_tt_pde_flags() was treating AMDGPU_PL_MMIO_REMAP like
TT/doorbell/ preempt memory and would eventually rely on ttm/ttm->sg
being valid. For the MMIO_REMAP BO this assumption does not hold and can
lead to a NULL pointer dereference when computing PDE flags for that
placement.

For AMDGPU_PL_MMIO_REMAP we now set both AMDGPU_PTE_VALID and
AMDGPU_PTE_SYSTEM and return early. PTE_VALID is needed so the GPU
treats the remap page as a real, usable mapping, and PTE_SYSTEM marks it
as system/IO memory instead of VRAM. Returning early makes sure we do
not touch ttm or ttm->sg, which are not valid for this special BO and
previously caused a NULL pointer crash.

Fixes: d716b3a2df1b ("drm/amdgpu: Implement TTM handling for MMIO_REMAP 
placement")
Cc: Jesse Zhang <[email protected]>
Cc: Christian König <[email protected]>
Cc: Alex Deucher <[email protected]>
Signed-off-by: Srinivasan Shanmugam <[email protected]>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c 
b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index 84f9d5a57d03..0e7a631a9081 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -1319,13 +1319,23 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt *ttm, 
struct ttm_resource *mem)
 {
        uint64_t flags = 0;
 
+       /*
+        * MMIO_REMAP is a special IO page backed by the device's remap BAR
+        * (adev->rmmio_remap.bus_addr). There is no meaningful ttm_tt/sg
+        * behind it, so do NOT touch ttm->sg here. Just treat it as
+        * SYSTEM / IO memory and bail out.
+        */
+       if (mem && mem->mem_type == AMDGPU_PL_MMIO_REMAP) {
+               flags |= AMDGPU_PTE_VALID | AMDGPU_PTE_SYSTEM;
+               return flags;
+       }
+
        if (mem && mem->mem_type != TTM_PL_SYSTEM)
                flags |= AMDGPU_PTE_VALID;
 
        if (mem && (mem->mem_type == TTM_PL_TT ||
                    mem->mem_type == AMDGPU_PL_DOORBELL ||
-                   mem->mem_type == AMDGPU_PL_PREEMPT ||
-                   mem->mem_type == AMDGPU_PL_MMIO_REMAP)) {
+                   mem->mem_type == AMDGPU_PL_PREEMPT)) {
                flags |= AMDGPU_PTE_SYSTEM;
 
                if (ttm->caching == ttm_cached)
-- 
2.34.1

Reply via email to