Commit 5a88a3f6 authored Jul 09, 2024 by Yi Liu Committed by Alex Williamson Jul 10, 2024

vfio/pci: Init the count variable in collecting hot-reset devices

The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.

Fixes: f6944d4a ("vfio/pci: Collect hot-reset devices to local buffer")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010


Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
Cc: Beld Zhang <beldzhang@gmail.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20240710004150.319105-1-yi.l.liu@intel.com


Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

parent 256abd8e

drivers/vfio/pci/vfio_pci_core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
		struct vfio_pci_hot_reset_info hdr;
		struct vfio_pci_fill_info fill = {};
		bool slot = false;
		int ret, count;
		int ret, count = 0;

		if (copy_from_user(&hdr, arg, minsz))
		return -EFAULT;