drm/amdkfd: Unwind debug trap enable on copy_to_user failure

If kfd_dbg_trap_enable() fails while copying runtime_info to userspace,
it had already activated the trap, set debug_trap_enabled, taken an extra
process reference, and opened the debug event file. Return -EFAULT without
unwinding that state, leaving inconsistent trap state and a refcount
imbalance that could break later DISABLE/ENABLE.

On copy_to_user failure, deactivate the trap and undo the rest of the
enable setup before returning.

Signed-off-by: Yongqiang Sun <Yongqiang.Sun@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 01112e241e37f9ac98b6f418d93ce2e0b87b7ee0)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_debug.c b/drivers/gpu/drm/amd/amdkfd/kfd_debug.c
index 0f7aa51b629eb6ee85bff9b39690178f5e2a5cce..0dd1fd448059bb1c7c863349de66513fddd9724c 100644 (file)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_debug.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_debug.c
@@ -832,6 +832,12 @@ int kfd_dbg_trap_enable(struct kfd_process *target, uint32_t fd,
 
        if (copy_to_user(runtime_info, (void *)&target->runtime_info, copy_size)) {
                kfd_dbg_trap_deactivate(target, false, 0);
+               fput(target->dbg_ev_file);
+               target->dbg_ev_file = NULL;
+               if (target->debugger_process)
+                       atomic_dec(&target->debugger_process->debugged_process_count);
+               target->debug_trap_enabled = false;
+               kfd_unref_process(target);
                r = -EFAULT;
        }