Re: [PATCH v4 1/4] drm/amdgpu/userq: initialize gobj_read/write in amdgpu_userq_signal_ioctl

Tue, 24 Feb 2026 00:47:01 -0800 

On 2/24/26 09:41, Khatri, Sunil wrote:
> 
> On 24-02-2026 02:09 pm, Christian König wrote:
>> On 2/24/26 09:24, Sunil Khatri wrote:
>>> In case num_read_bo_handles or num_write_bo_handles is zero the ptrs
>>> remain uninitialized and during free cause a fault. So to handle such
>>> cases we better set the gobj_read and gobj_write to NULL.
>> Mhm, that doesn't sounds correct to me.
>>
>> When count is zero drm_gem_objects_lookup() sets the resulting pointer to 
>> NULL:
>>
>> int drm_gem_objects_lookup(struct drm_file *filp, void __user *bo_handles,
>>                             int count, struct drm_gem_object ***objs_out)
>> {
>>          struct drm_gem_object **objs;
>>          u32 *handles;
>>          int ret;
>>
>>          *objs_out = NULL;
>>
>>          if (!count)
>>                  return 0;
>>
>>
>> But could be that this was only added by Srinis patch and previously we 
>> didn't do that correctly.
> 
> For now i see the crash due to random ptr access. ASDN does not have the 
> above code and we need to fix it for now.

Please ping Alex if cherry picking this one patch back into ASDN is ok.

Regards,
Christian.

> 
> Regards
> Sunil Khatri
> 
>>
>> Regards,
>> Christian.
>>
>>> Fixes: 3cf117572294 ("drm/amdgpu/userq: Use drm_gem_objects_lookup in 
>>> amdgpu_userq_signal_ioctl")
>>> Signed-off-by: Sunil Khatri <[email protected]>
>>> ---
>>>   drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c 
>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
>>> index 18e77b61b201..e53e14e3bf2d 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
>>> @@ -465,7 +465,7 @@ int amdgpu_userq_signal_ioctl(struct drm_device *dev, 
>>> void *data,
>>>       const unsigned int num_read_bo_handles = args->num_bo_read_handles;
>>>       struct amdgpu_fpriv *fpriv = filp->driver_priv;
>>>       struct amdgpu_userq_mgr *userq_mgr = &fpriv->userq_mgr;
>>> -    struct drm_gem_object **gobj_write, **gobj_read;
>>> +    struct drm_gem_object **gobj_write = NULL, **gobj_read = NULL;
>>>       u32 *syncobj_handles, num_syncobj_handles;
>>>       struct amdgpu_userq_fence *userq_fence;
>>>       struct amdgpu_usermode_queue *queue;

Reply via email to