Merge tag 'vfio-v6.10' of https://github.com/awilliam/linux-vfio

torvalds · torvalds · commit d6e1712b7825 · 2024-07-10T12:00:43.000-07:00
Pull VFIO fix from Alex Williamson: - Recent stable backports are exposing a bug introduced in the v6.10 development cycle where a counter value is uninitialized. This leads to regressions in userspace drivers like QEMU where where the kernel might ask for an arbitrary buffer size or return out of memory itself based on a bogus value. Zero initialize the counter. (Yi Liu) * tag 'vfio-v6.10' of https://github.com/awilliam/linux-vfio: vfio/pci: Init the count variable in collecting hot-reset devices
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
@@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
 	struct vfio_pci_hot_reset_info hdr;
 	struct vfio_pci_fill_info fill = {};
 	bool slot = false;
-	int ret, count;
+	int ret, count = 0;
 
 	if (copy_from_user(&hdr, arg, minsz))
 		return -EFAULT;
