Commit 02377648 authored Aug 23, 2024 by Yi Liu Committed by Peng Zhang Aug 23, 2024

vfio/pci: Init the count variable in collecting hot-reset devices

stable inclusion
from stable-v6.6.41
commit f476dffc52ea70745dcabf63288e770e50ac9ab3
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAD6H2

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f476dffc52ea70745dcabf63288e770e50ac9ab3

--------------------------------

[ Upstream commit 5a88a3f67e37e39f933b38ebb4985ba5822e9eca ]

The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.

Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010


Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
Cc: Beld Zhang <beldzhang@gmail.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20240710004150.319105-1-yi.l.liu@intel.com


Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>

parent 678ba231

drivers/vfio/pci/vfio_pci_core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
		struct vfio_pci_hot_reset_info hdr;
		struct vfio_pci_fill_info fill = {};
		bool slot = false;
		int ret, count;
		int ret, count = 0;

		if (copy_from_user(&hdr, arg, minsz))
		return -EFAULT;