Commit 21f46f54 authored Nov 18, 2025 by Srinivasan Shanmugam Committed by Alex Deucher Nov 19, 2025

drm/amdgpu/ttm: Fix crash when handling MMIO_REMAP in PDE flags



The MMIO_REMAP BO is a special 4K IO page that does not have a ttm_tt
behind it. However, amdgpu_ttm_tt_pde_flags() was treating it like
normal TT/doorbell/preempt memory and unconditionally accessed
ttm->caching. For the MMIO_REMAP BO, ttm is NULL, so this leads to a
NULL pointer dereference when computing PDE flags.

Fix this by checking that ttm is non-NULL before reading ttm->caching.
This prevents the crash for MMIO_REMAP and also makes the code more
defensive if other BOs ever come through without a ttm_tt.

Fixes: fb5a52db ("drm/amdgpu: Implement TTM handling for MMIO_REMAP placement")
Suggested-by: Jesse Zhang <Jesse.Zhang@amd.com>
Suggested-by: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Jesse Zhang <Jesse.Zhang@amd.com>
Tested-by: Jesse Zhang <Jesse.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 0db94da5)

parent a4459233

drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1372,7 +1372,7 @@ uint64_t amdgpu_ttm_tt_pde_flags(struct ttm_tt ttm, struct ttm_resource mem)
		mem->mem_type == AMDGPU_PL_MMIO_REMAP)) {
		flags \|= AMDGPU_PTE_SYSTEM;

		if (ttm->caching == ttm_cached)
		if (ttm && ttm->caching == ttm_cached)
		flags \|= AMDGPU_PTE_SNOOPED;
		}