On Tue, Nov 15, 2022 at 03:47:49PM +0300, Dan Carpenter wrote:
> If iopt_unmap_iova() fails then "unmapped" is uninitialized. Copying it
> to the user can leak stack information.
>
> Fixes: 32c328dc9b73 ("iommufd: vfio container FD ioctl compatibility")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> drivers/iommu/iommufd/vfio_compat.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/iommu/iommufd/vfio_compat.c b/drivers/iommu/iommufd/vfio_compat.c
> index 976aa12b247d..30a13552d632 100644
> --- a/drivers/iommu/iommufd/vfio_compat.c
> +++ b/drivers/iommu/iommufd/vfio_compat.c
> @@ -189,6 +189,9 @@ static int iommufd_vfio_unmap_dma(struct iommufd_ctx *ictx, unsigned int cmd,
> rc = iopt_unmap_iova(&ioas->iopt, unmap.iova, unmap.size,
> &unmapped);
> }
> + if (rc)
> + goto err_put;
> +
It should be inited to 0, I fixed it, thanks
Jason
