On 24-02-2026 02:09 pm, Christian König wrote:
On 2/24/26 09:24, Sunil Khatri wrote:
In case num_read_bo_handles or num_write_bo_handles is zero the ptrs
remain uninitialized and during free cause a fault. So to handle such
cases we better set the gobj_read and gobj_write to NULL.
Mhm, that doesn't sounds correct to me.
When count is zero drm_gem_objects_lookup() sets the resulting pointer to NULL:
int drm_gem_objects_lookup(struct drm_file *filp, void __user *bo_handles,
int count, struct drm_gem_object ***objs_out)
{
struct drm_gem_object **objs;
u32 *handles;
int ret;
*objs_out = NULL;
if (!count)
return 0;
But could be that this was only added by Srinis patch and previously we didn't
do that correctly.
For now i see the crash due to random ptr access. ASDN does not have the
above code and we need to fix it for now.
Regards
Sunil Khatri
Regards,
Christian.
Fixes: 3cf117572294 ("drm/amdgpu/userq: Use drm_gem_objects_lookup in
amdgpu_userq_signal_ioctl")
Signed-off-by: Sunil Khatri <[email protected]>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
index 18e77b61b201..e53e14e3bf2d 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
@@ -465,7 +465,7 @@ int amdgpu_userq_signal_ioctl(struct drm_device *dev, void
*data,
const unsigned int num_read_bo_handles = args->num_bo_read_handles;
struct amdgpu_fpriv *fpriv = filp->driver_priv;
struct amdgpu_userq_mgr *userq_mgr = &fpriv->userq_mgr;
- struct drm_gem_object **gobj_write, **gobj_read;
+ struct drm_gem_object **gobj_write = NULL, **gobj_read = NULL;
u32 *syncobj_handles, num_syncobj_handles;
struct amdgpu_userq_fence *userq_fence;
struct amdgpu_usermode_queue *queue;
