[AMD Official Use Only - AMD Internal Distribution Only] Thanks Srini, With this patch, it can fix the rash. Alternatively, we can simplify this patch like this:
Please feel free to add test-by: "[email protected]" and Reviewed-by "[email protected]" -- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -1336,7 +1336,7 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt *ttm, struct ttm_resource *mem) mem->mem_type == AMDGPU_PL_MMIO_REMAP)) { flags |= AMDGPU_PTE_SYSTEM; - if (ttm->caching == ttm_cached) + if (ttm && ttm->caching == ttm_cached) flags |= AMDGPU_PTE_SNOOPED; } > -----Original Message----- > From: SHANMUGAM, SRINIVASAN <[email protected]> > Sent: Monday, November 17, 2025 9:31 PM > To: Koenig, Christian <[email protected]>; Deucher, Alexander > <[email protected]> > Cc: [email protected]; SHANMUGAM, SRINIVASAN > <[email protected]>; Zhang, Jesse(Jie) > <[email protected]> > Subject: [PATCH] drm/amdgpu/ttm: Fix crash when handling MMIO_REMAP in > PDE flags > > MMIO_REMAP is a special IO page backed by the device's remap BAR > (adev->rmmio_remap.bus_addr) rather than regular TT-backed system memory. > There is no meaningful ttm_tt/sg behind the MMIO_REMAP singleton BO. > > amdgpu_ttm_tt_pde_flags() was treating AMDGPU_PL_MMIO_REMAP like > TT/doorbell/ preempt memory and would eventually rely on ttm/ttm->sg being > valid. > For the MMIO_REMAP BO this assumption does not hold and can lead to a NULL > pointer dereference when computing PDE flags for that placement. > > For AMDGPU_PL_MMIO_REMAP we now set both AMDGPU_PTE_VALID and > AMDGPU_PTE_SYSTEM and return early. PTE_VALID is needed so the GPU > treats the remap page as a real, usable mapping, and PTE_SYSTEM marks it as > system/IO memory instead of VRAM. Returning early makes sure we do not touch > ttm or ttm->sg, which are not valid for this special BO and previously caused > a > NULL pointer crash. > > Fixes: d716b3a2df1b ("drm/amdgpu: Implement TTM handling for MMIO_REMAP > placement") > Cc: Jesse Zhang <[email protected]> > Cc: Christian König <[email protected]> > Cc: Alex Deucher <[email protected]> > Signed-off-by: Srinivasan Shanmugam <[email protected]> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > index 84f9d5a57d03..0e7a631a9081 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > @@ -1319,13 +1319,23 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt *ttm, > struct ttm_resource *mem) { > uint64_t flags = 0; > > + /* > + * MMIO_REMAP is a special IO page backed by the device's remap BAR > + * (adev->rmmio_remap.bus_addr). There is no meaningful ttm_tt/sg > + * behind it, so do NOT touch ttm->sg here. Just treat it as > + * SYSTEM / IO memory and bail out. > + */ > + if (mem && mem->mem_type == AMDGPU_PL_MMIO_REMAP) { > + flags |= AMDGPU_PTE_VALID | AMDGPU_PTE_SYSTEM; > + return flags; > + } > + > if (mem && mem->mem_type != TTM_PL_SYSTEM) > flags |= AMDGPU_PTE_VALID; > > if (mem && (mem->mem_type == TTM_PL_TT || > mem->mem_type == AMDGPU_PL_DOORBELL || > - mem->mem_type == AMDGPU_PL_PREEMPT || > - mem->mem_type == AMDGPU_PL_MMIO_REMAP)) { > + mem->mem_type == AMDGPU_PL_PREEMPT)) { > flags |= AMDGPU_PTE_SYSTEM; > > if (ttm->caching == ttm_cached) > -- > 2.34.1
