From: Yi Liu <yi.l.liu@intel.com>
Date: Mon, 24 Mar 2025 12:00:33 +0000 (-0700)
Subject: iommufd: Initialize the flags of vevent in iommufd_viommu_report_event()
X-Git-Tag: v6.15-rc1~69^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41464a4628f3b15988bdc3dcd824c2e91064fc6f;p=thirdparty%2Fkernel%2Flinux.git

iommufd: Initialize the flags of vevent in iommufd_viommu_report_event()

The vevent->header.flags is not initialized per allocation, hence the
vevent read path may treat the vevent as lost_events_header wrongly.
Use kzalloc() to alloc memory for new vevent.

Fixes: e8e1ef9b77a7 ("iommufd/viommu: Add iommufd_viommu_report_event helper")
Link: https://patch.msgid.link/r/20250324120034.5940-2-yi.l.liu@intel.com
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
---

diff --git a/drivers/iommu/iommufd/driver.c b/drivers/iommu/iommufd/driver.c
index a08ff0f37fc6d..922cd1fe7ec20 100644
--- a/drivers/iommu/iommufd/driver.c
+++ b/drivers/iommu/iommufd/driver.c
@@ -102,7 +102,7 @@ int iommufd_viommu_report_event(struct iommufd_viommu *viommu,
 		goto out_set_header;
 	}
 
-	vevent = kmalloc(struct_size(vevent, event_data, data_len), GFP_ATOMIC);
+	vevent = kzalloc(struct_size(vevent, event_data, data_len), GFP_ATOMIC);
 	if (!vevent) {
 		rc = -ENOMEM;
 		vevent = &veventq->lost_events_header;