[Public]
Regards,
Prike
> -----Original Message-----
> From: Koenig, Christian <[email protected]>
> Sent: Thursday, September 18, 2025 5:57 PM
> To: Dan Carpenter <[email protected]>; Liang, Prike
> <[email protected]>
> Cc: Deucher, Alexander <[email protected]>; David Airlie
> <[email protected]>; Simona Vetter <[email protected]>; Sharma, Shashank
> <[email protected]>; Arvind Yadav <[email protected]>; Khatri,
> Sunil <[email protected]>; Zhang, Jesse(Jie) <[email protected]>;
> Paneer Selvam, Arunpravin <[email protected]>; amd-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]
> Subject: Re: [PATCH next] drm/amdgpu/userq: Fix error codes in
> mes_userq_mqd_create()
>
>
>
> On 18.09.25 11:46, Dan Carpenter wrote:
> > Return the error code if amdgpu_userq_input_va_validate() fails.
> > Don't return success.
> >
> > Fixes: 9e46b8bb0539 ("drm/amdgpu: validate userq buffer virtual
> > address and size")
> > Signed-off-by: Dan Carpenter <[email protected]>
> > ---
> > drivers/gpu/drm/amd/amdgpu/mes_userqueue.c | 15 +++++++++------
> > 1 file changed, 9 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/mes_userqueue.c
> > b/drivers/gpu/drm/amd/amdgpu/mes_userqueue.c
> > index 2db9b2c63693..775b0bd5d6c4 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/mes_userqueue.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/mes_userqueue.c
> > @@ -298,8 +298,9 @@ static int mes_userq_mqd_create(struct
> amdgpu_userq_mgr *uq_mgr,
> > goto free_mqd;
> > }
> >
> > - if (amdgpu_userq_input_va_validate(queue->vm, compute_mqd-
> >eop_va,
> > - max_t(u32, PAGE_SIZE, AMDGPU_GPU_PAGE_SIZE)))
> > + r = amdgpu_userq_input_va_validate(queue->vm, compute_mqd-
> >eop_va,
> > + max_t(u32, PAGE_SIZE, AMDGPU_GPU_PAGE_SIZE));
>
> That code is nonsense to begin with, AMDGPU_GPU_PAGE_SIZE is always <=
> PAGE_SIZE or otherwise the whole driver stack doesn't work.
>
> We should probably drop the max_t() as well.
The userq EOP buffer size is determined by the Mesa driver using
dev_info->gart_page_size.
Accordingly, we align the expected userq EOP size with dev_info->gart_page_size
and use
it to verify that the EOP buffer whether is resident within a valid mapping
range.
Thanks,
Prike
> Regards,
> Christian.
>
> > + if (r)
> > goto free_mqd;
> >
> > userq_props->eop_gpu_addr = compute_mqd->eop_va; @@ -330,8
> +331,9
> > @@ static int mes_userq_mqd_create(struct amdgpu_userq_mgr *uq_mgr,
> > userq_props->tmz_queue =
> > mqd_user->flags &
> AMDGPU_USERQ_CREATE_FLAGS_QUEUE_SECURE;
> >
> > - if (amdgpu_userq_input_va_validate(queue->vm, mqd_gfx_v11-
> >shadow_va,
> > - shadow_info.shadow_size))
> > + r = amdgpu_userq_input_va_validate(queue->vm, mqd_gfx_v11-
> >shadow_va,
> > + shadow_info.shadow_size);
> > + if (r)
> > goto free_mqd;
> >
> > kfree(mqd_gfx_v11);
> > @@ -351,8 +353,9 @@ static int mes_userq_mqd_create(struct
> amdgpu_userq_mgr *uq_mgr,
> > goto free_mqd;
> > }
> >
> > - if (amdgpu_userq_input_va_validate(queue->vm, mqd_sdma_v11-
> >csa_va,
> > - shadow_info.csa_size))
> > + r = amdgpu_userq_input_va_validate(queue->vm, mqd_sdma_v11-
> >csa_va,
> > + shadow_info.csa_size);
> > + if (r)
> > goto free_mqd;
> >
> > userq_props->csa_addr = mqd_sdma_v11->csa_va;
