Re: [PATCH v3] drm/amdgpu: reject mapping info when BO VA is gone
From: Yousef Alhouseen
Date: Mon Jun 29 2026 - 12:20:09 EST
Please drop this v3 as well.
I rechecked current origin/master and this fix is already present as
commit 93475c341119 ("drm/amdgpu: check amdgpu_vm_bo_find() result in
GET_MAPPING_INFO"), cherry-picked from 528b19377aff. It uses the
existing -ENOENT behavior for a missing BO VA, so this v3 is obsolete.
Sorry for the noise.
On Mon, 29 Jun 2026 17:28:07 +0200, Yousef Alhouseen
<alhouseenyousef@xxxxxxxxx> wrote:
> AMDGPU_GEM_OP_GET_MAPPING_INFO looks up the GEM object before taking
> the object and VM locks. The object reference keeps the BO alive, but a
> concurrent handle close can remove the per-file BO VA before
> amdgpu_vm_bo_find() runs.
>
> The mapping-list walks then dereference the NULL BO VA. Return -EINVAL
> when the BO is no longer associated with the VM.
>
> Suggested-by: Christian König <christian.koenig@xxxxxxx>
> Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
> ---
> Changes in v3:
> - Generate a clean patch against drm-misc-next instead of stacking on v1.
> - Keep only the intended !bo_va guard for the handle-close race.
> - Clarify the v2 withdrawal confusion in thread replies.
>
> Changes in v2:
> - Describe the handle-close race instead of an initially unmapped BO.
> - Return -EINVAL instead of -ENOENT.
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index 27be5083f2af..83ec994ad36b 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -1087,6 +1087,12 @@ int amdgpu_gem_op_ioctl(struct drm_device *dev, void *data,
> struct drm_amdgpu_gem_vm_entry *vm_entries;
> struct amdgpu_bo_va_mapping *mapping;
> int num_mappings = 0;
> +
> + if (!bo_va) {
> + r = -EINVAL;
> + goto out_exec;
> + }
> +
> /*
> * num_entries is set as an input to the size of the user-allocated array of
> * drm_amdgpu_gem_vm_entry stored at args->value.
> --
> 2.54.0