* [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices
@ 2024-07-10 0:41 Yi Liu
2024-07-10 0:57 ` Tian, Kevin
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Yi Liu @ 2024-07-10 0:41 UTC (permalink / raw)
To: alex.williamson, jgg, kevin.tian
Cc: kvm, yi.l.liu, Žilvinas Žaltiena, Beld Zhang
The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.
Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010
Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
Cc: Beld Zhang <beldzhang@gmail.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
---
drivers/vfio/pci/vfio_pci_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index 59af22f6f826..0a7bfdd08bc7 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
struct vfio_pci_hot_reset_info hdr;
struct vfio_pci_fill_info fill = {};
bool slot = false;
- int ret, count;
+ int ret, count = 0;
if (copy_from_user(&hdr, arg, minsz))
return -EFAULT;
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices
2024-07-10 0:41 [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices Yi Liu
@ 2024-07-10 0:57 ` Tian, Kevin
2024-07-10 1:55 ` Alex Williamson
2024-07-10 12:44 ` Jason Gunthorpe
2 siblings, 0 replies; 4+ messages in thread
From: Tian, Kevin @ 2024-07-10 0:57 UTC (permalink / raw)
To: Liu, Yi L, alex.williamson@redhat.com, jgg@nvidia.com
Cc: kvm@vger.kernel.org, Liu, Yi L, Žilvinas Žaltiena,
Beld Zhang
> From: Yi Liu <yi.l.liu@intel.com>
> Sent: Wednesday, July 10, 2024 8:42 AM
>
> The count variable is used without initialization, it results in mistakes
> in the device counting and crashes the userspace if the get hot reset info
> path is triggered.
>
> Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010
> Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
> Cc: Beld Zhang <beldzhang@gmail.com>
> Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices
2024-07-10 0:41 [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices Yi Liu
2024-07-10 0:57 ` Tian, Kevin
@ 2024-07-10 1:55 ` Alex Williamson
2024-07-10 12:44 ` Jason Gunthorpe
2 siblings, 0 replies; 4+ messages in thread
From: Alex Williamson @ 2024-07-10 1:55 UTC (permalink / raw)
To: Yi Liu; +Cc: jgg, kevin.tian, kvm, Žilvinas Žaltiena, Beld Zhang
On Tue, 9 Jul 2024 17:41:50 -0700
Yi Liu <yi.l.liu@intel.com> wrote:
> The count variable is used without initialization, it results in mistakes
> in the device counting and crashes the userspace if the get hot reset info
> path is triggered.
>
> Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010
> Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
> Cc: Beld Zhang <beldzhang@gmail.com>
> Signed-off-by: Yi Liu <yi.l.liu@intel.com>
> ---
> drivers/vfio/pci/vfio_pci_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> index 59af22f6f826..0a7bfdd08bc7 100644
> --- a/drivers/vfio/pci/vfio_pci_core.c
> +++ b/drivers/vfio/pci/vfio_pci_core.c
> @@ -1260,7 +1260,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info(
> struct vfio_pci_hot_reset_info hdr;
> struct vfio_pci_fill_info fill = {};
> bool slot = false;
> - int ret, count;
> + int ret, count = 0;
>
> if (copy_from_user(&hdr, arg, minsz))
> return -EFAULT;
Thanks, Yi! I just got back from a long weekend and was planning to
debug this. Thanks for finding the bug!
Alex
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices
2024-07-10 0:41 [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices Yi Liu
2024-07-10 0:57 ` Tian, Kevin
2024-07-10 1:55 ` Alex Williamson
@ 2024-07-10 12:44 ` Jason Gunthorpe
2 siblings, 0 replies; 4+ messages in thread
From: Jason Gunthorpe @ 2024-07-10 12:44 UTC (permalink / raw)
To: Yi Liu
Cc: alex.williamson, kevin.tian, kvm, Žilvinas Žaltiena,
Beld Zhang
On Tue, Jul 09, 2024 at 05:41:50PM -0700, Yi Liu wrote:
> The count variable is used without initialization, it results in mistakes
> in the device counting and crashes the userspace if the get hot reset info
> path is triggered.
>
> Fixes: f6944d4a0b87 ("vfio/pci: Collect hot-reset devices to local buffer")
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219010
> Reported-by: Žilvinas Žaltiena <zaltys@natrix.lt>
> Cc: Beld Zhang <beldzhang@gmail.com>
> Signed-off-by: Yi Liu <yi.l.liu@intel.com>
> ---
> drivers/vfio/pci/vfio_pci_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-07-10 12:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-10 0:41 [PATCH] vfio/pci: Init the count variable in collecting hot-reset devices Yi Liu
2024-07-10 0:57 ` Tian, Kevin
2024-07-10 1:55 ` Alex Williamson
2024-07-10 12:44 ` Jason Gunthorpe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).