Merge tag 'vfio-v6.10' of https://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson: - Recent stable backports are exposing a bug introduced in the v6.10 development cycle where a counter value is uninitialized. This leads to regressions in userspace drivers like QEMU where where the kernel might ask for an arbitrary buffer size or return out of memory itself based on a bogus value. Zero initialize the counter. (Yi Liu) * tag 'vfio-v6.10' of https://github.com/awilliam/linux-vfio: vfio/pci: Init the count variable in collecting hot-reset devices
author: Linus Torvalds <torvalds@linux-foundation.org> 2024-07-10 12:00:43 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2024-07-10 12:00:43 -0700
commit: d6e1712b78251cf4470b0543bb4a8b491949aa32 (patch)
tree: fb3d56eb3727ef761479d0bb2728f39c1c96d335
parent: f6963ab4b01cd92b9bf2eed0060907e35cc1440f (diff)
parent: 5a88a3f67e37e39f933b38ebb4985ba5822e9eca (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index 987c7921affa..ba0ce0075b2f 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
 	struct vfio_pci_hot_reset_info hdr;
 	struct vfio_pci_fill_info fill = {};
 	bool slot = false;
-	int ret, count;
+	int ret, count = 0;
 
 	if (copy_from_user(&hdr, arg, minsz))
 		return -EFAULT;
author	Linus Torvalds <torvalds@linux-foundation.org>	2024-07-10 12:00:43 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2024-07-10 12:00:43 -0700
commit	d6e1712b78251cf4470b0543bb4a8b491949aa32 (patch)
tree	fb3d56eb3727ef761479d0bb2728f39c1c96d335
parent	f6963ab4b01cd92b9bf2eed0060907e35cc1440f (diff)
parent	5a88a3f67e37e39f933b38ebb4985ba5822e9eca (diff)