xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=4923217af5742a796821272ee03f8d6de15c0cca
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-33741

commit 4491001c2e0fa69efbb748c96ec96b100a5cdb7e upstream.

Bounce all data on the skbs to be transmitted into zeroed pages if the
backend is untrusted. This avoids leaking data present in the pages
shared with the backend but not part of the skb fragments.  This
requires introducing a new helper in order to allocate skbs with a
size multiple of XEN_PAGE_SIZE so we don't leak contiguous data on the
granted pages.

Reporting whether the backend is to be trusted can be done using a
module parameter, or from the xenstore frontend path as set by the
toolstack when adding the device.

This is CVE-2022-33741, part of XSA-403.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name xen-netfront-force-data-bouncing-when-backend-is-unt.patch