I think checking if the ttm object is allocated like Jesse suggested is a bit more defensive
Regards, Christian. On 11/18/25 03:53, Zhang, Jesse(Jie) wrote: > [AMD Official Use Only - AMD Internal Distribution Only] > > Thanks Srini, With this patch, it can fix the rash. Alternatively, we can > simplify this patch like this: > > Please feel free to add test-by: "[email protected]" and Reviewed-by > "[email protected]" > > -- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > @@ -1336,7 +1336,7 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt *ttm, > struct ttm_resource *mem) > mem->mem_type == AMDGPU_PL_MMIO_REMAP)) { > flags |= AMDGPU_PTE_SYSTEM; > > - if (ttm->caching == ttm_cached) > + if (ttm && ttm->caching == ttm_cached) > flags |= AMDGPU_PTE_SNOOPED; > } > >> -----Original Message----- >> From: SHANMUGAM, SRINIVASAN <[email protected]> >> Sent: Monday, November 17, 2025 9:31 PM >> To: Koenig, Christian <[email protected]>; Deucher, Alexander >> <[email protected]> >> Cc: [email protected]; SHANMUGAM, SRINIVASAN >> <[email protected]>; Zhang, Jesse(Jie) >> <[email protected]> >> Subject: [PATCH] drm/amdgpu/ttm: Fix crash when handling MMIO_REMAP in >> PDE flags >> >> MMIO_REMAP is a special IO page backed by the device's remap BAR >> (adev->rmmio_remap.bus_addr) rather than regular TT-backed system memory. >> There is no meaningful ttm_tt/sg behind the MMIO_REMAP singleton BO. >> >> amdgpu_ttm_tt_pde_flags() was treating AMDGPU_PL_MMIO_REMAP like >> TT/doorbell/ preempt memory and would eventually rely on ttm/ttm->sg being >> valid. >> For the MMIO_REMAP BO this assumption does not hold and can lead to a NULL >> pointer dereference when computing PDE flags for that placement. >> >> For AMDGPU_PL_MMIO_REMAP we now set both AMDGPU_PTE_VALID and >> AMDGPU_PTE_SYSTEM and return early. PTE_VALID is needed so the GPU >> treats the remap page as a real, usable mapping, and PTE_SYSTEM marks it as >> system/IO memory instead of VRAM. Returning early makes sure we do not touch >> ttm or ttm->sg, which are not valid for this special BO and previously >> caused a >> NULL pointer crash. >> >> Fixes: d716b3a2df1b ("drm/amdgpu: Implement TTM handling for MMIO_REMAP >> placement") >> Cc: Jesse Zhang <[email protected]> >> Cc: Christian König <[email protected]> >> Cc: Alex Deucher <[email protected]> >> Signed-off-by: Srinivasan Shanmugam <[email protected]> >> --- >> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 14 ++++++++++++-- >> 1 file changed, 12 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> index 84f9d5a57d03..0e7a631a9081 100644 >> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> @@ -1319,13 +1319,23 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt *ttm, >> struct ttm_resource *mem) { >> uint64_t flags = 0; >> >> + /* >> + * MMIO_REMAP is a special IO page backed by the device's remap BAR >> + * (adev->rmmio_remap.bus_addr). There is no meaningful ttm_tt/sg >> + * behind it, so do NOT touch ttm->sg here. Just treat it as >> + * SYSTEM / IO memory and bail out. >> + */ >> + if (mem && mem->mem_type == AMDGPU_PL_MMIO_REMAP) { >> + flags |= AMDGPU_PTE_VALID | AMDGPU_PTE_SYSTEM; >> + return flags; >> + } >> + >> if (mem && mem->mem_type != TTM_PL_SYSTEM) >> flags |= AMDGPU_PTE_VALID; >> >> if (mem && (mem->mem_type == TTM_PL_TT || >> mem->mem_type == AMDGPU_PL_DOORBELL || >> - mem->mem_type == AMDGPU_PL_PREEMPT || >> - mem->mem_type == AMDGPU_PL_MMIO_REMAP)) { >> + mem->mem_type == AMDGPU_PL_PREEMPT)) { >> flags |= AMDGPU_PTE_SYSTEM; >> >> if (ttm->caching == ttm_cached) >> -- >> 2.34.1 >
