On Tue, 9 Jul 2024 17:41:50 -0700
Yi Liu <yi.l.liu@xxxxxxxxx> wrote:
> The count variable is used without initialization, it results in mistakes
> in the device counting and crashes the userspace if the get hot reset info
> path is triggered.
>
> Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010
> Reported-by: Žilvinas Žaltiena <zaltys@xxxxxxxxx>
> Cc: Beld Zhang <beldzhang@xxxxxxxxx>
> Signed-off-by: Yi Liu <yi.l.liu@xxxxxxxxx>
> ---
> drivers/vfio/pci/vfio_pci_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> index 59af22f6f826..0a7bfdd08bc7 100644
> --- a/drivers/vfio/pci/vfio_pci_core.c
> +++ b/drivers/vfio/pci/vfio_pci_core.c
> @@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
> struct vfio_pci_hot_reset_info hdr;
> struct vfio_pci_fill_info fill = {};
> bool slot = false;
> - int ret, count;
> + int ret, count = 0;
>
> if (copy_from_user(&hdr, arg, minsz))
> return -EFAULT;
Thanks, Yi! I just got back from a long weekend and was planning to
debug this. Thanks for finding the bug!
Alex
