On Tue, Jun 2, 2026 at 10:24 AM Yongqiang Sun <[email protected]> wrote: > > If kfd_dbg_trap_enable() fails while copying runtime_info to userspace, > it had already activated the trap, set debug_trap_enabled, taken an extra > process reference, and opened the debug event file. Return -EFAULT without > unwinding that state, leaving inconsistent trap state and a refcount > imbalance that could break later DISABLE/ENABLE. > > On copy_to_user failure, deactivate the trap and undo the rest of the > enable setup before returning. > > Signed-off-by: Yongqiang Sun <[email protected]>
Acked-by: Alex Deucher <[email protected]> > --- > drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_debug.c > b/drivers/gpu/drm/amd/amdkfd/kfd_debug.c > index 0f7aa51b629e..0dd1fd448059 100644 > --- a/drivers/gpu/drm/amd/amdkfd/kfd_debug.c > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_debug.c > @@ -832,6 +832,12 @@ int kfd_dbg_trap_enable(struct kfd_process *target, > uint32_t fd, > > if (copy_to_user(runtime_info, (void *)&target->runtime_info, > copy_size)) { > kfd_dbg_trap_deactivate(target, false, 0); > + fput(target->dbg_ev_file); > + target->dbg_ev_file = NULL; > + if (target->debugger_process) > + > atomic_dec(&target->debugger_process->debugged_process_count); > + target->debug_trap_enabled = false; > + kfd_unref_process(target); > r = -EFAULT; > } > > -- > 2.43.0 >
